fix websocket auth

2026-05-02 08:28:03 +08:00 · 2025-07-17 17:16:38 +08:00
parent 37440e9416
commit b0868d9136
4 changed files with 40 additions and 5 deletions
--- a/api/controllers/console/init.py
+++ b/api/controllers/console/init.py
@ -59,6 +59,7 @@ from .app import (
    mcp_server,
    message,
    model_config,
+    online_user,
    ops_trace,
    site,
    statistic,
--- a/api/controllers/console/app/online_user.py
+++ b/api/controllers/console/app/online_user.py
@ -1,21 +1,21 @@
 import json

 from flask import request
-from flask_login import current_user, login_required

 from extensions.ext_redis import redis_client
 from extensions.ext_socketio import ext_socketio


+
@ext_socketio.on("user_connect")
-@login_required
 def handle_user_connect(data):
    """
    Handle user connect event, check login and get user info.
    """
-
    sid = request.sid
    workflow_id = data.get("workflow_id")
+    if not (current_user := request.environ.get("ws_user")):
+        return {"msg": "unauthorized"}, 401

    old_info_json = redis_client.hget(f"workflow_online_users:{workflow_id}", current_user.id)
    if old_info_json: