fix(ws): only connected if include auth token

comfy-addons · Jan 24, 2025 · 1e0a642 · 1e0a642
1 parent 4d4d9bc
commit 1e0a642
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 5 deletions.
diff --git a/app/[locale]/layout.trpc.tsx b/app/[locale]/layout.trpc.tsx
@@ -9,9 +9,11 @@ import { useEffect, type PropsWithChildren } from 'react'
 
 const TRPCLayout: React.FC<PropsWithChildren> = ({ children }) => {
   const { data: session } = useSession()
+
   useEffect(() => {
     setAuthToken(session?.accessToken.token ?? '', session?.accessToken.wsToken ?? '')
   }, [session])
+
   return <>{children}</>
 }
 

diff --git a/nginx.conf b/nginx.conf
@@ -16,7 +16,7 @@ http {
         server_name localhost;
 
         # Backend API routes
-        location ~ ^/(api/trpc|api/user|api/ext|swagger|attachments) {
+        location ~ ^/(api/trpc|api/user|api/ext|swagger|attachments|ws) {
             proxy_pass http://backend;
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;

diff --git a/server/context.ts b/server/context.ts
@@ -22,7 +22,7 @@ export const createContext = async (opts: FetchCreateContextFnOptions) => {
   let user: User | null = null
   const headers = opts.req.headers
   const rawAuthorization =
-    headers.get('authorization') || opts.info?.connectionParams?.Authorization || queries.get('connectionParams')
+    headers.get('authorization') || opts.info?.connectionParams?.Authorization || queries.get('auth')
   const accessToken = rawAuthorization?.replace('Bearer', '').trim()
   try {
     if (accessToken && accessToken.length > 0) {

diff --git a/server/run.ts b/server/run.ts
@@ -52,13 +52,17 @@ const handleStaticFile = async (req: IncomingMessage, res: ServerResponse) => {
 
 const websocket = createBunWSHandler({
   router: appRouter,
-  // optional arguments:
   createContext,
   onError: () => {
     return true
   },
   batching: {
-    enabled: false
+    enabled: true
+  },
+  keepAlive: {
+    enabled: true,
+    pingMs: 15000,
+    pongWaitMs: 5000
   }
 })
 
@@ -68,6 +72,11 @@ Bun.serve({
     const pathName = url.pathname
     const clientOrigin = req.headers.get('origin') || 'http://localhost:3000'
     if (pathName.startsWith('/ws')) {
+      // Queries have auth
+      if (!url.searchParams.get('auth')) {
+        // auth required
+        return new Response('UNAUTHORIZED', { status: 401 })
+      }
       if (server.upgrade(req, { data: { req: req } })) {
         return
       }

diff --git a/utils/trpc.ts b/utils/trpc.ts
@@ -53,7 +53,7 @@ function getBaseWsUrl() {
 }
 
 const wsClient = createWSClient({
-  url: () => `${getBaseWsUrl()}/ws?connectionParams=${encodeURIComponent(wsAuthToken)}`
+  url: () => `${getBaseWsUrl()}/ws?auth=${encodeURIComponent(wsAuthToken)}`
 })
 
 const trpc = createTRPCNext<AppRouter>({