mobygate 0.5.2 → 0.5.3

package/CHANGELOG.md

@@ -4,6 +4,51 @@ All notable changes to mobygate are documented here. Format loosely follows
 [Keep a Changelog](https://keepachangelog.com/en/1.1.0/); version numbers are
 [Semantic Versioning](https://semver.org/).
 
+## [0.5.3] — 2026-04-19
+
+Security pass.
+
+### Changed
+
+- **Default listen address is now `127.0.0.1`** (loopback only). Earlier
+  versions called `app.listen(PORT)` with no host, which on macOS binds
+  to `::` (IPv6 all interfaces) — meaning anyone on your Wi-Fi could
+  reach `:3456`, use your Claude Max subscription, and read your
+  request logs. New default blocks that; startup banner now calls
+  out the bind ("loopback only" vs "⚠ network-reachable — add auth").
+- **Opt-in LAN sharing** via `bind: 0.0.0.0` (or any specific
+  interface) in `~/.mobygate/config.yaml`, or via the `BIND` env
+  var. If you opt in, consider putting an auth proxy in front of
+  the port — the dashboard and HTTP endpoints have no authentication.
+
+### Fixed
+
+- **Dashboard XSS** in live-requests and sessions rows. User-
+  controlled fields (`model`, `session key`, `model` on session
+  entries) were being interpolated directly into `innerHTML`. A
+  malicious local process that can reach :3456 could have
+  injected `<script>` via a crafted `model` string and executed
+  JS in whichever browser tab had the dashboard open. Added an
+  `escHtml()` helper and wrapped every user-controlled field
+  interpolated via innerHTML.
+- Added `hono >= 4.12.14` as an npm `overrides` entry to clear
+  the single `moderate` audit finding (a transitive via
+  `@modelcontextprotocol/sdk` → `hono/jsx`). We don't actually
+  load hono/jsx, so it was never exploitable, but `npm audit`
+  now reports `0 vulnerabilities` — cleaner for downstream users.
+
+### Migration
+
+For existing installs: `mobygate update` or
+`npm install -g mobygate@latest` — the postinstall hook restarts
+your service and the new loopback-only bind kicks in.
+
+If you were **intentionally** exposing mobygate on the LAN (e.g.,
+"one proxy for the family"), add `bind: 0.0.0.0` to
+`~/.mobygate/config.yaml` and restart. Strongly recommend adding
+an auth proxy (nginx with Basic Auth, Cloudflare Access, etc.)
+in front of the port if you do this.
+
 ## [0.5.2] — 2026-04-19
 
 ### Added

package/index.html

@@ -357,6 +357,17 @@
   <script type="module">
     // ───────────────────────── helpers
     const $ = (id) => document.getElementById(id);
+    // Escape HTML in user-controlled strings (request model/session/error
+    // fields, session keys, etc.) before innerHTML interpolation. The
+    // dashboard is unauthenticated, so any process that can reach the
+    // proxy could otherwise inject a <script> via a crafted request and
+    // execute JS in whoever's tab is viewing the dashboard.
+    const escHtml = (s) => String(s ?? '')
+      .replace(/&/g, '&amp;')
+      .replace(/</g, '&lt;')
+      .replace(/>/g, '&gt;')
+      .replace(/"/g, '&quot;')
+      .replace(/'/g, '&#39;');
     const fmt = {
       time(ts) { return new Date(ts).toLocaleTimeString([], { hour12: false }); },
       ms(n)    { return n == null ? '—' : `${n}`; },
@@ -553,10 +564,10 @@
         <div class="w-[72px] shrink-0 text-[#C9D9A8] text-xs leading-4">${fmt.time(startEv.ts)}</div>
         <div class="w-[100px] flex shrink-0 gap-1">${kindChips(startEv)}</div>
         <div class="w-[180px] flex flex-col shrink-0 gap-0.5">
-          <div class="text-[#F3EFE4] text-xs leading-4 truncate">${startEv.model || '—'}</div>
-          <div class="text-[#5A5F54] text-[10px] leading-3">${fmt.modelBase(startEv.model)} · ${fmt.modelCtx(startEv.resolvedModel)}</div>
+          <div class="text-[#F3EFE4] text-xs leading-4 truncate">${escHtml(startEv.model) || '—'}</div>
+          <div class="text-[#5A5F54] text-[10px] leading-3">${escHtml(fmt.modelBase(startEv.model))} · ${escHtml(fmt.modelCtx(startEv.resolvedModel))}</div>
         </div>
-        <div class="w-[110px] shrink-0 text-[#8A9A6A] text-xs leading-4 truncate" title="${startEv.session || ''}">${startEv.session ? fmt.short(startEv.session) : '—'}</div>
+        <div class="w-[110px] shrink-0 text-[#8A9A6A] text-xs leading-4 truncate" title="${escHtml(startEv.session || '')}">${startEv.session ? escHtml(fmt.short(startEv.session)) : '—'}</div>
         <div class="grow flex flex-col gap-1">${latencyBar(endEv)}</div>
         <div class="w-[100px] text-right shrink-0 text-[#8A9A6A] text-[11px] leading-[14px]">${endEv && (endEv.inputTokens || endEv.outputTokens) ? `${endEv.inputTokens || 0}/${endEv.outputTokens || 0}` : '—'}</div>
         <div class="w-[70px] flex justify-end shrink-0">${statusPill(endEv)}</div>
@@ -680,12 +691,12 @@
           const row = document.createElement('div');
           row.className = 'flex items-center py-3 px-6 gap-4 border-b border-[#1A1A15]';
           row.innerHTML = `
-            <div class="grow min-w-0 text-[#F3EFE4] text-xs leading-4 truncate" title="${s.key}">${s.key}</div>
-            <div class="w-[160px] shrink-0 text-[#8A9A6A] text-xs leading-4 truncate">${s.model || '—'}</div>
-            <div class="w-[60px] text-right shrink-0 text-[#8A9A6A] text-xs">${s.messageCount}</div>
+            <div class="grow min-w-0 text-[#F3EFE4] text-xs leading-4 truncate" title="${escHtml(s.key)}">${escHtml(s.key)}</div>
+            <div class="w-[160px] shrink-0 text-[#8A9A6A] text-xs leading-4 truncate">${escHtml(s.model) || '—'}</div>
+            <div class="w-[60px] text-right shrink-0 text-[#8A9A6A] text-xs">${Number(s.messageCount) || 0}</div>
             <div class="w-[80px] text-right shrink-0 text-[#5A5F54] text-[11px]">${fmt.uptime(s.idleSec)}</div>
             <div class="w-[80px] text-right shrink-0 text-[#5A5F54] text-[11px]">${fmt.uptime(s.ttlRemainingSec)} left</div>
-            <button class="text-[#E89B2E] text-[11px] hover:brightness-110 shrink-0" data-key="${s.key}">expire</button>
+            <button class="text-[#E89B2E] text-[11px] hover:brightness-110 shrink-0" data-key="${escHtml(s.key)}">expire</button>
           `;
           row.querySelector('button').addEventListener('click', async () => {
             await fetch('/sessions/' + encodeURIComponent(s.key), { method: 'DELETE' });

package/lib/config.js

@@ -27,6 +27,7 @@ export const LOGS_DIR = join(CONFIG_DIR, 'logs');
 
 const DEFAULTS = {
   port: 3456,
+  bind: '127.0.0.1',          // loopback only by default (no LAN exposure)
   default_model: 'claude-opus-4-7[1m]',
   session_ttl_minutes: 60,
   max_concurrent: null,       // reserved for future (per-session throttling)
@@ -57,6 +58,7 @@ export function loadConfig() {
 
   const merged = {
     port: parseInt(process.env.PORT || String(fileConfig.port ?? DEFAULTS.port), 10),
+    bind: process.env.BIND || fileConfig.bind || DEFAULTS.bind,
     default_model: process.env.DEFAULT_MODEL || fileConfig.default_model || DEFAULTS.default_model,
     session_ttl_minutes: parseInt(
       process.env.SESSION_TTL_MINUTES
@@ -91,6 +93,13 @@ export function writeConfig(values = {}) {
     `# HTTP port the proxy listens on.`,
     `port: ${merged.port}`,
     '',
+    `# Network interface to bind to. Defaults to 127.0.0.1 (loopback only —`,
+    `# the proxy is only reachable from this machine). Change to 0.0.0.0 to`,
+    `# share it on the LAN (e.g., "one proxy for the whole family"), but be`,
+    `# aware: whoever can reach :port can use your Claude Max subscription`,
+    `# and read logs containing your prompts. Add auth if you go LAN-public.`,
+    `bind: ${JSON.stringify(merged.bind)}`,
+    '',
     `# Default Claude model when the client does not specify one.`,
     `# Other aliases (opus, sonnet, haiku) resolve per MODEL_MAP in server.js.`,
     `default_model: ${JSON.stringify(merged.default_model)}`,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobygate",
-  "version": "0.5.2",
+  "version": "0.5.3",
   "description": "OpenAI-compatible local proxy for Claude Max. The Möbius-strip gateway: OpenAI shape in, Claude Max out.",
   "type": "module",
   "main": "server.js",
@@ -22,6 +22,9 @@
     "js-yaml": "^4.1.1",
     "uuid": "^11.1.0"
   },
+  "overrides": {
+    "hono": ">=4.12.14"
+  },
   "engines": {
     "node": ">=18"
   },

package/server.js

@@ -58,6 +58,10 @@ const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
 
 const PORT = parseInt(process.env.PORT || '3456', 10);
+// Bind to loopback only by default — no LAN exposure. Users who intentionally
+// want to share the proxy on a network can set bind: 0.0.0.0 (or a specific
+// interface) in ~/.mobygate/config.yaml, but should add auth in front of it.
+const BIND = process.env.BIND || '127.0.0.1';
 const DEFAULT_MODEL = process.env.DEFAULT_MODEL || 'claude-opus-4-7[1m]';
 const SESSION_TTL_MS = parseInt(process.env.SESSION_TTL_MS || String(60 * 60 * 1000), 10); // 1 hour default
 
@@ -1090,14 +1094,14 @@ app.get('/dashboard/logs', async (req, res) => {
 // Start
 // ---------------------------------------------------------------------------
 
-app.listen(PORT, async () => {
+app.listen(PORT, BIND, async () => {
   const ttlMin = Math.round(SESSION_TTL_MS / 60000);
   const meta = await loadBuildMeta();
   console.log(banner({ version: meta.version }));
-  console.log(`    port         ${PORT}`);
+  console.log(`    bind         ${BIND}:${PORT}${BIND === '127.0.0.1' ? ' (loopback only)' : ' (⚠ network-reachable — add auth)'}`);
   console.log(`    model        ${DEFAULT_MODEL}`);
   console.log(`    session TTL  ${ttlMin} min`);
   console.log(`    dashboard    http://localhost:${PORT}`);
   console.log('');
-  dashboardBus.emitEvent({ type: 'server.boot', port: PORT, defaultModel: DEFAULT_MODEL });
+  dashboardBus.emitEvent({ type: 'server.boot', port: PORT, bind: BIND, defaultModel: DEFAULT_MODEL });
 });