From 8e3b412ff65ee78495dfbbb2f3d2a09c1243a632 Mon Sep 17 00:00:00 2001
From: hjlarry <hjlarry@163.com>
Date: Tue, 21 Oct 2025 11:46:00 +0800
Subject: [PATCH] fix websocket cookie auth

---
 api/controllers/console/app/online_user.py    | 10 +++++++++
 .../collaboration/core/websocket-manager.ts   | 21 +++++++++++++++----
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/api/controllers/console/app/online_user.py b/api/controllers/console/app/online_user.py
index 92fe18bac3..74eb8891a2 100644
--- a/api/controllers/console/app/online_user.py
+++ b/api/controllers/console/app/online_user.py
@@ -3,8 +3,10 @@ import time
 
 from extensions.ext_redis import redis_client
 from extensions.ext_socketio import sio
+from libs.token import extract_access_token
 from libs.passport import PassportService
 from services.account_service import AccountService
+from werkzeug.wrappers import Request as WerkzeugRequest
 
 
 @sio.on("connect")
@@ -15,6 +17,14 @@ def socket_connect(sid, environ, auth):
     token = None
     if auth and isinstance(auth, dict):
         token = auth.get("token")
+
+    if not token:
+        try:
+            request_environ = WerkzeugRequest(environ)
+            token = extract_access_token(request_environ)
+        except Exception:
+            token = None
+
     if not token:
         return False
 
diff --git a/web/app/components/workflow/collaboration/core/websocket-manager.ts b/web/app/components/workflow/collaboration/core/websocket-manager.ts
index ba4a45eee7..b0b80c853c 100644
--- a/web/app/components/workflow/collaboration/core/websocket-manager.ts
+++ b/web/app/components/workflow/collaboration/core/websocket-manager.ts
@@ -1,5 +1,6 @@
 import type { Socket } from 'socket.io-client'
 import { io } from 'socket.io-client'
+import { ACCESS_TOKEN_LOCAL_STORAGE_NAME } from '@/config'
 import type { DebugInfo, WebSocketConfig } from '../types/websocket'
 
 export class WebSocketClient {
@@ -40,13 +41,25 @@ export class WebSocketClient {
 
     this.connecting.add(appId)
 
-    const authToken = localStorage.getItem('console_token')
-    const socket = io(this.config.url!, {
+    const authToken = typeof window === 'undefined'
+      ? undefined
+      : window.localStorage.getItem(ACCESS_TOKEN_LOCAL_STORAGE_NAME) ?? undefined
+
+    const socketOptions: {
+      path: string
+      transports: WebSocketConfig['transports']
+      withCredentials?: boolean
+      auth?: { token: string }
+    } = {
       path: '/socket.io',
       transports: this.config.transports,
-      auth: { token: authToken },
       withCredentials: this.config.withCredentials,
-    })
+    }
+
+    if (authToken)
+      socketOptions.auth = { token: authToken }
+
+    const socket = io(this.config.url!, socketOptions)
 
     this.connections.set(appId, socket)
     this.setupBaseEventListeners(socket, appId)