refactor(gateway)!: remove legacy v1 device-auth handshake

2026-04-18 23:47:27 +00:00 · 2026-02-22 09:26:49 +01:00
parent ed38b50fa5
commit 8887f41d7d
17 changed files with 404 additions and 210 deletions
--- a/apps/macos/Sources/OpenClawMacCLI/WizardCommand.swift
+++ b/apps/macos/Sources/OpenClawMacCLI/WizardCommand.swift
@@ -281,8 +281,8 @@ actor GatewayWizardClient {
        let identity = DeviceIdentityStore.loadOrCreate()
        let signedAtMs = Int(Date().timeIntervalSince1970 * 1000)
        let scopesValue = scopes.joined(separator: ",")
-        var payloadParts = [
-            connectNonce == nil ? "v1" : "v2",
+        let payloadParts = [
+            "v2",
            identity.deviceId,
            clientId,
            clientMode,
@@ -290,23 +290,19 @@ actor GatewayWizardClient {
            scopesValue,
            String(signedAtMs),
            self.token ?? "",
+            connectNonce,
        ]
-        if let connectNonce {
-            payloadParts.append(connectNonce)
-        }
        let payload = payloadParts.joined(separator: "|")
        if let signature = DeviceIdentityStore.signPayload(payload, identity: identity),
           let publicKey = DeviceIdentityStore.publicKeyBase64Url(identity)
        {
-            var device: [String: ProtoAnyCodable] = [
+            let device: [String: ProtoAnyCodable] = [
                "id": ProtoAnyCodable(identity.deviceId),
                "publicKey": ProtoAnyCodable(publicKey),
                "signature": ProtoAnyCodable(signature),
                "signedAt": ProtoAnyCodable(signedAtMs),
+                "nonce": ProtoAnyCodable(connectNonce),
            ]
-            if let connectNonce {
-                device["nonce"] = ProtoAnyCodable(connectNonce)
-            }
            params["device"] = ProtoAnyCodable(device)
        }

@@ -333,29 +329,24 @@ actor GatewayWizardClient {
        }
    }

-    private func waitForConnectChallenge() async throws -> String? {
-        guard let task = self.task else { return nil }
-        do {
-            return try await AsyncTimeout.withTimeout(
-                seconds: self.connectChallengeTimeoutSeconds,
-                onTimeout: { ConnectChallengeError.timeout },
-                operation: {
-                    while true {
-                        let message = try await task.receive()
-                        let frame = try await self.decodeFrame(message)
-                        if case let .event(evt) = frame, evt.event == "connect.challenge" {
-                            if let payload = evt.payload?.value as? [String: ProtoAnyCodable],
-                               let nonce = payload["nonce"]?.value as? String
-                            {
-                                return nonce
-                            }
-                        }
+    private func waitForConnectChallenge() async throws -> String {
+        guard let task = self.task else { throw ConnectChallengeError.timeout }
+        return try await AsyncTimeout.withTimeout(
+            seconds: self.connectChallengeTimeoutSeconds,
+            onTimeout: { ConnectChallengeError.timeout },
+            operation: {
+                while true {
+                    let message = try await task.receive()
+                    let frame = try await self.decodeFrame(message)
+                    if case let .event(evt) = frame, evt.event == "connect.challenge",
+                       let payload = evt.payload?.value as? [String: ProtoAnyCodable],
+                       let nonce = payload["nonce"]?.value as? String,
+                       nonce.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty == false
+                    {
+                        return nonce
                    }
-                })
-        } catch {
-            if error is ConnectChallengeError { return nil }
-            throw error
-        }
+                }
+            })
    }
 }