fix: stabilize gateway defaults

2026-01-20 11:00:34 +00:00
parent 9f75550702
commit 74757cd5af
5 changed files with 28 additions and 27 deletions
--- a/src/gateway/client.ts
+++ b/src/gateway/client.ts
@@ -72,7 +72,7 @@ export function describeGatewayCloseCode(code: number): string | undefined {

 export class GatewayClient {
  private ws: WebSocket | null = null;
-  private opts: GatewayClientOptions;
+  private opts: GatewayClientOptions & { deviceIdentity: DeviceIdentity };
  private pending = new Map<string, Pending>();
  private backoffMs = 1000;
  private closed = false;
@@ -161,25 +161,23 @@ export class GatewayClient {
        : undefined;
    const signedAtMs = Date.now();
    const scopes = this.opts.scopes ?? ["operator.admin"];
-    const device = (() => {
-      if (!this.opts.deviceIdentity) return undefined;
-      const payload = buildDeviceAuthPayload({
-        deviceId: this.opts.deviceIdentity.deviceId,
-        clientId: this.opts.clientName ?? GATEWAY_CLIENT_NAMES.GATEWAY_CLIENT,
-        clientMode: this.opts.mode ?? GATEWAY_CLIENT_MODES.BACKEND,
-        role,
-        scopes,
-        signedAtMs,
-        token: authToken ?? null,
-      });
-      const signature = signDevicePayload(this.opts.deviceIdentity.privateKeyPem, payload);
-      return {
-        id: this.opts.deviceIdentity.deviceId,
-        publicKey: publicKeyRawBase64UrlFromPem(this.opts.deviceIdentity.publicKeyPem),
-        signature,
-        signedAt: signedAtMs,
-      };
-    })();
+    const deviceIdentity = this.opts.deviceIdentity;
+    const payload = buildDeviceAuthPayload({
+      deviceId: deviceIdentity.deviceId,
+      clientId: this.opts.clientName ?? GATEWAY_CLIENT_NAMES.GATEWAY_CLIENT,
+      clientMode: this.opts.mode ?? GATEWAY_CLIENT_MODES.BACKEND,
+      role,
+      scopes,
+      signedAtMs,
+      token: authToken ?? null,
+    });
+    const signature = signDevicePayload(deviceIdentity.privateKeyPem, payload);
+    const device = {
+      id: deviceIdentity.deviceId,
+      publicKey: publicKeyRawBase64UrlFromPem(deviceIdentity.publicKeyPem),
+      signature,
+      signedAt: signedAtMs,
+    };
    const params: ConnectParams = {
      minProtocol: this.opts.minProtocol ?? PROTOCOL_VERSION,
      maxProtocol: this.opts.maxProtocol ?? PROTOCOL_VERSION,
--- a/src/gateway/server.auth.test.ts
+++ b/src/gateway/server.auth.test.ts
@@ -102,9 +102,8 @@ describe("gateway server auth/connect", () => {

  test("accepts device token auth for paired device", async () => {
    const { loadOrCreateDeviceIdentity } = await import("../infra/device-identity.js");
-    const { approveDevicePairing, getPairedDevice, listDevicePairing } = await import(
-      "../infra/device-pairing.js"
-    );
+    const { approveDevicePairing, getPairedDevice, listDevicePairing } =
+      await import("../infra/device-pairing.js");
    const { server, ws, port, prevToken } = await startServerWithClient("secret");
    const res = await connectReq(ws, { token: "secret" });
    if (!res.ok) {
--- a/src/gateway/server.health.test.ts
+++ b/src/gateway/server.health.test.ts
@@ -10,7 +10,6 @@ import {
  signDevicePayload,
 } from "../infra/device-identity.js";
 import { emitHeartbeatEvent } from "../infra/heartbeat-events.js";
-import { loadOrCreateDeviceIdentity } from "../infra/device-identity.js";
 import { GATEWAY_CLIENT_MODES, GATEWAY_CLIENT_NAMES } from "../utils/message-channel.js";
 import {
  connectOk,