feat: enhance WebSocket connection handling with token validation and update response caching#1820
Conversation
… update response caching
|
Caution Review failedPull request was closed or merged during review 📝 WalkthroughWalkthroughWebSocket responses are cached with authentication tokens for routing validation. Commands now pass ChangesToken-based response routing
JWT expiration update
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
This PR strengthens the autoadmin WebSocket request/response flow by binding cached HTTP responses to an authenticated agent connection token, preventing cross-connection response mix-ups, and it also adjusts the JWT expiration used for WS-server authorization.
Changes:
- Bind
dataFromAgentresponses to the specific routed (hashed) connection token viaresponseCachemetadata. - Track an authenticated token on each WebSocket and validate it before resolving cached responses.
- Shorten the JWT
expcalculation used byDataAccessObjectAgentwhen calling the WS server.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| shared-code/src/data-access-layer/data-access-objects/data-access-object-agent.ts | Updates JWT expiration logic used for WS-server authorization. |
| autoadmin-ws-server/src/services/response-cache.ts | Extends cached response entries with the routed connection token. |
| autoadmin-ws-server/src/handlers/websocket.ts | Binds sockets to an authenticated token and validates dataFromAgent against the routed token. |
| autoadmin-ws-server/src/handlers/command.ts | Passes the routed token into the response cache when issuing a command. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| connectionToken = hashedToken; | ||
| data.connectionToken = connectionToken; | ||
| (ws as AuthenticatedSocket).agentToken = hashedToken; | ||
| } |
| private generateJWT(connectionToken: string): string { | ||
| const exp = new Date(); | ||
| exp.setDate(exp.getDate() + 60); | ||
| const exp = Math.floor(Date.now() / 1000) + 120; | ||
| const secret = process.env.JWT_SECRET; | ||
| return jwt.sign( | ||
| { |
Summary by CodeRabbit