mirror of
http://192.168.0.88:13333/lywsvip/openclaw-zero-token.git
synced 2026-05-31 22:20:40 +08:00
571e14a236
Major upgrade from e26988a38 to upstream v2026.3.28 (f9b107928).
Key changes:
- Upstream src/, ui/, extensions/ (89 bundled extensions)
- Zero-token web providers preserved in src/zero-token/
- AskOnce plugin restored and registered as CLI command
- Added missing packages: @anthropic-ai/vertex-sdk, @modelcontextprotocol/sdk
- Fixed tsconfig rootDir, skipLibCheck for plugin-sdk DTS build
- Added askonce to bundled plugin metadata and package.json exports
- Fixed AskOnce CLI command registration (missing commands metadata)
- Restored AskOnce adapter imports (correct 5-level relative paths)
- Removed stale migration artifacts from root directory
71 lines
2.0 KiB
TypeScript
71 lines
2.0 KiB
TypeScript
import type { IncomingMessage, ServerResponse } from "node:http";
|
|
import type { AuthRateLimiter } from "./auth-rate-limit.js";
|
|
import type { ResolvedGatewayAuth } from "./auth.js";
|
|
import {
|
|
authorizeGatewayBearerRequestOrReply,
|
|
resolveGatewayRequestedOperatorScopes,
|
|
} from "./http-auth-helpers.js";
|
|
import { readJsonBodyOrError, sendJson, sendMethodNotAllowed } from "./http-common.js";
|
|
import { authorizeOperatorScopesForMethod } from "./method-scopes.js";
|
|
|
|
export async function handleGatewayPostJsonEndpoint(
|
|
req: IncomingMessage,
|
|
res: ServerResponse,
|
|
opts: {
|
|
pathname: string;
|
|
auth: ResolvedGatewayAuth;
|
|
maxBodyBytes: number;
|
|
trustedProxies?: string[];
|
|
allowRealIpFallback?: boolean;
|
|
rateLimiter?: AuthRateLimiter;
|
|
requiredOperatorMethod?: "chat.send" | (string & Record<never, never>);
|
|
},
|
|
): Promise<false | { body: unknown } | undefined> {
|
|
const url = new URL(req.url ?? "/", `http://${req.headers.host || "localhost"}`);
|
|
if (url.pathname !== opts.pathname) {
|
|
return false;
|
|
}
|
|
|
|
if (req.method !== "POST") {
|
|
sendMethodNotAllowed(res);
|
|
return undefined;
|
|
}
|
|
|
|
const authorized = await authorizeGatewayBearerRequestOrReply({
|
|
req,
|
|
res,
|
|
auth: opts.auth,
|
|
trustedProxies: opts.trustedProxies,
|
|
allowRealIpFallback: opts.allowRealIpFallback,
|
|
rateLimiter: opts.rateLimiter,
|
|
});
|
|
if (!authorized) {
|
|
return undefined;
|
|
}
|
|
|
|
if (opts.requiredOperatorMethod) {
|
|
const requestedScopes = resolveGatewayRequestedOperatorScopes(req);
|
|
const scopeAuth = authorizeOperatorScopesForMethod(
|
|
opts.requiredOperatorMethod,
|
|
requestedScopes,
|
|
);
|
|
if (!scopeAuth.allowed) {
|
|
sendJson(res, 403, {
|
|
ok: false,
|
|
error: {
|
|
type: "forbidden",
|
|
message: `missing scope: ${scopeAuth.missingScope}`,
|
|
},
|
|
});
|
|
return undefined;
|
|
}
|
|
}
|
|
|
|
const body = await readJsonBodyOrError(req, res, opts.maxBodyBytes);
|
|
if (body === undefined) {
|
|
return undefined;
|
|
}
|
|
|
|
return { body };
|
|
}
|