admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
4b316c33db6ca9868bc30fb632174a37ef500dc2
Moltbot/src/gateway/tools-invoke-http.cron-regression.test.ts
Brian Mendonca d51a4695f0 Deny cron tool on /tools/invoke by default 
(cherry picked from commit 816a6b3a4df5bf8436f08e3fc8fa82411e3543ac)
2026-02-24 04:33:50 +00:00

124 lines
3.0 KiB
TypeScript
Raw Blame History

import { createServer } from "node:http";
import type { AddressInfo } from "node:net";
import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
const TEST_GATEWAY_TOKEN = "test-gateway-token-1234567890";
let cfg: Record<string, unknown> = {};
vi.mock("../config/config.js", () => ({
loadConfig: () => cfg,
}));
vi.mock("../config/sessions.js", () => ({
resolveMainSessionKey: () => "agent:main:main",
}));
vi.mock("./auth.js", () => ({
authorizeHttpGatewayConnect: async () => ({ ok: true }),
}));
vi.mock("../logger.js", () => ({
logWarn: () => {},
}));
vi.mock("../plugins/config-state.js", () => ({
isTestDefaultMemorySlotDisabled: () => false,
}));
vi.mock("../plugins/tools.js", () => ({
getPluginToolMeta: () => undefined,
}));
vi.mock("../agents/openclaw-tools.js", () => {
const tools = [
{
name: "cron",
parameters: { type: "object", properties: { action: { type: "string" } } },
execute: async () => ({ ok: true, via: "cron" }),
},
{
name: "gateway",
parameters: { type: "object", properties: { action: { type: "string" } } },
execute: async () => ({ ok: true, via: "gateway" }),
},
];
return {
createOpenClawTools: () => tools,
};
});
const { handleToolsInvokeHttpRequest } = await import("./tools-invoke-http.js");
let port = 0;
let server: ReturnType<typeof createServer> | undefined;
beforeAll(async () => {
server = createServer((req, res) => {
void handleToolsInvokeHttpRequest(req, res, {
auth: { mode: "token", token: TEST_GATEWAY_TOKEN, allowTailscale: false },
}).then((handled) => {
if (handled) {
return;
}
res.statusCode = 404;
res.end("not found");
});
});
await new Promise<void>((resolve, reject) => {
server?.once("error", reject);
server?.listen(0, "127.0.0.1", () => {
const address = server?.address() as AddressInfo | null;
port = address?.port ?? 0;
resolve();
});
});
});
afterAll(async () => {
if (!server) {
return;
}
await new Promise<void>((resolve) => server?.close(() => resolve()));
server = undefined;
});
beforeEach(() => {
cfg = {};
});
async function invoke(tool: string) {
return await fetch(`http://127.0.0.1:${port}/tools/invoke`, {
method: "POST",
headers: {
"content-type": "application/json",
authorization: `Bearer ${TEST_GATEWAY_TOKEN}`,
},
body: JSON.stringify({ tool, action: "status", args: {}, sessionKey: "main" }),
});
}
describe("tools invoke HTTP denylist", () => {
it("blocks cron and gateway by default", async () => {
const gatewayRes = await invoke("gateway");
const cronRes = await invoke("cron");
expect(gatewayRes.status).toBe(404);
expect(cronRes.status).toBe(404);
});
it("allows cron only when explicitly enabled in gateway.tools.allow", async () => {
cfg = {
gateway: {
tools: {
allow: ["cron"],
},
},
};
const cronRes = await invoke("cron");
expect(cronRes.status).toBe(200);
});
});
Reference in New Issue View Git Blame Copy Permalink