DEV Community: Payal Lenka The latest articles on DEV Community by Payal Lenka (@payallenka). https://dev.to/payallenka https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F957267%2F232c7cd2-b319-4579-903a-234de480c3f0.jpeg DEV Community: Payal Lenka https://dev.to/payallenka en I Open-Sourced My AI Dashboard -- and Found My 'Secure' Proxy Was an Open ATM Payal Lenka Sun, 28 Jun 2026 16:40:24 +0000 https://dev.to/payallenka/i-open-sourced-my-ai-dashboard-and-found-my-secure-proxy-was-an-open-atm-311g https://dev.to/payallenka/i-open-sourced-my-ai-dashboard-and-found-my-secure-proxy-was-an-open-atm-311g <p>I built a small offline-first, collaborative AI dashboard called <strong>AgentHub</strong> — React + Yjs (CRDTs) on the front, a Node/Express proxy on the back. It worked great on my laptop.</p> <p>Then I went to open-source it, read my own backend like a stranger would, and realized the "secure" proxy I was so proud of was a <strong>wide-open ATM for my API key.</strong></p> <p>Here's the build, the bug, and the exact code that fixed it — all stealable.</p> <h2> The architecture, in one breath </h2> <p>Three constraints drove the whole thing:</p> <ol> <li> <strong>Works offline</strong> — state persists locally, network is optional.</li> <li> <strong>Conflict-free collaboration</strong> — two people, same state, no merge hell.</li> <li> <strong>API key never reaches the browser</strong> — the client talks to <em>my</em> server, my server talks to the model.</li> </ol> <p>Yjs handles the first two almost for free. CRDTs (Conflict-free Replicated Data Types) merge concurrent edits deterministically, so I never write merge logic. The client setup is genuinely this small:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">Y</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">yjs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">WebsocketProvider</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">y-websocket</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">IndexeddbPersistence</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">y-indexeddb</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">doc</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Y</span><span class="p">.</span><span class="nc">Doc</span><span class="p">();</span> <span class="c1">// 1) Offline-first: restore + persist local state in IndexedDB</span> <span class="k">new</span> <span class="nc">IndexeddbPersistence</span><span class="p">(</span><span class="dl">'</span><span class="s1">agent-crdt-state-v1</span><span class="dl">'</span><span class="p">,</span> <span class="nx">doc</span><span class="p">);</span> <span class="c1">// 2) Real-time: join a room over WebSocket and sync conflict-free</span> <span class="k">new</span> <span class="nc">WebsocketProvider</span><span class="p">(</span><span class="nx">WS_URL</span><span class="p">,</span> <span class="dl">'</span><span class="s1">agent-crdt-state-v1</span><span class="dl">'</span><span class="p">,</span> <span class="nx">doc</span><span class="p">);</span> </code></pre> </div> <p>Pull the network cable, keep editing, plug it back in — it reconciles. No spinner, no data loss. The first time you see it, it feels illegal.</p> <h2> The third constraint is where I fooled myself </h2> <p>I kept the API key off the client. The browser calls <code>POST /groq</code>, my server injects the key and forwards to the model:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/groq</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">prompt</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">upstream</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="nx">GROQ_OPENAI_URL</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">GROQ_API_KEY</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="c1">// key stays server-side</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">model</span><span class="p">:</span> <span class="nx">GROQ_MODEL</span><span class="p">,</span> <span class="na">messages</span><span class="p">:</span> <span class="p">[{</span> <span class="na">role</span><span class="p">:</span> <span class="dl">'</span><span class="s1">user</span><span class="dl">'</span><span class="p">,</span> <span class="na">content</span><span class="p">:</span> <span class="nx">prompt</span> <span class="p">}]</span> <span class="p">}),</span> <span class="p">});</span> <span class="c1">// ...forward response</span> <span class="p">});</span> </code></pre> </div> <p>"Key's off the client. I'm secure." Pat on the back. Push to GitHub.</p> <p>Except — look at what's <em>missing</em>. No auth. No rate limit. CORS open to the entire internet. That endpoint is a public, unmetered pipe to my paid API key. Anyone who finds the URL can drain it from any website on Earth.</p> <p>I'd locked the front door and left the vault open.</p> <h2> Fixing it — three small middlewares </h2> <p>None of this needs a library. Here's the whole hardening pass.</p> <p><strong>1. CORS allowlist (not <code>cors()</code> with no args):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">ALLOWED_ORIGINS</span> <span class="o">=</span> <span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">ALLOWED_ORIGINS</span> <span class="o">||</span> <span class="dl">''</span><span class="p">)</span> <span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1">,</span><span class="dl">'</span><span class="p">).</span><span class="nf">map</span><span class="p">(</span><span class="nx">o</span> <span class="o">=&gt;</span> <span class="nx">o</span><span class="p">.</span><span class="nf">trim</span><span class="p">()).</span><span class="nf">filter</span><span class="p">(</span><span class="nb">Boolean</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">cors</span><span class="p">(</span><span class="nx">ALLOWED_ORIGINS</span><span class="p">.</span><span class="nx">length</span> <span class="p">?</span> <span class="p">{</span> <span class="na">origin</span><span class="p">:</span> <span class="nx">ALLOWED_ORIGINS</span> <span class="p">}</span> <span class="p">:</span> <span class="kc">undefined</span><span class="p">));</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">ALLOWED_ORIGINS</span><span class="p">.</span><span class="nx">length</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">warn</span><span class="p">(</span><span class="dl">'</span><span class="s1">[proxy] ALLOWED_ORIGINS unset — CORS open to all origins.</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The loud warning matters. I <em>will</em> forget to set the env var; I want the server yelling at me when I do.</p> <p><strong>2. Per-IP rate limiting (in-memory, zero deps):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">buckets</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Map</span><span class="p">();</span> <span class="kd">function</span> <span class="nf">rateLimit</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">ip</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">ip</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">unknown</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">now</span> <span class="o">=</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">hits</span> <span class="o">=</span> <span class="p">(</span><span class="nx">buckets</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">ip</span><span class="p">)</span> <span class="o">||</span> <span class="p">[]).</span><span class="nf">filter</span><span class="p">(</span><span class="nx">t</span> <span class="o">=&gt;</span> <span class="nx">now</span> <span class="o">-</span> <span class="nx">t</span> <span class="o">&lt;</span> <span class="nx">WINDOW_MS</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">hits</span><span class="p">.</span><span class="nx">length</span> <span class="o">&gt;=</span> <span class="nx">MAX_HITS</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">429</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Too many requests, slow down.</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="nx">hits</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="nx">now</span><span class="p">);</span> <span class="nx">buckets</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">ip</span><span class="p">,</span> <span class="nx">hits</span><span class="p">);</span> <span class="nf">next</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <p>A sliding window per IP. One bad actor can't empty the key in an afternoon. (For multi-instance deploys you'd back this with Redis — but for a single node, a <code>Map</code> is honest and enough.)</p> <p><strong>3. Optional bearer-token gate:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">requireAuth</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">PROXY_AUTH_TOKEN</span><span class="p">)</span> <span class="k">return</span> <span class="nf">next</span><span class="p">();</span> <span class="c1">// disabled unless you set it</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">authorization</span> <span class="o">||</span> <span class="dl">''</span><span class="p">).</span><span class="nf">replace</span><span class="p">(</span><span class="dl">'</span><span class="s1">Bearer </span><span class="dl">'</span><span class="p">,</span> <span class="dl">''</span><span class="p">).</span><span class="nf">trim</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">token</span> <span class="o">!==</span> <span class="nx">PROXY_AUTH_TOKEN</span><span class="p">)</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Unauthorized</span><span class="dl">'</span> <span class="p">});</span> <span class="nf">next</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <p>Then chain them onto the route:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/groq</span><span class="dl">'</span><span class="p">,</span> <span class="nx">rateLimit</span><span class="p">,</span> <span class="nx">requireAuth</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="cm">/* ... */</span> <span class="p">});</span> </code></pre> </div> <p><strong>Bonus footgun I also found:</strong> the original handler logged every prompt and the full upstream response to the console. Fine locally, a privacy leak in production. I gated all of it behind a <code>DEBUG_GROQ</code> flag.</p> <blockquote> <p>⚠️ Browser-app caveat: any token you ship <em>to the browser</em> is visible to users. For a purely public web app, lean on <code>ALLOWED_ORIGINS</code> + rate limiting; use <code>PROXY_AUTH_TOKEN</code> for server-to-server or trusted clients.</p> </blockquote> <h2> "Open-source ready" is more than <code>git push</code> </h2> <p>The code was the easy half. The repo only felt <em>honest</em> once it had:</p> <ul> <li>A real <strong>LICENSE</strong> ("it's on GitHub" is not a license).</li> <li>A <strong>SECURITY.md</strong> that's upfront about the proxy's risks.</li> <li>A <strong>CONTRIBUTING.md</strong> so the next dev isn't reverse-engineering my setup.</li> <li>A copy-pasteable <strong>Quick Start</strong> (running in under 5 minutes).</li> <li>A guarantee no secret ever touched git history — the <em>whole</em> history, not just HEAD.</li> </ul> <p>That last one deserves a billboard: <strong>a key that was ever committed is compromised, even if you delete it later.</strong> Grep your full history before you publish, not after.</p> <h2> Takeaway </h2> <p>The CRDT magic was the fun part. The lesson that'll outlive the project is duller and more useful:</p> <p><strong>Shipping for yourself and shipping for strangers are two different jobs.</strong> The second one is mostly respect — for the next dev's time, and for everyone who trusts your code enough to run it.</p> <p>AgentHub is MIT-licensed and live. If offline-first sync or CRDTs are on your "I should learn that" list, it's a small, readable place to start:</p> <p>👉 <strong><a href="https://github.com/payallenka/AgentHub" rel="noopener noreferrer">https://github.com/payallenka/AgentHub</a></strong></p> <p>Found a hole I missed? Open an issue. That's the whole point of putting it out there.</p> <p><em>If this was useful, a ❤️ or 🦄 helps it reach the next dev. What's the worst "secure" code you've shipped? I'll go first — see above.</em></p> webdev javascript opensource security