github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 02:38:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(gateway): make ws and http auth surfaces explicit

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 13:31:58 +01:00
parent 1835dec200
commit 36a0df423d
8 changed files with 119 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/gateway/server-http.ts
View File

@@ -21,7 +21,7 @@ import { safeEqualSecret } from "../security/secret-equal.js";
import { handleSlackHttpRequest } from "../slack/http/index.js";
import type { AuthRateLimiter } from "./auth-rate-limit.js";
import {
authorizeGatewayConnect,
authorizeHttpGatewayConnect,
isLocalDirectRequest,
type GatewayAuthResult,
type ResolvedGatewayAuth,
@@ -150,12 +150,11 @@ async function authorizeCanvasRequest(params: {
let lastAuthFailure: GatewayAuthResult | null = null;
const token = getBearerToken(req);
if (token) {
const authResult = await authorizeGatewayConnect({
const authResult = await authorizeHttpGatewayConnect({
auth: { ...auth, allowTailscale: false },
connectAuth: { token, password: token },
req,
trustedProxies,
allowTailscaleHeaderAuth: false,
rateLimiter,
});
if (authResult.ok) {
@@ -528,12 +527,11 @@ export function createGatewayHttpServer(opts: {
// their own auth when exposing sensitive functionality.
if (requestPath.startsWith("/api/channels/")) {
const token = getBearerToken(req);
const authResult = await authorizeGatewayConnect({
const authResult = await authorizeHttpGatewayConnect({
auth: resolvedAuth,
connectAuth: token ? { token, password: token } : null,
req,
trustedProxies,
allowTailscaleHeaderAuth: false,
rateLimiter,
});
if (!authResult.ok) {