fix: allow token auth to bypass device identity requirement
The device identity check was rejecting connections before token authentication could be attempted. This broke the control-ui (web UI) which uses token-based authentication via URL parameter. Changes: - Skip device identity requirement when a token is provided - Guard device token verification to only run when device is present Fixes control-ui showing "device identity required" error when connecting with a valid token. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
David Hurley
@@ -254,7 +254,9 @@ export function attachGatewayWsMessageHandler(params: {
|
|||||||
|
|
||||||
const device = connectParams.device;
|
const device = connectParams.device;
|
||||||
let devicePublicKey: string | null = null;
|
let devicePublicKey: string | null = null;
|
||||||
if (!device) {
|
// Allow token-authenticated connections (e.g., control-ui) to skip device identity
|
||||||
|
const hasTokenAuth = !!connectParams.auth?.token;
|
||||||
|
if (!device && !hasTokenAuth) {
|
||||||
setHandshakeState("failed");
|
setHandshakeState("failed");
|
||||||
setCloseCause("device-required", {
|
setCloseCause("device-required", {
|
||||||
client: connectParams.client.id,
|
client: connectParams.client.id,
|
||||||
@@ -427,7 +429,7 @@ export function attachGatewayWsMessageHandler(params: {
|
|||||||
});
|
});
|
||||||
let authOk = authResult.ok;
|
let authOk = authResult.ok;
|
||||||
let authMethod = authResult.method ?? "none";
|
let authMethod = authResult.method ?? "none";
|
||||||
if (!authOk && connectParams.auth?.token) {
|
if (!authOk && connectParams.auth?.token && device) {
|
||||||
const tokenCheck = await verifyDeviceToken({
|
const tokenCheck = await verifyDeviceToken({
|
||||||
deviceId: device.id,
|
deviceId: device.id,
|
||||||
token: connectParams.auth.token,
|
token: connectParams.auth.token,
|
||||||
|
|||||||
Reference in New Issue
Block a user