vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-14 10:41:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
bb01e49192d392223a0608ec604c23c4f940fac2
openclaw/src/cli/daemon-cli/gateway-token-drift.ts
Peter Steinberger bb01e49192 refactor: share gateway auth and approval helpers
2026-04-06 07:41:08 +01:00

51 lines
1.5 KiB
TypeScript
Raw Blame History

import type { OpenClawConfig } from "../../config/config.js";
import { resolveGatewayAuthToken } from "../../gateway/auth-token-resolution.js";
import { createGatewayCredentialPlan } from "../../gateway/credential-planner.js";
import { GatewaySecretRefUnavailableError } from "../../gateway/credentials.js";
function authModeDisablesToken(mode: string | undefined): boolean {
return mode === "password" || mode === "none" || mode === "trusted-proxy";
}
function isPasswordFallbackActive(params: {
cfg: OpenClawConfig;
env: NodeJS.ProcessEnv;
}): boolean {
const plan = createGatewayCredentialPlan({
config: params.cfg,
env: params.env,
});
if (plan.authMode !== undefined) {
return false;
}
return plan.passwordCanWin && !plan.tokenCanWin;
}
export async function resolveGatewayTokenForDriftCheck(params: {
cfg: OpenClawConfig;
env?: NodeJS.ProcessEnv;
}): Promise<string | undefined> {
const env = params.env ?? process.env;
const mode = params.cfg.gateway?.auth?.mode;
if (authModeDisablesToken(mode)) {
return undefined;
}
if (isPasswordFallbackActive({ cfg: params.cfg, env })) {
return undefined;
}
const resolved = await resolveGatewayAuthToken({
cfg: params.cfg,
env,
envFallback: "never",
unresolvedReasonStyle: "detailed",
});
if (resolved.token) {
return resolved.token;
}
if (!resolved.secretRefConfigured) {
return undefined;
}
throw new GatewaySecretRefUnavailableError("gateway.auth.token");
}
Reference in New Issue View Git Blame Copy Permalink