romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge d91765df74 into da71eaebd2

Browse Source
This commit is contained in:
Episkey 2026-01-30 12:32:59 +01:00 committed by GitHub
commit 6f526ffcf8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -125,6 +125,7 @@ Status: stable.
- Gateway: default auth now fail-closed (token/password required; Tailscale Serve identity remains allowed). - Gateway: default auth now fail-closed (token/password required; Tailscale Serve identity remains allowed).
- Gateway: treat loopback + non-local Host connections as remote unless trusted proxy headers are present. - Gateway: treat loopback + non-local Host connections as remote unless trusted proxy headers are present.
- Onboarding: remove unsupported gateway auth "off" choice from onboarding/configure flows and CLI flags. - Onboarding: remove unsupported gateway auth "off" choice from onboarding/configure flows and CLI flags.
- Gateway: improve auth error message for native apps (macOS/iOS/Android) to clarify gateway.remote.token setup. (#2268)
## 2026.1.24-3 ## 2026.1.24-3

20
src/gateway/server/ws-connection/message-handler.ts
View File

@ -83,17 +83,25 @@ function formatGatewayAuthFailureMessage(params: {
const isCli = isGatewayCliClient(client); const isCli = isGatewayCliClient(client);
const isControlUi = client?.id === GATEWAY_CLIENT_IDS.CONTROL_UI; const isControlUi = client?.id === GATEWAY_CLIENT_IDS.CONTROL_UI;
const isWebchat = isWebchatClient(client); const isWebchat = isWebchatClient(client);
const isMacOsApp = client?.id === GATEWAY_CLIENT_IDS.MACOS_APP;
const isIosApp = client?.id === GATEWAY_CLIENT_IDS.IOS_APP;
const isAndroidApp = client?.id === GATEWAY_CLIENT_IDS.ANDROID_APP;
const isNativeApp = isMacOsApp || isIosApp || isAndroidApp;
const uiHint = "open a tokenized dashboard URL or paste token in Control UI settings"; const uiHint = "open a tokenized dashboard URL or paste token in Control UI settings";
const tokenHint = isCli const tokenHint = isCli
? "set gateway.remote.token to match gateway.auth.token" ? "set gateway.remote.token to match gateway.auth.token"
: isControlUi || isWebchat : isNativeApp
? uiHint ? "set gateway.remote.token in ~/.clawdbot/clawdbot.json to match gateway.auth.token on the server"
: "provide gateway auth token"; : isControlUi || isWebchat
? uiHint
: "provide gateway auth token";
const passwordHint = isCli const passwordHint = isCli
? "set gateway.remote.password to match gateway.auth.password" ? "set gateway.remote.password to match gateway.auth.password"
: isControlUi || isWebchat : isNativeApp
? "enter the password in Control UI settings" ? "set gateway.remote.password in ~/.clawdbot/clawdbot.json to match gateway.auth.password on the server"
: "provide gateway auth password"; : isControlUi || isWebchat
? "enter the password in Control UI settings"
: "provide gateway auth password";
switch (reason) { switch (reason) {
case "token_missing": case "token_missing":
return `unauthorized: gateway token missing (${tokenHint})`; return `unauthorized: gateway token missing (${tokenHint})`;