Accept OpenClaw auth headers in more payload formats

2026-03-06 12:06:08 -06:00
parent 1d42b6e726
commit fa43e5b0dd
2 changed files with 70 additions and 2 deletions
--- a/server/src/tests/invite-accept-openclaw-defaults.test.ts
+++ b/server/src/tests/invite-accept-openclaw-defaults.test.ts
@@ -70,6 +70,46 @@ describe("buildJoinDefaultsPayloadForAccept", () => {
    });
  });

+  it("accepts auth from agentDefaultsPayload.headers.x-openclaw-auth", () => {
+    const result = buildJoinDefaultsPayloadForAccept({
+      adapterType: "openclaw",
+      defaultsPayload: {
+        url: "http://127.0.0.1:18789/v1/responses",
+        method: "POST",
+        headers: {
+          "x-openclaw-auth": "gateway-token",
+        },
+      },
+    }) as Record<string, unknown>;
+
+    expect(result).toMatchObject({
+      headers: {
+        "x-openclaw-auth": "gateway-token",
+      },
+      webhookAuthHeader: "Bearer gateway-token",
+    });
+  });
+
+  it("accepts wrapped auth values in headers for compatibility", () => {
+    const result = buildJoinDefaultsPayloadForAccept({
+      adapterType: "openclaw",
+      defaultsPayload: {
+        headers: {
+          "x-openclaw-auth": {
+            value: "gateway-token",
+          },
+        },
+      },
+    }) as Record<string, unknown>;
+
+    expect(result).toMatchObject({
+      headers: {
+        "x-openclaw-auth": "gateway-token",
+      },
+      webhookAuthHeader: "Bearer gateway-token",
+    });
+  });
+
  it("leaves non-openclaw payloads unchanged", () => {
    const defaultsPayload = { command: "echo hello" };
    const result = buildJoinDefaultsPayloadForAccept({
--- a/server/src/routes/access.ts
+++ b/server/src/routes/access.ts
@@ -128,13 +128,41 @@ function normalizeHostname(value: string | null | undefined): string | null {
  return trimmed.toLowerCase();
 }

+function normalizeHeaderValue(
+  value: unknown,
+  depth: number = 0,
+): string | null {
+  const direct = nonEmptyTrimmedString(value);
+  if (direct) return direct;
+  if (!isPlainObject(value) || depth >= 2) return null;
+
+  const candidateKeys = [
+    "value",
+    "token",
+    "secret",
+    "apiKey",
+    "api_key",
+    "auth",
+    "authorization",
+    "bearer",
+    "header",
+  ];
+  for (const key of candidateKeys) {
+    if (!Object.prototype.hasOwnProperty.call(value, key)) continue;
+    const normalized = normalizeHeaderValue((value as Record<string, unknown>)[key], depth + 1);
+    if (normalized) return normalized;
+  }
+  return null;
+}
+
 function normalizeHeaderMap(input: unknown): Record<string, string> | undefined {
  if (!isPlainObject(input)) return undefined;
  const out: Record<string, string> = {};
  for (const [key, value] of Object.entries(input)) {
-    if (typeof value !== "string") continue;
+    const normalizedValue = normalizeHeaderValue(value);
+    if (!normalizedValue) continue;
    const trimmedKey = key.trim();
-    const trimmedValue = value.trim();
+    const trimmedValue = normalizedValue.trim();
    if (!trimmedKey || !trimmedValue) continue;
    out[trimmedKey] = trimmedValue;
  }