HuggingClaw

Sleeping

tao-shen Claude Opus 4.6 commited on Mar 1

Commit

5a096f1

1 Parent(s): 3f16497

fix: revert to token auth with default "huggingclaw"

auth.mode=none crashes on non-loopback bind. Revert to token mode
with GATEWAY_TOKEN env var (default: huggingclaw).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Files changed (3) hide show

README.md +3 -3
openclaw.json +1 -1
scripts/sync_hf.py +6 -16

README.md CHANGED Viewed

@@ -112,7 +112,7 @@ Fine-tune persistence and performance. Set these as **Repository Secrets** in HF
 | Variable | Default | Description |
 |----------|---------|-------------|
-| `GATEWAY_TOKEN` | _(none)_ | **Gateway token.** If set, Control UI requires this token to connect. If not set, anyone with the URL can access. |
 | `AUTO_CREATE_DATASET` | `false` | **Auto-create the Dataset repo.** Set to `true` to auto-create a private Dataset repo on first startup. |
 | `SYNC_INTERVAL` | `60` | **Backup interval in seconds.** How often data syncs to the Dataset repo. |
@@ -120,7 +120,7 @@ Fine-tune persistence and performance. Set these as **Repository Secrets** in HF
 ### 3. Open the Control UI
-Visit your Space URL — the Control UI connects automatically, no token needed. To add access control, set the `GATEWAY_TOKEN` secret.
 Messaging integrations (Telegram, WhatsApp) can be configured directly inside the Control UI after connecting.
@@ -141,7 +141,7 @@ HuggingClaw adds its own variables for persistence and deployment: `HF_TOKEN`, `
 ## Security
-- **Optional token auth** — set `GATEWAY_TOKEN` to restrict Control UI access; without it, the UI is open for easy setup
 - **Secrets stay server-side** — API keys and tokens are never exposed to the browser
 - **Private backups** — the Dataset repo is created as private by default

 | Variable | Default | Description |
 |----------|---------|-------------|
+| `GATEWAY_TOKEN` | `huggingclaw` | **Gateway token for Control UI access.** Override to set a custom token. |
 | `AUTO_CREATE_DATASET` | `false` | **Auto-create the Dataset repo.** Set to `true` to auto-create a private Dataset repo on first startup. |
 | `SYNC_INTERVAL` | `60` | **Backup interval in seconds.** How often data syncs to the Dataset repo. |
 ### 3. Open the Control UI
+Visit your Space URL. Enter the gateway token (default: `huggingclaw`) to connect. Customize via `GATEWAY_TOKEN` secret.
 Messaging integrations (Telegram, WhatsApp) can be configured directly inside the Control UI after connecting.
 ## Security
+- **Token authentication** — Control UI requires a gateway token to connect (default: `huggingclaw`, customizable via `GATEWAY_TOKEN`)
 - **Secrets stay server-side** — API keys and tokens are never exposed to the browser
 - **Private backups** — the Dataset repo is created as private by default

openclaw.json CHANGED Viewed

@@ -3,7 +3,7 @@
     "mode": "local",
     "bind": "lan",
     "port": 7860,
-    "auth": { "mode": "none" },
     "trustedProxies": [
       "0.0.0.0/0"
     ],

     "mode": "local",
     "bind": "lan",
     "port": 7860,
+    "auth": { "token": "huggingclaw" },
     "trustedProxies": [
       "0.0.0.0/0"
     ],

scripts/sync_hf.py CHANGED Viewed

@@ -65,8 +65,8 @@ OPENAI_BASE_URL = os.environ.get("OPENAI_BASE_URL", "https://api.openai.com/v1")
 # OpenRouter API key (optional; alternative to OPENAI_API_KEY + OPENAI_BASE_URL)
 OPENROUTER_API_KEY = os.environ.get("OPENROUTER_API_KEY", "")
-# Gateway token (optional; if not set, Control UI connects without auth)
-GATEWAY_TOKEN = os.environ.get("GATEWAY_TOKEN", "")
 # Default model for new conversations (infer from provider if not set)
 OPENCLAW_DEFAULT_MODEL = os.environ.get("OPENCLAW_DEFAULT_MODEL") or (
@@ -347,12 +347,9 @@ class OpenClawFullSync:
             try:
                 with open(config_path, "r") as f:
                     cfg = json.load(f)
-                # Set auth based on GATEWAY_TOKEN env var
                 if "gateway" in cfg:
-                    if GATEWAY_TOKEN:
-                        cfg["gateway"]["auth"] = {"token": GATEWAY_TOKEN}
-                    else:
-                        cfg["gateway"]["auth"] = {"mode": "none"}
                 if OPENAI_API_KEY and "models" in cfg and "providers" in cfg["models"] and "openai" in cfg["models"]["providers"]:
                     cfg["models"]["providers"]["openai"]["apiKey"] = OPENAI_API_KEY
                     if OPENAI_BASE_URL:
@@ -431,18 +428,11 @@ class OpenClawFullSync:
             if SPACE_HOST:
                 allowed_origins.append(f"https://{SPACE_HOST}")
                 print(f"[SYNC] SPACE_HOST detected: {SPACE_HOST}")
-            # Auth: token mode if GATEWAY_TOKEN is set, otherwise no-auth mode
-            if GATEWAY_TOKEN:
-                auth_cfg = {"token": GATEWAY_TOKEN}
-                auth_label = f"token"
-            else:
-                auth_cfg = {"mode": "none"}
-                auth_label = "none (open access)"
             data["gateway"] = {
                 "mode": "local",
                 "bind": "lan",
                 "port": 7860,
-                "auth": auth_cfg,
                 "trustedProxies": ["0.0.0.0/0"],
                 "controlUi": {
                     "allowInsecureAuth": True,
@@ -450,7 +440,7 @@ class OpenClawFullSync:
                     "allowedOrigins": allowed_origins
                 }
             }
-            print(f"[SYNC] Set gateway config (auth={auth_label}, origins={len(allowed_origins)})")
             # Ensure agents defaults
             data.setdefault("agents", {}).setdefault("defaults", {}).setdefault("model", {})

 # OpenRouter API key (optional; alternative to OPENAI_API_KEY + OPENAI_BASE_URL)
 OPENROUTER_API_KEY = os.environ.get("OPENROUTER_API_KEY", "")
+# Gateway token (default: huggingclaw; override via GATEWAY_TOKEN env var)
+GATEWAY_TOKEN = os.environ.get("GATEWAY_TOKEN", "huggingclaw")
 # Default model for new conversations (infer from provider if not set)
 OPENCLAW_DEFAULT_MODEL = os.environ.get("OPENCLAW_DEFAULT_MODEL") or (
             try:
                 with open(config_path, "r") as f:
                     cfg = json.load(f)
+                # Set gateway token
                 if "gateway" in cfg:
+                    cfg["gateway"]["auth"] = {"token": GATEWAY_TOKEN}
                 if OPENAI_API_KEY and "models" in cfg and "providers" in cfg["models"] and "openai" in cfg["models"]["providers"]:
                     cfg["models"]["providers"]["openai"]["apiKey"] = OPENAI_API_KEY
                     if OPENAI_BASE_URL:
             if SPACE_HOST:
                 allowed_origins.append(f"https://{SPACE_HOST}")
                 print(f"[SYNC] SPACE_HOST detected: {SPACE_HOST}")
             data["gateway"] = {
                 "mode": "local",
                 "bind": "lan",
                 "port": 7860,
+                "auth": {"token": GATEWAY_TOKEN},
                 "trustedProxies": ["0.0.0.0/0"],
                 "controlUi": {
                     "allowInsecureAuth": True,
                     "allowedOrigins": allowed_origins
                 }
             }
+            print(f"[SYNC] Set gateway config (auth=token, origins={len(allowed_origins)})")
             # Ensure agents defaults
             data.setdefault("agents", {}).setdefault("defaults", {}).setdefault("model", {})