mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-08 01:51:24 +00:00
refactor: dedupe gateway and scheduler test scaffolding
This commit is contained in:
Peter Steinberger
@@ -245,30 +245,42 @@ export function attachGatewayWsMessageHandler(params: {
|
||||
const frame = parsed;
|
||||
const connectParams = frame.params as ConnectParams;
|
||||
const clientLabel = connectParams.client.displayName ?? connectParams.client.id;
|
||||
|
||||
// protocol negotiation
|
||||
const { minProtocol, maxProtocol } = connectParams;
|
||||
if (maxProtocol < PROTOCOL_VERSION || minProtocol > PROTOCOL_VERSION) {
|
||||
const clientMeta = {
|
||||
client: connectParams.client.id,
|
||||
clientDisplayName: connectParams.client.displayName,
|
||||
mode: connectParams.client.mode,
|
||||
version: connectParams.client.version,
|
||||
};
|
||||
const markHandshakeFailure = (cause: string, meta?: Record<string, unknown>) => {
|
||||
setHandshakeState("failed");
|
||||
logWsControl.warn(
|
||||
`protocol mismatch conn=${connId} remote=${remoteAddr ?? "?"} client=${clientLabel} ${connectParams.client.mode} v${connectParams.client.version}`,
|
||||
);
|
||||
setCloseCause("protocol-mismatch", {
|
||||
minProtocol,
|
||||
maxProtocol,
|
||||
expectedProtocol: PROTOCOL_VERSION,
|
||||
client: connectParams.client.id,
|
||||
clientDisplayName: connectParams.client.displayName,
|
||||
mode: connectParams.client.mode,
|
||||
version: connectParams.client.version,
|
||||
});
|
||||
setCloseCause(cause, { ...meta, ...clientMeta });
|
||||
};
|
||||
const sendHandshakeErrorResponse = (
|
||||
code: Parameters<typeof errorShape>[0],
|
||||
message: string,
|
||||
options?: Parameters<typeof errorShape>[2],
|
||||
) => {
|
||||
send({
|
||||
type: "res",
|
||||
id: frame.id,
|
||||
ok: false,
|
||||
error: errorShape(ErrorCodes.INVALID_REQUEST, "protocol mismatch", {
|
||||
details: { expectedProtocol: PROTOCOL_VERSION },
|
||||
}),
|
||||
error: errorShape(code, message, options),
|
||||
});
|
||||
};
|
||||
|
||||
// protocol negotiation
|
||||
const { minProtocol, maxProtocol } = connectParams;
|
||||
if (maxProtocol < PROTOCOL_VERSION || minProtocol > PROTOCOL_VERSION) {
|
||||
markHandshakeFailure("protocol-mismatch", {
|
||||
minProtocol,
|
||||
maxProtocol,
|
||||
expectedProtocol: PROTOCOL_VERSION,
|
||||
});
|
||||
logWsControl.warn(
|
||||
`protocol mismatch conn=${connId} remote=${remoteAddr ?? "?"} client=${clientLabel} ${connectParams.client.mode} v${connectParams.client.version}`,
|
||||
);
|
||||
sendHandshakeErrorResponse(ErrorCodes.INVALID_REQUEST, "protocol mismatch", {
|
||||
details: { expectedProtocol: PROTOCOL_VERSION },
|
||||
});
|
||||
close(1002, "protocol mismatch");
|
||||
return;
|
||||
@@ -277,20 +289,10 @@ export function attachGatewayWsMessageHandler(params: {
|
||||
const roleRaw = connectParams.role ?? "operator";
|
||||
const role = roleRaw === "operator" || roleRaw === "node" ? roleRaw : null;
|
||||
if (!role) {
|
||||
setHandshakeState("failed");
|
||||
setCloseCause("invalid-role", {
|
||||
markHandshakeFailure("invalid-role", {
|
||||
role: roleRaw,
|
||||
client: connectParams.client.id,
|
||||
clientDisplayName: connectParams.client.displayName,
|
||||
mode: connectParams.client.mode,
|
||||
version: connectParams.client.version,
|
||||
});
|
||||
send({
|
||||
type: "res",
|
||||
id: frame.id,
|
||||
ok: false,
|
||||
error: errorShape(ErrorCodes.INVALID_REQUEST, "invalid role"),
|
||||
});
|
||||
sendHandshakeErrorResponse(ErrorCodes.INVALID_REQUEST, "invalid role");
|
||||
close(1008, "invalid role");
|
||||
return;
|
||||
}
|
||||
@@ -312,22 +314,12 @@ export function attachGatewayWsMessageHandler(params: {
|
||||
if (!originCheck.ok) {
|
||||
const errorMessage =
|
||||
"origin not allowed (open the Control UI from the gateway host or allow it in gateway.controlUi.allowedOrigins)";
|
||||
setHandshakeState("failed");
|
||||
setCloseCause("origin-mismatch", {
|
||||
markHandshakeFailure("origin-mismatch", {
|
||||
origin: requestOrigin ?? "n/a",
|
||||
host: requestHost ?? "n/a",
|
||||
reason: originCheck.reason,
|
||||
client: connectParams.client.id,
|
||||
clientDisplayName: connectParams.client.displayName,
|
||||
mode: connectParams.client.mode,
|
||||
version: connectParams.client.version,
|
||||
});
|
||||
send({
|
||||
type: "res",
|
||||
id: frame.id,
|
||||
ok: false,
|
||||
error: errorShape(ErrorCodes.INVALID_REQUEST, errorMessage),
|
||||
});
|
||||
sendHandshakeErrorResponse(ErrorCodes.INVALID_REQUEST, errorMessage);
|
||||
close(1008, truncateCloseReason(errorMessage));
|
||||
return;
|
||||
}
|
||||
@@ -393,7 +385,16 @@ export function attachGatewayWsMessageHandler(params: {
|
||||
sharedAuthResult?.ok === true &&
|
||||
(sharedAuthResult.method === "token" || sharedAuthResult.method === "password");
|
||||
const rejectUnauthorized = (failedAuth: GatewayAuthResult) => {
|
||||
setHandshakeState("failed");
|
||||
markHandshakeFailure("unauthorized", {
|
||||
authMode: resolvedAuth.mode,
|
||||
authProvided: connectParams.auth?.token
|
||||
? "token"
|
||||
: connectParams.auth?.password
|
||||
? "password"
|
||||
: "none",
|
||||
authReason: failedAuth.reason,
|
||||
allowTailscale: resolvedAuth.allowTailscale,
|
||||
});
|
||||
logWsControl.warn(
|
||||
`unauthorized conn=${connId} remote=${remoteAddr ?? "?"} client=${clientLabel} ${connectParams.client.mode} v${connectParams.client.version} reason=${failedAuth.reason ?? "unknown"}`,
|
||||
);
|
||||
@@ -408,22 +409,7 @@ export function attachGatewayWsMessageHandler(params: {
|
||||
reason: failedAuth.reason,
|
||||
client: connectParams.client,
|
||||
});
|
||||
setCloseCause("unauthorized", {
|
||||
authMode: resolvedAuth.mode,
|
||||
authProvided,
|
||||
authReason: failedAuth.reason,
|
||||
allowTailscale: resolvedAuth.allowTailscale,
|
||||
client: connectParams.client.id,
|
||||
clientDisplayName: connectParams.client.displayName,
|
||||
mode: connectParams.client.mode,
|
||||
version: connectParams.client.version,
|
||||
});
|
||||
send({
|
||||
type: "res",
|
||||
id: frame.id,
|
||||
ok: false,
|
||||
error: errorShape(ErrorCodes.INVALID_REQUEST, authMessage),
|
||||
});
|
||||
sendHandshakeErrorResponse(ErrorCodes.INVALID_REQUEST, authMessage);
|
||||
close(1008, truncateCloseReason(authMessage));
|
||||
};
|
||||
if (!device) {
|
||||
@@ -435,19 +421,8 @@ export function attachGatewayWsMessageHandler(params: {
|
||||
|
||||
if (isControlUi && !allowControlUiBypass) {
|
||||
const errorMessage = "control ui requires HTTPS or localhost (secure context)";
|
||||
setHandshakeState("failed");
|
||||
setCloseCause("control-ui-insecure-auth", {
|
||||
client: connectParams.client.id,
|
||||
clientDisplayName: connectParams.client.displayName,
|
||||
mode: connectParams.client.mode,
|
||||
version: connectParams.client.version,
|
||||
});
|
||||
send({
|
||||
type: "res",
|
||||
id: frame.id,
|
||||
ok: false,
|
||||
error: errorShape(ErrorCodes.INVALID_REQUEST, errorMessage),
|
||||
});
|
||||
markHandshakeFailure("control-ui-insecure-auth");
|
||||
sendHandshakeErrorResponse(ErrorCodes.INVALID_REQUEST, errorMessage);
|
||||
close(1008, errorMessage);
|
||||
return;
|
||||
}
|
||||
@@ -458,19 +433,8 @@ export function attachGatewayWsMessageHandler(params: {
|
||||
rejectUnauthorized(authResult);
|
||||
return;
|
||||
}
|
||||
setHandshakeState("failed");
|
||||
setCloseCause("device-required", {
|
||||
client: connectParams.client.id,
|
||||
clientDisplayName: connectParams.client.displayName,
|
||||
mode: connectParams.client.mode,
|
||||
version: connectParams.client.version,
|
||||
});
|
||||
send({
|
||||
type: "res",
|
||||
id: frame.id,
|
||||
ok: false,
|
||||
error: errorShape(ErrorCodes.NOT_PAIRED, "device identity required"),
|
||||
});
|
||||
markHandshakeFailure("device-required");
|
||||
sendHandshakeErrorResponse(ErrorCodes.NOT_PAIRED, "device identity required");
|
||||
close(1008, "device identity required");
|
||||
return;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user