let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
961b4adc1cae08a8ff1c1ad7aa649ea21755bc33
clawdbot/src/gateway
History
Yuri Chukhlib 961b4adc1c feat(gateway): deprecate query param hook token auth for security (#2200) 
* feat(gateway): deprecate query param hook token auth for security

Query parameter tokens appear in:
- Server access logs
- Browser history
- Referrer headers
- Network monitoring tools

This change adds a deprecation warning when tokens are provided via
query parameter, encouraging migration to header-based authentication
(Authorization: Bearer <token> or X-Clawdbot-Token header).

Changes:
- Modified extractHookToken to return { token, fromQuery } object
- Added deprecation warning in server-http.ts when fromQuery is true
- Updated tests to verify the new return type and fromQuery flag

Fixes #2148

Co-Authored-By: Claude <noreply@anthropic.com>

* fix: deprecate hook query token auth (#2200) (thanks @YuriNachos)

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-01-26 14:51:25 +00:00
..
protocol
fix(webchat): support image-only sends
2026-01-26 05:33:36 +00:00
server
fix(security): prevent prompt injection via external hooks (gmail, we… (#1827)
2026-01-26 13:34:04 +00:00
server-methods
fix(webchat): support image-only sends
2026-01-26 05:33:36 +00:00
assistant-identity.test.ts
fix: surface concrete ai error details
2026-01-22 22:24:25 +00:00
assistant-identity.ts
feat(compaction): add adaptive chunk sizing, progressive fallback, and UI indicator (#1466)
2026-01-23 06:32:30 +00:00
auth.test.ts
fix: harden tailscale serve auth
2026-01-26 12:49:19 +00:00
auth.ts
fix: require gateway auth by default
2026-01-26 12:56:33 +00:00
boot.test.ts
fix: stabilize tests and logging
2026-01-18 18:43:31 +00:00
boot.ts
refactor(logging): split config + subsystem imports
2026-01-19 00:15:44 +00:00
call.test.ts
fix: add explicit tailnet gateway bind
2026-01-21 20:36:09 +00:00
call.ts
fix: add explicit tailnet gateway bind
2026-01-21 20:36:09 +00:00
chat-abort.ts
refactor: remove bridge protocol
2026-01-19 10:08:29 +00:00
chat-attachments.test.ts
chore: migrate to oxlint and oxfmt
2026-01-14 15:02:19 +00:00
chat-attachments.ts
chore: migrate to oxlint and oxfmt
2026-01-14 15:02:19 +00:00
chat-sanitize.test.ts
fix: hide message_id hints in web chat
2026-01-24 13:52:31 +00:00
chat-sanitize.ts
feat: add beta googlechat channel
2026-01-24 23:30:45 +00:00
client.maxpayload.test.ts
Gateway: enable canvas host + inject action bridge
2025-12-18 23:32:22 +01:00
client.test.ts
fix: validate ws tls fingerprint
2026-01-20 13:04:20 +00:00
client.ts
feat: show node PATH and bootstrap node host env
2026-01-21 11:06:56 +00:00
config-reload.test.ts
refactor: migrate messaging plugins to sdk
2026-01-18 08:54:00 +00:00
config-reload.ts
refactor: remove bridge protocol
2026-01-19 10:08:29 +00:00
control-ui-shared.ts
refactor: centralize control ui avatar helpers
2026-01-22 23:41:36 +00:00
control-ui.test.ts
refactor: centralize control ui avatar helpers
2026-01-22 23:41:36 +00:00
control-ui.ts
refactor: centralize control ui avatar helpers
2026-01-22 23:41:36 +00:00
device-auth.ts
feat: enforce device-bound connect challenge
2026-01-20 13:04:19 +00:00
exec-approval-manager.ts
fix: unify exec approval ids
2026-01-22 00:59:29 +00:00
gateway-cli-backend.live.test.ts
fix: stabilize ci checks
2026-01-19 00:34:26 +00:00
gateway-models.profiles.live.test.ts
feat: preflight update runner before rebase
2026-01-22 04:19:33 +00:00
gateway.e2e.test.ts
test: speed up test suite
2026-01-23 02:55:38 +00:00
hooks-mapping.test.ts
feat: allow hook model overrides
2026-01-08 09:33:42 +00:00
hooks-mapping.ts
fix(security): prevent prompt injection via external hooks (gmail, we… (#1827)
2026-01-26 13:34:04 +00:00
hooks.test.ts
feat(gateway): deprecate query param hook token auth for security (#2200)
2026-01-26 14:51:25 +00:00
hooks.ts
feat(gateway): deprecate query param hook token auth for security (#2200)
2026-01-26 14:51:25 +00:00
http-common.ts
refactor: share responses input handling
2026-01-20 08:21:57 +00:00
http-utils.ts
fix: expand /v1/responses inputs (#1229) (thanks @RyanLisse)
2026-01-20 07:37:30 +00:00
live-image-probe.ts
chore: migrate to oxlint and oxfmt
2026-01-14 15:02:19 +00:00
net.test.ts
fix: listen on ipv6 loopback for gateway
2026-01-25 05:49:48 +00:00
net.ts
fix: harden tailscale serve auth
2026-01-26 12:49:19 +00:00
node-command-policy.ts
feat: add node browser proxy routing
2026-01-24 04:21:47 +00:00
node-registry.ts
feat: show node PATH and bootstrap node host env
2026-01-21 11:06:56 +00:00
open-responses.schema.ts
feat(gateway): implement OpenResponses /v1/responses endpoint phase 2
2026-01-20 07:37:01 +00:00
openai-http.e2e.test.ts
test(gateway): consolidate server suites for speed
2026-01-23 06:22:09 +00:00
openai-http.ts
fix: honor trusted proxy client IPs (PR #1654)
2026-01-25 01:52:19 +00:00
openresponses-http.e2e.test.ts
test(gateway): consolidate server suites for speed
2026-01-23 06:22:09 +00:00
openresponses-http.ts
fix: honor trusted proxy client IPs (PR #1654)
2026-01-25 01:52:19 +00:00
openresponses-parity.e2e.test.ts
test(gateway): add OpenResponses parity E2E tests
2026-01-20 07:37:01 +00:00
probe.ts
chore: migrate to oxlint and oxfmt
2026-01-14 15:02:19 +00:00
server-broadcast.test.ts
fix: tighten tls fingerprints and approval events
2026-01-20 13:04:20 +00:00
server-broadcast.ts
fix: tighten tls fingerprints and approval events
2026-01-20 13:04:20 +00:00
server-browser.ts
CLI: streamline startup paths and env parsing
2026-01-18 23:10:39 +00:00
server-channels.ts
refactor(logging): split config + subsystem imports
2026-01-19 00:15:44 +00:00
server-chat-registry.test.ts
test(gateway): cover helper registries
2026-01-03 19:37:09 +01:00
server-chat.agent-events.test.ts
test: cover CLI chat delta event (#1921) (thanks @rmorse)
2026-01-25 21:09:04 +00:00
server-chat.ts
fix: resolve format/build failures
2026-01-19 11:32:15 +00:00
server-close.ts
fix: listen on ipv6 loopback for gateway
2026-01-25 05:49:48 +00:00
server-constants.ts
test: speed up history and cron suites
2026-01-23 07:34:57 +00:00
server-cron.ts
chore: migrate to oxlint and oxfmt
2026-01-14 15:02:19 +00:00
server-discovery-runtime.ts
security: add mDNS discovery config to reduce information disclosure (#1882)
2026-01-26 13:32:11 +00:00
server-discovery.test.ts
fix: skip tailscale dns probe when off
2026-01-25 02:51:20 +00:00
server-discovery.ts
fix: skip tailscale dns probe when off
2026-01-25 02:51:20 +00:00
server-http.ts
feat(gateway): deprecate query param hook token auth for security (#2200)
2026-01-26 14:51:25 +00:00
server-lanes.ts
refactor: use command lane enum
2026-01-20 10:51:25 +00:00
server-maintenance.ts
refactor: remove bridge protocol
2026-01-19 10:08:29 +00:00
server-methods-list.ts
feat: move TTS into core (#1559) (thanks @Glucksberg)
2026-01-24 08:00:44 +00:00
server-methods.ts
feat: move TTS into core (#1559) (thanks @Glucksberg)
2026-01-24 08:00:44 +00:00
server-mobile-nodes.ts
refactor: remove bridge protocol
2026-01-19 10:08:29 +00:00
server-model-catalog.ts
refactor(gateway): split server runtime
2026-01-14 09:11:21 +00:00
server-node-events-types.ts
refactor: remove bridge protocol
2026-01-19 10:08:29 +00:00
server-node-events.test.ts
refactor: remove bridge protocol
2026-01-19 10:08:29 +00:00
server-node-events.ts
fix: resolve format/build failures
2026-01-19 11:32:15 +00:00
server-node-subscriptions.test.ts
refactor: remove bridge protocol
2026-01-19 10:08:29 +00:00
server-node-subscriptions.ts
refactor: remove bridge protocol
2026-01-19 10:08:29 +00:00
server-plugins.test.ts
feat: Add Line plugin (#1630)
2026-01-25 12:22:36 +00:00
server-plugins.ts
fix: log plugin load errors in gateway
2026-01-19 00:15:24 +00:00
server-reload-handlers.ts
fix: reschedule heartbeat on hot reload
2026-01-21 00:53:54 +00:00
server-restart-sentinel.ts
Telegram: preserve topic IDs in restart notifications (#1807)
2026-01-25 21:20:39 -06:00
server-runtime-config.ts
fix: require gateway auth by default
2026-01-26 12:56:33 +00:00
server-runtime-state.ts
fix: listen on ipv6 loopback for gateway
2026-01-25 05:49:48 +00:00
server-session-key.ts
refactor: canonicalize gateway session store keys
2026-01-17 07:41:24 +00:00
server-shared.ts
refactor(gateway): split server helpers
2026-01-03 19:37:09 +01:00
server-startup-log.ts
fix: listen on ipv6 loopback for gateway
2026-01-25 05:49:48 +00:00
server-startup.ts
CLI: streamline startup paths and env parsing
2026-01-18 23:10:39 +00:00
server-tailscale.ts
chore: migrate to oxlint and oxfmt
2026-01-14 15:02:19 +00:00
server-utils.test.ts
chore: migrate to oxlint and oxfmt
2026-01-14 15:02:19 +00:00
server-utils.ts
fix(gateway): format status/code errors
2026-01-03 19:37:09 +01:00
server-wizard-sessions.ts
refactor(gateway): split server runtime
2026-01-14 09:11:21 +00:00
server-ws-runtime.ts
refactor: remove bridge protocol
2026-01-19 10:08:29 +00:00
server.agent.gateway-server-agent-a.e2e.test.ts
feat: Add Line plugin (#1630)
2026-01-25 12:22:36 +00:00
server.agent.gateway-server-agent-b.e2e.test.ts
feat: Add Line plugin (#1630)
2026-01-25 12:22:36 +00:00
server.auth.e2e.test.ts
fix: require gateway auth by default
2026-01-26 12:56:33 +00:00
server.channels.e2e.test.ts
feat: Add Line plugin (#1630)
2026-01-25 12:22:36 +00:00
server.chat.gateway-server-chat-b.e2e.test.ts
fix: unify inbound dispatch pipeline
2026-01-23 22:58:54 +00:00
server.chat.gateway-server-chat.e2e.test.ts
fix(webchat): support image-only sends
2026-01-26 05:33:36 +00:00
server.config-apply.e2e.test.ts
test: move gateway server coverage to e2e
2026-01-23 18:34:33 +00:00
server.config-patch.e2e.test.ts
fix: follow up config.patch restarts/docs/tests (#1653)
2026-01-24 23:33:13 +00:00
server.cron.e2e.test.ts
test: move gateway server coverage to e2e
2026-01-23 18:34:33 +00:00
server.health.e2e.test.ts
test: move gateway server coverage to e2e
2026-01-23 18:34:33 +00:00
server.hooks.e2e.test.ts
test: move gateway server coverage to e2e
2026-01-23 18:34:33 +00:00
server.impl.ts
security: add mDNS discovery config to reduce information disclosure (#1882)
2026-01-26 13:32:11 +00:00
server.ios-client-id.e2e.test.ts
test: move gateway server coverage to e2e
2026-01-23 18:34:33 +00:00
server.models-voicewake-misc.e2e.test.ts
feat: Add Line plugin (#1630)
2026-01-25 12:22:36 +00:00
server.nodes.late-invoke.test.ts
fix: require gateway auth by default
2026-01-26 12:56:33 +00:00
server.reload.e2e.test.ts
test: move gateway server coverage to e2e
2026-01-23 18:34:33 +00:00
server.roles-allowlist-update.e2e.test.ts
test: move gateway server coverage to e2e
2026-01-23 18:34:33 +00:00
server.sessions-send.e2e.test.ts
test: move gateway server coverage to e2e
2026-01-23 18:34:33 +00:00
server.sessions.gateway-server-sessions-a.e2e.test.ts
fix: resolve session ids in session tools
2026-01-24 11:09:11 +00:00
server.ts
chore: migrate to oxlint and oxfmt
2026-01-14 15:02:19 +00:00
session-utils.fs.test.ts
feat: add sessions preview rpc and menu prewarm
2026-01-22 10:21:50 +00:00
session-utils.fs.ts
feat: add sessions preview rpc and menu prewarm
2026-01-22 10:21:50 +00:00
session-utils.test.ts
feat: add search param to sessions.list RPC
2026-01-20 16:36:51 +00:00
session-utils.ts
Gateway: prefer newest session entries in merge (#1823)
2026-01-25 22:40:22 -06:00
session-utils.types.ts
feat: add sessions preview rpc and menu prewarm
2026-01-22 10:21:50 +00:00
sessions-patch.test.ts
fix: normalize model override auth handling
2026-01-21 06:00:21 +00:00
sessions-patch.ts
feat: add elevated ask/full modes
2026-01-22 05:41:11 +00:00
sessions-resolve.ts
fix: resolve session ids in session tools
2026-01-24 11:09:11 +00:00
test-helpers.e2e.ts
test: speed up test suite
2026-01-23 02:22:02 +00:00
test-helpers.mocks.ts
feat: Add Line plugin (#1630)
2026-01-25 12:22:36 +00:00
test-helpers.openai-mock.ts
test: speed up test suite
2026-01-23 02:22:02 +00:00
test-helpers.server.ts
fix: require gateway auth by default
2026-01-26 12:56:33 +00:00
test-helpers.ts
refactor(src): split oversized modules
2026-01-14 01:17:56 +00:00
tools-invoke-http.test.ts
fix: require gateway auth by default
2026-01-26 12:56:33 +00:00
tools-invoke-http.ts
fix: honor trusted proxy client IPs (PR #1654)
2026-01-25 01:52:19 +00:00
ws-log.test.ts
fix: add agent context to ws logs
2026-01-17 20:37:36 +00:00
ws-log.ts
refactor(logging): split config + subsystem imports
2026-01-19 00:15:44 +00:00
ws-logging.ts
Gateway: optimize ws logs in normal mode
2025-12-18 13:27:52 +00:00