mirror of
https://github.com/router-for-me/CLIProxyAPIPlus.git
synced 2026-03-08 06:43:41 +00:00
7d6660d181
- Fix SSRF: validate API endpoint host against allowlist before use - Limit /models response body to 2MB to prevent memory exhaustion (DoS) - Use MakeAuthenticatedRequest for consistent headers across API calls - Trim trailing slash on API endpoint to prevent double-slash URLs - Use ListModelsWithGitHubToken to simplify token exchange + listing - Deduplicate model IDs to prevent incorrect registry reference counting - Remove dead capabilities enrichment code block - Remove unused ModelExtra field with misleading json:"-" tag - Extract magic numbers to named constants (defaultCopilotContextLength) - Remove redundant hyphenID == id check (already filtered by Contains) - Use defer cancel() for context timeout in service.go