refactor(gateway): hide websocket helper types · openclaw/openclaw@ada70ec
unauthorized-flood-guard.ts
·
2026-06-17
·
via Recent Commits to openclaw:main
| Original file line number | Diff line number | Diff line change |
|---|
@@ -350,7 +350,7 @@ export type ChatAbortOps = {
|
350 | 350 | nodeSendToSession: (sessionKey: string, event: string, payload: unknown) => void; |
351 | 351 | }; |
352 | 352 | |
353 | | -export type TrackedChatRunAbortOps = { |
| 353 | +type TrackedChatRunAbortOps = { |
354 | 354 | chatAbortControllers: ChatAbortOps["chatAbortControllers"]; |
355 | 355 | chatRunBuffers: ChatAbortOps["chatRunBuffers"]; |
356 | 356 | chatRunState: { |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -71,7 +71,7 @@ const CONTROL_UI_OPERATOR_READ_SCOPE = "operator.read";
|
71 | 71 | const CONTROL_UI_OPERATOR_ROLE = "operator"; |
72 | 72 | const controlUiAssistantMediaTicketSecret = randomBytes(32); |
73 | 73 | |
74 | | -export type ControlUiRequestOptions = { |
| 74 | +type ControlUiRequestOptions = { |
75 | 75 | basePath?: string; |
76 | 76 | config?: OpenClawConfig; |
77 | 77 | agentId?: string; |
@@ -154,7 +154,7 @@ const CONTROL_UI_ROOT_PUBLIC_ASSETS = new Set([
|
154 | 154 | "sw.js", |
155 | 155 | ]); |
156 | 156 | |
157 | | -export type ControlUiAvatarResolution = |
| 157 | +type ControlUiAvatarResolution = |
158 | 158 | | { kind: "none"; reason: string; source?: string | null } |
159 | 159 | | { kind: "local"; filePath: string; source?: string | null } |
160 | 160 | | { kind: "remote"; url: string; source?: string | null } |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -13,7 +13,7 @@ type EventLoopDelayMonitor = ReturnType<typeof monitorEventLoopDelay>;
|
13 | 13 | type EventLoopUtilization = ReturnType<typeof performance.eventLoopUtilization>; |
14 | 14 | type CpuUsage = ReturnType<typeof process.cpuUsage>; |
15 | 15 | |
16 | | -export type GatewayEventLoopHealthReason = "event_loop_delay" | "event_loop_utilization" | "cpu"; |
| 16 | +type GatewayEventLoopHealthReason = "event_loop_delay" | "event_loop_utilization" | "cpu"; |
17 | 17 | |
18 | 18 | export type GatewayEventLoopHealth = { |
19 | 19 | degraded: boolean; |
@@ -25,7 +25,7 @@ export type GatewayEventLoopHealth = {
|
25 | 25 | cpuCoreRatio: number; |
26 | 26 | }; |
27 | 27 | |
28 | | -export type GatewayEventLoopHealthMonitor = { |
| 28 | +type GatewayEventLoopHealthMonitor = { |
29 | 29 | snapshot: () => GatewayEventLoopHealth | undefined; |
30 | 30 | stop: () => void; |
31 | 31 | }; |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -23,7 +23,7 @@ type HandshakeConnectAuth = {
|
23 | 23 | approvalRuntimeToken?: string; |
24 | 24 | }; |
25 | 25 | |
26 | | -export type DeviceTokenCandidateSource = "explicit-device-token" | "shared-token-fallback"; |
| 26 | +type DeviceTokenCandidateSource = "explicit-device-token" | "shared-token-fallback"; |
27 | 27 | |
28 | 28 | export type ConnectAuthState = { |
29 | 29 | authResult: GatewayAuthResult; |
@@ -48,7 +48,7 @@ type VerifyDeviceTokenResult = {
|
48 | 48 | }; |
49 | 49 | type VerifyBootstrapTokenResult = { ok: boolean; reason?: string }; |
50 | 50 | |
51 | | -export type ConnectAuthDecision = { |
| 51 | +type ConnectAuthDecision = { |
52 | 52 | authResult: GatewayAuthResult; |
53 | 53 | authOk: boolean; |
54 | 54 | authMethod: GatewayAuthResult["method"]; |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -3,7 +3,7 @@ import type { ConnectParams } from "../../../../packages/gateway-protocol/src/in
|
3 | 3 | import type { GatewayRole } from "../../role-policy.js"; |
4 | 4 | import { roleCanSkipDeviceIdentity } from "../../role-policy.js"; |
5 | 5 | |
6 | | -export type ControlUiAuthPolicy = { |
| 6 | +type ControlUiAuthPolicy = { |
7 | 7 | isControlUi: boolean; |
8 | 8 | allowInsecureAuthConfigured: boolean; |
9 | 9 | dangerouslyDisableDeviceAuth: boolean; |
@@ -77,7 +77,7 @@ export function isTrustedProxyControlUiOperatorAuth(params: {
|
77 | 77 | ); |
78 | 78 | } |
79 | 79 | |
80 | | -export type MissingDeviceIdentityDecision = |
| 80 | +type MissingDeviceIdentityDecision = |
81 | 81 | | { kind: "allow" } |
82 | 82 | | { kind: "reject-control-ui-insecure-auth" } |
83 | 83 | | { kind: "reject-unauthorized" } |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -20,14 +20,14 @@ import type { AuthProvidedKind } from "./auth-messages.js";
|
20 | 20 | |
21 | 21 | export const BROWSER_ORIGIN_LOOPBACK_RATE_LIMIT_IP = "198.18.0.1"; |
22 | 22 | export const BROWSER_ORIGIN_RATE_LIMIT_KEY_PREFIX = "browser-origin:"; |
23 | | -export type PairingLocalityKind = |
| 23 | +type PairingLocalityKind = |
24 | 24 | | "direct_local" |
25 | 25 | | "cli_container_local" |
26 | 26 | | "browser_container_local" |
27 | 27 | | "shared_secret_loopback_local" |
28 | 28 | | "remote"; |
29 | 29 | |
30 | | -export type HandshakeBrowserSecurityContext = { |
| 30 | +type HandshakeBrowserSecurityContext = { |
31 | 31 | hasBrowserOriginHeader: boolean; |
32 | 32 | enforceOriginCheckForAnyClient: boolean; |
33 | 33 | rateLimitClientIp: string | undefined; |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -2,7 +2,7 @@
|
2 | 2 | import { resolveIntegerOption } from "@openclaw/normalization-core/number-coercion"; |
3 | 3 | |
4 | 4 | /** Decision returned for a handshake auth log attempt. */ |
5 | | -export type HandshakeAuthLogDecision = { |
| 5 | +type HandshakeAuthLogDecision = { |
6 | 6 | shouldLog: boolean; |
7 | 7 | suppressedSinceLastLog: number; |
8 | 8 | }; |
|
| Original file line number | Diff line number | Diff line change |
|---|
@@ -5,13 +5,13 @@ import { ErrorCodes, type ErrorShape } from "../../../../packages/gateway-protoc
|
5 | 5 | /** |
6 | 6 | * Per-connection guard that suppresses noisy unauthorized-role retries. |
7 | 7 | */ |
8 | | -export type UnauthorizedFloodGuardOptions = { |
| 8 | +type UnauthorizedFloodGuardOptions = { |
9 | 9 | closeAfter?: number; |
10 | 10 | logEvery?: number; |
11 | 11 | }; |
12 | 12 | |
13 | 13 | /** Decision returned after recording one unauthorized role failure. */ |
14 | | -export type UnauthorizedFloodDecision = { |
| 14 | +type UnauthorizedFloodDecision = { |
15 | 15 | shouldClose: boolean; |
16 | 16 | shouldLog: boolean; |
17 | 17 | count: number; |
|
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。