Skip to content

Expire old openrouter key #182

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

Expire old openrouter key #182

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e8dda4c
Remove vibes-openrouter-key if before now, Jul 29
windmountain Jul 29, 2025
fb3e536
Round out today's date
windmountain Jul 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 12 additions & 5 deletions app/hooks/useApiKey.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,19 @@ export function useApiKey() {
if (storedKey) {
try {
const keyData = JSON.parse(storedKey);
// Make sure we have a valid key object
if (keyData.key && typeof keyData.key === 'string' && keyData.hash) {
return keyData; // Return the full stored object if valid
const epochStart = 1753747200000; // 2025-07-29T00:00:00.000Z

Comment on lines +26 to +27
Copy link
Contributor

@charliecreates charliecreates bot Jul 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

epochStart is documented in the PR as “today” (2024-07-29) but the timestamp here corresponds to 2025-07-29. Any key created between now and July 2025 will never be rotated, which contradicts the stated goal of expiring older keys.

Double-check the intended date; this looks like an off-by-one-year bug that could leave affected users stranded for another year.

Suggestion 
// Use a correctly-dated epoch (midnight UTC on 2024-07-29)
const epochStart = Date.UTC(2024, 6, 29); // months are 0-indexed

Reply with "@CharlieHelps yes please" if you'd like me to add a commit with this suggestion.

Copy link
Contributor Author

@windmountain windmountain Jul 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nobody said 2024. Go back to sleep.

const isValid = keyData.key && typeof keyData.key === 'string' && keyData.hash;
const isFromBefore = keyData.createdAt && keyData.createdAt < epochStart;

if (!isValid) {
Comment on lines +28 to +31
Copy link
Contributor

@charliecreates charliecreates bot Jul 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If createdAt is missing, isFromBefore evaluates to false, meaning we keep keys whose age is unknown. Given the migration intent, it’s safer to treat a missing createdAt as stale rather than fresh, so that corrupted or legacy keys don’t block users.

Suggestion 
const isFromBefore = !keyData.createdAt || keyData.createdAt < epochStart;

Reply with "@CharlieHelps yes please" if you'd like me to add a commit with this suggestion.

Copy link
Contributor Author

@windmountain windmountain Jul 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, the approach you're proposing is too aggressive. I don't want to delete keys I don't understand.

throw new Error('Invalid key data');
}
// If key is invalid, remove it
localStorage.removeItem(storageKey);
if (isFromBefore) {
throw new Error('Key is from before the current epoch');
}

return keyData;
} catch (e) {
localStorage.removeItem(storageKey); // Corrupted data
}
Expand Down