yunxiafei/openclaw-mission-control
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add support for allowing self-signed TLS certificates in gateway configuration

Browse Source
This commit is contained in:
Abhimanyu Saharan
2026-02-22 20:20:19 +05:30
parent d37f230eb3
commit 56f4964332
11 changed files with 89 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/app/api/gateway.py
View File

@@ -38,12 +38,14 @@ def _query_to_resolve_input(
gateway_url: str | None = Query(default=None),
gateway_token: str | None = Query(default=None),
gateway_disable_device_pairing: bool = Query(default=False),
gateway_allow_insecure_tls: bool = Query(default=False),
) -> GatewayResolveQuery:
return GatewaySessionService.to_resolve_query(
board_id=board_id,
gateway_url=gateway_url,
gateway_token=gateway_token,
gateway_disable_device_pairing=gateway_disable_device_pairing,
gateway_allow_insecure_tls=gateway_allow_insecure_tls,
)

1
backend/app/schemas/gateway_api.py
View File

@@ -22,6 +22,7 @@ class GatewayResolveQuery(SQLModel):
gateway_url: str | None = None
gateway_token: str | None = None
gateway_disable_device_pairing: bool = False
gateway_allow_insecure_tls: bool = False
class GatewaysStatusResponse(SQLModel):

3
backend/app/services/openclaw/session_service.py
View File

@@ -66,12 +66,14 @@ class GatewaySessionService(OpenClawDBService):
gateway_url: str | None,
gateway_token: str | None,
gateway_disable_device_pairing: bool = False,
gateway_allow_insecure_tls: bool = False,
) -> GatewayResolveQuery:
return GatewayResolveQuery(
board_id=board_id,
gateway_url=gateway_url,
gateway_token=gateway_token,
gateway_disable_device_pairing=gateway_disable_device_pairing,
gateway_allow_insecure_tls=gateway_allow_insecure_tls,
)
@staticmethod
@@ -112,6 +114,7 @@ class GatewaySessionService(OpenClawDBService):
GatewayClientConfig(
url=raw_url,
token=(params.gateway_token or "").strip() or None,
allow_insecure_tls=params.gateway_allow_insecure_tls,
disable_device_pairing=params.gateway_disable_device_pairing,
),
None,

38
backend/tests/test_gateway_resolver.py
View File

@@ -3,7 +3,10 @@ from __future__ import annotations
from uuid import uuid4
import pytest
from app.models.gateways import Gateway
from app.schemas.gateway_api import GatewayResolveQuery
from app.services.openclaw.gateway_resolver import (
gateway_client_config,
optional_gateway_client_config,
@@ -14,6 +17,7 @@ from app.services.openclaw.session_service import GatewaySessionService
def _gateway(
*,
disable_device_pairing: bool,
allow_insecure_tls: bool = False,
url: str = "ws://gateway.example:18789/ws",
token: str | None = " secret-token ",
) -> Gateway:
@@ -25,6 +29,7 @@ def _gateway(
token=token,
workspace_root="~/.openclaw",
disable_device_pairing=disable_device_pairing,
allow_insecure_tls=allow_insecure_tls,
)
@@ -43,6 +48,14 @@ def test_optional_gateway_client_config_maps_disable_device_pairing() -> None:
assert config.disable_device_pairing is False
def test_gateway_client_config_maps_allow_insecure_tls() -> None:
config = gateway_client_config(
_gateway(disable_device_pairing=False, allow_insecure_tls=True),
)
assert config.allow_insecure_tls is True
def test_optional_gateway_client_config_returns_none_for_missing_or_blank_url() -> None:
assert optional_gateway_client_config(None) is None
assert (
@@ -62,3 +75,28 @@ def test_to_resolve_query_keeps_gateway_disable_device_pairing_value() -> None:
)
assert resolved.gateway_disable_device_pairing is True
def test_to_resolve_query_keeps_gateway_allow_insecure_tls_value() -> None:
resolved = GatewaySessionService.to_resolve_query(
board_id=None,
gateway_url="wss://gateway.example:18789/ws",
gateway_token="secret-token",
gateway_allow_insecure_tls=True,
)
assert resolved.gateway_allow_insecure_tls is True
@pytest.mark.asyncio
async def test_resolve_gateway_keeps_gateway_allow_insecure_tls_for_direct_url() -> None:
service = GatewaySessionService(session=object()) # type: ignore[arg-type]
_, config, _ = await service.resolve_gateway(
GatewayResolveQuery(
gateway_url="wss://gateway.example:18789/ws",
gateway_allow_insecure_tls=True,
),
user=None,
)
assert config.allow_insecure_tls is True

2
frontend/src/api/generated/model/gatewayRead.ts
View File

@@ -12,7 +12,7 @@ export interface GatewayRead {
name: string;
url: string;
workspace_root: string;
allow_insecure_tls: boolean;
allow_insecure_tls?: boolean;
disable_device_pairing?: boolean;
id: string;
organization_id: string;

1
frontend/src/api/generated/model/gatewaysStatusApiV1GatewaysStatusGetParams.ts
View File

@@ -10,4 +10,5 @@ export type GatewaysStatusApiV1GatewaysStatusGetParams = {
gateway_url?: string | null;
gateway_token?: string | null;
gateway_disable_device_pairing?: boolean;
gateway_allow_insecure_tls?: boolean;
};

7
frontend/src/app/gateways/[gatewayId]/edit/page.tsx
View File

@@ -132,6 +132,7 @@ export default function EditGatewayPage() {
gatewayUrl: resolvedGatewayUrl,
gatewayToken: resolvedGatewayToken,
gatewayDisableDevicePairing: resolvedDisableDevicePairing,
gatewayAllowInsecureTls: resolvedAllowInsecureTls,
});
setGatewayCheckStatus(ok ? "success" : "error");
setGatewayCheckMessage(message);
@@ -205,7 +206,11 @@ export default function EditGatewayPage() {
setGatewayCheckMessage(null);
}}
onWorkspaceRootChange={setWorkspaceRoot}
onAllowInsecureTlsChange={setAllowInsecureTls}
onAllowInsecureTlsChange={(next) => {
setAllowInsecureTls(next);
setGatewayCheckStatus("idle");
setGatewayCheckMessage(null);
}}
/>
</DashboardPageLayout>
);

7
frontend/src/app/gateways/new/page.tsx
View File

@@ -88,6 +88,7 @@ export default function NewGatewayPage() {
gatewayUrl,
gatewayToken,
gatewayDisableDevicePairing: disableDevicePairing,
gatewayAllowInsecureTls: allowInsecureTls,
});
setGatewayCheckStatus(ok ? "success" : "error");
setGatewayCheckMessage(message);
@@ -156,7 +157,11 @@ export default function NewGatewayPage() {
setGatewayCheckMessage(null);
}}
onWorkspaceRootChange={setWorkspaceRoot}
onAllowInsecureTlsChange={setAllowInsecureTls}
onAllowInsecureTlsChange={(next) => {
setAllowInsecureTls(next);
setGatewayCheckStatus("idle");
setGatewayCheckMessage(null);
}}
/>
</DashboardPageLayout>
);

39
frontend/src/components/gateways/GatewayForm.tsx
View File

@@ -150,21 +150,30 @@ export function GatewayForm({
</div>
</div>
<div className="flex items-center gap-2">
<input
type="checkbox"
id="allow-insecure-tls"
className="h-4 w-4 rounded border-slate-300 text-blue-600"
checked={allowInsecureTls}
onChange={(event) => onAllowInsecureTlsChange(event.target.checked)}
disabled={isLoading}
/>
<label
htmlFor="allow-insecure-tls"
className="text-sm text-slate-700 cursor-pointer"
>
Allow self-signed TLS certificates (for localhost or trusted local
networks)
<div className="space-y-2">
<label className="text-sm font-medium text-slate-900">
Allow self-signed TLS certificates
</label>
<label className="flex h-10 items-center gap-3 px-1 text-sm text-slate-900">
<button
type="button"
role="switch"
aria-checked={allowInsecureTls}
aria-label="Allow self-signed TLS certificates"
onClick={() => onAllowInsecureTlsChange(!allowInsecureTls)}
disabled={isLoading}
className={`inline-flex h-6 w-11 shrink-0 items-center rounded-full border transition ${
allowInsecureTls
? "border-emerald-600 bg-emerald-600"
: "border-slate-300 bg-slate-200"
} ${isLoading ? "cursor-not-allowed opacity-60" : "cursor-pointer"}`}
>
<span
className={`inline-block h-5 w-5 rounded-full bg-white shadow-sm transition ${
allowInsecureTls ? "translate-x-5" : "translate-x-0.5"
}`}
/>
</button>
</label>
</div>

5
frontend/src/lib/gateway-form.test.ts
View File

@@ -29,7 +29,7 @@ describe("checkGatewayConnection", () => {
mockedGatewaysStatusApiV1GatewaysStatusGet.mockReset();
});
it("passes pairing toggle to gateway status API", async () => {
it("passes pairing and TLS toggles to gateway status API", async () => {
mockedGatewaysStatusApiV1GatewaysStatusGet.mockResolvedValue({
status: 200,
data: { connected: true },
@@ -39,12 +39,14 @@ describe("checkGatewayConnection", () => {
gatewayUrl: "ws://gateway.example:18789",
gatewayToken: "secret-token",
gatewayDisableDevicePairing: true,
gatewayAllowInsecureTls: true,
});
expect(mockedGatewaysStatusApiV1GatewaysStatusGet).toHaveBeenCalledWith({
gateway_url: "ws://gateway.example:18789",
gateway_token: "secret-token",
gateway_disable_device_pairing: true,
gateway_allow_insecure_tls: true,
});
expect(result).toEqual({ ok: true, message: "Gateway reachable." });
});
@@ -62,6 +64,7 @@ describe("checkGatewayConnection", () => {
gatewayUrl: "ws://gateway.example:18789",
gatewayToken: "",
gatewayDisableDevicePairing: false,
gatewayAllowInsecureTls: false,
});
expect(result).toEqual({ ok: false, message: "missing required scope" });

3
frontend/src/lib/gateway-form.ts
View File

@@ -25,15 +25,18 @@ export async function checkGatewayConnection(params: {
gatewayUrl: string;
gatewayToken: string;
gatewayDisableDevicePairing: boolean;
gatewayAllowInsecureTls: boolean;
}): Promise<{ ok: boolean; message: string }> {
try {
const requestParams: {
gateway_url: string;
gateway_token?: string;
gateway_disable_device_pairing: boolean;
gateway_allow_insecure_tls: boolean;
} = {
gateway_url: params.gatewayUrl.trim(),
gateway_disable_device_pairing: params.gatewayDisableDevicePairing,
gateway_allow_insecure_tls: params.gatewayAllowInsecureTls,
};
if (params.gatewayToken.trim()) {
requestParams.gateway_token = params.gatewayToken.trim();