websocket use cookie connect

api/controllers/console/socketio/workflow.py

@@ -24,32 +24,35 @@ def socket_connect(sid, environ, auth):
     """
     WebSocket connect event, do authentication here.
     """
-    token = None
-    if auth and isinstance(auth, dict):
-        token = auth.get("token")
-
-    if not token:
-        try:
-            request_environ = FlaskRequest(environ)
-            token = extract_access_token(request_environ)
-        except Exception:
-            logging.exception("Failed to extract token")
-            token = None
+    try:
+        request_environ = FlaskRequest(environ)
+        token = extract_access_token(request_environ)
+    except Exception:
+        logging.exception("Failed to extract token")
+        token = None
 
     if not token:
+        logging.warning("Socket connect rejected: missing token (sid=%s)", sid)
         return False
 
     try:
         decoded = PassportService().verify(token)
         user_id = decoded.get("user_id")
         if not user_id:
+            logging.warning("Socket connect rejected: missing user_id (sid=%s)", sid)
             return False
 
         with sio.app.app_context():
             user = AccountService.load_logged_in_account(account_id=user_id)
             if not user:
+                logging.warning(
+                    "Socket connect rejected: user not found (user_id=%s, sid=%s)", user_id, sid
+                )
                 return False
             if not user.has_edit_permission:
+                logging.warning(
+                    "Socket connect rejected: no edit permission (user_id=%s, sid=%s)", user_id, sid
+                )
                 return False
 
             collaboration_service.save_session(sid, user)

web/app/components/workflow/collaboration/core/__tests__/websocket-manager.test.ts

@@ -7,7 +7,7 @@ type MockSocket = {
 }
 
 type IoOptions = {
-  auth?: { token?: string }
+  auth?: unknown
   path?: string
   transports?: string[]
   withCredentials?: boolean
@@ -104,18 +104,15 @@ describe('WebSocketClient', () => {
     expect(second).toBe(first)
   })
 
-  it('attaches auth token from localStorage and emits user_connect on connect', async () => {
+  it('emits user_connect on connect without auth payload', async () => {
     const mockSocket = createMockSocket('socket-auth')
     ioMock.mockImplementation((url: string, options: IoOptions) => {
-      expect(options.auth).toEqual({ token: 'secret-token' })
+      expect(options.auth).toBeUndefined()
       return mockSocket
     })
 
     setGlobalWindow({
       location: { protocol: 'https:', host: 'example.com' },
-      localStorage: {
-        getItem: vi.fn(() => 'secret-token'),
-      },
     } as unknown as typeof window)
 
     const { WebSocketClient } = await import('../websocket-manager')

web/app/components/workflow/collaboration/core/websocket-manager.ts

@@ -1,7 +1,6 @@
 import type { Socket } from 'socket.io-client'
 import type { DebugInfo, WebSocketConfig } from '../types/websocket'
 import { io } from 'socket.io-client'
-import { ACCESS_TOKEN_LOCAL_STORAGE_NAME } from '@/config'
 
 type AckArgs = unknown[]
 
@@ -82,24 +81,16 @@ export class WebSocketClient {
 
     this.connecting.add(appId)
 
-    const authToken = typeof window === 'undefined'
-      ? undefined
-      : window.localStorage.getItem(ACCESS_TOKEN_LOCAL_STORAGE_NAME) ?? undefined
-
     const socketOptions: {
       path: string
       transports: WebSocketConfig['transports']
       withCredentials?: boolean
-      auth?: { token: string }
     } = {
       path: '/socket.io',
       transports: this.config.transports,
       withCredentials: this.config.withCredentials,
     }
 
-    if (authToken)
-      socketOptions.auth = { token: authToken }
-
     const socket = io(this.config.url!, socketOptions)
 
     this.connections.set(appId, socket)