fix(api): validate api key prefix

src/langbot/pkg/api/http/controller/groups/plugins.py

@@ -39,6 +39,16 @@ def _normalize_plugin_asset_path(filepath: str) -> str | None:
     return f'assets/{normalized}'
 
 
+def _get_request_origin() -> str:
+    """Return the public request origin, respecting reverse-proxy headers."""
+    forwarded_proto = quart.request.headers.get('X-Forwarded-Proto', '').split(',')[0].strip()
+    forwarded_host = quart.request.headers.get('X-Forwarded-Host', '').split(',')[0].strip()
+
+    scheme = forwarded_proto or quart.request.scheme
+    host = forwarded_host or quart.request.host
+    return f'{scheme}://{host}'
+
+
 @group.group_class('plugins', '/api/v1/plugins')
 class PluginsRouterGroup(group.RouterGroup):
     async def _check_extensions_limit(self) -> str | None:
@@ -189,7 +199,7 @@ class PluginsRouterGroup(group.RouterGroup):
             # CSP for HTML pages served to sandboxed iframes (opaque origin).
             # 'self' doesn't work in sandboxed iframes — use actual server origin.
             if mime_type and mime_type.startswith('text/html'):
-                origin = f'{quart.request.scheme}://{quart.request.host}'
+                origin = _get_request_origin()
                 resp.headers['Content-Security-Policy'] = (
                     f'default-src {origin}; '
                     f"script-src {origin} 'unsafe-inline'; "

src/langbot/pkg/api/http/service/apikey.py

@@ -52,6 +52,9 @@ class ApiKeyService:
 
     async def verify_api_key(self, key: str) -> bool:
         """Verify if an API key is valid"""
+        if not isinstance(key, str) or not key.startswith('lbk_'):
+            return False
+
         result = await self.ap.persistence_mgr.execute_async(
             sqlalchemy.select(apikey.ApiKey).where(apikey.ApiKey.key == key)
         )

tests/unit_tests/api/test_apikey_service.py

@@ -0,0 +1,40 @@
+from __future__ import annotations
+
+from types import SimpleNamespace
+from unittest.mock import AsyncMock, Mock
+
+import pytest
+
+from langbot.pkg.api.http.service.apikey import ApiKeyService
+
+
+@pytest.mark.asyncio
+@pytest.mark.parametrize('api_key', [None, 123, b'lbk_bytes', '', 'plain_key', ' LBK_bad', 'sk-lbk_fake'])
+async def test_verify_api_key_rejects_non_lbk_keys_without_db_query(api_key):
+    persistence_mgr = SimpleNamespace(execute_async=AsyncMock())
+    service = ApiKeyService(SimpleNamespace(persistence_mgr=persistence_mgr))
+
+    result = await service.verify_api_key(api_key)
+
+    assert result is False
+    persistence_mgr.execute_async.assert_not_awaited()
+
+
+@pytest.mark.asyncio
+@pytest.mark.parametrize(
+    ('db_row', 'expected'),
+    [
+        (object(), True),
+        (None, False),
+    ],
+)
+async def test_verify_api_key_keeps_db_validation_for_lbk_keys(db_row, expected):
+    query_result = Mock()
+    query_result.first.return_value = db_row
+    persistence_mgr = SimpleNamespace(execute_async=AsyncMock(return_value=query_result))
+    service = ApiKeyService(SimpleNamespace(persistence_mgr=persistence_mgr))
+
+    result = await service.verify_api_key('lbk_valid_format')
+
+    assert result is expected
+    persistence_mgr.execute_async.assert_awaited_once()

web/src/app/infra/http/BackendClient.ts

@@ -590,6 +590,9 @@ export class BackendClient extends BaseHttpClient {
     name: string,
     filepath: string,
   ): string {
+    if (this.instance.defaults.baseURL === '/') {
+      return `${window.location.origin}/api/v1/plugins/${author}/${name}/assets/${filepath}`;
+    }
     return (
       this.instance.defaults.baseURL +
       `/api/v1/plugins/${author}/${name}/assets/${filepath}`