mirror of
https://github.com/openclaw/openclaw.git
synced 2026-04-23 07:01:40 +00:00
1c45123231
* Gateway: require scopes for HTTP session history * Gateway: cover missing HTTP history scope header
43 lines
1.4 KiB
TypeScript
43 lines
1.4 KiB
TypeScript
import type { IncomingMessage, ServerResponse } from "node:http";
|
|
import type { AuthRateLimiter } from "./auth-rate-limit.js";
|
|
import { authorizeHttpGatewayConnect, type ResolvedGatewayAuth } from "./auth.js";
|
|
import { sendGatewayAuthFailure } from "./http-common.js";
|
|
import { getBearerToken, getHeader } from "./http-utils.js";
|
|
|
|
const OPERATOR_SCOPES_HEADER = "x-openclaw-scopes";
|
|
|
|
export async function authorizeGatewayBearerRequestOrReply(params: {
|
|
req: IncomingMessage;
|
|
res: ServerResponse;
|
|
auth: ResolvedGatewayAuth;
|
|
trustedProxies?: string[];
|
|
allowRealIpFallback?: boolean;
|
|
rateLimiter?: AuthRateLimiter;
|
|
}): Promise<boolean> {
|
|
const token = getBearerToken(params.req);
|
|
const authResult = await authorizeHttpGatewayConnect({
|
|
auth: params.auth,
|
|
connectAuth: token ? { token, password: token } : null,
|
|
req: params.req,
|
|
trustedProxies: params.trustedProxies,
|
|
allowRealIpFallback: params.allowRealIpFallback,
|
|
rateLimiter: params.rateLimiter,
|
|
});
|
|
if (!authResult.ok) {
|
|
sendGatewayAuthFailure(params.res, authResult);
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
export function resolveGatewayRequestedOperatorScopes(req: IncomingMessage): string[] {
|
|
const raw = getHeader(req, OPERATOR_SCOPES_HEADER)?.trim();
|
|
if (!raw) {
|
|
return [];
|
|
}
|
|
return raw
|
|
.split(",")
|
|
.map((scope) => scope.trim())
|
|
.filter((scope) => scope.length > 0);
|
|
}
|