mirror of
https://github.com/openclaw/openclaw.git
synced 2026-03-30 11:21:07 +00:00
3e2b3bd2c5
Preserve Control UI scopes through the device-auth bypass path, normalize implied operator device-auth scopes, ignore cached under-scoped operator tokens, and degrade read-backed main pages gracefully when a connection truly lacks operator.read. Co-authored-by: Val Alexander <68980965+BunsDev@users.noreply.github.com>
37 lines
805 B
TypeScript
37 lines
805 B
TypeScript
export type DeviceAuthEntry = {
|
|
token: string;
|
|
role: string;
|
|
scopes: string[];
|
|
updatedAtMs: number;
|
|
};
|
|
|
|
export type DeviceAuthStore = {
|
|
version: 1;
|
|
deviceId: string;
|
|
tokens: Record<string, DeviceAuthEntry>;
|
|
};
|
|
|
|
export function normalizeDeviceAuthRole(role: string): string {
|
|
return role.trim();
|
|
}
|
|
|
|
export function normalizeDeviceAuthScopes(scopes: string[] | undefined): string[] {
|
|
if (!Array.isArray(scopes)) {
|
|
return [];
|
|
}
|
|
const out = new Set<string>();
|
|
for (const scope of scopes) {
|
|
const trimmed = scope.trim();
|
|
if (trimmed) {
|
|
out.add(trimmed);
|
|
}
|
|
}
|
|
if (out.has("operator.admin")) {
|
|
out.add("operator.read");
|
|
out.add("operator.write");
|
|
} else if (out.has("operator.write")) {
|
|
out.add("operator.read");
|
|
}
|
|
return [...out].toSorted();
|
|
}
|