Skip to content

Commit f10bad9

Browse files
steipetesteipete
committed
fix(oauth): cap tls preflight timeout
1 parent fb8b9e9 commit f10bad9

2 files changed

Lines changed: 20 additions & 1 deletion

File tree

src/commands/oauth-tls-preflight.test.ts

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
import { beforeEach, describe, expect, it, vi } from "vitest";
2+
import { MAX_TIMER_TIMEOUT_MS } from "../shared/number-coercion.js";
23
import {
34
formatOpenAIOAuthTlsPreflightFix,
45
runOpenAIOAuthTlsPreflight,
@@ -18,6 +19,23 @@ describe("runOpenAIOAuthTlsPreflight", () => {
1819
expect(result).toEqual({ ok: true });
1920
});
2021

22+
it("caps oversized probe timeouts before creating abort signals", async () => {
23+
const timeoutController = new AbortController();
24+
const timeoutSpy = vi.spyOn(AbortSignal, "timeout").mockReturnValue(timeoutController.signal);
25+
const fetchImpl = vi.fn(async (_input: RequestInfo | URL, init?: RequestInit) => {
26+
expect(init?.signal).toBe(timeoutController.signal);
27+
return new Response("", { status: 400 });
28+
}) as unknown as typeof fetch;
29+
30+
const result = await runOpenAIOAuthTlsPreflight({
31+
fetchImpl,
32+
timeoutMs: Number.MAX_SAFE_INTEGER,
33+
});
34+
35+
expect(result).toEqual({ ok: true });
36+
expect(timeoutSpy).toHaveBeenCalledWith(MAX_TIMER_TIMEOUT_MS);
37+
});
38+
2139
it("classifies TLS trust failures from fetch cause code", async () => {
2240
const tlsFetchImpl = vi.fn(async () => {
2341
const cause = new Error("unable to get local issuer certificate") as Error & {

src/plugins/provider-openai-codex-oauth-tls.ts

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
import path from "node:path";
22
import { formatCliCommand } from "../cli/command-format.js";
33
import type { OpenClawConfig } from "../config/types.openclaw.js";
4+
import { resolveTimerTimeoutMs } from "../shared/number-coercion.js";
45
import { asNullableObjectRecord } from "../shared/record-coerce.js";
56
import { note } from "../terminal/note.js";
67

@@ -100,7 +101,7 @@ export async function runOpenAIOAuthTlsPreflight(options?: {
100101
timeoutMs?: number;
101102
fetchImpl?: typeof fetch;
102103
}): Promise<OpenAIOAuthTlsPreflightResult> {
103-
const timeoutMs = options?.timeoutMs ?? 5000;
104+
const timeoutMs = resolveTimerTimeoutMs(options?.timeoutMs, 5000);
104105
const fetchImpl = options?.fetchImpl ?? fetch;
105106
try {
106107
await fetchImpl(OPENAI_AUTH_PROBE_URL, {

0 commit comments

Comments
 (0)