From 2c2cf8cdf8f5f99f87c786828bf49f6f48c58595 Mon Sep 17 00:00:00 2001 From: zarzet Date: Wed, 1 Jul 2026 08:18:35 +0700 Subject: [PATCH] fix(extensions): bootstrap and clear pending signed-session auth Ensure pending auth requests are created when verification is needed but missing, and clear them after signed-session grant completion or clear so stale challenges do not block later verification flows. --- go_backend/exports.go | 36 +++++++++++++++++++++++++- go_backend/extension_signed_session.go | 2 ++ 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/go_backend/exports.go b/go_backend/exports.go index 23f1bc95..a04c8c87 100644 --- a/go_backend/exports.go +++ b/go_backend/exports.go @@ -3287,7 +3287,7 @@ func InvokeExtensionActionJSON(extensionID, actionName string) (string, error) { } func GetExtensionPendingAuthJSON(extensionID string) (string, error) { - req := GetPendingAuthRequest(extensionID) + req := ensureExtensionPendingAuthRequest(extensionID) if req == nil { return "", nil } @@ -3306,6 +3306,40 @@ func GetExtensionPendingAuthJSON(extensionID string) (string, error) { return string(jsonBytes), nil } +func ensureExtensionPendingAuthRequest(extensionID string) *PendingAuthRequest { + extensionID = strings.TrimSpace(extensionID) + if extensionID == "" { + return nil + } + + if req := GetPendingAuthRequest(extensionID); req != nil { + return req + } + + manager := getExtensionManager() + ext, err := manager.GetExtension(extensionID) + if err != nil || ext == nil || !ext.Enabled || ext.Manifest == nil || ext.Manifest.SignedSession == nil { + return nil + } + + if err := ext.ensureRuntimeReady(); err != nil || ext.runtime == nil { + return nil + } + + config := signedSessionConfigWithDefaults(ext.Manifest.SignedSession) + if config.Namespace == "" || config.BaseURL == "" { + return nil + } + if record, err := ext.runtime.loadSignedSession(config); err == nil { + record.SessionID = "" + record.SessionSecret = "" + record.ExpiresAt = "" + _ = ext.runtime.saveSignedSession(config, record) + } + ext.runtime.startSignedSessionVerification(config, "pending-auth-request") + return GetPendingAuthRequest(extensionID) +} + func SetExtensionAuthCodeByID(extensionID, authCode string) { SetExtensionAuthCode(extensionID, authCode) } diff --git a/go_backend/extension_signed_session.go b/go_backend/extension_signed_session.go index 5a64f920..e750d8cc 100644 --- a/go_backend/extension_signed_session.go +++ b/go_backend/extension_signed_session.go @@ -236,6 +236,7 @@ func (r *extensionRuntime) signedSessionClear(call goja.FunctionCall) goja.Value if err := r.saveSignedSession(config, record); err != nil { return r.vm.ToValue(map[string]interface{}{"success": false, "error": err.Error()}) } + ClearPendingAuthRequest(r.extensionID) return r.vm.ToValue(map[string]interface{}{"success": true}) } @@ -256,6 +257,7 @@ func (r *extensionRuntime) signedSessionCompleteGrant(call goja.FunctionCall) go if err := r.exchangeSignedSessionGrant(grant); err != nil { return r.vm.ToValue(map[string]interface{}{"success": false, "error": err.Error()}) } + ClearPendingAuthRequest(r.extensionID) return r.vm.ToValue(map[string]interface{}{"success": true}) }