github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-30 09:45:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(hooks): gate methods before auth lockout accounting

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-07 18:04:45 +00:00
parent 262fef6ac8
commit 44820dcead
3 changed files with 29 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/gateway/server-http.ts
View File

@@ -383,6 +383,14 @@ export function createHooksRequestHandler(
return true;
}
if (req.method !== "POST") {
res.statusCode = 405;
res.setHeader("Allow", "POST");
res.setHeader("Content-Type", "text/plain; charset=utf-8");
res.end("Method Not Allowed");
return true;
}
const token = extractHookToken(req);
const clientKey = resolveHookClientKey(req);
if (!safeEqualSecret(token, hooksConfig.token)) {
@@ -404,14 +412,6 @@ export function createHooksRequestHandler(
}
hookAuthLimiter.reset(clientKey, AUTH_RATE_LIMIT_SCOPE_HOOK_AUTH);
if (req.method !== "POST") {
res.statusCode = 405;
res.setHeader("Allow", "POST");
res.setHeader("Content-Type", "text/plain; charset=utf-8");
res.end("Method Not Allowed");
return true;
}
const subPath = url.pathname.slice(basePath.length).replace(/^\/+/, "");
if (!subPath) {
res.statusCode = 404;