import type { IncomingMessage } from "node:http" ;import { describe, expect, it } from "vitest" ;import {"./http-utils.js" ;function createReq(headers: Record<string, string> = {}): IncomingMessage {return { headers } as IncomingMessage;const tokenAuth = { mode: "token" as const };const noneAuth = { mode: "none" as const };"resolveGatewayRequestContext" , () => {"uses normalized x-openclaw-message-channel when enabled" , () => {const result = resolveGatewayRequestContext({"x-openclaw-message-channel" : " Custom-Channel " }),"openclaw" ,"openai" ,"webchat" ,true ,"custom-channel" );"uses default messageChannel when header support is disabled" , () => {const result = resolveGatewayRequestContext({"x-openclaw-message-channel" : "custom-channel" }),"openclaw" ,"openresponses" ,"webchat" ,false ,"webchat" );"includes session prefix and user in generated session key" , () => {const result = resolveGatewayRequestContext({"openclaw" ,"alice" ,"openresponses" ,"webchat" ,"openresponses-user:alice" );"resolveTrustedHttpOperatorScopes" , () => {"drops self-asserted scopes for bearer-authenticated requests" , () => {const scopes = resolveTrustedHttpOperatorScopes("Bearer secret" ,"x-openclaw-scopes" : "operator.admin, operator.write" ,"keeps declared scopes for non-bearer HTTP requests" , () => {const scopes = resolveTrustedHttpOperatorScopes("x-openclaw-scopes" : "operator.admin, operator.write" ,"operator.admin" , "operator.write" ]);"keeps declared scopes when auth mode is not shared-secret even if auth headers are forwarded" , () => {const scopes = resolveTrustedHttpOperatorScopes("Bearer upstream-idp-token" ,"x-openclaw-scopes" : "operator.admin, operator.write" ,"operator.admin" , "operator.write" ]);"drops declared scopes when request auth resolved to a shared-secret method" , () => {const scopes = resolveTrustedHttpOperatorScopes("Bearer upstream-idp-token" ,"x-openclaw-scopes" : "operator.admin, operator.write" ,false },"resolveHttpSenderIsOwner" , () => {"requires operator.admin on a trusted HTTP scope-bearing request" , () => {"x-openclaw-scopes" : "operator.admin" }), noneAuth),true );"x-openclaw-scopes" : "operator.write" }), noneAuth),false );"returns false for bearer requests even with operator.admin in headers" , () => {"Bearer secret" ,"x-openclaw-scopes" : "operator.admin" ,false );"resolveOpenAiCompatibleHttpOperatorScopes" , () => {"restores default operator scopes for shared-secret bearer auth" , () => {const scopes = resolveOpenAiCompatibleHttpOperatorScopes("Bearer secret" ,"x-openclaw-scopes" : "operator.approvals" ,"token" , trustDeclaredOperatorScopes: false },"operator.admin" ,"operator.read" ,"operator.write" ,"operator.approvals" ,"operator.pairing" ,"operator.talk.secrets" ,"keeps declared scopes for trusted HTTP identity-bearing requests" , () => {const scopes = resolveOpenAiCompatibleHttpOperatorScopes("x-openclaw-scopes" : "operator.write" ,"trusted-proxy" , trustDeclaredOperatorScopes: true },"operator.write" ]);"resolveOpenAiCompatibleHttpSenderIsOwner" , () => {"treats shared-secret bearer auth as owner on the compat surface" , () => {"Bearer secret" ,"x-openclaw-scopes" : "operator.approvals" ,"token" , trustDeclaredOperatorScopes: false },true );"still requires operator.admin for trusted scope-bearing requests" , () => {"x-openclaw-scopes" : "operator.write" }),"trusted-proxy" , trustDeclaredOperatorScopes: true },false );"x-openclaw-scopes" : "operator.admin" }),"trusted-proxy" , trustDeclaredOperatorScopes: true },true );
Messung V0.5 in Prozent C=100 H=97 G=98
¤ Dauer der Verarbeitung: 0.15 Sekunden
(vorverarbeitet am 2026-06-10)
¤ *© Formatika GbR, Deutschland
