fix: hardcode i18n strings, add gateway RPC whitelist, and fix race conditions#832
fix: hardcode i18n strings, add gateway RPC whitelist, and fix race conditions#832JIRBOY wants to merge 1 commit intoValueCell-ai:mainfrom
Conversation
…onditions - Replace ~30 hardcoded English strings with i18n keys in Setup page (OAuth flow, runtime status, and installation error messages) - Add ALLOWED_RPC_METHODS whitelist to gateway:rpc IPC handler to prevent arbitrary RPC method execution from renderer process - Add isRunning guard in startHealthCheck to prevent overlapping concurrent health check executions - Surface configuration cleanup errors in removeProviderFromOpenClaw instead of silently swallowing them, allowing callers to react - Complete missing i18n keys across all 4 locales (en/zh/ja/ru): settings.json: OAuth flow keys, telemetry keys setup.json: runtime errors, installing errors Co-Authored-By: Claude Opus 4.6 <[email protected]>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 8b93beca21
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| if (typeof method !== 'string' || !ALLOWED_RPC_METHODS.has(method)) { | ||
| logger.warn(`[gateway:rpc] blocked method "${method}" — not in whitelist`); | ||
| return { success: false, error: `RPC method "${method}" is not allowed` }; |
There was a problem hiding this comment.
The new gateway:rpc whitelist now rejects several methods that the renderer already uses (skills.status in src/stores/skills.ts:96, plus channels.status, channels.add, and channels.requestQr in src/stores/channels.ts:83/145/240). Because applyGatewayTransportPreference() defaults gateway:rpc to IPC (src/lib/api-client.ts:269-279), these calls will immediately hit this handler and return RPC method ... is not allowed, breaking skills/channel loading and channel setup flows whenever users are on the default transport path.
Useful? React with 👍 / 👎.
1 participant
Summary
ALLOWED_RPC_METHODSwhitelist to gateway:rpc IPC handler to prevent arbitrary RPC method execution from renderer processisRunningguard instartHealthCheckto prevent overlapping concurrent health check executionsremoveProviderFromOpenClawinstead of silently swallowing themChanged files
src/pages/Setup/index.tsx— i18n for OAuth & runtime error messageselectron/main/ipc-handlers.ts— gateway:rpc method whitelistelectron/gateway/connection-monitor.ts— healthCheck concurrency guardelectron/utils/openclaw-auth.ts— expose cleanup errorssrc/i18n/locales/*/settings.json&src/i18n/locales/*/setup.json— missing translation keys