Spaces:

ghmk
/

character_forge

Sleeping

ghmk commited on Nov 12, 2025

Commit

c078ea1

1 Parent(s): e494e0c

Add security improvements for public deployment

- Add warning banner when API key not set
- Add helpful link to get free API key
- Clarify that API keys are per-session only
- Create comprehensive SECURITY.md documentation
- Update license info in sidebar (Apache -> AGPL)

Files changed (2) hide show

SECURITY.md +261 -0
character_forge_image/app.py +21 -5

SECURITY.md ADDED Viewed

	@@ -0,0 +1,261 @@

+# Security & Privacy - Character Forge
+## 🔒 API Key Security
+### How API Keys Work
+Character Forge is designed to be deployed as a **public HuggingFace Space** where each user provides their own Gemini API key.
+**✅ SECURE: Each user's API key stays in THEIR session only**
+- API keys are stored in Streamlit's `session_state`
+- Session state is **isolated per browser session**
+- Your API key is **NEVER shared** with other users
+- Your API key is **NEVER stored** on the server
+- Your API key is **NEVER logged** or saved to disk
+### Deployment Configuration
+**For Public Spaces (Recommended):**
+❌ **DO NOT** add `GEMINI_API_KEY` to HuggingFace Repository Secrets
+If you add your API key as a secret, ALL users will use YOUR key and you'll pay for their usage!
+Instead:
+- Leave Repository Secrets empty
+- Each user enters their own API key in the sidebar
+- Users get their own free API key from [Google AI Studio](https://aistudio.google.com/app/apikey)
+**For Private Spaces (Your Personal Use):**
+✅ **DO** add `GEMINI_API_KEY` to Repository Secrets
+If your Space is set to Private:
+- Only you (and people you invite) can access it
+- Safe to add your API key as a secret
+- Convenient - no need to enter it each time
+---
+## 🔐 Privacy & Data Handling
+### What Data is Processed?
+When you generate images:
+1. **Your input images** are sent to Google's Gemini API
+2. **Your text prompts** are sent to Google's Gemini API
+3. **Generated images** are returned to your browser
+4. **Nothing is stored** on HuggingFace servers (files are temporary)
+### Where Does Data Go?
+```
+Your Browser
+    ↓ (upload image + prompt)
+HuggingFace Space (temporary processing)
+    ↓ (forward to API)
+Google Gemini API (image generation)
+    ↓ (return generated image)
+HuggingFace Space (temporary)
+    ↓ (download image)
+Your Browser (you save it)
+```
+### Data Retention
+**On HuggingFace:**
+- Generated images are stored in `/tmp/` (deleted after session ends)
+- No permanent storage
+- No logs of your generations
+**On Google Gemini API:**
+- Review [Google's Privacy Policy](https://policies.google.com/privacy)
+- Gemini API processes your data per their terms
+- Check [Gemini API Terms](https://ai.google.dev/terms)
+---
+## 🛡️ Best Practices
+### For Users:
+1. **Get Your Own API Key**
+   - Visit [Google AI Studio](https://aistudio.google.com/app/apikey)
+   - Create a free API key
+   - Enter it in the Character Forge sidebar
+   - Keep it private (don't share screenshots with your key visible)
+2. **Monitor Your Usage**
+   - Check your usage at [Google AI Studio](https://aistudio.google.com/)
+   - Free tier: 15 requests/minute, 1500/day
+   - Paid tier: ~$0.03 per image
+3. **Protect Your Key**
+   - Never share your API key publicly
+   - Don't commit it to git repositories
+   - Use environment variables for local development
+### For Space Owners:
+1. **Public Space = No Secrets**
+   - Don't add `GEMINI_API_KEY` to Repository Secrets
+   - Let users provide their own keys
+   - Zero cost to you!
+2. **Private Space = Secrets OK**
+   - Add your key as a secret if Space is private
+   - Only you and invited users can access
+   - You control who uses your key
+3. **Monitor Your Space**
+   - Check HuggingFace Space logs for errors
+   - Monitor unusual activity
+   - Consider adding rate limiting if needed
+---
+## 🔍 Code Audit
+The security model is implemented in these files:
+### Session State Isolation
+- **File**: `character_forge_image/app.py`
+- **Lines**: 40-41, 118-119
+- **Behavior**: API key stored in `st.session_state.gemini_api_key`
+- **Isolation**: Streamlit guarantees session state is per-user
+### API Key Retrieval
+- **File**: `character_forge_image/config/settings.py`
+- **Lines**: 54-61
+- **Behavior**: Checks environment variable, falls back to None
+- **Safe**: If no env var, users must provide their own
+### API Key Usage
+- **File**: `character_forge_image/core/gemini_client.py`
+- **Lines**: 35-46
+- **Behavior**: API key passed to Google's SDK
+- **Safe**: Never logged, never stored
+---
+## ⚠️ Common Mistakes to Avoid
+### ❌ DON'T: Share Your API Key
+```python
+# NEVER do this in public code
+GEMINI_API_KEY = "AIzaSy..."  # ❌ Hard-coded key
+```
+### ❌ DON'T: Add Secret to Public Space
+```yaml
+# In HuggingFace Settings → Repository Secrets
+# If Space is PUBLIC:
+GEMINI_API_KEY: AIzaSy...  # ❌ Everyone uses your key!
+```
+### ✅ DO: Let Users Provide Keys
+```python
+# This is what Character Forge does:
+st.session_state.gemini_api_key = user_input  # ✅ Per-user key
+```
+### ✅ DO: Use Environment Variables Locally
+```bash
+# For local development:
+export GEMINI_API_KEY="your-key-here"
+streamlit run app.py
+```
+---
+## 📊 Cost Implications
+### Public Space (Users Provide Keys)
+- **Your Cost**: $0
+- **User Cost**: Their own API usage
+- **Benefit**: Scalable, no abuse risk
+### Public Space (You Provide Key) ❌ NOT RECOMMENDED
+- **Your Cost**: Unlimited! Users can drain your account
+- **Risk**: High abuse potential
+- **Benefit**: None
+### Private Space (You Provide Key)
+- **Your Cost**: Only your usage
+- **Risk**: Low (only you and invited users)
+- **Benefit**: Convenient
+---
+## 🚨 Security Incident Response
+If you suspect your API key has been compromised:
+1. **Revoke the key immediately**
+   - Go to [Google AI Studio](https://aistudio.google.com/)
+   - Delete the compromised key
+2. **Create a new key**
+   - Generate a fresh API key
+   - Update your local environment
+3. **Review usage**
+   - Check your API usage logs
+   - Look for unusual activity
+4. **Update security**
+   - Ensure key isn't in git history
+   - Update `.gitignore` if needed
+   - Rotate keys regularly
+---
+## ✅ Verification
+To verify the security model is working:
+1. **Open two different browsers** (e.g., Chrome and Firefox)
+2. **Visit your Space** in both browsers
+3. **Enter different API keys** in each browser
+4. **Generate images** in both
+5. **Verify**: Each browser uses its own key (check Google API usage)
+If both browsers share the same key → **SECURITY ISSUE**
+If each browser has its own key → **WORKING CORRECTLY ✅**
+---
+## 📞 Reporting Security Issues
+If you find a security vulnerability:
+1. **DO NOT** create a public GitHub issue
+2. **Email**: gk@ghmk.de
+3. **Subject**: "Character Forge Security Issue"
+4. **Include**:
+   - Description of the vulnerability
+   - Steps to reproduce
+   - Potential impact
+We'll respond within 48 hours.
+---
+## 📜 License & Compliance
+Character Forge is licensed under **GNU AGPL v3.0**
+This means:
+- ✅ Free to use
+- ✅ Open source
+- ✅ Modifications must be shared
+- ❌ Cannot be integrated into proprietary software
+For security audits, the full source code is available at:
+https://huggingface.co/spaces/ghmk/character_forge
+---
+**Last Updated**: 2025-01-12
+**Version**: 1.0.0

character_forge_image/app.py CHANGED Viewed

@@ -67,6 +67,14 @@ def render_header():
         """
     )
     st.divider()
@@ -109,11 +117,15 @@ def render_sidebar():
         st.markdown("## Settings")
         # API Key input (for Gemini)
         api_key = st.text_input(
             "Gemini API Key",
-            value=st.session_state.gemini_api_key,
             type="password",
-            help="Enter your Google Gemini API key. Required for Gemini backend."
         )
         if api_key != st.session_state.gemini_api_key:
             st.session_state.gemini_api_key = api_key
@@ -140,11 +152,15 @@ def render_sidebar():
             ---
             **License:**
-            Apache 2.0
             **Get Started:**
-            - [Quick Start Guide](https://github.com/yourusername/character-forge)
-            - [Documentation](https://github.com/yourusername/character-forge/tree/main/docs)
             """
         )

         """
     )
+    # Show API key warning if not configured
+    if not st.session_state.get('gemini_api_key'):
+        st.warning(
+            "⚠️ **API Key Required**: Please enter your Gemini API key in the sidebar to start generating. "
+            "Get a free API key at [Google AI Studio](https://aistudio.google.com/app/apikey).",
+            icon="🔑"
+        )
     st.divider()
         st.markdown("## Settings")
         # API Key input (for Gemini)
+        st.markdown("### 🔑 API Key")
+        st.info("Get your FREE API key at [Google AI Studio](https://aistudio.google.com/app/apikey)")
         api_key = st.text_input(
             "Gemini API Key",
+            value=st.session_state.gemini_api_key or "",
             type="password",
+            help="Enter your Google Gemini API key. Required for Gemini backend. Your key stays in YOUR session only.",
+            placeholder="Enter your API key here..."
         )
         if api_key != st.session_state.gemini_api_key:
             st.session_state.gemini_api_key = api_key
             ---
             **License:**
+            GNU AGPL v3.0
+            **Privacy:**
+            Your API key is stored only in YOUR session.
+            It is never shared with other users.
             **Get Started:**
+            - [Get API Key](https://aistudio.google.com/app/apikey)
+            - [HuggingFace Space](https://huggingface.co/spaces/ghmk/character_forge)
             """
         )