let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: tighten tls fingerprints and approval events

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-20 12:44:04 +00:00
parent ded578b1fa
commit 759068304e
6 changed files with 103 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/gateway/client.ts
View File

@@ -1,5 +1,6 @@
import { randomUUID } from "node:crypto";
import { WebSocket, type ClientOptions, type CertMeta } from "ws";
import { normalizeFingerprint } from "../infra/tls/fingerprint.js";
import { rawDataToString } from "../infra/ws.js";
import { logDebug, logError } from "../logger.js";
import type { DeviceIdentity } from "../infra/device-identity.js";
@@ -99,6 +100,10 @@ export class GatewayClient {
start() {
if (this.closed) return;
const url = this.opts.url ?? "ws://127.0.0.1:18789";
if (this.opts.tlsFingerprint && !url.startsWith("wss://")) {
this.opts.onConnectError?.(new Error("gateway tls fingerprint requires wss:// gateway url"));
return;
}
// Allow node screen snapshots and other large responses.
const wsOptions: ClientOptions = {
maxPayload: 25 * 1024 * 1024,
@@ -399,7 +404,3 @@ export class GatewayClient {
return p;
}
}
function normalizeFingerprint(input: string): string {
return input.replace(/[^a-fA-F0-9]/g, "").toLowerCase();
}