Exposing conn_id to hooks to recognize user sessions

karstenda · karstenda · commit 6122a3a24b12 · 2025-12-18T00:45:45.000+01:00
diff --git a/rust/loro-websocket-server/src/lib.rs b/rust/loro-websocket-server/src/lib.rs
@@ -104,11 +104,28 @@ type LoadFuture<DocCtx> =
 type SaveFuture = Pin<Box<dyn Future<Output = Result<(), String>> + Send + 'static>>;
 type LoadFn<DocCtx> = Arc<dyn Fn(LoadDocArgs) -> LoadFuture<DocCtx> + Send + Sync>;
 type SaveFn<DocCtx> = Arc<dyn Fn(SaveDocArgs<DocCtx>) -> SaveFuture + Send + Sync>;
+
+/// Arguments provided to `authenticate`.
+pub struct AuthArgs {
+    pub room: String,
+    pub crdt: CrdtType,
+    pub auth: Vec<u8>,
+    pub conn_id: u64,
+}
+
 type AuthFuture =
     Pin<Box<dyn Future<Output = Result<Option<Permission>, String>> + Send + 'static>>;
-type AuthFn = Arc<dyn Fn(String, CrdtType, Vec<u8>) -> AuthFuture + Send + Sync>;
+type AuthFn = Arc<dyn Fn(AuthArgs) -> AuthFuture + Send + Sync>;
+
+/// Arguments provided to `handshake_auth`.
+pub struct HandshakeAuthArgs<'a> {
+    pub workspace: &'a str,
+    pub token: Option<&'a str>,
+    pub request: &'a tungstenite::handshake::server::Request,
+    pub conn_id: u64,
+}
 
-type HandshakeAuthFn = dyn Fn(&str, Option<&str>, &tungstenite::handshake::server::Request) -> bool + Send + Sync;
+type HandshakeAuthFn = dyn Fn(HandshakeAuthArgs) -> bool + Send + Sync;
 
 #[derive(Clone)]
 pub struct ServerConfig<DocCtx = ()> {
@@ -123,6 +140,7 @@ pub struct ServerConfig<DocCtx = ()> {
     /// - `workspace_id`: extracted from request path `/{workspace}` (empty if missing)
     /// - `token`: `token` query parameter if present
     /// - `request`: the full HTTP request (headers, uri, etc)
+    /// - `conn_id`: the connection id
     ///
     /// Return true to accept, false to reject with 401.
     pub handshake_auth: Option<Arc<HandshakeAuthFn>>,
@@ -885,12 +903,17 @@ async fn handle_conn<DocCtx>(
 where
     DocCtx: Clone + Send + Sync + 'static,
 {
+
+    // Generate a connection id
+    let conn_id = NEXT_ID.fetch_add(1, Ordering::Relaxed);
+
     // Capture config outside of non-async closure
     let handshake_auth = registry.config.handshake_auth.clone();
     let workspace_holder: Arc<std::sync::Mutex<Option<String>>> =
         Arc::new(std::sync::Mutex::new(None));
     let workspace_holder_c = workspace_holder.clone();
 
+        
     let ws = accept_hdr_async(
         stream,
         move |req: &tungstenite::handshake::server::Request,
@@ -926,7 +949,12 @@ where
                     None
                 });
 
-                let allowed = (check)(workspace_id, token, req);
+                let allowed = (check)(HandshakeAuthArgs {
+                    workspace: workspace_id,
+                    token,
+                    request: req,
+                    conn_id,
+                });
                 if !allowed {
                     warn!(workspace=%workspace_id, token=?token, "handshake auth denied");
                     // Build a 401 Unauthorized response
@@ -972,7 +1000,6 @@ where
         }
     });
 
-    let conn_id = NEXT_ID.fetch_add(1, Ordering::Relaxed);
     let mut joined_rooms: HashSet<RoomKey> = HashSet::new();
 
     while let Some(msg) = stream.next().await {
@@ -1002,7 +1029,14 @@ where
                             let mut permission = h.config.default_permission;
                             if let Some(auth_fn) = &h.config.authenticate {
                                 let room_str = room.room.clone();
-                                match (auth_fn)(room_str, room.crdt, auth.clone()).await {
+                                match (auth_fn)(AuthArgs {
+                                    room: room_str,
+                                    crdt: room.crdt,
+                                    auth: auth.clone(),
+                                    conn_id,
+                                })
+                                .await
+                                {
                                     Ok(Some(p)) => {
                                         permission = p;
                                     }
diff --git a/rust/loro-websocket-server/tests/e2e.rs b/rust/loro-websocket-server/tests/e2e.rs
@@ -14,7 +14,7 @@ async fn e2e_sync_two_clients_docupdate_roundtrip() {
     let addr = listener.local_addr().unwrap();
     let server_task = tokio::spawn(async move {
         let cfg: Cfg = server::ServerConfig {
-            handshake_auth: Some(Arc::new(|_ws, token, _req| token == Some("secret"))),
+            handshake_auth: Some(Arc::new(|args| args.token == Some("secret"))),
             ..Default::default()
         };
         server::serve_incoming_with_config(listener, cfg)
@@ -65,7 +65,7 @@ async fn workspaces_are_isolated() {
     let addr = listener.local_addr().unwrap();
     let server_task = tokio::spawn(async move {
         let cfg: Cfg = server::ServerConfig {
-            handshake_auth: Some(Arc::new(|_ws, token, _req| token == Some("secret"))),
+            handshake_auth: Some(Arc::new(|args| args.token == Some("secret"))),
             ..Default::default()
         };
         server::serve_incoming_with_config(listener, cfg)
@@ -104,7 +104,7 @@ async fn e2e_sync_two_clients_loro_adaptor_roundtrip() {
     let addr = listener.local_addr().unwrap();
     let server_task = tokio::spawn(async move {
         let cfg: Cfg = server::ServerConfig {
-            handshake_auth: Some(Arc::new(|_ws, token, _req| token == Some("secret"))),
+            handshake_auth: Some(Arc::new(|args| args.token == Some("secret"))),
             ..Default::default()
         };
         server::serve_incoming_with_config(listener, cfg)
@@ -154,7 +154,7 @@ async fn e2e_sync_two_clients_elo_adaptor_roundtrip() {
     let addr = listener.local_addr().unwrap();
     let server_task = tokio::spawn(async move {
         let cfg: Cfg = server::ServerConfig {
-            handshake_auth: Some(Arc::new(|_ws, token, _req| token == Some("secret"))),
+            handshake_auth: Some(Arc::new(|args| args.token == Some("secret"))),
             ..Default::default()
         };
         server::serve_incoming_with_config(listener, cfg)
diff --git a/rust/loro-websocket-server/tests/elo_accept_broadcast.rs b/rust/loro-websocket-server/tests/elo_accept_broadcast.rs
@@ -11,7 +11,7 @@ async fn elo_accepts_join_and_broadcasts_updates() {
     let addr = listener.local_addr().unwrap();
     let server_task = tokio::spawn(async move {
         let cfg: server::ServerConfig<()> = server::ServerConfig {
-            handshake_auth: Some(Arc::new(|_ws, token, _req| token == Some("secret"))),
+            handshake_auth: Some(Arc::new(|args| args.token == Some("secret"))),
             ..Default::default()
         };
         server::serve_incoming_with_config(listener, cfg)
diff --git a/rust/loro-websocket-server/tests/elo_fragment_reassembly.rs b/rust/loro-websocket-server/tests/elo_fragment_reassembly.rs
@@ -19,7 +19,7 @@ async fn elo_fragment_reassembly_broadcasts_original_frames() {
     let addr = listener.local_addr().unwrap();
     let server_task = tokio::spawn(async move {
         let cfg: server::ServerConfig<()> = server::ServerConfig {
-            handshake_auth: Some(Arc::new(|_ws, token, _req| token == Some("secret"))),
+            handshake_auth: Some(Arc::new(|args| args.token == Some("secret"))),
             ..Default::default()
         };
         server::serve_incoming_with_config(listener, cfg)
diff --git a/rust/loro-websocket-server/tests/handshake_auth.rs b/rust/loro-websocket-server/tests/handshake_auth.rs
@@ -9,7 +9,7 @@ async fn handshake_rejects_invalid_token_with_401() {
     let addr = listener.local_addr().unwrap();
     let server_task = tokio::spawn(async move {
         let cfg: server::ServerConfig<()> = server::ServerConfig {
-            handshake_auth: Some(Arc::new(|_ws, token, _req| token == Some("secret"))),
+            handshake_auth: Some(Arc::new(|args| args.token == Some("secret"))),
             ..Default::default()
         };
         server::serve_incoming_with_config(listener, cfg)
diff --git a/rust/loro-websocket-server/tests/handshake_cookies.rs b/rust/loro-websocket-server/tests/handshake_cookies.rs
@@ -10,8 +10,8 @@ async fn handshake_auth_can_read_cookies() {
     let addr = listener.local_addr().unwrap();
     let server_task = tokio::spawn(async move {
         let cfg: server::ServerConfig<()> = server::ServerConfig {
-            handshake_auth: Some(Arc::new(|_ws, _token, req| {
-                if let Some(header) = req.headers().get("Cookie") {
+            handshake_auth: Some(Arc::new(|args| {
+                if let Some(header) = args.request.headers().get("Cookie") {
                     if let Ok(s) = header.to_str() {
                         for cookie in cookie::Cookie::split_parse(s) {
                             if let Ok(c) = cookie {
diff --git a/rust/loro-websocket-server/tests/join_denied.rs b/rust/loro-websocket-server/tests/join_denied.rs
@@ -11,9 +11,9 @@ async fn join_denied_returns_error() {
 
     // Server with auth that always denies
     let cfg: server::ServerConfig<()> = server::ServerConfig {
-        authenticate: Some(Arc::new(|_room, _crdt, _auth| Box::pin(async { Ok(None) }))),
+        authenticate: Some(Arc::new(|_args| Box::pin(async { Ok(None) }))),
         default_permission: Permission::Write,
-        handshake_auth: Some(Arc::new(|_ws, token, _req| token == Some("secret"))),
+        handshake_auth: Some(Arc::new(|args| args.token == Some("secret"))),
         ..Default::default()
     };
     let server_task = tokio::spawn(async move {
diff --git a/rust/loro-websocket-server/tests/join_snapshot_load.rs b/rust/loro-websocket-server/tests/join_snapshot_load.rs
@@ -24,7 +24,7 @@ async fn join_sends_snapshot_from_loader() {
                 })
             })
         })),
-        handshake_auth: Some(Arc::new(|_ws, token, _req| token == Some("secret"))),
+        handshake_auth: Some(Arc::new(|args| args.token == Some("secret"))),
         ..Default::default()
     };
     let server_task = tokio::spawn(async move {
diff --git a/rust/loro-websocket-server/tests/readonly_receive.rs b/rust/loro-websocket-server/tests/readonly_receive.rs
@@ -12,19 +12,19 @@ async fn readonly_receives_updates_writer_sends() {
     let listener = tokio::net::TcpListener::bind("127.0.0.1:0").await.unwrap();
     let addr = listener.local_addr().unwrap();
     let cfg: server::ServerConfig<()> = server::ServerConfig {
-        authenticate: Some(Arc::new(|_room, _crdt, auth| {
+        authenticate: Some(Arc::new(|args| {
             Box::pin(async move {
-                if auth == b"writer" {
+                if args.auth == b"writer" {
                     Ok(Some(Permission::Write))
-                } else if auth == b"reader" {
+                } else if args.auth == b"reader" {
                     Ok(Some(Permission::Read))
                 } else {
                     Ok(None)
                 }
             })
         })),
         default_permission: Permission::Write,
-        handshake_auth: Some(Arc::new(|_ws, token, _req| token == Some("secret"))),
+        handshake_auth: Some(Arc::new(|args| args.token == Some("secret"))),
         ..Default::default()
     };
     let server_task = tokio::spawn(async move {
diff --git a/rust/loro-websocket-server/tests/reject_update_without_join.rs b/rust/loro-websocket-server/tests/reject_update_without_join.rs
@@ -9,7 +9,7 @@ async fn reject_update_without_join() {
     let addr = listener.local_addr().unwrap();
     let server_task = tokio::spawn(async move {
         let cfg: server::ServerConfig<()> = server::ServerConfig {
-            handshake_auth: Some(Arc::new(|_ws, token, _req| token == Some("secret"))),
+            handshake_auth: Some(Arc::new(|args| args.token == Some("secret"))),
             ..Default::default()
         };
         server::serve_incoming_with_config(listener, cfg)
