This repository was archived by the owner on May 2, 2026. It is now read-only.
fix(pair): wrap AuthNodeInfo in Message envelope before sending#12
Merged
filinvadim merged 1 commit intomainfrom Apr 26, 2026
Merged
fix(pair): wrap AuthNodeInfo in Message envelope before sending#12filinvadim merged 1 commit intomainfrom
filinvadim merged 1 commit intomainfrom
Conversation
The server's auth middleware unmarshals every external stream payload as
the canonical Message envelope (body / message_id / node_id / path /
timestamp / version / signature) before routing to the handler.
WarpnetClient.pair() was sending the AuthNodeInfo JSON unwrapped, so the
middleware refused the stream:
middleware: auth: unmarshaling data: /private/post/admin/pair/0.0.0
{"user_id":"...","token":"...","psk":"...",...} <nil>
Mirror request(): build a WarpnetEnvelope around the raw AuthNodeInfo
JSON, sign the body, and send the envelope JSON. The body inside the
envelope is the original AuthNodeInfo JSON the QR carried, so the pair
handler's token comparison against serverAuthInfo.Token still matches
byte-for-byte.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The server's auth middleware unmarshals every external stream payload as the canonical
Messageenvelope (body / message_id / node_id / path / timestamp / version / signature) before routing to the handler.WarpnetClient.pair()was sending theAuthNodeInfoJSON unwrapped, so the middleware refused the stream:Change
Mirror what
request()already does for every other call:WarpnetEnvelopearound the raw AuthNodeInfo JSON, setpath = PRIVATE_POST_PAIR, sign the body via the existingsigner.sign(...).The
bodyfield inside the envelope is the original AuthNodeInfo JSON the QR carried, so the pair handler'sserverAuthInfo.Token == clientInfo.Tokencomparison still matches byte-for-byte.Note
Pure Kotlin transport-module change; no Go change, so
warpnet.aardoes not need to be rebuilt for this fix.Test plan
{"code":0,"message":"Accepted"}and warpdroid should persist the identity.https://claude.ai/code/session_011638L4REv78jEVUjQsniPz
Generated by Claude Code