#8513: Gateway: require auth for plugin HTTP

## Fix Summary Gateway plugin HTTP routes are dispatched without any gateway authentication checks. Any network client can reach plugin HTTP endpoints even when the gateway token/password is configured, allowing unauthenticated access to plugin-provided actions. ## Issue Linkage Fixes #8512 ## Security Snapshot - CVSS v3.1: 10.0 (Critical) - CVSS v4.0: 10.0 (Critical) ## Implementation Details ### Files Changed - `extensions/bluebubbles/index.ts` (+1/-1) - `extensions/googlechat/index.ts` (+1/-1) - `extensions/zalo/index.ts` (+1/-1) - `src/gateway/server-runtime-state.ts` (+2/-0) - `src/gateway/server/plugins-http.test.ts` (+100/-3) - `src/gateway/server/plugins-http.ts` (+43/-1) - `src/gateway/tools-invoke-http.test.ts` (+1/-0) - `src/line/monitor.ts` (+1/-0) - `src/plugins/http-registry.ts` (+2/-0) - `src/plugins/registry.ts` (+16/-6) - `src/plugins/types.ts` (+15/-2) ### Technical Analysis Gateway plugin HTTP routes are dispatched without any gateway authentication checks. Any network client can reach plugin HTTP endpoints even when the gateway token/password is configured, allowing unauthenticated access to plugin-provided actions. ## Validation Evidence - Command: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H` - Status: passed ## Risk and Compatibility non-breaking; compatibility impact was not explicitly documented in the original PR body. ## AI-Assisted Disclosure AI-assisted: Codex CLI This fix was generated with AI assistance (Codex CLI). <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR closes an authentication bypass where Gateway plugin HTTP routes/handlers were dispatched without applying gateway auth. It threads the resolved gateway auth + trusted proxy config into `createGatewayPluginRequestHandler` (`src/gateway/server-runtime-state.ts`) and enforces auth in `src/gateway/server/plugins-http.ts`, with new plugin registry fields (`requireAuth`) defaulting to `true` and opt-outs for webhook-style handlers/routes. Tests were updated/added to cover unauthorized route rejection, public route allowance, and handler behavior. Key integration points: - Plugin API/registry now stores `requireAuth` per HTTP route/handler (`src/plugins/types.ts`, `src/plugins/registry.ts`, `src/plugins/http-registry.ts`). - Gateway’s plugin HTTP dispatcher checks `requireAuth` before dispatch, and uses existing `authorizeGatewayConnect`/`getBearerToken` helpers for consistency (`src/gateway/server/plugins-http.ts`). - Several webhook-style extensions/LINE provider explicitly opt out of gateway auth to remain reachable (`extensions/*/index.ts`, `src/line/monitor.ts`). <h3>Confidence Score: 3/5</h3> - This PR is generally safe to merge and fixes the reported auth bypass, but the plugin HTTP handler auth gating semantics may be surprising and could block legitimate public handlers depending on handler ordering. - Core wiring/auth enforcement looks consistent with existing gateway auth helpers and tests cover key route cases. The main concern is that auth is checked before running generic handlers, so unauthenticated requests can be prevented from ever reaching later handlers (even ones marked `requireAuth: false` if a prior auth-required handler exists), which could change behavior in deployments relying on mixed handler lists. - src/gateway/server/plugins-http.ts; src/plugins/registry.ts <!-- greptile_other_comments_section --> **Context used:** - Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=fd949e91-5c3a-4ab5-90a1-cbe184fd6ce8)) - Context from `dashboard` - AGENTS.md ([source](https://app.greptile.com/review/custom-context?memory=0d0c8278-ef8e-4d6c-ab21-f5527e322f13)) <!-- /greptile_comment -->