mirror of
https://github.com/openclaw/openclaw.git
synced 2026-04-28 06:31:11 +00:00
2633b14914
* feat: support operator-managed proxy routing * docs: add network proxy changelog entry * fix(proxy): restrict gateway bypass to loopback IPs * fix(cli): harden container proxy URL checks * docs(proxy): clarify gateway bypass scope * docs: remove proxy changelog entry * fix(proxy): clear startup CI guard failures * fix(proxy): harden gateway proxy policy parsing * fix(proxy): honor update shorthand proxy policy * fix(cli): redact proxy URL suffixes * test(proxy): keep gateway help off proxy startup * fix(proxy): keep overlapping lifecycle active * docs: add proxy changelog entry --------- Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com>
63 lines
2.2 KiB
TypeScript
63 lines
2.2 KiB
TypeScript
import { isGatewayConfigBypassCommandPath } from "../gateway/explicit-connection-policy.js";
|
|
import { getCommandPathWithRootOptions } from "./argv.js";
|
|
import {
|
|
cliCommandCatalog,
|
|
type CliCommandPathPolicy,
|
|
type CliNetworkProxyPolicy,
|
|
} from "./command-catalog.js";
|
|
import { matchesCommandPath } from "./command-path-matches.js";
|
|
import { resolveGatewayCatalogCommandPath } from "./gateway-run-argv.js";
|
|
|
|
const DEFAULT_CLI_COMMAND_PATH_POLICY: CliCommandPathPolicy = {
|
|
bypassConfigGuard: false,
|
|
routeConfigGuard: "never",
|
|
loadPlugins: "never",
|
|
hideBanner: false,
|
|
ensureCliPath: true,
|
|
networkProxy: "default",
|
|
};
|
|
|
|
export function resolveCliCommandPathPolicy(commandPath: string[]): CliCommandPathPolicy {
|
|
let resolvedPolicy: CliCommandPathPolicy = { ...DEFAULT_CLI_COMMAND_PATH_POLICY };
|
|
for (const entry of cliCommandCatalog) {
|
|
if (!entry.policy) {
|
|
continue;
|
|
}
|
|
if (!matchesCommandPath(commandPath, entry.commandPath, { exact: entry.exact })) {
|
|
continue;
|
|
}
|
|
Object.assign(resolvedPolicy, entry.policy);
|
|
}
|
|
if (isGatewayConfigBypassCommandPath(commandPath)) {
|
|
resolvedPolicy.bypassConfigGuard = true;
|
|
}
|
|
return resolvedPolicy;
|
|
}
|
|
|
|
function isCommandPathPrefix(commandPath: string[], pattern: readonly string[]): boolean {
|
|
return pattern.every((segment, index) => commandPath[index] === segment);
|
|
}
|
|
|
|
export function resolveCliCatalogCommandPath(argv: string[]): string[] {
|
|
const tokens =
|
|
resolveGatewayCatalogCommandPath(argv) ?? getCommandPathWithRootOptions(argv, argv.length);
|
|
if (tokens.length === 0) {
|
|
return [];
|
|
}
|
|
let bestMatch: readonly string[] | null = null;
|
|
for (const entry of cliCommandCatalog) {
|
|
if (!isCommandPathPrefix(tokens, entry.commandPath)) {
|
|
continue;
|
|
}
|
|
if (!bestMatch || entry.commandPath.length > bestMatch.length) {
|
|
bestMatch = entry.commandPath;
|
|
}
|
|
}
|
|
return bestMatch ? [...bestMatch] : [tokens[0]];
|
|
}
|
|
|
|
export function resolveCliNetworkProxyPolicy(argv: string[]): CliNetworkProxyPolicy {
|
|
const commandPath = resolveCliCatalogCommandPath(argv);
|
|
const networkProxy = resolveCliCommandPathPolicy(commandPath).networkProxy;
|
|
return typeof networkProxy === "function" ? networkProxy({ argv, commandPath }) : networkProxy;
|
|
}
|