github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 23:48:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(gateway): make ws and http auth surfaces explicit

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 13:31:58 +01:00
parent 1835dec200
commit 36a0df423d
8 changed files with 119 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/gateway/tools-invoke-http.ts
View File

@@ -24,7 +24,7 @@ import { isSubagentSessionKey } from "../routing/session-key.js";
import { DEFAULT_GATEWAY_HTTP_TOOL_DENY } from "../security/dangerous-tools.js";
import { normalizeMessageChannel } from "../utils/message-channel.js";
import type { AuthRateLimiter } from "./auth-rate-limit.js";
import { authorizeGatewayConnect, type ResolvedGatewayAuth } from "./auth.js";
import { authorizeHttpGatewayConnect, type ResolvedGatewayAuth } from "./auth.js";
import {
readJsonBodyOrError,
sendGatewayAuthFailure,
@@ -146,12 +146,11 @@ export async function handleToolsInvokeHttpRequest(
const cfg = loadConfig();
const token = getBearerToken(req);
const authResult = await authorizeGatewayConnect({
const authResult = await authorizeHttpGatewayConnect({
auth: opts.auth,
connectAuth: token ? { token, password: token } : null,
req,
trustedProxies: opts.trustedProxies ?? cfg.gateway?.trustedProxies,
allowTailscaleHeaderAuth: false,
rateLimiter: opts.rateLimiter,
});
if (!authResult.ok) {