let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity

Merge pull request #1314 from dbhurley/fix/control-ui-token-auth

Browse Source 
fix: allow token auth to bypass device identity requirement
This commit is contained in:
Peter Steinberger
2026-01-21 02:44:47 +00:00
committed by GitHub
parent 051d518078 079af0d0b0
commit ec51bb700c
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/gateway/server/ws-connection/message-handler.ts
View File

@@ -292,7 +292,9 @@ export function attachGatewayWsMessageHandler(params: {
const device = connectParams.device;
let devicePublicKey: string | null = null;
if (!device) {
// Allow token-authenticated connections (e.g., control-ui) to skip device identity
const hasTokenAuth = !!connectParams.auth?.token;
if (!device && !hasTokenAuth) {
setHandshakeState("failed");
setCloseCause("device-required", {
client: connectParams.client.id,
@@ -465,7 +467,7 @@ export function attachGatewayWsMessageHandler(params: {
});
let authOk = authResult.ok;
let authMethod = authResult.method ?? "none";
if (!authOk && connectParams.auth?.token) {
if (!authOk && connectParams.auth?.token && device) {
const tokenCheck = await verifyDeviceToken({
deviceId: device.id,
token: connectParams.auth.token,