vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 22:20:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
bea9f6e8e6c3a53dc8d2831a0c30fff2729aab65
openclaw/src/gateway/auth-token-resolution.ts
Vincent Koc 74e7b8d47b fix(cycles): bulk extract leaf type surfaces
2026-04-11 13:26:50 +01:00

86 lines
2.4 KiB
TypeScript
Raw Blame History

import type { OpenClawConfig } from "../config/types.openclaw.js";
import { resolveSecretInputRef } from "../config/types.secrets.js";
import { trimToUndefined } from "./credentials.js";
import {
resolveConfiguredSecretInputString,
type SecretInputUnresolvedReasonStyle,
} from "./resolve-configured-secret-input-string.js";
export type GatewayAuthTokenResolutionSource = "explicit" | "config" | "secretRef" | "env";
export type GatewayAuthTokenEnvFallback = "never" | "no-secret-ref" | "always";
export async function resolveGatewayAuthToken(params: {
cfg: OpenClawConfig;
env: NodeJS.ProcessEnv;
explicitToken?: string;
envFallback?: GatewayAuthTokenEnvFallback;
unresolvedReasonStyle?: SecretInputUnresolvedReasonStyle;
}): Promise<{
token?: string;
source?: GatewayAuthTokenResolutionSource;
secretRefConfigured: boolean;
unresolvedRefReason?: string;
}> {
const explicitToken = trimToUndefined(params.explicitToken);
if (explicitToken) {
return {
token: explicitToken,
source: "explicit",
secretRefConfigured: false,
};
}
const tokenInput = params.cfg.gateway?.auth?.token;
const tokenRef = resolveSecretInputRef({
value: tokenInput,
defaults: params.cfg.secrets?.defaults,
}).ref;
const envFallback = params.envFallback ?? "always";
const envToken = trimToUndefined(params.env.OPENCLAW_GATEWAY_TOKEN);
if (!tokenRef) {
const configToken = trimToUndefined(tokenInput);
if (configToken) {
return {
token: configToken,
source: "config",
secretRefConfigured: false,
};
}
if (envFallback !== "never" && envToken) {
return {
token: envToken,
source: "env",
secretRefConfigured: false,
};
}
return { secretRefConfigured: false };
}
const resolved = await resolveConfiguredSecretInputString({
config: params.cfg,
env: params.env,
value: tokenInput,
path: "gateway.auth.token",
unresolvedReasonStyle: params.unresolvedReasonStyle,
});
if (resolved.value) {
return {
token: resolved.value,
source: "secretRef",
secretRefConfigured: true,
};
}
if (envFallback === "always" && envToken) {
return {
token: envToken,
source: "env",
secretRefConfigured: true,
};
}
return {
secretRefConfigured: true,
unresolvedRefReason: resolved.unresolvedRefReason,
};
}
Reference in New Issue View Git Blame Copy Permalink