farcasclaudiu/openclaw
1
0
Fork 0
mirror of https://github.com/farcasclaudiu/openclaw.git synced 2026-06-28 21:01:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

refactor(gateway): share bearer auth helper

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-15 04:39:59 +00:00
parent 31a16157f3
commit b5c81f732c
3 changed files with 41 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/gateway/http-auth-helpers.ts
+27
View File
@@ -0,0 +1,27 @@
import type { IncomingMessage, ServerResponse } from "node:http";
import type { AuthRateLimiter } from "./auth-rate-limit.js";
import { authorizeGatewayConnect, type ResolvedGatewayAuth } from "./auth.js";
import { sendGatewayAuthFailure } from "./http-common.js";
import { getBearerToken } from "./http-utils.js";
export async function authorizeGatewayBearerRequestOrReply(params: {
req: IncomingMessage;
res: ServerResponse;
auth: ResolvedGatewayAuth;
trustedProxies?: string[];
rateLimiter?: AuthRateLimiter;
}): Promise<boolean> {
const token = getBearerToken(params.req);
const authResult = await authorizeGatewayConnect({
auth: params.auth,
connectAuth: token ? { token, password: token } : null,
req: params.req,
trustedProxies: params.trustedProxies,
rateLimiter: params.rateLimiter,
});
if (!authResult.ok) {
sendGatewayAuthFailure(params.res, authResult);
return false;
}
return true;
}
src/gateway/openai-http.ts
+7 -9
View File
@@ -1,6 +1,7 @@
import type { IncomingMessage, ServerResponse } from "node:http"; import type { IncomingMessage, ServerResponse } from "node:http";
import { randomUUID } from "node:crypto"; import { randomUUID } from "node:crypto";
import type { AuthRateLimiter } from "./auth-rate-limit.js"; import type { AuthRateLimiter } from "./auth-rate-limit.js";
import type { ResolvedGatewayAuth } from "./auth.js";
import { createDefaultDeps } from "../cli/deps.js"; import { createDefaultDeps } from "../cli/deps.js";
import { agentCommand } from "../commands/agent.js"; import { agentCommand } from "../commands/agent.js";
import { emitAgentEvent, onAgentEvent } from "../infra/agent-events.js"; import { emitAgentEvent, onAgentEvent } from "../infra/agent-events.js";
@@ -10,16 +11,15 @@ import {
buildAgentMessageFromConversationEntries, buildAgentMessageFromConversationEntries,
type ConversationEntry, type ConversationEntry,
} from "./agent-prompt.js"; } from "./agent-prompt.js";
import { authorizeGatewayConnect, type ResolvedGatewayAuth } from "./auth.js"; import { authorizeGatewayBearerRequestOrReply } from "./http-auth-helpers.js";
import { import {
readJsonBodyOrError, readJsonBodyOrError,
sendGatewayAuthFailure,
sendJson, sendJson,
sendMethodNotAllowed, sendMethodNotAllowed,
setSseHeaders, setSseHeaders,
writeDone, writeDone,
} from "./http-common.js"; } from "./http-common.js";
import { getBearerToken, resolveAgentIdForRequest, resolveSessionKey } from "./http-utils.js"; import { resolveAgentIdForRequest, resolveSessionKey } from "./http-utils.js";
type OpenAiHttpOptions = { type OpenAiHttpOptions = {
auth: ResolvedGatewayAuth; auth: ResolvedGatewayAuth;
@@ -161,16 +161,14 @@ export async function handleOpenAiHttpRequest(
return true; return true;
} }
const token = getBearerToken(req); const authorized = await authorizeGatewayBearerRequestOrReply({
const authResult = await authorizeGatewayConnect({
auth: opts.auth,
connectAuth: { token, password: token },
req, req,
res,
auth: opts.auth,
trustedProxies: opts.trustedProxies, trustedProxies: opts.trustedProxies,
rateLimiter: opts.rateLimiter, rateLimiter: opts.rateLimiter,
}); });
if (!authResult.ok) { if (!authorized) {
sendGatewayAuthFailure(res, authResult);
return true; return true;
} }
src/gateway/openresponses-http.ts
+7 -9
View File
@@ -12,6 +12,7 @@ import type { ClientToolDefinition } from "../agents/pi-embedded-runner/run/para
import type { ImageContent } from "../commands/agent/types.js"; import type { ImageContent } from "../commands/agent/types.js";
import type { GatewayHttpResponsesConfig } from "../config/types.gateway.js"; import type { GatewayHttpResponsesConfig } from "../config/types.gateway.js";
import type { AuthRateLimiter } from "./auth-rate-limit.js"; import type { AuthRateLimiter } from "./auth-rate-limit.js";
import type { ResolvedGatewayAuth } from "./auth.js";
import { createDefaultDeps } from "../cli/deps.js"; import { createDefaultDeps } from "../cli/deps.js";
import { agentCommand } from "../commands/agent.js"; import { agentCommand } from "../commands/agent.js";
import { emitAgentEvent, onAgentEvent } from "../infra/agent-events.js"; import { emitAgentEvent, onAgentEvent } from "../infra/agent-events.js";
@@ -39,16 +40,15 @@ import {
buildAgentMessageFromConversationEntries, buildAgentMessageFromConversationEntries,
type ConversationEntry, type ConversationEntry,
} from "./agent-prompt.js"; } from "./agent-prompt.js";
import { authorizeGatewayConnect, type ResolvedGatewayAuth } from "./auth.js"; import { authorizeGatewayBearerRequestOrReply } from "./http-auth-helpers.js";
import { import {
readJsonBodyOrError, readJsonBodyOrError,
sendGatewayAuthFailure,
sendJson, sendJson,
sendMethodNotAllowed, sendMethodNotAllowed,
setSseHeaders, setSseHeaders,
writeDone, writeDone,
} from "./http-common.js"; } from "./http-common.js";
import { getBearerToken, resolveAgentIdForRequest, resolveSessionKey } from "./http-utils.js"; import { resolveAgentIdForRequest, resolveSessionKey } from "./http-utils.js";
import { import {
CreateResponseBodySchema, CreateResponseBodySchema,
type ContentPart, type ContentPart,
@@ -334,16 +334,14 @@ export async function handleOpenResponsesHttpRequest(
return true; return true;
} }
const token = getBearerToken(req); const authorized = await authorizeGatewayBearerRequestOrReply({
const authResult = await authorizeGatewayConnect({
auth: opts.auth,
connectAuth: { token, password: token },
req, req,
res,
auth: opts.auth,
trustedProxies: opts.trustedProxies, trustedProxies: opts.trustedProxies,
rateLimiter: opts.rateLimiter, rateLimiter: opts.rateLimiter,
}); });
if (!authResult.ok) { if (!authorized) {
sendGatewayAuthFailure(res, authResult);
return true; return true;
} }