Handle single-key wrapped OpenClaw auth headers

2026-03-06 12:49:41 -06:00
parent 70051735f6
commit 0324259da3
2 changed files with 36 additions and 0 deletions
--- a/server/src/tests/invite-accept-openclaw-defaults.test.ts
+++ b/server/src/tests/invite-accept-openclaw-defaults.test.ts
@@ -142,6 +142,26 @@ describe("buildJoinDefaultsPayloadForAccept", () => {
    });
  });

+  it("accepts auth headers wrapped in a single unknown key", () => {
+    const result = buildJoinDefaultsPayloadForAccept({
+      adapterType: "openclaw",
+      defaultsPayload: {
+        headers: {
+          "x-openclaw-auth": {
+            gatewayToken: "gateway-token",
+          },
+        },
+      },
+    }) as Record<string, unknown>;
+
+    expect(result).toMatchObject({
+      headers: {
+        "x-openclaw-auth": "gateway-token",
+      },
+      webhookAuthHeader: "Bearer gateway-token",
+    });
+  });
+
  it("leaves non-openclaw payloads unchanged", () => {
    const defaultsPayload = { command: "echo hello" };
    const result = buildJoinDefaultsPayloadForAccept({
--- a/server/src/routes/access.ts
+++ b/server/src/routes/access.ts
@@ -159,6 +159,22 @@ function normalizeHeaderValue(
    const normalized = normalizeHeaderValue((value as Record<string, unknown>)[key], depth + 1);
    if (normalized) return normalized;
  }
+
+  const entries = Object.entries(value as Record<string, unknown>);
+  if (entries.length === 1) {
+    const [singleKey, singleValue] = entries[0];
+    const normalizedKey = singleKey.trim().toLowerCase();
+    if (
+      normalizedKey !== "type" &&
+      normalizedKey !== "version" &&
+      normalizedKey !== "secretid" &&
+      normalizedKey !== "secret_id"
+    ) {
+      const normalized = normalizeHeaderValue(singleValue, depth + 1);
+      if (normalized) return normalized;
+    }
+  }
+
  return null;
 }