mirror of
https://github.com/openclaw/openclaw.git
synced 2026-06-22 20:38:10 +00:00
43 lines
1.6 KiB
TypeScript
43 lines
1.6 KiB
TypeScript
/**
|
|
* Secret normalization for copy/pasted credentials.
|
|
*
|
|
* Common footgun: line breaks (especially `\r`) embedded in API keys/tokens.
|
|
* We strip line breaks anywhere, then trim whitespace at the ends.
|
|
*
|
|
* Another frequent source of runtime failures is rich-text/Unicode artifacts
|
|
* (smart punctuation, box-drawing chars, etc.) pasted into API keys. These can
|
|
* break HTTP header construction (`ByteString` violations). Drop non-Latin1
|
|
* code points so malformed keys fail as auth errors instead of crashing request
|
|
* setup.
|
|
*
|
|
* Intentionally does NOT remove ordinary spaces inside the string to avoid
|
|
* silently altering "Bearer <token>" style values.
|
|
*/
|
|
/**
|
|
* Normalizes a raw secret value from config, env, setup prompts, or plugin SDK callers.
|
|
* Returns an empty string for absent/invalid input so callers can keep boolean presence checks simple.
|
|
*/
|
|
export function normalizeSecretInput(value: unknown): string {
|
|
if (typeof value !== "string") {
|
|
return "";
|
|
}
|
|
const collapsed = value.replace(/[\r\n\u2028\u2029]+/g, "");
|
|
const chars: string[] = [];
|
|
for (const char of collapsed) {
|
|
const codePoint = char.codePointAt(0);
|
|
if (typeof codePoint === "number" && codePoint <= 0xff) {
|
|
chars.push(char);
|
|
}
|
|
}
|
|
return chars.join("").trim();
|
|
}
|
|
|
|
/**
|
|
* Normalizes a raw secret value and converts empty normalized output to `undefined`.
|
|
* Use this at optional config boundaries where "not configured" is clearer than an empty string.
|
|
*/
|
|
export function normalizeOptionalSecretInput(value: unknown): string | undefined {
|
|
const normalized = normalizeSecretInput(value);
|
|
return normalized || undefined;
|
|
}
|