pixforge 0.3.1

Fast CLI to generate images via OpenAI, Azure, Gemini, LocalAI, and other image-gen providers.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142

//! Security tests: ensure pasted secrets in `api_key_env` are caught at
//! config-parse time and never echoed in any error message.

use std::path::PathBuf;

use pixforge::config::LoadedConfig;

fn parse(s: &str) -> Result<LoadedConfig, String> {
    LoadedConfig::parse(s, PathBuf::from("/tmp/test-config.toml")).map_err(|e| format!("{e:#}"))
}

/// The exact shape of the leak scenario from the v0.2.1 install report:
/// the user pasted a long alphanumeric secret where the env var NAME was
/// expected. We use a clearly-fake placeholder of similar length here so
/// the test exercises the same code path without itself looking like a
/// real key to secret scanners.
const LEAKED_KEY_LIKE: &str =
    "PLACEHOLDERkeyPLACEHOLDERkeyPLACEHOLDERkeyPLACEHOLDERkeyPLACEHOLDERkeyPLACEHOLDER123";

#[test]
fn pasted_secret_in_api_key_env_is_rejected_and_never_echoed() {
    let txt = format!(
        r#"
[profile.azure-mai]
provider     = "azure-mai"
endpoint     = "https://x.services.ai.azure.com"
model        = "MAI-Image-2"
api_key_env  = "{LEAKED_KEY_LIKE}"
"#
    );
    let err = parse(&txt).expect_err("must reject");
    assert!(
        !err.contains(LEAKED_KEY_LIKE),
        "ERROR MUST NOT CONTAIN THE LEAKED VALUE.\nGot error: {err}"
    );
    assert!(
        err.contains("does not look like an environment variable name")
            || err.contains("suspiciously long"),
        "should explain what's wrong: {err}"
    );
    assert!(
        err.contains("rotate")
            || err.contains("compromised")
            || err.contains("paste"),
        "should warn about secret rotation: {err}"
    );
}

#[test]
fn long_value_with_only_valid_chars_is_still_rejected_as_too_long() {
    // 80 chars, all alphanumeric — would pass the regex check but is
    // suspiciously long for an env var name. This is a real-world Azure
    // key shape (without `=`/`+`/`/`).
    let suspicious = "ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZAB";
    assert_eq!(suspicious.len(), 80);
    let txt = format!(
        r#"
[profile.azure-mai]
provider     = "azure-mai"
endpoint     = "https://x.services.ai.azure.com"
model        = "MAI-Image-2"
api_key_env  = "{suspicious}"
"#
    );
    let err = parse(&txt).expect_err("80-char alphanum must fail");
    assert!(
        !err.contains(suspicious),
        "MUST NOT echo the value, got: {err}"
    );
    assert!(err.contains("suspiciously long"), "got: {err}");
}

#[test]
fn value_with_special_chars_is_rejected() {
    // Real OpenAI-style key prefix shape: starts with sk-, contains dashes.
    let bad = "sk-proj-abc123-def456";
    let txt = format!(
        r#"
[profile.openai]
provider     = "openai-compat"
endpoint     = "https://api.openai.com/v1"
model        = "gpt-image-1"
api_key_env  = "{bad}"
"#
    );
    let err = parse(&txt).expect_err("`-` in name must fail");
    assert!(!err.contains(bad), "MUST NOT echo the value, got: {err}");
}

#[test]
fn value_starting_with_digit_is_rejected() {
    // Posix env var names cannot start with a digit.
    let bad = "1AZURE_KEY";
    let txt = format!(
        r#"
[profile.azure-mai]
provider     = "azure-mai"
endpoint     = "https://x.services.ai.azure.com"
model        = "MAI-Image-2"
api_key_env  = "{bad}"
"#
    );
    let err = parse(&txt).expect_err("leading digit must fail");
    assert!(!err.contains(bad), "MUST NOT echo the value, got: {err}");
}

#[test]
fn empty_api_key_env_is_rejected() {
    let txt = r#"
[profile.azure-mai]
provider     = "azure-mai"
endpoint     = "https://x.services.ai.azure.com"
model        = "MAI-Image-2"
api_key_env  = ""
"#;
    let err = parse(txt).expect_err("empty must fail");
    assert!(err.contains("empty"), "got: {err}");
}

#[test]
fn normal_env_var_names_are_accepted() {
    let names = [
        "AZURE_API_KEY",
        "OPENAI_API_KEY",
        "GEMINI_API_KEY",
        "_PRIVATE_VAR",
        "MY_KEY_2",
        "X",
    ];
    for name in names {
        let txt = format!(
            r#"
[profile.p]
provider     = "openai-compat"
endpoint     = "https://api.openai.com/v1"
model        = "gpt-image-1"
api_key_env  = "{name}"
"#
        );
        parse(&txt).unwrap_or_else(|e| panic!("name {name:?} should be accepted, got: {e}"));
    }
}