fix: align gateway run auth modes (#27469) (thanks @s1korrrr)

2026-05-06 06:19:34 +00:00 · 2026-02-26 19:18:43 +01:00
parent 1087033abd
commit a909019078
3 changed files with 45 additions and 3 deletions
--- a/src/cli/gateway-cli/run.option-collisions.test.ts
+++ b/src/cli/gateway-cli/run.option-collisions.test.ts
@@ -18,7 +18,7 @@ const runGatewayLoop = vi.fn(async ({ start }: { start: () => Promise<unknown> }
  await start();
 });

-const { defaultRuntime, resetRuntimeCapture } = createCliRuntimeCapture();
+const { runtimeErrors, defaultRuntime, resetRuntimeCapture } = createCliRuntimeCapture();

 vi.mock("../../config/config.js", () => ({
  getConfigPath: () => "/tmp/openclaw-test-missing-config.json",
@@ -152,4 +152,40 @@ describe("gateway run option collisions", () => {
      }),
    );
  });
+
+  it("accepts --auth none override", async () => {
+    await runGatewayCli(["gateway", "run", "--auth", "none", "--allow-unconfigured"]);
+
+    expect(startGatewayServer).toHaveBeenCalledWith(
+      18789,
+      expect.objectContaining({
+        auth: expect.objectContaining({
+          mode: "none",
+        }),
+      }),
+    );
+  });
+
+  it("accepts --auth trusted-proxy override", async () => {
+    await runGatewayCli(["gateway", "run", "--auth", "trusted-proxy", "--allow-unconfigured"]);
+
+    expect(startGatewayServer).toHaveBeenCalledWith(
+      18789,
+      expect.objectContaining({
+        auth: expect.objectContaining({
+          mode: "trusted-proxy",
+        }),
+      }),
+    );
+  });
+
+  it("prints all supported modes on invalid --auth value", async () => {
+    await expect(
+      runGatewayCli(["gateway", "run", "--auth", "bad-mode", "--allow-unconfigured"]),
+    ).rejects.toThrow("__exit__:1");
+
+    expect(runtimeErrors).toContain(
+      'Invalid --auth (use "none", "token", "password", or "trusted-proxy")',
+    );
+  });
 });
--- a/src/cli/gateway-cli/run.ts
+++ b/src/cli/gateway-cli/run.ts
@@ -186,9 +186,14 @@ async function runGatewayCommand(opts: GatewayRunOpts) {
  }
  const authModeRaw = toOptionString(opts.auth);
  const authMode: GatewayAuthMode | null =
-    authModeRaw === "token" || authModeRaw === "password" ? authModeRaw : null;
+    authModeRaw === "none" ||
+    authModeRaw === "token" ||
+    authModeRaw === "password" ||
+    authModeRaw === "trusted-proxy"
+      ? authModeRaw
+      : null;
  if (authModeRaw && !authMode) {
-    defaultRuntime.error('Invalid --auth (use "token" or "password")');
+    defaultRuntime.error('Invalid --auth (use "none", "token", "password", or "trusted-proxy")');
    defaultRuntime.exit(1);
    return;
  }