Skip to content

fix(dashboard): resolve chat attachment 401#7569

Merged
RC-CHN merged 2 commits intoAstrBotDevs:masterfrom
KBVsent:fix/chat-attachment-401
Apr 15, 2026
Merged

fix(dashboard): resolve chat attachment 401#7569
RC-CHN merged 2 commits intoAstrBotDevs:masterfrom
KBVsent:fix/chat-attachment-401

Conversation

@KBVsent
Copy link
Copy Markdown
Contributor

@KBVsent KBVsent commented Apr 15, 2026

After the #7485 chatui style refactor, the old getAttachment() / getMediaFile() functions in useMessages.ts were removed. These functions used axios.get() (which carries the JWT Authorization header) to fetch attachment blobs and convert them to blob: URLs via URL.createObjectURL(). The refactored code replaced this with a partUrl() function that returns raw API paths like /api/chat/get_attachment?attachment_id=... directly into <img src> attributes. Since <img> tags cannot send custom HTTP headers, the browser makes unauthenticated GET requests, which the server's auth middleware rejects with 401 Unauthorized. This breaks all image, audio, and video rendering in the WebChat UI.

2026-04-15_11 48 38 2026-04-15_11 49 10

Modifications / 改动点

  • dashboard/src/composables/useMessages.ts: Restore authenticated blob URL resolution for media attachments. Added resolvePartMedia() to fetch attachment/file content via axios (with JWT), convert to blob URL, and write back to part.embedded_url with a cache layer. Added resolveRecordMedia() to batch-resolve all media parts in history records. History messages are fully resolved before being assigned to the reactive store to prevent intermediate 401 requests. Streaming media parts are resolved before being pushed into the reactive message array.
  • This is NOT a breaking change. / 这不是一个破坏性变更。

Screenshots or Test Results / 运行截图或测试结果

HapiGo_2026-04-15_11 51 36

Checklist / 检查清单

  • 😊 If there are new features added in the PR, I have discussed it with the authors through issues/emails, etc.
    / 如果 PR 中有新加入的功能,已经通过 Issue / 邮件等方式和作者讨论过。

  • 👀 My changes have been well-tested, and "Verification Steps" and "Screenshots" have been provided above.
    / 我的更改经过了良好的测试,并已在上方提供了“验证步骤”和“运行截图”

  • 🤓 I have ensured that no new dependencies are introduced, OR if new dependencies are introduced, they have been added to the appropriate locations in requirements.txt and pyproject.toml.
    / 我确保没有引入新依赖库,或者引入了新依赖库的同时将其添加到 requirements.txtpyproject.toml 文件相应位置。

  • 😮 My changes do not introduce malicious code.
    / 我的更改没有引入恶意代码。

Summary by Sourcery

Restore authenticated resolution of media attachments in the WebChat dashboard to prevent unauthorized (401) requests and ensure media renders correctly.

Bug Fixes:

  • Fix unauthorized (401) errors when loading chat media attachments by avoiding direct use of unauthenticated API URLs in media tags.

Enhancements:

  • Add centralized media resolution helpers that fetch attachment and file blobs with authentication, cache blob URLs, and apply them to message parts before they are rendered.

@dosubot dosubot bot added the size:M This PR changes 30-99 lines, ignoring generated files. label Apr 15, 2026
Copy link
Copy Markdown
Contributor

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've left some high level feedback:

  • The attachmentBlobCache Map currently has no eviction or lifecycle management and the blob URLs created via URL.createObjectURL are never revoked, which can lead to unbounded memory usage; consider adding a simple LRU/size cap and revoking URLs when entries are removed or on teardown.
  • In handleEmbeddedMediaMessage, you resolve media and only push the mediaPart after resolvePartMedia completes, which can delay or reorder streamed content relative to other message updates; if ordering matters, consider pushing a placeholder part immediately and updating its embedded_url once resolved instead of deferring the push.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- The `attachmentBlobCache` Map currently has no eviction or lifecycle management and the blob URLs created via `URL.createObjectURL` are never revoked, which can lead to unbounded memory usage; consider adding a simple LRU/size cap and revoking URLs when entries are removed or on teardown.
- In `handleEmbeddedMediaMessage`, you resolve media and only push the `mediaPart` after `resolvePartMedia` completes, which can delay or reorder streamed content relative to other message updates; if ordering matters, consider pushing a placeholder part immediately and updating its `embedded_url` once resolved instead of deferring the push.

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a media resolution and caching system for chat attachments and files, utilizing blob URLs to handle authenticated media requests. The review feedback identifies several critical improvements: ensuring messages remain in the correct order during streaming by pushing media parts to the UI immediately, preventing race conditions by caching promises instead of resolved strings, and addressing potential memory leaks by revoking object URLs. Additionally, it is recommended to include 'file' types in the resolution logic to ensure they are correctly authenticated.

Comment thread dashboard/src/composables/useMessages.ts
Comment thread dashboard/src/composables/useMessages.ts Outdated
Comment thread dashboard/src/composables/useMessages.ts Outdated
Comment thread dashboard/src/composables/useMessages.ts
@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Apr 15, 2026
@RC-CHN RC-CHN merged commit 7c39abc into AstrBotDevs:master Apr 15, 2026
21 checks passed
@KBVsent KBVsent deleted the fix/chat-attachment-401 branch April 16, 2026 13:31
@dosubot dosubot bot mentioned this pull request Apr 19, 2026
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

lgtm This PR has been approved by a maintainer size:M This PR changes 30-99 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants