fix(dashboard): resolve chat attachment 401#7569
Merged
RC-CHN merged 2 commits intoAstrBotDevs:masterfrom Apr 15, 2026
Merged
Conversation
dosubot
bot
added
the
size:M
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Hey - I've left some high level feedback:
- The
attachmentBlobCacheMap currently has no eviction or lifecycle management and the blob URLs created viaURL.createObjectURLare never revoked, which can lead to unbounded memory usage; consider adding a simple LRU/size cap and revoking URLs when entries are removed or on teardown. - In
handleEmbeddedMediaMessage, you resolve media and only push themediaPartafterresolvePartMediacompletes, which can delay or reorder streamed content relative to other message updates; if ordering matters, consider pushing a placeholder part immediately and updating itsembedded_urlonce resolved instead of deferring the push.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- The `attachmentBlobCache` Map currently has no eviction or lifecycle management and the blob URLs created via `URL.createObjectURL` are never revoked, which can lead to unbounded memory usage; consider adding a simple LRU/size cap and revoking URLs when entries are removed or on teardown.
- In `handleEmbeddedMediaMessage`, you resolve media and only push the `mediaPart` after `resolvePartMedia` completes, which can delay or reorder streamed content relative to other message updates; if ordering matters, consider pushing a placeholder part immediately and updating its `embedded_url` once resolved instead of deferring the push.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request introduces a media resolution and caching system for chat attachments and files, utilizing blob URLs to handle authenticated media requests. The review feedback identifies several critical improvements: ensuring messages remain in the correct order during streaming by pushing media parts to the UI immediately, preventing race conditions by caching promises instead of resolved strings, and addressing potential memory leaks by revoking object URLs. Additionally, it is recommended to include 'file' types in the resolution logic to ensure they are correctly authenticated.
Soulter
approved these changes
Apr 15, 2026
RC-CHN
approved these changes
Apr 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
After the #7485 chatui style refactor, the old
getAttachment()/getMediaFile()functions inuseMessages.tswere removed. These functions usedaxios.get()(which carries the JWTAuthorizationheader) to fetch attachment blobs and convert them toblob:URLs viaURL.createObjectURL(). The refactored code replaced this with apartUrl()function that returns raw API paths like/api/chat/get_attachment?attachment_id=...directly into<img src>attributes. Since<img>tags cannot send custom HTTP headers, the browser makes unauthenticated GET requests, which the server's auth middleware rejects with 401 Unauthorized. This breaks all image, audio, and video rendering in the WebChat UI.Modifications / 改动点
dashboard/src/composables/useMessages.ts: Restore authenticated blob URL resolution for media attachments. AddedresolvePartMedia()to fetch attachment/file content via axios (with JWT), convert to blob URL, and write back topart.embedded_urlwith a cache layer. AddedresolveRecordMedia()to batch-resolve all media parts in history records. History messages are fully resolved before being assigned to the reactive store to prevent intermediate 401 requests. Streaming media parts are resolved before being pushed into the reactive message array.Screenshots or Test Results / 运行截图或测试结果
Checklist / 检查清单
😊 If there are new features added in the PR, I have discussed it with the authors through issues/emails, etc.
/ 如果 PR 中有新加入的功能,已经通过 Issue / 邮件等方式和作者讨论过。
👀 My changes have been well-tested, and "Verification Steps" and "Screenshots" have been provided above.
/ 我的更改经过了良好的测试,并已在上方提供了“验证步骤”和“运行截图”。
🤓 I have ensured that no new dependencies are introduced, OR if new dependencies are introduced, they have been added to the appropriate locations in
requirements.txtandpyproject.toml./ 我确保没有引入新依赖库,或者引入了新依赖库的同时将其添加到
requirements.txt和pyproject.toml文件相应位置。😮 My changes do not introduce malicious code.
/ 我的更改没有引入恶意代码。
Summary by Sourcery
Restore authenticated resolution of media attachments in the WebChat dashboard to prevent unauthorized (401) requests and ensure media renders correctly.
Bug Fixes:
Enhancements: