mirror of
http://192.168.0.88:13333/lywsvip/openclaw-zero-token.git
synced 2026-05-09 16:52:12 +08:00
571e14a236
Major upgrade from e26988a38 to upstream v2026.3.28 (f9b107928).
Key changes:
- Upstream src/, ui/, extensions/ (89 bundled extensions)
- Zero-token web providers preserved in src/zero-token/
- AskOnce plugin restored and registered as CLI command
- Added missing packages: @anthropic-ai/vertex-sdk, @modelcontextprotocol/sdk
- Fixed tsconfig rootDir, skipLibCheck for plugin-sdk DTS build
- Added askonce to bundled plugin metadata and package.json exports
- Fixed AskOnce CLI command registration (missing commands metadata)
- Restored AskOnce adapter imports (correct 5-level relative paths)
- Removed stale migration artifacts from root directory
193 lines
5.0 KiB
TypeScript
193 lines
5.0 KiB
TypeScript
import { describe, expect, it } from "vitest";
|
|
import type { OpenClawConfig } from "../config/config.js";
|
|
import {
|
|
resolveGatewayProbeAuthSafe,
|
|
resolveGatewayProbeAuthSafeWithSecretInputs,
|
|
resolveGatewayProbeAuthWithSecretInputs,
|
|
} from "./probe-auth.js";
|
|
|
|
function expectUnresolvedProbeTokenWarning(cfg: OpenClawConfig) {
|
|
const result = resolveGatewayProbeAuthSafe({
|
|
cfg,
|
|
mode: "local",
|
|
env: {} as NodeJS.ProcessEnv,
|
|
});
|
|
|
|
expect(result.auth).toEqual({});
|
|
expect(result.warning).toContain("gateway.auth.token");
|
|
expect(result.warning).toContain("unresolved");
|
|
}
|
|
|
|
describe("resolveGatewayProbeAuthSafe", () => {
|
|
it("returns probe auth credentials when available", () => {
|
|
const result = resolveGatewayProbeAuthSafe({
|
|
cfg: {
|
|
gateway: {
|
|
auth: {
|
|
token: "token-value",
|
|
},
|
|
},
|
|
} as OpenClawConfig,
|
|
mode: "local",
|
|
env: {} as NodeJS.ProcessEnv,
|
|
});
|
|
|
|
expect(result).toEqual({
|
|
auth: {
|
|
token: "token-value",
|
|
password: undefined,
|
|
},
|
|
});
|
|
});
|
|
|
|
it("returns warning and empty auth when token SecretRef is unresolved", () => {
|
|
expectUnresolvedProbeTokenWarning({
|
|
gateway: {
|
|
auth: {
|
|
mode: "token",
|
|
token: { source: "env", provider: "default", id: "MISSING_GATEWAY_TOKEN" },
|
|
},
|
|
},
|
|
secrets: {
|
|
providers: {
|
|
default: { source: "env" },
|
|
},
|
|
},
|
|
} as OpenClawConfig);
|
|
});
|
|
|
|
it("does not fall through to remote token when local token SecretRef is unresolved", () => {
|
|
expectUnresolvedProbeTokenWarning({
|
|
gateway: {
|
|
mode: "local",
|
|
auth: {
|
|
mode: "token",
|
|
token: { source: "env", provider: "default", id: "MISSING_GATEWAY_TOKEN" },
|
|
},
|
|
remote: {
|
|
token: "remote-token",
|
|
},
|
|
},
|
|
secrets: {
|
|
providers: {
|
|
default: { source: "env" },
|
|
},
|
|
},
|
|
} as OpenClawConfig);
|
|
});
|
|
|
|
it("ignores unresolved local token SecretRef in remote mode when remote-only auth is requested", () => {
|
|
const result = resolveGatewayProbeAuthSafe({
|
|
cfg: {
|
|
gateway: {
|
|
mode: "remote",
|
|
remote: {
|
|
url: "wss://gateway.example",
|
|
},
|
|
auth: {
|
|
mode: "token",
|
|
token: { source: "env", provider: "default", id: "MISSING_LOCAL_TOKEN" },
|
|
},
|
|
},
|
|
secrets: {
|
|
providers: {
|
|
default: { source: "env" },
|
|
},
|
|
},
|
|
} as OpenClawConfig,
|
|
mode: "remote",
|
|
env: {} as NodeJS.ProcessEnv,
|
|
});
|
|
|
|
expect(result).toEqual({
|
|
auth: {
|
|
token: undefined,
|
|
password: undefined,
|
|
},
|
|
});
|
|
});
|
|
});
|
|
|
|
describe("resolveGatewayProbeAuthSafeWithSecretInputs", () => {
|
|
it("resolves env SecretRef token via async secret-inputs path", async () => {
|
|
const result = await resolveGatewayProbeAuthSafeWithSecretInputs({
|
|
cfg: {
|
|
gateway: {
|
|
auth: {
|
|
mode: "token",
|
|
token: { source: "env", provider: "default", id: "OPENCLAW_GATEWAY_TOKEN" },
|
|
},
|
|
},
|
|
secrets: {
|
|
providers: {
|
|
default: { source: "env" },
|
|
},
|
|
},
|
|
} as OpenClawConfig,
|
|
mode: "local",
|
|
env: {
|
|
OPENCLAW_GATEWAY_TOKEN: "test-token-from-env",
|
|
} as NodeJS.ProcessEnv,
|
|
});
|
|
|
|
expect(result.warning).toBeUndefined();
|
|
expect(result.auth).toEqual({
|
|
token: "test-token-from-env",
|
|
password: undefined,
|
|
});
|
|
});
|
|
|
|
it("returns warning and empty auth when SecretRef cannot be resolved via async path", async () => {
|
|
const result = await resolveGatewayProbeAuthSafeWithSecretInputs({
|
|
cfg: {
|
|
gateway: {
|
|
auth: {
|
|
mode: "token",
|
|
token: { source: "env", provider: "default", id: "MISSING_TOKEN_XYZ" },
|
|
},
|
|
},
|
|
secrets: {
|
|
providers: {
|
|
default: { source: "env" },
|
|
},
|
|
},
|
|
} as OpenClawConfig,
|
|
mode: "local",
|
|
env: {} as NodeJS.ProcessEnv,
|
|
});
|
|
|
|
expect(result.auth).toEqual({});
|
|
expect(result.warning).toContain("gateway.auth.token");
|
|
expect(result.warning).toContain("unresolved");
|
|
});
|
|
});
|
|
|
|
describe("resolveGatewayProbeAuthWithSecretInputs", () => {
|
|
it("resolves local probe SecretRef values before shared credential selection", async () => {
|
|
const auth = await resolveGatewayProbeAuthWithSecretInputs({
|
|
cfg: {
|
|
gateway: {
|
|
auth: {
|
|
mode: "token",
|
|
token: { source: "env", provider: "default", id: "DAEMON_GATEWAY_TOKEN" },
|
|
},
|
|
},
|
|
secrets: {
|
|
providers: {
|
|
default: { source: "env" },
|
|
},
|
|
},
|
|
} as OpenClawConfig,
|
|
mode: "local",
|
|
env: {
|
|
DAEMON_GATEWAY_TOKEN: "resolved-daemon-token",
|
|
} as NodeJS.ProcessEnv,
|
|
});
|
|
|
|
expect(auth).toEqual({
|
|
token: "resolved-daemon-token",
|
|
password: undefined,
|
|
});
|
|
});
|
|
});
|