mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-08 11:11:23 +00:00
chore: Enable "curly" rule to avoid single-statement if confusion/errors.
This commit is contained in:
cpojer
@@ -33,7 +33,9 @@ type TailscaleUser = {
|
||||
type TailscaleWhoisLookup = (ip: string) => Promise<TailscaleWhoisIdentity | null>;
|
||||
|
||||
function safeEqual(a: string, b: string): boolean {
|
||||
if (a.length !== b.length) return false;
|
||||
if (a.length !== b.length) {
|
||||
return false;
|
||||
}
|
||||
return timingSafeEqual(Buffer.from(a), Buffer.from(b));
|
||||
}
|
||||
|
||||
@@ -42,20 +44,34 @@ function normalizeLogin(login: string): string {
|
||||
}
|
||||
|
||||
function isLoopbackAddress(ip: string | undefined): boolean {
|
||||
if (!ip) return false;
|
||||
if (ip === "127.0.0.1") return true;
|
||||
if (ip.startsWith("127.")) return true;
|
||||
if (ip === "::1") return true;
|
||||
if (ip.startsWith("::ffff:127.")) return true;
|
||||
if (!ip) {
|
||||
return false;
|
||||
}
|
||||
if (ip === "127.0.0.1") {
|
||||
return true;
|
||||
}
|
||||
if (ip.startsWith("127.")) {
|
||||
return true;
|
||||
}
|
||||
if (ip === "::1") {
|
||||
return true;
|
||||
}
|
||||
if (ip.startsWith("::ffff:127.")) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
function getHostName(hostHeader?: string): string {
|
||||
const host = (hostHeader ?? "").trim().toLowerCase();
|
||||
if (!host) return "";
|
||||
if (!host) {
|
||||
return "";
|
||||
}
|
||||
if (host.startsWith("[")) {
|
||||
const end = host.indexOf("]");
|
||||
if (end !== -1) return host.slice(1, end);
|
||||
if (end !== -1) {
|
||||
return host.slice(1, end);
|
||||
}
|
||||
}
|
||||
const [name] = host.split(":");
|
||||
return name ?? "";
|
||||
@@ -66,7 +82,9 @@ function headerValue(value: string | string[] | undefined): string | undefined {
|
||||
}
|
||||
|
||||
function resolveTailscaleClientIp(req?: IncomingMessage): string | undefined {
|
||||
if (!req) return undefined;
|
||||
if (!req) {
|
||||
return undefined;
|
||||
}
|
||||
const forwardedFor = headerValue(req.headers?.["x-forwarded-for"]);
|
||||
return forwardedFor ? parseForwardedForClientIp(forwardedFor) : undefined;
|
||||
}
|
||||
@@ -75,7 +93,9 @@ function resolveRequestClientIp(
|
||||
req?: IncomingMessage,
|
||||
trustedProxies?: string[],
|
||||
): string | undefined {
|
||||
if (!req) return undefined;
|
||||
if (!req) {
|
||||
return undefined;
|
||||
}
|
||||
return resolveGatewayClientIp({
|
||||
remoteAddr: req.socket?.remoteAddress ?? "",
|
||||
forwardedFor: headerValue(req.headers?.["x-forwarded-for"]),
|
||||
@@ -85,9 +105,13 @@ function resolveRequestClientIp(
|
||||
}
|
||||
|
||||
export function isLocalDirectRequest(req?: IncomingMessage, trustedProxies?: string[]): boolean {
|
||||
if (!req) return false;
|
||||
if (!req) {
|
||||
return false;
|
||||
}
|
||||
const clientIp = resolveRequestClientIp(req, trustedProxies) ?? "";
|
||||
if (!isLoopbackAddress(clientIp)) return false;
|
||||
if (!isLoopbackAddress(clientIp)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const host = getHostName(req.headers?.host);
|
||||
const hostIsLocal = host === "localhost" || host === "127.0.0.1" || host === "::1";
|
||||
@@ -104,9 +128,13 @@ export function isLocalDirectRequest(req?: IncomingMessage, trustedProxies?: str
|
||||
}
|
||||
|
||||
function getTailscaleUser(req?: IncomingMessage): TailscaleUser | null {
|
||||
if (!req) return null;
|
||||
if (!req) {
|
||||
return null;
|
||||
}
|
||||
const login = req.headers["tailscale-user-login"];
|
||||
if (typeof login !== "string" || !login.trim()) return null;
|
||||
if (typeof login !== "string" || !login.trim()) {
|
||||
return null;
|
||||
}
|
||||
const nameRaw = req.headers["tailscale-user-name"];
|
||||
const profilePic = req.headers["tailscale-user-profile-pic"];
|
||||
const name = typeof nameRaw === "string" && nameRaw.trim() ? nameRaw.trim() : login.trim();
|
||||
@@ -118,7 +146,9 @@ function getTailscaleUser(req?: IncomingMessage): TailscaleUser | null {
|
||||
}
|
||||
|
||||
function hasTailscaleProxyHeaders(req?: IncomingMessage): boolean {
|
||||
if (!req) return false;
|
||||
if (!req) {
|
||||
return false;
|
||||
}
|
||||
return Boolean(
|
||||
req.headers["x-forwarded-for"] &&
|
||||
req.headers["x-forwarded-proto"] &&
|
||||
@@ -127,7 +157,9 @@ function hasTailscaleProxyHeaders(req?: IncomingMessage): boolean {
|
||||
}
|
||||
|
||||
function isTailscaleProxyRequest(req?: IncomingMessage): boolean {
|
||||
if (!req) return false;
|
||||
if (!req) {
|
||||
return false;
|
||||
}
|
||||
return isLoopbackAddress(req.socket?.remoteAddress) && hasTailscaleProxyHeaders(req);
|
||||
}
|
||||
|
||||
@@ -191,7 +223,9 @@ export function resolveGatewayAuth(params: {
|
||||
|
||||
export function assertGatewayAuthConfigured(auth: ResolvedGatewayAuth): void {
|
||||
if (auth.mode === "token" && !auth.token) {
|
||||
if (auth.allowTailscale) return;
|
||||
if (auth.allowTailscale) {
|
||||
return;
|
||||
}
|
||||
throw new Error(
|
||||
"gateway auth mode is token, but no token was configured (set gateway.auth.token or OPENCLAW_GATEWAY_TOKEN)",
|
||||
);
|
||||
|
||||
Reference in New Issue
Block a user