|
| 1 | +import type { OpenClawConfig } from "../config/config.js"; |
| 2 | +import { createExecApprovalForwarder } from "../infra/exec-approval-forwarder.js"; |
| 3 | +import { type PluginApprovalRequestPayload } from "../infra/plugin-approvals.js"; |
| 4 | +import { |
| 5 | + resolveCommandSecretsFromActiveRuntimeSnapshot, |
| 6 | + type CommandSecretAssignment, |
| 7 | +} from "../secrets/runtime-command-secrets.js"; |
| 8 | +import { getActiveSecretsRuntimeSnapshot } from "../secrets/runtime.js"; |
| 9 | +import { createExecApprovalIosPushDelivery } from "./exec-approval-ios-push.js"; |
| 10 | +import { ExecApprovalManager } from "./exec-approval-manager.js"; |
| 11 | +import { createExecApprovalHandlers } from "./server-methods/exec-approval.js"; |
| 12 | +import { createPluginApprovalHandlers } from "./server-methods/plugin-approval.js"; |
| 13 | +import { createSecretsHandlers } from "./server-methods/secrets.js"; |
| 14 | +import { |
| 15 | + disconnectStaleSharedGatewayAuthClients, |
| 16 | + setCurrentSharedGatewaySessionGeneration, |
| 17 | + type SharedGatewayAuthClient, |
| 18 | + type SharedGatewaySessionGenerationState, |
| 19 | +} from "./server-shared-auth-generation.js"; |
| 20 | +import type { ActivateRuntimeSecrets } from "./server-startup-config.js"; |
| 21 | + |
| 22 | +type GatewayAuxHandlerLogger = { |
| 23 | + warn?: (message: string) => void; |
| 24 | + error?: (message: string) => void; |
| 25 | + debug?: (message: string) => void; |
| 26 | +}; |
| 27 | + |
| 28 | +export function createGatewayAuxHandlers(params: { |
| 29 | + log: GatewayAuxHandlerLogger; |
| 30 | + activateRuntimeSecrets: ActivateRuntimeSecrets; |
| 31 | + sharedGatewaySessionGenerationState: SharedGatewaySessionGenerationState; |
| 32 | + resolveSharedGatewaySessionGenerationForConfig: (config: OpenClawConfig) => string | undefined; |
| 33 | + clients: Iterable<SharedGatewayAuthClient>; |
| 34 | +}) { |
| 35 | + const execApprovalManager = new ExecApprovalManager(); |
| 36 | + const execApprovalForwarder = createExecApprovalForwarder(); |
| 37 | + const execApprovalIosPushDelivery = createExecApprovalIosPushDelivery({ log: params.log }); |
| 38 | + const execApprovalHandlers = createExecApprovalHandlers(execApprovalManager, { |
| 39 | + forwarder: execApprovalForwarder, |
| 40 | + iosPushDelivery: execApprovalIosPushDelivery, |
| 41 | + }); |
| 42 | + const pluginApprovalManager = new ExecApprovalManager<PluginApprovalRequestPayload>(); |
| 43 | + const pluginApprovalHandlers = createPluginApprovalHandlers(pluginApprovalManager, { |
| 44 | + forwarder: execApprovalForwarder, |
| 45 | + }); |
| 46 | + const secretsHandlers = createSecretsHandlers({ |
| 47 | + reloadSecrets: async () => { |
| 48 | + const active = getActiveSecretsRuntimeSnapshot(); |
| 49 | + if (!active) { |
| 50 | + throw new Error("Secrets runtime snapshot is not active."); |
| 51 | + } |
| 52 | + const previousSharedGatewaySessionGeneration = |
| 53 | + params.sharedGatewaySessionGenerationState.current; |
| 54 | + const prepared = await params.activateRuntimeSecrets(active.sourceConfig, { |
| 55 | + reason: "reload", |
| 56 | + activate: true, |
| 57 | + }); |
| 58 | + const nextSharedGatewaySessionGeneration = |
| 59 | + params.resolveSharedGatewaySessionGenerationForConfig(prepared.config); |
| 60 | + setCurrentSharedGatewaySessionGeneration( |
| 61 | + params.sharedGatewaySessionGenerationState, |
| 62 | + nextSharedGatewaySessionGeneration, |
| 63 | + ); |
| 64 | + if (previousSharedGatewaySessionGeneration !== nextSharedGatewaySessionGeneration) { |
| 65 | + disconnectStaleSharedGatewayAuthClients({ |
| 66 | + clients: params.clients, |
| 67 | + expectedGeneration: nextSharedGatewaySessionGeneration, |
| 68 | + }); |
| 69 | + } |
| 70 | + return { warningCount: prepared.warnings.length }; |
| 71 | + }, |
| 72 | + resolveSecrets: async ({ commandName, targetIds }) => { |
| 73 | + const { assignments, diagnostics, inactiveRefPaths } = |
| 74 | + resolveCommandSecretsFromActiveRuntimeSnapshot({ |
| 75 | + commandName, |
| 76 | + targetIds: new Set(targetIds), |
| 77 | + }); |
| 78 | + if (assignments.length === 0) { |
| 79 | + return { assignments: [] as CommandSecretAssignment[], diagnostics, inactiveRefPaths }; |
| 80 | + } |
| 81 | + return { assignments, diagnostics, inactiveRefPaths }; |
| 82 | + }, |
| 83 | + }); |
| 84 | + |
| 85 | + return { |
| 86 | + execApprovalManager, |
| 87 | + pluginApprovalManager, |
| 88 | + extraHandlers: { |
| 89 | + ...execApprovalHandlers, |
| 90 | + ...pluginApprovalHandlers, |
| 91 | + ...secretsHandlers, |
| 92 | + }, |
| 93 | + }; |
| 94 | +} |
0 commit comments