feat: Add Gateway Token authentication for remote access#54
Open
ku1x wants to merge 5 commits intoTianyiDataScience:mainfrom
Open
feat: Add Gateway Token authentication for remote access#54ku1x wants to merge 5 commits intoTianyiDataScience:mainfrom
ku1x wants to merge 5 commits intoTianyiDataScience:mainfrom
Conversation
added 5 commits
March 24, 2026 14:29
- Add pairing-store.ts: manage paired devices and access tokens - Add pairing-middleware.ts: authentication middleware - Add pairing-ui.ts: login and pairing pages - Add server-patch.ts: integration with Control Center server - Update config.ts: add PAIRING_AUTH_ENABLED flag - Add start.sh: convenient startup script - Update .env: enable pairing auth and remote binding This allows secure remote access to Control Center with: 1. Device pairing via 6-digit code 2. Access token authentication 3. Device management (list/revoke)
- Add PAIRING_AUTH_ENABLED config flag - Add authMiddleware to server request handler - Redirect unauthenticated users to /login page
- Add gateway-auth.ts: WebSocket client for Gateway token verification - Add gateway-middleware.ts: auth middleware using Gateway's node.pair.verify - Replace pairing auth with Gateway token auth - Users can now login with their Gateway token (gateway.auth.token) This approach: - Reuses Gateway's existing security mechanism - No separate pairing system needed - Does not affect OpenClaw/Gateway operation
- Add simple-auth.ts: direct token comparison - Remove complex WebSocket auth (gateway-auth.ts, gateway-middleware.ts) - Read Gateway token from openclaw.json automatically - Login with gateway.auth.token (KuiClaw1997)
- Add hook in ~/.openclaw/hooks/control-center-start/ - Automatically starts Control Center when Gateway starts - Enabled via: openclaw hooks enable control-center-start
Owner
|
谢谢你做这条 PR。远程 Gateway Token 认证这个方向我认同,而且这是很值得补的一块。 这次我先没有直接 merge,主要是因为它现在和最新 如果你愿意继续推,我会建议先基于最新 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds Gateway Token authentication for remote access to Control Center, enabling secure deployment on headless servers.
Changes
New Features
gateway.auth.token)New Files
src/auth/simple-auth.tssrc/auth/pairing-store.tssrc/auth/pairing-middleware.tssrc/auth/pairing-ui.tssrc/auth/gateway-auth.tssrc/auth/gateway-middleware.tsauto-start.shstart.shConfiguration
Add to
.env:Use Case
This is particularly useful for:
Security
.envis excluded via.gitignoreTesting
UI_MODE=true npx tsx src/index.tshttp://localhost:4310This PR is based on the original MIT-licensed project and maintains the same license.