github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 14:35:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(secrets): harden api key normalization for ByteString headers

Browse Source
This commit is contained in:
Vignesh Natarajan
2026-03-05 18:31:35 -08:00
parent 7a22b3fa0b
commit 1ab9393212
4 changed files with 78 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/agents/minimax-vlm.normalizes-api-key.test.ts
View File

@@ -35,4 +35,31 @@ describe("minimaxUnderstandImage apiKey normalization", () => {
expect(text).toBe("ok");
expect(fetchSpy).toHaveBeenCalled();
});
it("drops non-Latin1 characters from apiKey before sending Authorization header", async () => {
const fetchSpy = vi.fn(async (_input: RequestInfo | URL, init?: RequestInit) => {
const auth = (init?.headers as Record<string, string> | undefined)?.Authorization;
expect(auth).toBe("Bearer minimax-test-key");
return new Response(
JSON.stringify({
base_resp: { status_code: 0, status_msg: "ok" },
content: "ok",
}),
{ status: 200, headers: { "Content-Type": "application/json" } },
);
});
global.fetch = withFetchPreconnect(fetchSpy);
const { minimaxUnderstandImage } = await import("./minimax-vlm.js");
const text = await minimaxUnderstandImage({
apiKey: "minimax-\u0417\u2502test-key",
prompt: "hi",
imageDataUrl: "data:image/png;base64,AAAA",
apiHost: "https://api.minimax.io",
});
expect(text).toBe("ok");
expect(fetchSpy).toHaveBeenCalled();
});
});