From e8a6c69d3c0ed6394278b4b3506ebe5993949319 Mon Sep 17 00:00:00 2001
From: Ralf Kistner <ralf@journeyapps.com>
Date: Fri, 19 Jul 2024 23:09:53 +0200
Subject: [PATCH 1/2] Require authentication on websocket connection level.

---
 service/src/runners/server.ts | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/service/src/runners/server.ts b/service/src/runners/server.ts
index bb525a26a..e4868303c 100644
--- a/service/src/runners/server.ts
+++ b/service/src/runners/server.ts
@@ -85,28 +85,29 @@ export async function startServer(runnerConfig: core.utils.RunnerConfig) {
       const { token } = core.routes.RSocketContextMeta.decode(deserialize(data) as any);
 
       if (!token) {
-        throw new errors.ValidationError('No token provided in context');
+        throw new errors.AuthorizationError('No token provided');
       }
 
       try {
         const extracted_token = core.routes.auth.getTokenFromHeader(token);
         if (extracted_token != null) {
-          const { context, errors } = await core.routes.auth.generateContext(system, extracted_token);
+          const { context, errors: token_errors } = await core.routes.auth.generateContext(system, extracted_token);
+          if (context?.token_payload == null) {
+            throw new errors.AuthorizationError(token_errors ?? 'Authentication required');
+          }
           return {
             token,
             ...context,
-            token_errors: errors,
+            token_errors: token_errors,
             system
           };
+        } else {
+          throw new errors.AuthorizationError('No token provided');
         }
       } catch (ex) {
         logger.error(ex);
+        throw ex;
       }
-
-      return {
-        token,
-        system
-      };
     },
     endpoints: [core.routes.endpoints.syncStreamReactive(SocketRouter)],
     metaDecoder: async (meta: Buffer) => {

From 2a8c6146dc87c3d11562dd1b00ee066fa63f6f62 Mon Sep 17 00:00:00 2001
From: Ralf Kistner <ralf@journeyapps.com>
Date: Fri, 19 Jul 2024 23:16:34 +0200
Subject: [PATCH 2/2] Add changeset.

---
 .changeset/popular-rivers-smell.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 .changeset/popular-rivers-smell.md

diff --git a/.changeset/popular-rivers-smell.md b/.changeset/popular-rivers-smell.md
new file mode 100644
index 000000000..7e721a056
--- /dev/null
+++ b/.changeset/popular-rivers-smell.md
@@ -0,0 +1,5 @@
+---
+'@powersync/service-image': patch
+---
+
+Fix websockets not being closed on authentication error