test: optimize gateway infra memory and security coverage

2026-02-21 21:43:20 +00:00
parent 58254b3b57
commit cc2ff68947
24 changed files with 1163 additions and 1284 deletions
--- a/src/gateway/server.talk-config.e2e.test.ts
+++ b/src/gateway/server.talk-config.e2e.test.ts
@@ -4,6 +4,36 @@ import { withServer } from "./test-with-server.js";

 installGatewayTestHooks({ scope: "suite" });

+async function createFreshOperatorDevice(scopes: string[]) {
+  const { randomUUID } = await import("node:crypto");
+  const { tmpdir } = await import("node:os");
+  const { join } = await import("node:path");
+  const { buildDeviceAuthPayload } = await import("./device-auth.js");
+  const { loadOrCreateDeviceIdentity, publicKeyRawBase64UrlFromPem, signDevicePayload } =
+    await import("../infra/device-identity.js");
+
+  const identity = loadOrCreateDeviceIdentity(
+    join(tmpdir(), `openclaw-talk-config-${randomUUID()}.json`),
+  );
+  const signedAtMs = Date.now();
+  const payload = buildDeviceAuthPayload({
+    deviceId: identity.deviceId,
+    clientId: "test",
+    clientMode: "test",
+    role: "operator",
+    scopes,
+    signedAtMs,
+    token: "secret",
+  });
+
+  return {
+    id: identity.deviceId,
+    publicKey: publicKeyRawBase64UrlFromPem(identity.publicKeyPem),
+    signature: signDevicePayload(identity.privateKeyPem, payload),
+    signedAt: signedAtMs,
+  };
+}
+
 describe("gateway talk.config", () => {
  it("returns redacted talk config for read scope", async () => {
    const { writeConfigFile } = await import("../config/config.js");
@@ -21,7 +51,11 @@ describe("gateway talk.config", () => {
    });

    await withServer(async (ws) => {
-      await connectOk(ws, { token: "secret", scopes: ["operator.read"] });
+      await connectOk(ws, {
+        token: "secret",
+        scopes: ["operator.read"],
+        device: await createFreshOperatorDevice(["operator.read"]),
+      });
      const res = await rpcReq<{ config?: { talk?: { apiKey?: string; voiceId?: string } } }>(
        ws,
        "talk.config",
@@ -42,7 +76,11 @@ describe("gateway talk.config", () => {
    });

    await withServer(async (ws) => {
-      await connectOk(ws, { token: "secret", scopes: ["operator.read"] });
+      await connectOk(ws, {
+        token: "secret",
+        scopes: ["operator.read"],
+        device: await createFreshOperatorDevice(["operator.read"]),
+      });
      const res = await rpcReq(ws, "talk.config", { includeSecrets: true });
      expect(res.ok).toBe(false);
      expect(res.error?.message).toContain("missing scope: operator.talk.secrets");
@@ -61,6 +99,11 @@ describe("gateway talk.config", () => {
      await connectOk(ws, {
        token: "secret",
        scopes: ["operator.read", "operator.write", "operator.talk.secrets"],
+        device: await createFreshOperatorDevice([
+          "operator.read",
+          "operator.write",
+          "operator.talk.secrets",
+        ]),
      });
      const res = await rpcReq<{ config?: { talk?: { apiKey?: string } } }>(ws, "talk.config", {
        includeSecrets: true,