mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-11 12:30:43 +00:00
254 lines
8.3 KiB
TypeScript
254 lines
8.3 KiB
TypeScript
import type { IncomingMessage, ServerResponse } from "node:http";
|
|
import { getRuntimeConfig } from "../config/io.js";
|
|
import type { OpenClawConfig } from "../config/types.openclaw.js";
|
|
import {
|
|
normalizeLowercaseStringOrEmpty,
|
|
normalizeOptionalString,
|
|
} from "../shared/string-coerce.js";
|
|
import type { AuthRateLimiter } from "./auth-rate-limit.js";
|
|
import {
|
|
authorizeHttpGatewayConnect,
|
|
type GatewayAuthResult,
|
|
type ResolvedGatewayAuth,
|
|
} from "./auth.js";
|
|
import { sendGatewayAuthFailure, sendJson } from "./http-common.js";
|
|
import { ADMIN_SCOPE, CLI_DEFAULT_OPERATOR_SCOPES } from "./method-scopes.js";
|
|
import { authorizeOperatorScopesForMethod } from "./method-scopes.js";
|
|
|
|
export function getHeader(req: IncomingMessage, name: string): string | undefined {
|
|
const raw = req.headers[normalizeLowercaseStringOrEmpty(name)];
|
|
if (typeof raw === "string") {
|
|
return raw;
|
|
}
|
|
if (Array.isArray(raw)) {
|
|
return raw[0];
|
|
}
|
|
return undefined;
|
|
}
|
|
|
|
export function getBearerToken(req: IncomingMessage): string | undefined {
|
|
const raw = normalizeOptionalString(getHeader(req, "authorization")) ?? "";
|
|
if (!normalizeLowercaseStringOrEmpty(raw).startsWith("bearer ")) {
|
|
return undefined;
|
|
}
|
|
return normalizeOptionalString(raw.slice(7));
|
|
}
|
|
|
|
type SharedSecretGatewayAuth = Pick<ResolvedGatewayAuth, "mode">;
|
|
export type AuthorizedGatewayHttpRequest = {
|
|
authMethod?: GatewayAuthResult["method"];
|
|
trustDeclaredOperatorScopes: boolean;
|
|
};
|
|
|
|
export type GatewayHttpRequestAuthCheckResult =
|
|
| {
|
|
ok: true;
|
|
requestAuth: AuthorizedGatewayHttpRequest;
|
|
}
|
|
| {
|
|
ok: false;
|
|
authResult: GatewayAuthResult;
|
|
};
|
|
|
|
export function resolveHttpBrowserOriginPolicy(
|
|
req: IncomingMessage,
|
|
cfg = getRuntimeConfig(),
|
|
): NonNullable<Parameters<typeof authorizeHttpGatewayConnect>[0]["browserOriginPolicy"]> {
|
|
return {
|
|
requestHost: getHeader(req, "host"),
|
|
origin: getHeader(req, "origin"),
|
|
allowedOrigins: cfg.gateway?.controlUi?.allowedOrigins,
|
|
allowHostHeaderOriginFallback:
|
|
cfg.gateway?.controlUi?.dangerouslyAllowHostHeaderOriginFallback === true,
|
|
};
|
|
}
|
|
|
|
function usesSharedSecretHttpAuth(auth: SharedSecretGatewayAuth | undefined): boolean {
|
|
return auth?.mode === "token" || auth?.mode === "password";
|
|
}
|
|
|
|
function usesSharedSecretGatewayMethod(method: GatewayAuthResult["method"] | undefined): boolean {
|
|
return method === "token" || method === "password";
|
|
}
|
|
|
|
function shouldTrustDeclaredHttpOperatorScopes(
|
|
req: IncomingMessage,
|
|
authOrRequest:
|
|
| SharedSecretGatewayAuth
|
|
| Pick<AuthorizedGatewayHttpRequest, "trustDeclaredOperatorScopes">
|
|
| undefined,
|
|
): boolean {
|
|
if (authOrRequest && "trustDeclaredOperatorScopes" in authOrRequest) {
|
|
return authOrRequest.trustDeclaredOperatorScopes;
|
|
}
|
|
return !isGatewayBearerHttpRequest(req, authOrRequest);
|
|
}
|
|
|
|
export async function authorizeGatewayHttpRequestOrReply(params: {
|
|
req: IncomingMessage;
|
|
res: ServerResponse;
|
|
auth: ResolvedGatewayAuth;
|
|
trustedProxies?: string[];
|
|
allowRealIpFallback?: boolean;
|
|
rateLimiter?: AuthRateLimiter;
|
|
}): Promise<AuthorizedGatewayHttpRequest | null> {
|
|
const result = await checkGatewayHttpRequestAuth(params);
|
|
if (!result.ok) {
|
|
sendGatewayAuthFailure(params.res, result.authResult);
|
|
return null;
|
|
}
|
|
return result.requestAuth;
|
|
}
|
|
|
|
export async function checkGatewayHttpRequestAuth(params: {
|
|
req: IncomingMessage;
|
|
auth: ResolvedGatewayAuth;
|
|
trustedProxies?: string[];
|
|
allowRealIpFallback?: boolean;
|
|
rateLimiter?: AuthRateLimiter;
|
|
cfg?: OpenClawConfig;
|
|
}): Promise<GatewayHttpRequestAuthCheckResult> {
|
|
const token = getBearerToken(params.req);
|
|
const browserOriginPolicy = resolveHttpBrowserOriginPolicy(params.req, params.cfg);
|
|
const authResult = await authorizeHttpGatewayConnect({
|
|
auth: params.auth,
|
|
connectAuth: token ? { token, password: token } : null,
|
|
req: params.req,
|
|
trustedProxies: params.trustedProxies,
|
|
allowRealIpFallback: params.allowRealIpFallback,
|
|
rateLimiter: params.rateLimiter,
|
|
browserOriginPolicy,
|
|
});
|
|
if (!authResult.ok) {
|
|
return {
|
|
ok: false,
|
|
authResult,
|
|
};
|
|
}
|
|
return {
|
|
ok: true,
|
|
requestAuth: {
|
|
authMethod: authResult.method,
|
|
// Shared-secret bearer auth proves possession of the gateway secret, but it
|
|
// does not prove a narrower per-request operator identity. HTTP endpoints
|
|
// must opt in explicitly if they want to treat that shared-secret path as a
|
|
// full trusted-operator surface.
|
|
trustDeclaredOperatorScopes: !usesSharedSecretGatewayMethod(authResult.method),
|
|
},
|
|
};
|
|
}
|
|
|
|
export async function authorizeScopedGatewayHttpRequestOrReply(params: {
|
|
req: IncomingMessage;
|
|
res: ServerResponse;
|
|
auth: ResolvedGatewayAuth;
|
|
trustedProxies?: string[];
|
|
allowRealIpFallback?: boolean;
|
|
rateLimiter?: AuthRateLimiter;
|
|
operatorMethod: string;
|
|
resolveOperatorScopes: (
|
|
req: IncomingMessage,
|
|
requestAuth: AuthorizedGatewayHttpRequest,
|
|
) => string[];
|
|
}): Promise<{ cfg: OpenClawConfig; requestAuth: AuthorizedGatewayHttpRequest } | null> {
|
|
const cfg = getRuntimeConfig();
|
|
const requestAuth = await authorizeGatewayHttpRequestOrReply({
|
|
req: params.req,
|
|
res: params.res,
|
|
auth: params.auth,
|
|
trustedProxies: params.trustedProxies ?? cfg.gateway?.trustedProxies,
|
|
allowRealIpFallback: params.allowRealIpFallback ?? cfg.gateway?.allowRealIpFallback,
|
|
rateLimiter: params.rateLimiter,
|
|
});
|
|
if (!requestAuth) {
|
|
return null;
|
|
}
|
|
|
|
const requestedScopes = params.resolveOperatorScopes(params.req, requestAuth);
|
|
const scopeAuth = authorizeOperatorScopesForMethod(params.operatorMethod, requestedScopes);
|
|
if (!scopeAuth.allowed) {
|
|
sendJson(params.res, 403, {
|
|
ok: false,
|
|
error: {
|
|
type: "forbidden",
|
|
message: `missing scope: ${scopeAuth.missingScope}`,
|
|
},
|
|
});
|
|
return null;
|
|
}
|
|
|
|
return { cfg, requestAuth };
|
|
}
|
|
|
|
export function isGatewayBearerHttpRequest(
|
|
req: IncomingMessage,
|
|
auth?: SharedSecretGatewayAuth,
|
|
): boolean {
|
|
return usesSharedSecretHttpAuth(auth) && Boolean(getBearerToken(req));
|
|
}
|
|
|
|
export function resolveTrustedHttpOperatorScopes(
|
|
req: IncomingMessage,
|
|
authOrRequest?:
|
|
| SharedSecretGatewayAuth
|
|
| Pick<AuthorizedGatewayHttpRequest, "trustDeclaredOperatorScopes">,
|
|
): string[] {
|
|
if (!shouldTrustDeclaredHttpOperatorScopes(req, authOrRequest)) {
|
|
// Gateway bearer auth only proves possession of the shared secret. Do not
|
|
// let HTTP clients self-assert operator scopes through request headers.
|
|
return [];
|
|
}
|
|
|
|
const headerValue = getHeader(req, "x-openclaw-scopes");
|
|
if (headerValue === undefined) {
|
|
// No scope header present - trusted clients without an explicit header
|
|
// get the default operator scopes (matching pre-#57783 behavior).
|
|
return [...CLI_DEFAULT_OPERATOR_SCOPES];
|
|
}
|
|
const raw = headerValue.trim();
|
|
if (!raw) {
|
|
return [];
|
|
}
|
|
return raw
|
|
.split(",")
|
|
.map((scope) => scope.trim())
|
|
.filter((scope) => scope.length > 0);
|
|
}
|
|
|
|
export function resolveOpenAiCompatibleHttpOperatorScopes(
|
|
req: IncomingMessage,
|
|
requestAuth: AuthorizedGatewayHttpRequest,
|
|
): string[] {
|
|
if (usesSharedSecretGatewayMethod(requestAuth.authMethod)) {
|
|
// Shared-secret HTTP bearer auth is a documented trusted-operator surface
|
|
// for the compat APIs and direct /tools/invoke. This is designed-as-is:
|
|
// token/password auth proves possession of the gateway operator secret, not
|
|
// a narrower per-request scope identity, so restore the normal defaults.
|
|
return [...CLI_DEFAULT_OPERATOR_SCOPES];
|
|
}
|
|
return resolveTrustedHttpOperatorScopes(req, requestAuth);
|
|
}
|
|
|
|
export function resolveHttpSenderIsOwner(
|
|
req: IncomingMessage,
|
|
authOrRequest?:
|
|
| SharedSecretGatewayAuth
|
|
| Pick<AuthorizedGatewayHttpRequest, "trustDeclaredOperatorScopes">,
|
|
): boolean {
|
|
return resolveTrustedHttpOperatorScopes(req, authOrRequest).includes(ADMIN_SCOPE);
|
|
}
|
|
|
|
export function resolveOpenAiCompatibleHttpSenderIsOwner(
|
|
req: IncomingMessage,
|
|
requestAuth: AuthorizedGatewayHttpRequest,
|
|
): boolean {
|
|
if (usesSharedSecretGatewayMethod(requestAuth.authMethod)) {
|
|
// Shared-secret HTTP bearer auth also carries owner semantics on the compat
|
|
// APIs and direct /tools/invoke. This is intentional: there is no separate
|
|
// per-request owner primitive on that shared-secret path, so owner-only
|
|
// tool policy follows the documented trusted-operator contract.
|
|
return true;
|
|
}
|
|
return resolveHttpSenderIsOwner(req, requestAuth);
|
|
}
|