github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 21:24:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(gateway): extract connect and role policy logic

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 19:47:17 +01:00
parent f97c45c5b5
commit 51149fcaf1
7 changed files with 342 additions and 157 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/gateway/role-policy.test.ts Normal file
View File

@@ -0,0 +1,28 @@
import { describe, expect, test } from "vitest";
import {
isRoleAuthorizedForMethod,
parseGatewayRole,
roleCanSkipDeviceIdentity,
} from "./role-policy.js";
describe("gateway role policy", () => {
test("parses supported roles", () => {
expect(parseGatewayRole("operator")).toBe("operator");
expect(parseGatewayRole("node")).toBe("node");
expect(parseGatewayRole("admin")).toBeNull();
expect(parseGatewayRole(undefined)).toBeNull();
});
test("allows device-less bypass only for operator + shared auth", () => {
expect(roleCanSkipDeviceIdentity("operator", true)).toBe(true);
expect(roleCanSkipDeviceIdentity("operator", false)).toBe(false);
expect(roleCanSkipDeviceIdentity("node", true)).toBe(false);
});
test("authorizes roles against node vs operator methods", () => {
expect(isRoleAuthorizedForMethod("node", "node.event")).toBe(true);
expect(isRoleAuthorizedForMethod("node", "status")).toBe(false);
expect(isRoleAuthorizedForMethod("operator", "status")).toBe(true);
expect(isRoleAuthorizedForMethod("operator", "node.event")).toBe(false);
});
});