fix: unify duplicated gateway auth header construction into shared helper#243
Open
HenryAI-arch wants to merge 1 commit intosnarktank:mainfrom
Open
fix: unify duplicated gateway auth header construction into shared helper#243HenryAI-arch wants to merge 1 commit intosnarktank:mainfrom
HenryAI-arch wants to merge 1 commit intosnarktank:mainfrom
Conversation
All 4 HTTP functions (createAgentCronJobHTTP, listCronJobsHTTP, deleteCronJobHTTP, checkCronToolAvailable) previously duplicated the same 3-line auth pattern: getGatewayConfig() + headers object + conditional Bearer header. This extracts a shared gatewayFetch() helper that encapsulates config resolution, header construction, and the fetch call. No behavioral changes. Reduces duplication from ~12 lines across 4 functions to a single ~10-line helper. Adds regression test verifying all HTTP functions send identical auth headers, Content-Type, and target the same endpoint.
|
@HenryAI-arch is attempting to deploy a commit to the Ryan Team on Vercel. A member of the Team first needs to authorize it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bug Description
The authentication handling in antfarm's gateway-api.ts has redundant patterns: every HTTP function (createAgentCronJobHTTP, listCronJobsHTTP, deleteCronJobHTTP, checkCronToolAvailable) independently constructs Authorization headers using the same getGatewayConfig() + secret resolution. This is a code quality / maintainability concern rather than a functional bug. A simplified/unified auth helper could reduce duplication and make the auth flow easier to reason about. The payment-allocator auth.ts is a separate concern (Express middleware for API key validation) and is not directly related. No tests are currently failing and no errors are being thrown by the existing auth implementation.
Severity: low
Root Cause
This is NOT a functional bug — it is a code quality/maintainability concern. The authentication handling in gateway-api.ts has a well-structured foundation (getGatewayConfig() correctly resolves the unified "secret" from either token or password mode), but every HTTP function (createAgentCronJobHTTP, listCronJobsHTTP, deleteCronJobHTTP, checkCronToolAvailable) independently repeats the same 3-line pattern: (1) call getGatewayConfig(), (2) create headers object, (3) conditionally add Authorization Bearer header. This is duplicated across 4 functions (lines ~150, ~195, ~230, ~265 approximately). The duplication means any future auth change (e.g., adding API key auth, custom headers, or retry logic) must be replicated in 4+ places, increasing risk of inconsistency. The payment-allocator auth.ts is a completely separate Express middleware concern and is NOT related to this issue. All existing tests pass — no functional breakage exists.
Fix
Extracted a shared gatewayFetch() helper in src/installer/gateway-api.ts that centralises getGatewayConfig() + auth header construction + fetch POST call. Replaced duplicated auth patterns in all 4 HTTP functions (createAgentCronJobHTTP, listCronJobsHTTP, deleteCronJobHTTP, checkCronToolAvailable) with calls to this single helper. No behavioral changes. Scoped strictly to gateway-api.ts — payment-allocator auth.ts was NOT modified.
Regression Test
Added tests/gateway-api-unified-auth.test.ts with 4 tests: (1) all HTTP functions send identical Authorization headers, (2) all send Content-Type: application/json, (3) all hit the same /tools/invoke endpoint, (4) no Authorization header when no secret configured.
Verification
All existing tests pass. The gatewayFetch() helper correctly centralises auth header construction replacing 4 duplicated patterns. Fix is minimal, scoped to gateway-api.ts, no unintended side effects. This is a maintainability refactor addressing code duplication, not a functional bug fix.