will/flynn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add query-param token auth and optional HTTP auth to gateway

Browse Source 
Support ?token= query parameter as a fallback for WebSocket clients that
cannot set Authorization headers (e.g. browsers). Add authHttp option to
GatewayServer so token auth can be applied to HTTP requests too, returning
401 with WWW-Authenticate header on failure.
This commit is contained in:
William Valentin
2026-02-06 16:51:41 -08:00
parent 0eb1f7a073
commit 20930a4816
4 changed files with 132 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/gateway/server.test.ts
+38
View File
@@ -218,3 +218,41 @@ describe('GatewayServer integration', () => {
expect(res.status).toBe(404);
});
});
describe('GatewayServer HTTP auth', () => {
const AUTH_PORT = 18898;
let authServer: GatewayServer;
beforeAll(async () => {
authServer = new GatewayServer({
port: AUTH_PORT,
sessionManager: mockSessionManager as unknown as GatewayServerConfig['sessionManager'],
modelClient: mockModelClient,
systemPrompt: 'Test prompt',
toolRegistry: mockToolRegistry as unknown as GatewayServerConfig['toolRegistry'],
toolExecutor: mockToolExecutor as unknown as GatewayServerConfig['toolExecutor'],
auth: { token: 'test-secret' },
authHttp: true,
uiDir: resolve(import.meta.dirname, 'ui'),
});
await authServer.start();
});
afterAll(async () => {
await authServer.stop();
});
it('returns 401 for HTTP request without token', async () => {
const res = await fetch(`http://127.0.0.1:${AUTH_PORT}/`);
expect(res.status).toBe(401);
expect(res.headers.get('www-authenticate')).toBe('Bearer');
});
it('serves content with valid Bearer token', async () => {
const res = await fetch(`http://127.0.0.1:${AUTH_PORT}/`, {
headers: { Authorization: 'Bearer test-secret' },
});
expect(res.status).toBe(200);
expect(res.headers.get('content-type')).toBe('text/html');
});
});