kaiwu/openclaw-skill
1
0
Fork 0
forked from Selig/openclaw-skill
Code Pull Requests 1 Activity

Sync with upstream #1

Open
kaiwu wants to merge 24 commits from Selig/openclaw-skill:main into main
pull from: Selig/openclaw-skill:main
merge into: kaiwu:main
Conversation 0 Commits 24 Files Changed 62 +8
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 17c10dde22 - Show all commits

1
skills/dispatch-webhook/SKILL.md
View File

@@ -112,3 +112,4 @@ Task ID: {task_id}
| 401 Unauthorized | 立即失敗,提示設定 token | | 401 Unauthorized | 立即失敗,提示設定 token |
| 超時(> 30s | 返回 accepted等待 callback | | 超時(> 30s | 返回 accepted等待 callback |
| VPS 回傳 500 | 記錄錯誤,通知使用者 | | VPS 回傳 500 | 記錄錯誤,通知使用者 |
| 非 HTTPS Webhook且非 localhost/127.0.0.1 | 直接拒絕,避免 Bearer Token 明文傳輸 |

7
skills/dispatch-webhook/handler.ts
View File

@@ -51,6 +51,13 @@ function validateInput(raw: any): DispatchInput {
throw new Error('Webhook URL 協定不支援,僅允許 http 或 https'); throw new Error('Webhook URL 協定不支援,僅允許 http 或 https');
} }
// 安全預設:正式環境僅允許 HTTPS避免 Bearer Token 明文傳輸
// 本機開發保留 http://localhost 與 http://127.0.0.1 例外
const isLocalhost = ['localhost', '127.0.0.1'].includes(parsedUrl.hostname);
if (parsedUrl.protocol !== 'https:' && !isLocalhost) {
throw new Error('Webhook URL 安全性不足:非本機位址必須使用 https');
}
if (!input.webhookToken || typeof input.webhookToken !== 'string') { if (!input.webhookToken || typeof input.webhookToken !== 'string') {
throw new Error(`${input.target.toUpperCase()} Webhook Token 未設定`); throw new Error(`${input.target.toUpperCase()} Webhook Token 未設定`);
} }