Terminal Companion API

Features

NEW Authentication System

• JWT-based authentication with access and refresh tokens
• User registration with email validation
• Secure password hashing with bcrypt
• Session management with automatic token refresh

NEW Chat Integration

• Real-time chat with AI models via Ollama
• Conversation history and management
• Support for multiple AI models (general and long-form)
• Streaming responses for better UX

NEW Admin UI

• Secure admin dashboard with password protection
• User management (view, update, delete)
• Subscription and credits management
• Dark theme interface

NEW Webhooks

• Configurable webhook endpoints
• Secret-based authentication for webhooks
• Event notification system

NEW API Keys

• Generate and manage API keys
• Secure key hashing (keys never stored in plain text)
• Key prefix display for identification
• Usage tracking with last-used timestamps

Security Improvements

SECURITY CORS Configuration

• Restricted CORS to specific allowed origins
• Whitelist includes Replit domains and configured frontend URL
• Proper handling of credentials and allowed methods

SECURITY Content Security Policy

• Enabled CSP via Helmet middleware
• Restricted script and style sources
• Protected against XSS and injection attacks

SECURITY Rate Limiting

• IP-based rate limiting on authentication routes
• 10 login attempts per 15 minutes
• 5 registration attempts per hour
• Protection against brute-force attacks

SECURITY Secret Management

• Sensitive configuration stored in Replit Secrets
• JWT secrets, API keys, and admin passwords secured
• Environment-based configuration

IMPROVEMENT Error Handling

• Production-safe error responses
• Stack traces hidden in production environment
• Detailed errors available in development mode

API Documentation

For complete API documentation, visit /docs.

Admin dashboard available at /admin.