Skip to content

fix: proxy body forwarding and auth for /hooks routes#213

Open
serefyarar wants to merge 1 commit into
vignesh07:mainfrom
indexnetwork:main
Open

fix: proxy body forwarding and auth for /hooks routes#213
serefyarar wants to merge 1 commit into
vignesh07:mainfrom
indexnetwork:main

Conversation

@serefyarar

Copy link
Copy Markdown

Summary

Two issues prevented the OpenClaw hooks endpoint (/hooks/agent, /hooks/wake) from working through the Express proxy wrapper:

  • Body not forwarded: express.json() consumes the request body stream before http-proxy can pipe it to the gateway. Added a proxyReq handler to re-serialize req.body so the gateway receives the full payload.

  • Wrong auth token injected: attachGatewayAuthHeader injected the gateway token into the Authorization header for /hooks requests when no Authorization header was present. The hooks handler reads Authorization first, so it would compare the gateway token against the hooks token and reject with 401. Skipping the injection for /hooks routes lets the hooks-specific X-OpenClaw-Token header work correctly.

Test plan

  • POST /hooks/agent with Authorization: Bearer <hooks-token> returns 200 { ok: true, runId: "..." }
  • POST /hooks/agent with X-OpenClaw-Token: <hooks-token> returns 200 { ok: true, runId: "..." }
  • POST /hooks/wake with body { "text": "..." } returns 200 { ok: true, mode: "now" }
  • Wrong token returns 401 Unauthorized
  • Dashboard/Control UI still works (gateway token injection preserved for non-hooks routes)

Two issues prevented the hooks endpoint from working through the proxy:

1. express.json() consumed the request body stream before http-proxy
   could pipe it to the gateway. Add a proxyReq handler to re-serialize
   req.body so the gateway receives the full payload.

2. attachGatewayAuthHeader injected the gateway token into the
   Authorization header for /hooks requests when no Authorization
   was present, causing the hooks handler to read the wrong credential
   instead of the hooks-specific X-OpenClaw-Token.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant