Spaces:

Supertbot
/

xia

Running

App Files Files Community

echo8900 commited on 19 days ago

Commit

0a24085

verified ·

1 Parent(s): 196d2aa

Update entrypoint.sh

Browse files

Files changed (1) hide show

entrypoint.sh +69 -161

entrypoint.sh CHANGED Viewed

@@ -1,161 +1,69 @@
-import fs from "node:fs";
-import path from "node:path";
-import https from "node:https";
-var HOME = process.env.OPENCLAW_HOME || process.env.HOME || "/home/user";
-var STATE_DIR = path.join(HOME, ".openclaw");
-var CONFIG_PATH = path.join(STATE_DIR, "openclaw.json");
-console.log("[setup] Starting... HOME=" + HOME);
-function parseList(val) {
-    if (!val || !val.trim()) return [];
-    return val.split(",").map(function(s) { return s.trim(); }).filter(Boolean);
-}
-// ---- auth ----
-var gatewayToken = (process.env.OPENCLAW_GATEWAY_TOKEN || "").trim();
-var gatewayPassword = (process.env.OPENCLAW_GATEWAY_PASSWORD || "").trim();
-if (!gatewayToken && !gatewayPassword) {
-    console.error("[setup] ERROR: set OPENCLAW_GATEWAY_TOKEN or OPENCLAW_GATEWAY_PASSWORD");
-    process.exit(1);
-}
-// ---- default model ----
-var defaultModel = (process.env.OPENCLAW_HF_DEFAULT_MODEL || "").trim() || "google/gemini-2.0-flash";
-// ---- dynamic provider key detection ----
-// OpenClaw official mechanism: reads provider keys from process env vars.
-// We also write them into env.vars so OpenClaw injects them into its runtime.
-// Exclude internal/system vars, include only provider-shaped keys.
-var EXCLUDE_PREFIXES = [
-    "OPENCLAW_", "SPACE_", "SYSTEM_", "HF_SPACE",
-    "NODE_", "PATH", "HOME", "USER", "PWD", "LANG", "LC_"
-];
-var INCLUDE_SUFFIXES = [
-    "_API_KEY", "_SECRET_KEY", "_ACCESS_TOKEN",
-    "_BOT_TOKEN", "_AUTH_TOKEN", "_APP_KEY", "_TOKEN"
-];
-function isProviderKey(k) {
-    for (var i = 0; i < EXCLUDE_PREFIXES.length; i++) {
-        if (k.indexOf(EXCLUDE_PREFIXES[i]) === 0) return false;
-    }
-    for (var j = 0; j < INCLUDE_SUFFIXES.length; j++) {
-        var s = INCLUDE_SUFFIXES[j];
-        if (k.length > s.length && k.indexOf(s) === k.length - s.length) return true;
-    }
-    return false;
-}
-var detectedKeys = Object.keys(process.env)
-    .filter(function(k) { return isProviderKey(k) && (process.env[k] || "").trim(); })
-    .sort();
-console.log("[setup] Detected provider keys (" + detectedKeys.length + "):");
-detectedKeys.forEach(function(k) { console.log("  + " + k); });
-// ---- proxies ----
-var envProxies = parseList(process.env.OPENCLAW_GATEWAY_TRUSTED_PROXIES);
-var trustedProxies = envProxies.length > 0 ? envProxies : [
-    "10.16.4.123", "10.16.7.92",  "10.16.18.232",
-    "10.16.34.155", "10.16.43.133", "10.16.1.206",
-    "10.20.1.9",   "10.20.1.222",
-    "10.20.26.157", "10.20.31.87",
-    "10.20.0.1",   "172.17.0.1"
-];
-// ---- build config ----
-var config = {
-    gateway: {
-        auth: gatewayToken
-            ? { mode: "token",    token:    gatewayToken }
-            : { mode: "password", password: gatewayPassword },
-        controlUi: {
-            allowInsecureAuth: true,
-            dangerouslyAllowHostHeaderOriginFallback: true
-        },
-        trustedProxies: trustedProxies
-    },
-    agents: {
-        defaults: {
-            model: defaultModel
-        }
-    },
-    // Write detected keys into env.vars so OpenClaw injects them into its runtime.
-    // This is the official OpenClaw mechanism for env-based provider auth.
-    env: { vars: {} }
-};
-detectedKeys.forEach(function(k) {
-    config.env.vars[k] = (process.env[k] || "").trim();
-});
-// ---- Telegram - auto detect best reachable node ----
-async function detectTelegramNode(nodes, token) {
-    for (var i = 0; i < nodes.length; i++) {
-        var node = nodes[i];
-        try {
-            await new Promise(function(resolve, reject) {
-                var req = https.get(node + "/bot" + token + "/getMe", function(res) {
-                    if (res.statusCode === 200) resolve(true);
-                    else reject(new Error("HTTP " + res.statusCode));
-                });
-                req.on("error", reject);
-                req.setTimeout(4000, function() { req.destroy(); reject(new Error("Timeout")); });
-            });
-            console.log("[setup] Telegram node reachable: " + node);
-            // Strip trailing slash
-            return node.replace(/\/$/, "");
-        } catch (e) {
-            console.log("[setup] Telegram node unreachable: " + node + " (" + e.message + ")");
-        }
-    }
-    return null;
-}
-var TELEGRAM_NODES = [
-    "https://api.telegram.org",
-    "https://tg-api.vercel.app",
-    "https://telegram-bot-api.vercel.app"
-];
-async function setupTelegram() {
-    var token = (process.env.TELEGRAM_BOT_TOKEN || "").trim();
-    if (!token) { console.log("[setup] Telegram: disabled"); return; }
-    var apiRoot = await detectTelegramNode(TELEGRAM_NODES, token);
-    var finalRoot = apiRoot || TELEGRAM_NODES[0];
-    config.channels = {
-        telegram: {
-            enabled: true,
-            accounts: { main: { botToken: token, apiRoot: finalRoot } }
-        }
-    };
-    console.log("[setup] Telegram: enabled, apiRoot=" + finalRoot);
-}
-// ---- main ----
-async function main() {
-    await setupTelegram();
-    try {
-        fs.mkdirSync(STATE_DIR, { recursive: true });
-        if (fs.existsSync(CONFIG_PATH)) {
-            fs.copyFileSync(CONFIG_PATH, CONFIG_PATH + ".bak");
-        }
-        fs.writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2), "utf-8");
-    } catch (e) {
-        console.error("[setup] Write failed: " + e.message);
-        process.exit(1);
-    }
-    console.log("[setup] Done. auth=" + (gatewayToken ? "token" : "password") +
-        " model=" + defaultModel + " proxies=" + trustedProxies.length +
-        " env.vars=" + detectedKeys.length);
-}
-main().then(() => process.exit(0)).catch(function(e) {
-    console.error("[setup] Fatal: " + e.message);
-    process.exit(1);
-});

+#!/bin/sh
+# resolve OPENCLAW_HOME
+if mkdir -p /data/.openclaw 2>/dev/null; then
+export OPENCLAW_HOME=/data
+else
+export OPENCLAW_HOME=/home/user
+mkdir -p /home/user/.openclaw
+fi
+echo “[entrypoint] OPENCLAW_HOME=$OPENCLAW_HOME”
+# dynamically export all provider keys so openclaw gateway can read them
+# OpenClaw’s official mechanism: reads provider keys directly from process env vars
+# matches: *_API_KEY *_SECRET_KEY *_ACCESS_TOKEN *_BOT_TOKEN *_AUTH_TOKEN *_APP_KEY
+# excludes: OPENCLAW_ SPACE_ SYSTEM_ HF_SPACE NODE_ prefixes
+for VAR in $(env | cut -d= -f1); do
+case “$VAR” in
+OPENCLAW_*|SPACE_*|SYSTEM_*|HF_SPACE*|NODE_*) continue ;;
+esac
+case “$VAR” in
+*_API_KEY|*_SECRET_KEY|*_ACCESS_TOKEN|*_BOT_TOKEN|*_AUTH_TOKEN|*_APP_KEY)
+eval VAL=$$VAR
+if [ -n “$VAL” ]; then
+export “$VAR”
+echo “[entrypoint] exported: $VAR”
+fi
+;;
+esac
+done
+# always export HF_TOKEN for dataset sync
+export HF_TOKEN=”${HF_TOKEN:-}”
+# restore from HF Dataset (30s timeout, non-fatal)
+if [ -n “$HF_TOKEN” ] && [ -n “$HF_DATASET_ID” ]; then
+echo “[entrypoint] Restoring from dataset ${HF_DATASET_ID}…”
+timeout 30 sh /app/hf-sync.sh restore || echo “[entrypoint] Restore skipped (non-fatal)”
+fi
+# write openclaw config
+node /app/spaces/huggingface/setup-hf-config.mjs || true
+# run security check (non-fatal)
+if [ -f /app/security-check.sh ]; then
+sh /app/security-check.sh || true
+fi
+echo “[entrypoint] starting gateway…”
+# start background sync loop
+if [ -n “$HF_TOKEN” ] && [ -n “$HF_DATASET_ID” ]; then
+sh /app/hf-sync.sh loop &
+echo “[entrypoint] sync loop started (interval=${HF_SYNC_INTERVAL:-3600}s)”
+fi
+# FIX: must use ASCII hyphens – not en-dashes
+exec node /app/openclaw.mjs gateway –allow-unconfigured –bind lan –port 7860