fix(gateway): honor env token for remote interactive auth · openclaw/openclaw@7d09ff8
vincentkoc
·
2026-05-17
·
via Recent Commits to openclaw:main
| Original file line number | Diff line number | Diff line change |
|---|
@@ -23,6 +23,7 @@ Docs: https://docs.openclaw.ai
|
23 | 23 | - CLI/config: add `--dry-run` support to `openclaw config unset`, with `--json` output and allow-exec validation parity with `config set`/`config patch` dry-run handling. (#81895) Thanks @giodl73-repo. |
24 | 24 | - Memory-core: retry disabled dreaming cron cleanup until cron is available after startup, so persisted managed dreaming jobs are removed after restart. Fixes #82383. (#82389) Thanks @neeravmakwana. |
25 | 25 | - Gateway/diagnostics: redact credential-bearing gateway target URLs and client diagnostics while preserving raw connection URLs for programmatic use, so connect-failure logs no longer surface embedded tokens. |
| 26 | +- Gateway/auth: honor `OPENCLAW_GATEWAY_TOKEN` as the remote interactive fallback when no remote token is configured, keeping remote TUI setup aligned with documented auth precedence. |
26 | 27 | - Logs: redact raw Basic auth and named security headers from `logs.tail` output before returning lines to read-scoped clients. Fixes #66832. Thanks @Magicray1217. |
27 | 28 | - CLI/gateway: emit structured JSON for gateway transport close/timeout failures when `--json` is requested by health, gateway health, and devices list commands. Fixes #79108. Thanks @TurboTheTurtle. |
28 | 29 | - Telegram: normalize announce group targets via a new `resolveSessionTarget` channel hook so scheduled announcements resolve consistently against the same Telegram session conversation registry as inbound turns. Fixes #81229. Thanks @giodl73-repo. |
|
| Original file line number | Diff line number | Diff line change |
|---|
|
| 1 | +import { describe, expect, it } from "vitest"; |
| 2 | +import type { GatewayRemoteConfig } from "../config/types.gateway.js"; |
| 3 | +import type { OpenClawConfig } from "../config/types.openclaw.js"; |
| 4 | +import { resolveGatewayInteractiveSurfaceAuth } from "./auth-surface-resolution.js"; |
| 5 | + |
| 6 | +function remoteGatewayConfig(remote?: GatewayRemoteConfig): OpenClawConfig { |
| 7 | +return { |
| 8 | +gateway: { |
| 9 | +mode: "remote", |
| 10 | +remote: { |
| 11 | +url: "wss://remote.example/ws", |
| 12 | + ...remote, |
| 13 | +}, |
| 14 | +}, |
| 15 | +}; |
| 16 | +} |
| 17 | + |
| 18 | +describe("resolveGatewayInteractiveSurfaceAuth", () => { |
| 19 | +it("uses OPENCLAW_GATEWAY_TOKEN as remote interactive fallback", async () => { |
| 20 | +await expect( |
| 21 | +resolveGatewayInteractiveSurfaceAuth({ |
| 22 | +config: remoteGatewayConfig(), |
| 23 | +env: { |
| 24 | +OPENCLAW_GATEWAY_TOKEN: "env-token", |
| 25 | +}, |
| 26 | +surface: "remote", |
| 27 | +}), |
| 28 | +).resolves.toEqual({ |
| 29 | +token: "env-token", |
| 30 | +password: undefined, |
| 31 | +}); |
| 32 | +}); |
| 33 | + |
| 34 | +it("keeps configured remote token ahead of OPENCLAW_GATEWAY_TOKEN", async () => { |
| 35 | +await expect( |
| 36 | +resolveGatewayInteractiveSurfaceAuth({ |
| 37 | +config: remoteGatewayConfig({ token: "remote-token" }), |
| 38 | +env: { |
| 39 | +OPENCLAW_GATEWAY_TOKEN: "env-token", |
| 40 | +}, |
| 41 | +surface: "remote", |
| 42 | +}), |
| 43 | +).resolves.toEqual({ |
| 44 | +token: "remote-token", |
| 45 | +password: undefined, |
| 46 | +}); |
| 47 | +}); |
| 48 | + |
| 49 | +it("falls back to OPENCLAW_GATEWAY_TOKEN when the remote token ref is unresolved", async () => { |
| 50 | +await expect( |
| 51 | +resolveGatewayInteractiveSurfaceAuth({ |
| 52 | +config: { |
| 53 | + ...remoteGatewayConfig({ |
| 54 | +token: { source: "env", provider: "default", id: "MISSING_REMOTE_TOKEN" }, |
| 55 | +}), |
| 56 | +}, |
| 57 | +env: { |
| 58 | +OPENCLAW_GATEWAY_TOKEN: "env-token", |
| 59 | +}, |
| 60 | +surface: "remote", |
| 61 | +}), |
| 62 | +).resolves.toEqual({ |
| 63 | +token: "env-token", |
| 64 | +password: undefined, |
| 65 | +}); |
| 66 | +}); |
| 67 | +}); |
| Original file line number | Diff line number | Diff line change |
|---|
@@ -183,7 +183,7 @@ export async function resolveGatewayInteractiveSurfaceAuth(params: {
|
183 | 183 | path: "gateway.remote.password", |
184 | 184 | value: params.config.gateway?.remote?.password, |
185 | 185 | }); |
186 | | -const token = explicitToken ?? remoteToken.value; |
| 186 | +const token = explicitToken ?? remoteToken.value ?? envToken; |
187 | 187 | const password = explicitPassword ?? envPassword ?? remotePassword.value; |
188 | 188 | return token || password |
189 | 189 | ? { token, password } |
|
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。