romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(gateway): add autoApprove to Zod config schema

Browse Source 
The TypeScript type was added but the Zod validation schema was missing,
causing config validation to reject the autoApprove field.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Rodrigo Uroz 2026-01-29 14:58:36 -03:00
parent bb71224dad
commit 190a74baea
4 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/config/zod-schema.ts
View File

@ -439,6 +439,16 @@ export const MoltbotSchema = z
.optional(), .optional(),
allowCommands: z.array(z.string()).optional(), allowCommands: z.array(z.string()).optional(),
denyCommands: z.array(z.string()).optional(), denyCommands: z.array(z.string()).optional(),
autoApprove: z
.object({
enabled: z.boolean().optional(),
roles: z.array(z.string()).optional(),
ipAllowlist: z.array(z.string()).optional(),
requireToken: z.boolean().optional(),
auditLog: z.boolean().optional(),
})
.strict()
.optional(),
}) })
.strict() .strict()
.optional(), .optional(),

6
src/gateway/net.test.ts
View File

@ -75,6 +75,12 @@ describe("isIpv4InCidr", () => {
expect(isIpv4InCidr("10.0.0.1", "invalid")).toBe(false); expect(isIpv4InCidr("10.0.0.1", "invalid")).toBe(false);
expect(isIpv4InCidr("10.0.0.1", "10.0.0.0")).toBe(false); expect(isIpv4InCidr("10.0.0.1", "10.0.0.0")).toBe(false);
}); });
it("returns false for invalid IPv4 input", () => {
expect(isIpv4InCidr("999.0.0.1", "10.0.0.0/8")).toBe(false);
expect(isIpv4InCidr("10.0.0.1", "999.0.0.0/8")).toBe(false);
expect(isIpv4InCidr("10.0.0.256", "10.0.0.0/8")).toBe(false);
});
}); });
describe("isValidCidr", () => { describe("isValidCidr", () => {

3
src/gateway/net.ts
View File

@ -197,10 +197,11 @@ function ipv4ToNumber(ip: string): number {
* @returns True if the IP is within the CIDR range * @returns True if the IP is within the CIDR range
*/ */
export function isIpv4InCidr(ip: string, cidr: string): boolean { export function isIpv4InCidr(ip: string, cidr: string): boolean {
if (!isValidIPv4(ip)) return false;
if (!isValidCidr(cidr)) return false;
const [range, bitsStr] = cidr.split("/"); const [range, bitsStr] = cidr.split("/");
if (!range || !bitsStr) return false; if (!range || !bitsStr) return false;
const bits = parseInt(bitsStr, 10); const bits = parseInt(bitsStr, 10);
if (Number.isNaN(bits) || bits < 0 || bits > 32) return false;
const ipNum = ipv4ToNumber(ip); const ipNum = ipv4ToNumber(ip);
const rangeNum = ipv4ToNumber(range); const rangeNum = ipv4ToNumber(range);

3
src/gateway/server/ws-connection/message-handler.ts
View File

@ -626,6 +626,7 @@ export function attachGatewayWsMessageHandler(params: {
return; return;
} }
const tokenAuthOk = authMethod === "token" || authMethod === "device-token";
const skipPairing = allowControlUiBypass && hasSharedAuth; const skipPairing = allowControlUiBypass && hasSharedAuth;
if (device && devicePublicKey && !skipPairing) { if (device && devicePublicKey && !skipPairing) {
// Auto-approve logic with security checks // Auto-approve logic with security checks
@ -647,7 +648,7 @@ export function attachGatewayWsMessageHandler(params: {
} }
// Check token is valid (if required, which is the default) // Check token is valid (if required, which is the default)
if (autoApproveConfig.requireToken !== false && !authOk) return false; if (autoApproveConfig.requireToken !== false && !tokenAuthOk) return false;
return true; return true;
})(); })();