From f47b8f08196bd64b8378e6ed612e798595ac4197 Mon Sep 17 00:00:00 2001 From: chengyongru Date: Thu, 14 May 2026 11:32:29 +0800 Subject: [PATCH] fix(websocket): do not trigger pairing on authenticated WS connections WebSocket already authenticates clients at handshake time via token or issued-token validation. Setting is_dm=True caused unrecognised clients to receive a pairing code after they had already passed token auth, which is nonsensical for a browser-tab client. Treat WebSocket as non-DM so pairing is never offered; access control remains at the WS handshake level (allow_from + token gate). --- nanobot/channels/websocket.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/nanobot/channels/websocket.py b/nanobot/channels/websocket.py index 0db169512..b836aba0e 100644 --- a/nanobot/channels/websocket.py +++ b/nanobot/channels/websocket.py @@ -1249,14 +1249,15 @@ class WebSocketChannel(BaseChannel): content = _parse_inbound_payload(raw) if content is None: continue - # WebSocket connections are always treated as 1:1 (DM) because - # each connection represents a single client browser/tab. + # WebSocket already authenticates at handshake time (token), + # so pairing is not applicable. Treat as non-DM to avoid + # sending pairing codes to an already-authenticated client. await self._handle_message( sender_id=client_id, chat_id=default_chat_id, content=content, metadata={"remote": getattr(connection, "remote_address", None)}, - is_dm=True, + is_dm=False, ) except Exception as e: self.logger.debug("connection ended: {}", e) @@ -1402,7 +1403,7 @@ class WebSocketChannel(BaseChannel): content=content, media=media_paths or None, metadata=metadata, - is_dm=True, + is_dm=False, ) return await self._send_event(connection, "error", detail=f"unknown type: {t!r}")