mirror of
https://github.com/openclaw/openclaw.git
synced 2026-04-03 03:03:24 -04:00
fix(daemon): warn on token drift during restart (#18018)
When the gateway token in config differs from the token embedded in the service plist/unit file, restart will not apply the new token. This can cause silent auth failures after OAuth token switches. Changes: - Add checkTokenDrift() to service-audit.ts - Call it in runServiceRestart() before restarting - Warn user with suggestion to run 'openclaw gateway install --force' Closes #18018
This commit is contained in:
committed by
Peter Steinberger
parent
8af4712c40
commit
d6e85aa6ba
@@ -1,5 +1,7 @@
|
||||
import type { GatewayService } from "../../daemon/service.js";
|
||||
import { loadConfig } from "../../config/config.js";
|
||||
import { resolveIsNixMode } from "../../config/paths.js";
|
||||
import { checkTokenDrift } from "../../daemon/service-audit.js";
|
||||
import { renderSystemdUnavailableHints } from "../../daemon/systemd-hints.js";
|
||||
import { isSystemdUserServiceAvailable } from "../../daemon/systemd.js";
|
||||
import { isWSL } from "../../infra/wsl.js";
|
||||
@@ -255,6 +257,27 @@ export async function runServiceRestart(params: {
|
||||
});
|
||||
return false;
|
||||
}
|
||||
|
||||
// Check for token drift before restart (service token vs config token)
|
||||
try {
|
||||
const command = await params.service.readCommand(process.env);
|
||||
const serviceToken = command?.environment?.OPENCLAW_GATEWAY_TOKEN;
|
||||
const cfg = loadConfig();
|
||||
const configToken =
|
||||
cfg.gateway?.auth?.token ||
|
||||
process.env.OPENCLAW_GATEWAY_TOKEN ||
|
||||
process.env.CLAWDBOT_GATEWAY_TOKEN;
|
||||
const driftIssue = checkTokenDrift({ serviceToken, configToken });
|
||||
if (driftIssue && !json) {
|
||||
defaultRuntime.log(`\n⚠️ ${driftIssue.message}`);
|
||||
if (driftIssue.detail) {
|
||||
defaultRuntime.log(` ${driftIssue.detail}\n`);
|
||||
}
|
||||
}
|
||||
} catch {
|
||||
// Non-fatal: token drift check is best-effort
|
||||
}
|
||||
|
||||
try {
|
||||
await params.service.restart({ env: process.env, stdout });
|
||||
let restarted = true;
|
||||
|
||||
Reference in New Issue
Block a user