fix: prevent undefined token in gateway auth config (#13809)

- Guard against undefined/empty token in buildGatewayAuthConfig - Automatically generate random token when token param is undefined, empty, or whitespace - Prevents JSON.stringify from writing literal string "undefined" to config - Add tests for undefined, empty, and whitespace token cases Fixes #13756 Co-authored-by: Klawd Asklee <klawdebot@gmail.com>
2026-03-12 07:20:45 +00:00 · 2026-02-12 14:45:38 +01:00
parent 2ef4ac08cf
commit f8c91b3c5f
2 changed files with 43 additions and 1 deletions
--- a/src/commands/configure.gateway-auth.test.ts
+++ b/src/commands/configure.gateway-auth.test.ts
@@ -43,4 +43,43 @@ describe("buildGatewayAuthConfig", () => {

    expect(result).toEqual({ mode: "password", password: "secret" });
  });
+
+  it("generates random token when token param is undefined", () => {
+    const result = buildGatewayAuthConfig({
+      mode: "token",
+      token: undefined,
+    });
+
+    expect(result?.mode).toBe("token");
+    expect(result?.token).toBeDefined();
+    expect(result?.token).not.toBe("undefined");
+    expect(typeof result?.token).toBe("string");
+    expect(result?.token?.length).toBeGreaterThan(0);
+  });
+
+  it("generates random token when token param is empty string", () => {
+    const result = buildGatewayAuthConfig({
+      mode: "token",
+      token: "",
+    });
+
+    expect(result?.mode).toBe("token");
+    expect(result?.token).toBeDefined();
+    expect(result?.token).not.toBe("undefined");
+    expect(typeof result?.token).toBe("string");
+    expect(result?.token?.length).toBeGreaterThan(0);
+  });
+
+  it("generates random token when token param is whitespace only", () => {
+    const result = buildGatewayAuthConfig({
+      mode: "token",
+      token: "   ",
+    });
+
+    expect(result?.mode).toBe("token");
+    expect(result?.token).toBeDefined();
+    expect(result?.token).not.toBe("undefined");
+    expect(typeof result?.token).toBe("string");
+    expect(result?.token?.length).toBeGreaterThan(0);
+  });
 });
--- a/src/commands/configure.gateway-auth.ts
+++ b/src/commands/configure.gateway-auth.ts
@@ -12,6 +12,7 @@ import {
  promptModelAllowlist,
 } from "./model-picker.js";
 import { promptCustomApiConfig } from "./onboard-custom.js";
+import { randomToken } from "./onboard-helpers.js";

 type GatewayAuthChoice = "token" | "password";

@@ -35,7 +36,9 @@ export function buildGatewayAuthConfig(params: {
  }

  if (params.mode === "token") {
-    return { ...base, mode: "token", token: params.token };
+    // Guard against undefined/empty token to prevent JSON.stringify from writing the string "undefined"
+    const safeToken = params.token?.trim() || randomToken();
+    return { ...base, mode: "token", token: safeToken };
  }
  return { ...base, mode: "password", password: params.password };
 }