refactor(gateway): dedupe probe auth resolution

2026-04-18 10:27:28 +00:00 · 2026-02-15 06:40:04 +00:00
parent 4950fcfb33
commit 6c7a7d910a
3 changed files with 40 additions and 49 deletions
--- a/src/commands/status-all.ts
+++ b/src/commands/status-all.ts
@@ -9,6 +9,7 @@ import { resolveNodeService } from "../daemon/node-service.js";
 import { resolveGatewayService } from "../daemon/service.js";
 import { buildGatewayConnectionDetails, callGateway } from "../gateway/call.js";
 import { normalizeControlUiBasePath } from "../gateway/control-ui-shared.js";
+import { resolveGatewayProbeAuth } from "../gateway/probe-auth.js";
 import { probeGateway } from "../gateway/probe.js";
 import { collectChannelStatusIssues } from "../infra/channels-status-issues.js";
 import { resolveOpenClawPackageRoot } from "../infra/openclaw-root.js";
@@ -119,31 +120,8 @@ export async function statusAllCommand(
    const remoteUrlMissing = isRemoteMode && !remoteUrlRaw;
    const gatewayMode = isRemoteMode ? "remote" : "local";

-    const resolveProbeAuth = (mode: "local" | "remote") => {
-      const authToken = cfg.gateway?.auth?.token;
-      const authPassword = cfg.gateway?.auth?.password;
-      const remote = cfg.gateway?.remote;
-      const token =
-        mode === "remote"
-          ? typeof remote?.token === "string" && remote.token.trim()
-            ? remote.token.trim()
-            : undefined
-          : process.env.OPENCLAW_GATEWAY_TOKEN?.trim() ||
-            (typeof authToken === "string" && authToken.trim() ? authToken.trim() : undefined);
-      const password =
-        process.env.OPENCLAW_GATEWAY_PASSWORD?.trim() ||
-        (mode === "remote"
-          ? typeof remote?.password === "string" && remote.password.trim()
-            ? remote.password.trim()
-            : undefined
-          : typeof authPassword === "string" && authPassword.trim()
-            ? authPassword.trim()
-            : undefined);
-      return { token, password };
-    };
-
-    const localFallbackAuth = resolveProbeAuth("local");
-    const remoteAuth = resolveProbeAuth("remote");
+    const localFallbackAuth = resolveGatewayProbeAuth({ cfg, mode: "local" });
+    const remoteAuth = resolveGatewayProbeAuth({ cfg, mode: "remote" });
    const probeAuth = isRemoteMode && !remoteUrlMissing ? remoteAuth : localFallbackAuth;

    const gatewayProbe = await probeGateway({
--- a/src/gateway/probe-auth.ts
+++ b/src/gateway/probe-auth.ts
@@ -0,0 +1,32 @@
+import type { OpenClawConfig } from "../config/config.js";
+
+export function resolveGatewayProbeAuth(params: {
+  cfg: OpenClawConfig;
+  mode: "local" | "remote";
+  env?: NodeJS.ProcessEnv;
+}): { token?: string; password?: string } {
+  const env = params.env ?? process.env;
+  const authToken = params.cfg.gateway?.auth?.token;
+  const authPassword = params.cfg.gateway?.auth?.password;
+  const remote = params.cfg.gateway?.remote;
+
+  const token =
+    params.mode === "remote"
+      ? typeof remote?.token === "string" && remote.token.trim()
+        ? remote.token.trim()
+        : undefined
+      : env.OPENCLAW_GATEWAY_TOKEN?.trim() ||
+        (typeof authToken === "string" && authToken.trim() ? authToken.trim() : undefined);
+
+  const password =
+    env.OPENCLAW_GATEWAY_PASSWORD?.trim() ||
+    (params.mode === "remote"
+      ? typeof remote?.password === "string" && remote.password.trim()
+        ? remote.password.trim()
+        : undefined
+      : typeof authPassword === "string" && authPassword.trim()
+        ? authPassword.trim()
+        : undefined);
+
+  return { token, password };
+}
--- a/src/security/audit.ts
+++ b/src/security/audit.ts
@@ -7,6 +7,7 @@ import { formatCliCommand } from "../cli/command-format.js";
 import { resolveConfigPath, resolveStateDir } from "../config/paths.js";
 import { resolveGatewayAuth } from "../gateway/auth.js";
 import { buildGatewayConnectionDetails } from "../gateway/call.js";
+import { resolveGatewayProbeAuth } from "../gateway/probe-auth.js";
 import { probeGateway } from "../gateway/probe.js";
 import { collectChannelSecurityFindings } from "./audit-channel.js";
 import {
@@ -574,30 +575,10 @@ async function maybeProbeGateway(params: {
    typeof params.cfg.gateway?.remote?.url === "string" ? params.cfg.gateway.remote.url.trim() : "";
  const remoteUrlMissing = isRemoteMode && !remoteUrlRaw;

-  const resolveAuth = (mode: "local" | "remote") => {
-    const authToken = params.cfg.gateway?.auth?.token;
-    const authPassword = params.cfg.gateway?.auth?.password;
-    const remote = params.cfg.gateway?.remote;
-    const token =
-      mode === "remote"
-        ? typeof remote?.token === "string" && remote.token.trim()
-          ? remote.token.trim()
-          : undefined
-        : process.env.OPENCLAW_GATEWAY_TOKEN?.trim() ||
-          (typeof authToken === "string" && authToken.trim() ? authToken.trim() : undefined);
-    const password =
-      process.env.OPENCLAW_GATEWAY_PASSWORD?.trim() ||
-      (mode === "remote"
-        ? typeof remote?.password === "string" && remote.password.trim()
-          ? remote.password.trim()
-          : undefined
-        : typeof authPassword === "string" && authPassword.trim()
-          ? authPassword.trim()
-          : undefined);
-    return { token, password };
-  };
-
-  const auth = !isRemoteMode || remoteUrlMissing ? resolveAuth("local") : resolveAuth("remote");
+  const auth =
+    !isRemoteMode || remoteUrlMissing
+      ? resolveGatewayProbeAuth({ cfg: params.cfg, mode: "local" })
+      : resolveGatewayProbeAuth({ cfg: params.cfg, mode: "remote" });
  const res = await params.probe({ url, auth, timeoutMs: params.timeoutMs }).catch((err) => ({
    ok: false,
    url,