github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 10:11:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix tailscale allowTailscale bypass in token mode

Browse Source
This commit is contained in:
Roshan Singh
2026-01-13 03:55:04 +00:00
committed by Peter Steinberger
parent d4c205f8e1
commit 7616b02bb1
2 changed files with 39 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
src/gateway/auth.ts
View File

@@ -146,21 +146,29 @@ export async function authorizeGatewayConnect(params: {
const { auth, connectAuth, req } = params;
const localDirect = isLocalDirectRequest(req);
if (auth.mode === "none") {
if (auth.allowTailscale && !localDirect) {
const tailscaleUser = getTailscaleUser(req);
if (!tailscaleUser) {
return { ok: false, reason: "tailscale_user_missing" };
}
if (!isTailscaleProxyRequest(req)) {
return { ok: false, reason: "tailscale_proxy_missing" };
}
if (auth.allowTailscale && !localDirect) {
const tailscaleUser = getTailscaleUser(req);
const tailscaleProxy = isTailscaleProxyRequest(req);
if (tailscaleUser && tailscaleProxy) {
return {
ok: true,
method: "tailscale",
user: tailscaleUser.login,
};
}
if (auth.mode === "none") {
if (!tailscaleUser) {
return { ok: false, reason: "tailscale_user_missing" };
}
if (!tailscaleProxy) {
return { ok: false, reason: "tailscale_proxy_missing" };
}
}
}
if (auth.mode === "none") {
return { ok: true, method: "none" };
}
@@ -191,20 +199,5 @@ export async function authorizeGatewayConnect(params: {
return { ok: true, method: "password" };
}
if (auth.allowTailscale) {
const tailscaleUser = getTailscaleUser(req);
if (!tailscaleUser) {
return { ok: false, reason: "tailscale_user_missing" };
}
if (!isTailscaleProxyRequest(req)) {
return { ok: false, reason: "tailscale_proxy_missing" };
}
return {
ok: true,
method: "tailscale",
user: tailscaleUser.login,
};
}
return { ok: false, reason: "unauthorized" };
}