manohar/OpenClawDashboard
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(bridge): read bridge token from env in agents-activity

Browse source 
The bearer token was hardcoded in source and leaked via the public GitHub
mirror. Token itself rotated server-side as part of this deploy.
This commit is contained in:
Manohar 2026-06-10 02:46:48 +00:00
parent e48441be4e
commit c3cd924cdd
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
bridge/src/routes/agents-activity.ts
View file

@ -37,9 +37,12 @@ function timeAgo(timestamp: number | null): string {
router.get("/", async (_req: Request, res: Response) => { router.get("/", async (_req: Request, res: Response) => {
try { try {
// Use execInSandbox to call /tiger/agents from inside OpenClaw container // Use execInSandbox to call /tiger/agents from inside OpenClaw container.
// Token comes from env — a previous version hardcoded it here, which
// leaked it to the public GitHub mirror (rotated 2026-06-10).
const token = process.env.TIGER_BRIDGE_TOKEN || "";
const { stdout } = await execInSandbox( const { stdout } = await execInSandbox(
`curl -s "http://172.17.0.1:3456/tiger/agents" -H "Authorization: Bearer 14fb879429386b69beac339bbd98e43011ec29485da17592410da34ed97e0236"` `curl -s "http://172.17.0.1:3456/tiger/agents" -H "Authorization: Bearer ${token}"`
); );
let rawData: any; let rawData: any;