From 1df489de0e6ca5da04efa316e1762f970c53d3da Mon Sep 17 00:00:00 2001 From: Johnny Date: Thu, 18 Dec 2025 15:23:35 +0800 Subject: [PATCH] feat(api): update interceptor to handle AccessTokenV2 and PAT MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update WrapUnary to check AuthResult.Claims for stateless access tokens - Set UserClaims in context when authenticated via Access Token V2 - Set UserID in context for both stateless and stateful auth paths - Handle PAT authentication through existing SetUserInContext path - Maintain backward compatibility with legacy session/JWT auth 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- server/router/api/v1/connect_interceptors.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/server/router/api/v1/connect_interceptors.go b/server/router/api/v1/connect_interceptors.go index 9f3d6b363..d4781e37c 100644 --- a/server/router/api/v1/connect_interceptors.go +++ b/server/router/api/v1/connect_interceptors.go @@ -198,9 +198,16 @@ func (in *AuthInterceptor) WrapUnary(next connect.UnaryFunc) connect.UnaryFunc { return nil, connect.NewError(connect.CodeUnauthenticated, errors.New("authentication required")) } - // Set user in context (may be nil for public endpoints) + // Set context based on auth result if result != nil { - ctx = auth.SetUserInContext(ctx, result.User, result.SessionID, result.AccessToken) + if result.Claims != nil { + // Access Token V2 - stateless, use claims + ctx = auth.SetUserClaimsInContext(ctx, result.Claims) + ctx = context.WithValue(ctx, auth.UserIDContextKey, result.Claims.UserID) + } else if result.User != nil { + // PAT or legacy auth - have full user + ctx = auth.SetUserInContext(ctx, result.User, result.SessionID, result.AccessToken) + } } return next(ctx, req)