codex-claude-proxy 1.0.1 → 1.0.2

package/README.md

@@ -14,7 +14,6 @@ It is designed primarily for **Claude Code CLI** (Anthropic-format client) while
 - [Quick Start](#quick-start)
 - [Authentication](#authenticate-codex--chatgpt)
 - [Claude Code Integration](#configure-claude-code-to-use-the-proxy)
-- [API Reference](#api-surface-high-level)
 - [Documentation](#documentation)
 - [Legal](#legal)
 
@@ -59,7 +58,7 @@ This proxy accepts Claude-style model IDs (what Claude Code expects) and maps th
 |---|---|---:|---|
 | `claude-sonnet-4-5` | **GPT-5.2 Codex** | Yes | Default “Sonnet” lane |
 | `claude-opus-4-5` | **GPT-5.3 Codex** | Yes | Default “Opus” lane |
-| `claude-haiku-4` | **GPT-5.2** (fast lane) | Yes | Lightweight / fast |
+| `claude-haiku-4` | **GLM-5 / MiniMax M2.5** | No | Unlimited / No Auth required |
 
 ---
 
@@ -198,31 +197,14 @@ More details: [Claude Code Integration](./docs/CLAUDE_INTEGRATION.md).
 
 ---
 
-## API surface (high level)
+## Security
 
-- Anthropic-compatible:
-  - `POST /v1/messages`
-  - `GET  /v1/models`
-  - `POST /v1/messages/count_tokens`
-
-- OpenAI-compatible:
-  - `POST /v1/chat/completions`
-
-- Accounts:
-  - `GET  /accounts`
-  - `POST /accounts/add`
-  - `POST /accounts/add/manual`
-  - `POST /accounts/switch`
-  - `POST /accounts/refresh`, `POST /accounts/refresh/all`
-
-- Logs:
-  - `GET /api/logs`
-  - `GET /api/logs/stream?history=true`
-
-Full reference: [API Reference](./docs/API.md).
+- **Localhost Only**: CORS is strictly restricted to `localhost` and `127.0.0.1` to prevent unauthorized cross-origin requests from external websites.
+- **Credential Safety**: Credentials are not allowed in cross-origin requests.
 
 ---
 
+
 ## Documentation
 
 - [**Architecture**](./docs/ARCHITECTURE.md) - Design and flow

package/docs/ARCHITECTURE.md

@@ -51,7 +51,7 @@ codex-claude-proxy/
 | File | Purpose |
 |------|---------|
 | `index.js` | Entry point (starts server) |
-| `server.js` | Express server, routes, request handling |
+| `server.js` | Express server, routes, request handling (CORS restricted) |
 | `routes/api-routes.js` | API route registrations (mounted by server) |
 | `oauth.js` | OAuth 2.0 PKCE flow, token exchange |
 | `account-manager.js` | Account persistence, switching, token refresh |

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codex-claude-proxy",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "description": "Multi-account proxy server for OpenAI Codex CLI with Claude API compatibility",
   "type": "module",
   "main": "src/index.js",

package/public/js/app.js

@@ -1,6 +1,6 @@
 document.addEventListener('alpine:init', () => {
     Alpine.data('app', () => ({
-        version: '1.0.0',
+        version: '1.0.2',
         connectionStatus: 'connecting',
         activeTab: 'dashboard',
         sidebarOpen: window.innerWidth >= 1024,

package/src/account-manager.js

@@ -26,10 +26,10 @@ const tokenCache = new Map();
 
 function ensureConfigDir() {
     if (!existsSync(CONFIG_DIR)) {
-        mkdirSync(CONFIG_DIR, { recursive: true });
+        mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
     }
     if (!existsSync(ACCOUNTS_DIR)) {
-        mkdirSync(ACCOUNTS_DIR, { recursive: true });
+        mkdirSync(ACCOUNTS_DIR, { recursive: true, mode: 0o700 });
     }
 }
 
@@ -64,7 +64,7 @@ function loadAccounts() {
 
 function saveAccounts(data) {
     ensureConfigDir();
-    writeFileSync(ACCOUNTS_FILE, JSON.stringify(data, null, 2));
+    writeFileSync(ACCOUNTS_FILE, JSON.stringify(data, null, 2), { mode: 0o600 });
 }
 
 function getActiveAccount() {
@@ -80,7 +80,7 @@ function updateAccountAuth(account) {
     const authFile = getAccountAuthFile(account.email);
     
     if (!existsSync(accountDir)) {
-        mkdirSync(accountDir, { recursive: true });
+        mkdirSync(accountDir, { recursive: true, mode: 0o700 });
     }
     
     const authData = {
@@ -96,7 +96,7 @@ function updateAccountAuth(account) {
     };
     
     try {
-        writeFileSync(authFile, JSON.stringify(authData, null, 2));
+        writeFileSync(authFile, JSON.stringify(authData, null, 2), { mode: 0o600 });
         console.log(`[AccountManager] Updated auth for: ${account.email}`);
     } catch (e) {
         console.error('[AccountManager] Failed to update auth:', e.message);

package/src/claude-config.js

@@ -60,13 +60,13 @@ export async function updateClaudeConfig(updates) {
     
     const configDir = path.dirname(configPath);
     try {
-        await fs.mkdir(configDir, { recursive: true });
+        await fs.mkdir(configDir, { recursive: true, mode: 0o700 });
     } catch (error) {
         // Ignore if exists
     }
     
     try {
-        await fs.writeFile(configPath, JSON.stringify(newConfig, null, 2), 'utf8');
+        await fs.writeFile(configPath, JSON.stringify(newConfig, null, 2), { encoding: 'utf8', mode: 0o600 });
         console.log(`[ClaudeConfig] Updated config at ${configPath}`);
         return newConfig;
     } catch (error) {

package/src/cli/accounts.js

@@ -39,9 +39,9 @@ function saveAccounts(data) {
     try {
         const dir = dirname(ACCOUNTS_FILE);
         if (!existsSync(dir)) {
-            mkdirSync(dir, { recursive: true });
+            mkdirSync(dir, { recursive: true, mode: 0o700 });
         }
-        writeFileSync(ACCOUNTS_FILE, JSON.stringify(data, null, 2));
+        writeFileSync(ACCOUNTS_FILE, JSON.stringify(data, null, 2), { mode: 0o600 });
         console.log(`\n✓ Saved ${data.accounts.length} account(s) to ${ACCOUNTS_FILE}`);
     } catch (error) {
         console.error('Error saving accounts:', error.message);

package/src/index.js

@@ -13,7 +13,7 @@ startServer({ port: PORT });
 
 console.log(`
 ╔══════════════════════════════════════════════════════════════╗
-║                 Codex Claude Proxy v1.0.1                    ║
+║                 Codex Claude Proxy v1.0.2                    ║
 ║                   (Direct API Mode)                          ║
 ╠══════════════════════════════════════════════════════════════╣
 ║  Server:   http://localhost:${PORT}                          ║

package/src/server-settings.js

@@ -10,7 +10,7 @@ const DEFAULT_SETTINGS = {
 
 function ensureConfigDir() {
     if (!existsSync(CONFIG_DIR)) {
-        mkdirSync(CONFIG_DIR, { recursive: true });
+        mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
     }
 }
 
@@ -35,7 +35,7 @@ export function setServerSettings(patch = {}) {
     const next = { ...current, ...patch };
 
     ensureConfigDir();
-    writeFileSync(SETTINGS_FILE, JSON.stringify(next, null, 2));
+    writeFileSync(SETTINGS_FILE, JSON.stringify(next, null, 2), { mode: 0o600 });
     return next;
 }
 

package/src/server.js

@@ -14,7 +14,34 @@ export function createServer({ port }) {
   startAutoRefresh();
 
   const app = express();
-  app.use(cors());
+  app.disable('x-powered-by');
+  
+  // High-level request logging
+  app.use((req, res, next) => {
+    const start = Date.now();
+    res.on('finish', () => {
+      const duration = Date.now() - start;
+      const msg = `[${req.method}] ${req.originalUrl} ${res.statusCode} (${duration}ms)`;
+      if (res.statusCode >= 400) {
+        console.log(`\x1b[31m${msg}\x1b[0m`); // Red for error
+      } else if (req.originalUrl !== '/health') { // Skip health check logs to reduce noise
+        console.log(`\x1b[36m${msg}\x1b[0m`); // Cyan for success
+      }
+    });
+    next();
+  });
+
+  app.use(cors({
+    origin: [
+      `http://localhost:${port}`,
+      `http://127.0.0.1:${port}`,
+      'http://localhost',
+      'http://127.0.0.1'
+    ],
+    methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+    allowedHeaders: ['Content-Type', 'Authorization'],
+    credentials: false
+  }));
   app.use(express.json({ limit: '10mb' }));
 
   registerApiRoutes(app, { port });