github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 11:17:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden gateway command/audit guardrails

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-22 08:44:12 +01:00
parent 121d027229
commit 265da4dd2a
10 changed files with 176 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/gateway/control-plane-rate-limit.ts
View File

@@ -21,6 +21,13 @@ function normalizePart(value: unknown, fallback: string): string {
export function resolveControlPlaneRateLimitKey(client: GatewayClient | null): string {
const deviceId = normalizePart(client?.connect?.device?.id, "unknown-device");
const clientIp = normalizePart(client?.clientIp, "unknown-ip");
if (deviceId === "unknown-device" && clientIp === "unknown-ip") {
// Last-resort fallback: avoid cross-client contention when upstream identity is missing.
const connId = normalizePart(client?.connId, "");
if (connId) {
return `${deviceId}|${clientIp}|conn=${connId}`;
}
}
return `${deviceId}|${clientIp}`;
}