From 7505783a87481d9ca89202b5dfb13e55485f2c4e Mon Sep 17 00:00:00 2001
From: Teo Koon Peng <teokoonpeng@gmail.com>
Date: Fri, 7 Mar 2025 03:33:28 +0000
Subject: [PATCH 1/2] fix auth bypass

Signed-off-by: Teo Koon Peng <teokoonpeng@gmail.com>
---
 .../src/rmf_visualization_schedule/TrajectoryServer.cpp   | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/rmf_visualization_schedule/src/rmf_visualization_schedule/TrajectoryServer.cpp b/rmf_visualization_schedule/src/rmf_visualization_schedule/TrajectoryServer.cpp
index 2137f7b..b2c79a7 100644
--- a/rmf_visualization_schedule/src/rmf_visualization_schedule/TrajectoryServer.cpp
+++ b/rmf_visualization_schedule/src/rmf_visualization_schedule/TrajectoryServer.cpp
@@ -118,8 +118,6 @@ auto TrajectoryServer::Implementation::on_message(
     return;
   }
 
-  bool ok = parse_request(hdl, msg, response);
-
   // validate jwt only if public key is given (when running with dashboard)
   std::string public_key;
   std::string token;
@@ -137,14 +135,16 @@ auto TrajectoryServer::Implementation::on_message(
     }
     catch (std::exception& e)
     {
-      is_verified = false;
       std::string err_excp = e.what();
       send_error_message(hdl, msg, err_response, server, err_excp);
       std::cerr << "Error: " << e.what() << std::endl;
+      return;
     }
   }
 
-  if (ok && is_verified)
+  bool ok = parse_request(hdl, msg, response);
+
+  if (ok)
   {
     RCLCPP_DEBUG(schedule_data_node->get_logger(),
       "Response: %s", response.c_str());

From 2bfa44b354b87c9c845e5756c35f119f1bdbf52f Mon Sep 17 00:00:00 2001
From: Teo Koon Peng <teokoonpeng@gmail.com>
Date: Fri, 7 Mar 2025 03:47:57 +0000
Subject: [PATCH 2/2] close connection on auth fail

Signed-off-by: Teo Koon Peng <teokoonpeng@gmail.com>
---
 .../src/rmf_visualization_schedule/TrajectoryServer.cpp         | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rmf_visualization_schedule/src/rmf_visualization_schedule/TrajectoryServer.cpp b/rmf_visualization_schedule/src/rmf_visualization_schedule/TrajectoryServer.cpp
index b2c79a7..b7088fd 100644
--- a/rmf_visualization_schedule/src/rmf_visualization_schedule/TrajectoryServer.cpp
+++ b/rmf_visualization_schedule/src/rmf_visualization_schedule/TrajectoryServer.cpp
@@ -138,6 +138,8 @@ auto TrajectoryServer::Implementation::on_message(
       std::string err_excp = e.what();
       send_error_message(hdl, msg, err_response, server, err_excp);
       std::cerr << "Error: " << e.what() << std::endl;
+      server->close(hdl, websocketpp::close::status::normal,
+        "invalid auth token");
       return;
     }
   }