Restrict CLI access to localhost and update README for Gemini compatibility

- Added localhost-only access restriction to `CLIHandler` for security.
- Updated README to reflect Gemini-compatible API and local access limitation notes.

README.md

@@ -1,10 +1,10 @@
 # CLI Proxy API
 
-A proxy server that provides an OpenAI-compatible API interface for CLI. This allows you to use CLI models with tools and libraries designed for the OpenAI API.
+A proxy server that provides an OpenAI-compatible/Gemini-compatible API interface for CLI. This allows you to use CLI models with tools and libraries designed for the OpenAI/Gemini API.
 
 ## Features
 
-- OpenAI-compatible API endpoints for CLI models
+- OpenAI/Gemini compatible API endpoints for CLI models
 - Support for both streaming and non-streaming responses
 - Function calling/tools support
 - Multimodal input support (text and images)
@@ -208,6 +208,10 @@ export CODE_ASSIST_ENDPOINT="http://127.0.0.1:8317"
 
 The server will relay the `loadCodeAssist`, `onboardUser`, and `countTokens` requests. And automatically load balance the text generation requests between the multiple accounts.
 
+> [!NOTE]  
+> This feature only allows local access because I couldn't find a way to authenticate the requests.   
+> I hardcoded `127.0.0.1` into the load balancing.
+
 ## Contributing
 
 Contributions are welcome! Please feel free to submit a Pull Request.

internal/api/cli-handlers.go

@@ -12,10 +12,21 @@ import (
 	"github.com/tidwall/sjson"
 	"io"
 	"net/http"
+	"strings"
 	"time"
 )
 
 func (h *APIHandlers) CLIHandler(c *gin.Context) {
+	if !strings.HasPrefix(c.Request.RemoteAddr, "127.0.0.1:") {
+		c.JSON(http.StatusForbidden, ErrorResponse{
+			Error: ErrorDetail{
+				Message: "CLI reply only allow local access",
+				Type:    "forbidden",
+			},
+		})
+		return
+	}
+
 	rawJson, _ := c.GetRawData()
 	requestRawURI := c.Request.URL.Path
 	if requestRawURI == "/v1internal:generateContent" {