diff --git a/api/controllers/console/socketio/workflow.py b/api/controllers/console/socketio/workflow.py index 32787164d3..72f924b5ac 100644 --- a/api/controllers/console/socketio/workflow.py +++ b/api/controllers/console/socketio/workflow.py @@ -24,32 +24,35 @@ def socket_connect(sid, environ, auth): """ WebSocket connect event, do authentication here. """ - token = None - if auth and isinstance(auth, dict): - token = auth.get("token") - - if not token: - try: - request_environ = FlaskRequest(environ) - token = extract_access_token(request_environ) - except Exception: - logging.exception("Failed to extract token") - token = None + try: + request_environ = FlaskRequest(environ) + token = extract_access_token(request_environ) + except Exception: + logging.exception("Failed to extract token") + token = None if not token: + logging.warning("Socket connect rejected: missing token (sid=%s)", sid) return False try: decoded = PassportService().verify(token) user_id = decoded.get("user_id") if not user_id: + logging.warning("Socket connect rejected: missing user_id (sid=%s)", sid) return False with sio.app.app_context(): user = AccountService.load_logged_in_account(account_id=user_id) if not user: + logging.warning( + "Socket connect rejected: user not found (user_id=%s, sid=%s)", user_id, sid + ) return False if not user.has_edit_permission: + logging.warning( + "Socket connect rejected: no edit permission (user_id=%s, sid=%s)", user_id, sid + ) return False collaboration_service.save_session(sid, user) diff --git a/web/app/components/workflow/collaboration/core/__tests__/websocket-manager.test.ts b/web/app/components/workflow/collaboration/core/__tests__/websocket-manager.test.ts index 804b773f32..f483f64971 100644 --- a/web/app/components/workflow/collaboration/core/__tests__/websocket-manager.test.ts +++ b/web/app/components/workflow/collaboration/core/__tests__/websocket-manager.test.ts @@ -7,7 +7,7 @@ type MockSocket = { } type IoOptions = { - auth?: { token?: string } + auth?: unknown path?: string transports?: string[] withCredentials?: boolean @@ -104,18 +104,15 @@ describe('WebSocketClient', () => { expect(second).toBe(first) }) - it('attaches auth token from localStorage and emits user_connect on connect', async () => { + it('emits user_connect on connect without auth payload', async () => { const mockSocket = createMockSocket('socket-auth') ioMock.mockImplementation((url: string, options: IoOptions) => { - expect(options.auth).toEqual({ token: 'secret-token' }) + expect(options.auth).toBeUndefined() return mockSocket }) setGlobalWindow({ location: { protocol: 'https:', host: 'example.com' }, - localStorage: { - getItem: vi.fn(() => 'secret-token'), - }, } as unknown as typeof window) const { WebSocketClient } = await import('../websocket-manager') diff --git a/web/app/components/workflow/collaboration/core/websocket-manager.ts b/web/app/components/workflow/collaboration/core/websocket-manager.ts index 1a143f9687..7b8b783272 100644 --- a/web/app/components/workflow/collaboration/core/websocket-manager.ts +++ b/web/app/components/workflow/collaboration/core/websocket-manager.ts @@ -1,7 +1,6 @@ import type { Socket } from 'socket.io-client' import type { DebugInfo, WebSocketConfig } from '../types/websocket' import { io } from 'socket.io-client' -import { ACCESS_TOKEN_LOCAL_STORAGE_NAME } from '@/config' type AckArgs = unknown[] @@ -82,24 +81,16 @@ export class WebSocketClient { this.connecting.add(appId) - const authToken = typeof window === 'undefined' - ? undefined - : window.localStorage.getItem(ACCESS_TOKEN_LOCAL_STORAGE_NAME) ?? undefined - const socketOptions: { path: string transports: WebSocketConfig['transports'] withCredentials?: boolean - auth?: { token: string } } = { path: '/socket.io', transports: this.config.transports, withCredentials: this.config.withCredentials, } - if (authToken) - socketOptions.auth = { token: authToken } - const socket = io(this.config.url!, socketOptions) this.connections.set(appId, socket)