github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 20:28:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): enforce sandbox bridge auth

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-14 13:17:41 +01:00
parent 4711a943e3
commit 6dd6bce997
8 changed files with 108 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
src/browser/bridge-auth-registry.ts Normal file
View File

@@ -0,0 +1,34 @@
type BridgeAuth = {
token?: string;
password?: string;
};
// In-process registry for loopback-only bridge servers that require auth, but
// are addressed via dynamic ephemeral ports (e.g. sandbox browser bridge).
const authByPort = new Map<number, BridgeAuth>();
export function setBridgeAuthForPort(port: number, auth: BridgeAuth): void {
if (!Number.isFinite(port) || port <= 0) {
return;
}
const token = typeof auth.token === "string" ? auth.token.trim() : "";
const password = typeof auth.password === "string" ? auth.password.trim() : "";
authByPort.set(port, {
token: token || undefined,
password: password || undefined,
});
}
export function getBridgeAuthForPort(port: number): BridgeAuth | undefined {
if (!Number.isFinite(port) || port <= 0) {
return undefined;
}
return authByPort.get(port);
}
export function deleteBridgeAuthForPort(port: number): void {
if (!Number.isFinite(port) || port <= 0) {
return;
}
authByPort.delete(port);
}