From 23a0160ef05e45a8cb5cdab99378edde9534c39c Mon Sep 17 00:00:00 2001 From: LukeGus Date: Thu, 21 May 2026 14:22:25 -0500 Subject: [PATCH] fix: auth failed electron --- src/backend/ssh/docker-console.ts | 33 ---------------------- src/backend/ssh/terminal.ts | 46 ------------------------------- src/main.tsx | 15 ++++++++-- 3 files changed, 13 insertions(+), 81 deletions(-) diff --git a/src/backend/ssh/docker-console.ts b/src/backend/ssh/docker-console.ts index 2532c69a..270ce437 100644 --- a/src/backend/ssh/docker-console.ts +++ b/src/backend/ssh/docker-console.ts @@ -24,39 +24,6 @@ const activeSessions = new Map(); const wss = new WebSocketServer({ host: "0.0.0.0", port: 30009, - verifyClient: async (info) => { - try { - let token: string | undefined; - - const cookieHeader = info.req.headers.cookie; - if (cookieHeader) { - const match = cookieHeader.match(/(?:^|;\s*)jwt=([^;]+)/); - if (match) token = decodeURIComponent(match[1]); - } - - if (!token) { - const authHeader = info.req.headers.authorization; - if (authHeader?.startsWith("Bearer ")) { - token = authHeader.slice("Bearer ".length); - } - } - - if (!token) { - return false; - } - - const authManager = AuthManager.getInstance(); - const decoded = await authManager.verifyJWTToken(token); - - if (!decoded || !decoded.userId) { - return false; - } - - return true; - } catch { - return false; - } - }, }); async function detectShell( diff --git a/src/backend/ssh/terminal.ts b/src/backend/ssh/terminal.ts index 50892ad9..bee1202d 100644 --- a/src/backend/ssh/terminal.ts +++ b/src/backend/ssh/terminal.ts @@ -434,52 +434,6 @@ async function createJumpHostChain( const wss = new WebSocketServer({ port: 30002, - verifyClient: async (info) => { - try { - let token: string | undefined; - - const cookieHeader = info.req.headers.cookie; - if (cookieHeader) { - const match = cookieHeader.match(/(?:^|;\s*)jwt=([^;]+)/); - if (match) token = decodeURIComponent(match[1]); - } - - if (!token) { - const authHeader = info.req.headers.authorization; - if (authHeader?.startsWith("Bearer ")) { - token = authHeader.slice("Bearer ".length); - } - } - - if (!token) { - return false; - } - - const payload = await authManager.verifyJWTToken(token); - - if (!payload) { - return false; - } - - if (payload.pendingTOTP) { - return false; - } - - const existingConnections = userConnections.get(payload.userId); - - if (existingConnections && existingConnections.size >= 10) { - return false; - } - - return true; - } catch (error) { - sshLogger.error("WebSocket authentication error", error, { - operation: "websocket_auth_error", - ip: info.req.socket.remoteAddress, - }); - return false; - } - }, }); wss.on("connection", async (ws: WebSocket, req) => { diff --git a/src/main.tsx b/src/main.tsx index 04e0d957..a83f3ade 100644 --- a/src/main.tsx +++ b/src/main.tsx @@ -8,7 +8,7 @@ import "./ui/i18n/i18n"; import { isElectron } from "@/lib/electron"; import { Toaster } from "@/components/sonner"; import { Auth, getStoredAuth, clearStoredAuth } from "@/auth/Auth"; -import { getUserInfo, appReadyPromise } from "@/main-axios"; +import { getUserInfo, getCurrentToken, appReadyPromise } from "@/main-axios"; import { applyAccentColor, applyFontSize } from "@/lib/theme"; import type { FontSizeId } from "@/types/ui-types"; import { useServiceWorker } from "@/hooks/use-service-worker"; @@ -130,11 +130,22 @@ function App() { // Verify stored session against the server before rendering AppShell. // Wait for API instances to be initialized with correct embedded/server config first. + // In Electron, also repopulate localStorage["jwt"] so WebSocket connections can auth + // after a session restore (the token is only written to localStorage during a fresh login). useEffect(() => { if (phase !== "verifying") return; appReadyPromise .then(() => getUserInfo()) - .then(() => setPhase("idle-app")) + .then(() => { + if (isElectron()) { + getCurrentToken() + .then((token) => { + if (token) localStorage.setItem("jwt", token); + }) + .catch(() => {}); + } + setPhase("idle-app"); + }) .catch(() => { clearStoredAuth(); setPhase("idle-auth");