From 6c7a7d910ab1dad56086979a8fff77ef1894661f Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Sun, 15 Feb 2026 06:40:04 +0000 Subject: [PATCH] refactor(gateway): dedupe probe auth resolution --- src/commands/status-all.ts | 28 +++------------------------- src/gateway/probe-auth.ts | 32 ++++++++++++++++++++++++++++++++ src/security/audit.ts | 29 +++++------------------------ 3 files changed, 40 insertions(+), 49 deletions(-) create mode 100644 src/gateway/probe-auth.ts diff --git a/src/commands/status-all.ts b/src/commands/status-all.ts index 36892d1d45f..6a7d5cc0dbb 100644 --- a/src/commands/status-all.ts +++ b/src/commands/status-all.ts @@ -9,6 +9,7 @@ import { resolveNodeService } from "../daemon/node-service.js"; import { resolveGatewayService } from "../daemon/service.js"; import { buildGatewayConnectionDetails, callGateway } from "../gateway/call.js"; import { normalizeControlUiBasePath } from "../gateway/control-ui-shared.js"; +import { resolveGatewayProbeAuth } from "../gateway/probe-auth.js"; import { probeGateway } from "../gateway/probe.js"; import { collectChannelStatusIssues } from "../infra/channels-status-issues.js"; import { resolveOpenClawPackageRoot } from "../infra/openclaw-root.js"; @@ -119,31 +120,8 @@ export async function statusAllCommand( const remoteUrlMissing = isRemoteMode && !remoteUrlRaw; const gatewayMode = isRemoteMode ? "remote" : "local"; - const resolveProbeAuth = (mode: "local" | "remote") => { - const authToken = cfg.gateway?.auth?.token; - const authPassword = cfg.gateway?.auth?.password; - const remote = cfg.gateway?.remote; - const token = - mode === "remote" - ? typeof remote?.token === "string" && remote.token.trim() - ? remote.token.trim() - : undefined - : process.env.OPENCLAW_GATEWAY_TOKEN?.trim() || - (typeof authToken === "string" && authToken.trim() ? authToken.trim() : undefined); - const password = - process.env.OPENCLAW_GATEWAY_PASSWORD?.trim() || - (mode === "remote" - ? typeof remote?.password === "string" && remote.password.trim() - ? remote.password.trim() - : undefined - : typeof authPassword === "string" && authPassword.trim() - ? authPassword.trim() - : undefined); - return { token, password }; - }; - - const localFallbackAuth = resolveProbeAuth("local"); - const remoteAuth = resolveProbeAuth("remote"); + const localFallbackAuth = resolveGatewayProbeAuth({ cfg, mode: "local" }); + const remoteAuth = resolveGatewayProbeAuth({ cfg, mode: "remote" }); const probeAuth = isRemoteMode && !remoteUrlMissing ? remoteAuth : localFallbackAuth; const gatewayProbe = await probeGateway({ diff --git a/src/gateway/probe-auth.ts b/src/gateway/probe-auth.ts new file mode 100644 index 00000000000..fe3271be690 --- /dev/null +++ b/src/gateway/probe-auth.ts @@ -0,0 +1,32 @@ +import type { OpenClawConfig } from "../config/config.js"; + +export function resolveGatewayProbeAuth(params: { + cfg: OpenClawConfig; + mode: "local" | "remote"; + env?: NodeJS.ProcessEnv; +}): { token?: string; password?: string } { + const env = params.env ?? process.env; + const authToken = params.cfg.gateway?.auth?.token; + const authPassword = params.cfg.gateway?.auth?.password; + const remote = params.cfg.gateway?.remote; + + const token = + params.mode === "remote" + ? typeof remote?.token === "string" && remote.token.trim() + ? remote.token.trim() + : undefined + : env.OPENCLAW_GATEWAY_TOKEN?.trim() || + (typeof authToken === "string" && authToken.trim() ? authToken.trim() : undefined); + + const password = + env.OPENCLAW_GATEWAY_PASSWORD?.trim() || + (params.mode === "remote" + ? typeof remote?.password === "string" && remote.password.trim() + ? remote.password.trim() + : undefined + : typeof authPassword === "string" && authPassword.trim() + ? authPassword.trim() + : undefined); + + return { token, password }; +} diff --git a/src/security/audit.ts b/src/security/audit.ts index 104eecb7888..4487f53a9cb 100644 --- a/src/security/audit.ts +++ b/src/security/audit.ts @@ -7,6 +7,7 @@ import { formatCliCommand } from "../cli/command-format.js"; import { resolveConfigPath, resolveStateDir } from "../config/paths.js"; import { resolveGatewayAuth } from "../gateway/auth.js"; import { buildGatewayConnectionDetails } from "../gateway/call.js"; +import { resolveGatewayProbeAuth } from "../gateway/probe-auth.js"; import { probeGateway } from "../gateway/probe.js"; import { collectChannelSecurityFindings } from "./audit-channel.js"; import { @@ -574,30 +575,10 @@ async function maybeProbeGateway(params: { typeof params.cfg.gateway?.remote?.url === "string" ? params.cfg.gateway.remote.url.trim() : ""; const remoteUrlMissing = isRemoteMode && !remoteUrlRaw; - const resolveAuth = (mode: "local" | "remote") => { - const authToken = params.cfg.gateway?.auth?.token; - const authPassword = params.cfg.gateway?.auth?.password; - const remote = params.cfg.gateway?.remote; - const token = - mode === "remote" - ? typeof remote?.token === "string" && remote.token.trim() - ? remote.token.trim() - : undefined - : process.env.OPENCLAW_GATEWAY_TOKEN?.trim() || - (typeof authToken === "string" && authToken.trim() ? authToken.trim() : undefined); - const password = - process.env.OPENCLAW_GATEWAY_PASSWORD?.trim() || - (mode === "remote" - ? typeof remote?.password === "string" && remote.password.trim() - ? remote.password.trim() - : undefined - : typeof authPassword === "string" && authPassword.trim() - ? authPassword.trim() - : undefined); - return { token, password }; - }; - - const auth = !isRemoteMode || remoteUrlMissing ? resolveAuth("local") : resolveAuth("remote"); + const auth = + !isRemoteMode || remoteUrlMissing + ? resolveGatewayProbeAuth({ cfg: params.cfg, mode: "local" }) + : resolveGatewayProbeAuth({ cfg: params.cfg, mode: "remote" }); const res = await params.probe({ url, auth, timeoutMs: params.timeoutMs }).catch((err) => ({ ok: false, url,