fix: resolve terminal WebSocket auth failures and improve reconnection
Deploy Dashboard (Dev) / deploy-dev (push) Failing after 1m8s
Deploy Dashboard (Dev) / deploy-dev (push) Failing after 1m8s
- Remove insecure query token parameter from backend (cookie-only auth) - Add detailed JWT error logging (expired, invalid, missing tokens) - Force token refresh before first WebSocket connection - Stop reconnection after 3 consecutive auth failures - Increase ping interval from 12s to 30s (reduce traffic) - Increase pong timeout from 5s to 10s (handle network latency) - Show attempt counter in reconnection error messages Root cause: Frontend was reconnecting with 6-day-old expired token, causing 403 rejections. Now ensures fresh cookies before connecting.
This commit is contained in:
@@ -2,6 +2,7 @@ import asyncio
|
||||
import struct
|
||||
import logging
|
||||
import shlex
|
||||
import jwt
|
||||
from collections import Counter
|
||||
from fastapi import WebSocket, Query
|
||||
import asyncssh
|
||||
@@ -90,19 +91,29 @@ async def _release_session(session_id: int | None):
|
||||
_active_sessions.pop(session_id, None)
|
||||
|
||||
|
||||
async def ws_endpoint(websocket: WebSocket, host: str = Query("nas"), token: str | None = Query(None)):
|
||||
async def ws_endpoint(websocket: WebSocket, host: str = Query("nas")):
|
||||
if host not in HOSTS:
|
||||
await websocket.close(code=1008, reason="Unknown host")
|
||||
return
|
||||
|
||||
access_token = websocket.cookies.get(auth.ACCESS_COOKIE_NAME) or token
|
||||
access_token = websocket.cookies.get(auth.ACCESS_COOKIE_NAME)
|
||||
if not access_token:
|
||||
logger.warning("WebSocket auth failed for %s: no access token cookie", host)
|
||||
await websocket.close(code=1008, reason="Unauthorized")
|
||||
return
|
||||
|
||||
try:
|
||||
user = await auth.get_current_user_ws(access_token)
|
||||
except Exception:
|
||||
except jwt.ExpiredSignatureError as e:
|
||||
logger.warning("WebSocket auth failed for %s: token expired - %s", host, e)
|
||||
await websocket.close(code=1008, reason="Token expired")
|
||||
return
|
||||
except jwt.InvalidTokenError as e:
|
||||
logger.warning("WebSocket auth failed for %s: invalid token - %s", host, e)
|
||||
await websocket.close(code=1008, reason="Invalid token")
|
||||
return
|
||||
except Exception as e:
|
||||
logger.error("WebSocket auth failed for %s: unexpected error - %s", host, e)
|
||||
await websocket.close(code=1008, reason="Unauthorized")
|
||||
return
|
||||
|
||||
|
||||
Reference in New Issue
Block a user