github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 08:41:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix (gateway): redact sensitive status details for non-admin scopes

Browse Source
This commit is contained in:
Vignesh Natarajan
2026-02-14 21:14:55 -08:00
parent 0dec234505
commit fac040cb10
4 changed files with 133 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/gateway/server-methods/health.status-scope.test.ts Normal file
View File

@@ -0,0 +1,31 @@
import { describe, expect, it, vi } from "vitest";
import { getStatusSummary } from "../../commands/status.js";
import { healthHandlers } from "./health.js";
vi.mock("../../commands/status.js", () => ({
getStatusSummary: vi.fn().mockResolvedValue({ ok: true }),
}));
describe("gateway healthHandlers.status scope handling", () => {
it("requests redacted status for non-admin clients", async () => {
const respond = vi.fn();
await healthHandlers.status({
respond,
client: { connect: { role: "operator", scopes: ["operator.read"] } },
} as Parameters<(typeof healthHandlers)["status"]>[0]);
expect(vi.mocked(getStatusSummary)).toHaveBeenCalledWith({ includeSensitive: false });
expect(respond).toHaveBeenCalledWith(true, { ok: true }, undefined);
});
it("requests full status for admin clients", async () => {
const respond = vi.fn();
await healthHandlers.status({
respond,
client: { connect: { role: "operator", scopes: ["operator.admin"] } },
} as Parameters<(typeof healthHandlers)["status"]>[0]);
expect(vi.mocked(getStatusSummary)).toHaveBeenCalledWith({ includeSensitive: true });
expect(respond).toHaveBeenCalledWith(true, { ok: true }, undefined);
});
});

9
src/gateway/server-methods/health.ts
View File

@@ -5,6 +5,8 @@ import { HEALTH_REFRESH_INTERVAL_MS } from "../server-constants.js";
import { formatError } from "../server-utils.js";
import { formatForLog } from "../ws-log.js";
const ADMIN_SCOPE = "operator.admin";
export const healthHandlers: GatewayRequestHandlers = {
health: async ({ respond, context, params }) => {
const { getHealthCache, refreshHealthSnapshot, logHealth } = context;
@@ -25,8 +27,11 @@ export const healthHandlers: GatewayRequestHandlers = {
respond(false, undefined, errorShape(ErrorCodes.UNAVAILABLE, formatForLog(err)));
}
},
status: async ({ respond }) => {
const status = await getStatusSummary();
status: async ({ respond, client }) => {
const scopes = Array.isArray(client?.connect?.scopes) ? client.connect.scopes : [];
const status = await getStatusSummary({
includeSensitive: scopes.includes(ADMIN_SCOPE),
});
respond(true, status, undefined);
},
};