vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-05 09:00:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(sandbox): use one-time noVNC observer tokens

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 13:56:49 +01:00
parent b43aadc34c
commit 8c1518f0f3
11 changed files with 463 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/browser/bridge-server.ts
View File

@@ -30,6 +30,7 @@ export async function startBrowserBridgeServer(params: {
authToken?: string;
authPassword?: string;
onEnsureAttachTarget?: (profile: ProfileContext["profile"]) => Promise<void>;
resolveSandboxNoVncToken?: (token: string) => string | null;
}): Promise<BrowserBridge> {
const host = params.host ?? "127.0.0.1";
if (!isLoopbackHost(host)) {
@@ -40,6 +41,23 @@ export async function startBrowserBridgeServer(params: {
const app = express();
installBrowserCommonMiddleware(app);
if (params.resolveSandboxNoVncToken) {
app.get("/sandbox/novnc", (req, res) => {
const rawToken = typeof req.query?.token === "string" ? req.query.token.trim() : "";
if (!rawToken) {
res.status(400).send("Missing token");
return;
}
const redirectUrl = params.resolveSandboxNoVncToken?.(rawToken);
if (!redirectUrl) {
res.status(404).send("Invalid or expired token");
return;
}
res.setHeader("Cache-Control", "no-store");
res.redirect(302, redirectUrl);
});
}
const authToken = params.authToken?.trim() || undefined;
const authPassword = params.authPassword?.trim() || undefined;
if (!authToken && !authPassword) {