@@ -3,7 +3,6 @@ import path from "node:path";
33import { expect , test , vi } from "vitest" ;
44import { WebSocket } from "ws" ;
55import {
6- approvePendingPairingIfNeeded ,
76 BACKEND_GATEWAY_CLIENT ,
87 connectReq ,
98 configureTrustedProxyControlUiAuth ,
@@ -136,14 +135,6 @@ export function registerControlUiAndPairingSuite(): void {
136135 } ;
137136 } ;
138137
139- const startServerWithOperatorIdentity = async ( identityPrefix = "openclaw-device-scope-" ) => {
140- const { server, ws, port, prevToken } = await startServerWithClient ( "secret" , {
141- controlUiEnabled : true ,
142- } ) ;
143- const { identityPath, identity, client } = await createOperatorIdentityFixture ( identityPrefix ) ;
144- return { server, ws, port, prevToken, identityPath, identity, client } ;
145- } ;
146-
147138 const startControlUiServerWithOperatorIdentity = async (
148139 identityPrefix = "openclaw-device-scope-" ,
149140 ) => {
@@ -219,17 +210,19 @@ export function registerControlUiAndPairingSuite(): void {
219210 clientMode : string ;
220211 displayName : string ;
221212 platform : string ;
213+ scopes ?: string [ ] ;
222214 } ) : Promise < { identityPath : string ; identity : { deviceId : string } } > => {
223215 const { publicKeyRawBase64UrlFromPem } = await import ( "../infra/device-identity.js" ) ;
224216 const { approveDevicePairing, requestDevicePairing } =
225217 await import ( "../infra/device-pairing.js" ) ;
226218 const { identityPath, identity } = await createOperatorIdentityFixture ( params . identityPrefix ) ;
219+ const scopes = params . scopes ?? [ "operator.read" ] ;
227220 const devicePublicKey = publicKeyRawBase64UrlFromPem ( identity . publicKeyPem ) ;
228221 const seeded = await requestDevicePairing ( {
229222 deviceId : identity . deviceId ,
230223 publicKey : devicePublicKey ,
231224 role : "operator" ,
232- scopes : [ "operator.read" ] ,
225+ scopes,
233226 clientId : params . clientId ,
234227 clientMode : params . clientMode ,
235228 displayName : params . displayName ,
@@ -491,9 +484,6 @@ export function registerControlUiAndPairingSuite(): void {
491484
492485 const scopedHealth = await rpcReq ( scopedWs , "health" ) ;
493486 expect ( scopedHealth . ok ) . toBe ( true ) ;
494-
495- const talk = await rpcReq ( scopedWs , "chat.history" , { sessionKey : "main" , limit : 1 } ) ;
496- expect ( talk . ok ) . toBe ( true ) ;
497487 scopedWs . close ( ) ;
498488 } ) ;
499489 } finally {
@@ -1269,36 +1259,26 @@ export function registerControlUiAndPairingSuite(): void {
12691259
12701260 test ( "allows operator.read connect when device is paired with operator.admin" , async ( ) => {
12711261 const { listDevicePairing } = await import ( "../infra/device-pairing.js" ) ;
1272- const { server , ws , port , prevToken , identityPath, identity, client } =
1273- await startServerWithOperatorIdentity ( ) ;
1274-
1275- const initialNonce = await readConnectChallengeNonce ( ws ) ;
1276- const initial = await connectReq ( ws , {
1277- token : "secret" ,
1262+ const { identityPath, identity } = await seedApprovedOperatorReadPairing ( {
1263+ identityPrefix : "openclaw-device-admin-superset-" ,
1264+ clientId : TEST_OPERATOR_CLIENT . id ,
1265+ clientMode : TEST_OPERATOR_CLIENT . mode ,
1266+ displayName : "operator-admin-superset" ,
1267+ platform : TEST_OPERATOR_CLIENT . platform ,
12781268 scopes : [ "operator.admin" ] ,
1279- client,
1280- device : await buildSignedDeviceForIdentity ( {
1281- identityPath,
1282- client,
1283- scopes : [ "operator.admin" ] ,
1284- nonce : initialNonce ,
1285- } ) ,
12861269 } ) ;
1287- if ( ! initial . ok ) {
1288- await approvePendingPairingIfNeeded ( ) ;
1289- }
12901270
1291- ws . close ( ) ;
1271+ const { server , port , prevToken } = await startControlUiServer ( "secret" ) ;
12921272
12931273 const ws2 = await openWs ( port ) ;
12941274 const nonce2 = await readConnectChallengeNonce ( ws2 ) ;
12951275 const res = await connectReq ( ws2 , {
12961276 token : "secret" ,
12971277 scopes : [ "operator.read" ] ,
1298- client,
1278+ client : TEST_OPERATOR_CLIENT ,
12991279 device : await buildSignedDeviceForIdentity ( {
13001280 identityPath,
1301- client,
1281+ client : TEST_OPERATOR_CLIENT ,
13021282 scopes : [ "operator.read" ] ,
13031283 nonce : nonce2 ,
13041284 } ) ,
@@ -1562,38 +1542,6 @@ export function registerControlUiAndPairingSuite(): void {
15621542 }
15631543 } ) ;
15641544
1565- test ( "allows gateway backend clients on loopback even with a remote-looking host header" , async ( ) => {
1566- const { server, port, prevToken } = await startControlUiServer ( "secret" ) ;
1567- const wsRemoteLike = await openWs ( port , { host : "gateway.example" } ) ;
1568- try {
1569- const remoteLikeBackend = await connectReq ( wsRemoteLike , {
1570- token : "secret" ,
1571- client : BACKEND_GATEWAY_CLIENT ,
1572- } ) ;
1573- expect ( remoteLikeBackend . ok ) . toBe ( true ) ;
1574- } finally {
1575- wsRemoteLike . close ( ) ;
1576- await server . close ( ) ;
1577- restoreGatewayToken ( prevToken ) ;
1578- }
1579- } ) ;
1580-
1581- test ( "allows gateway backend clients on loopback with a private host header" , async ( ) => {
1582- const { server, port, prevToken } = await startControlUiServer ( "secret" ) ;
1583- const wsPrivateHost = await openWs ( port , { host : "172.17.0.2:18789" } ) ;
1584- try {
1585- const remoteLikeBackend = await connectReq ( wsPrivateHost , {
1586- token : "secret" ,
1587- client : BACKEND_GATEWAY_CLIENT ,
1588- } ) ;
1589- expect ( remoteLikeBackend . ok ) . toBe ( true ) ;
1590- } finally {
1591- wsPrivateHost . close ( ) ;
1592- await server . close ( ) ;
1593- restoreGatewayToken ( prevToken ) ;
1594- }
1595- } ) ;
1596-
15971545 test ( "allows CLI clients on loopback even when the host header is not private-or-loopback" , async ( ) => {
15981546 const { server, port, prevToken } = await startControlUiServer ( "secret" ) ;
15991547 const wsRemoteLike = await openWs ( port , { host : "gateway.example" } ) ;
0 commit comments