fix: use correct bearer token for lazy-load video fetch#5030
Conversation
Co-Authored-By: Claude <noreply@anthropic.com>
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
| func readHttpToken() -> String? { | ||
| let tokenPath = NSHomeDirectory() + "/.vellum/http-token" | ||
| guard let data = try? Data(contentsOf: URL(fileURLWithPath: tokenPath)), | ||
| let token = String(data: data, encoding: .utf8)? | ||
| .trimmingCharacters(in: .whitespacesAndNewlines), | ||
| !token.isEmpty else { | ||
| return nil | ||
| } | ||
| return token | ||
| } |
There was a problem hiding this comment.
🟡 readHttpToken() ignores BASE_DATA_DIR, unlike readSessionToken() and other path resolvers
The new readHttpToken() hardcodes the path as NSHomeDirectory() + "/.vellum/http-token", but does not respect the BASE_DATA_DIR environment variable. This is inconsistent with the existing readSessionToken() function at clients/shared/IPC/DaemonClient.swift:35-41 which explicitly checks BASE_DATA_DIR and the daemon-side getHttpTokenPath() at assistant/src/util/platform.ts:146-148 which uses getRootDir() (also BASE_DATA_DIR-aware).
Root Cause and Impact
On the daemon side, getHttpTokenPath() returns join(getRootDir(), 'http-token') where getRootDir() resolves to join(process.env.BASE_DATA_DIR || homedir(), '.vellum'). When BASE_DATA_DIR is set (e.g. in Docker via ENV BASE_DATA_DIR=/data, or in development), the daemon writes the http-token to $BASE_DATA_DIR/.vellum/http-token.
The Swift readHttpToken() always reads from ~/.vellum/http-token, so when BASE_DATA_DIR is set to a non-home directory, the token file won't be found and the function returns nil, causing fetchAttachmentData() to throw URLError(.userAuthenticationRequired) — the same class of auth failure this PR was meant to fix.
The existing readSessionToken() in the same file correctly handles this:
func resolveSessionTokenPath(environment: [String: String]? = nil) -> String {
let env = environment ?? ProcessInfo.processInfo.environment
if let baseDir = env["BASE_DATA_DIR"]?..., !baseDir.isEmpty {
return expandHomePath(baseDir) + "/.vellum/session-token"
}
return NSHomeDirectory() + "/.vellum/session-token"
}Impact: Video lazy-load will fail with 401 when BASE_DATA_DIR is set to a non-default path.
| func readHttpToken() -> String? { | |
| let tokenPath = NSHomeDirectory() + "/.vellum/http-token" | |
| guard let data = try? Data(contentsOf: URL(fileURLWithPath: tokenPath)), | |
| let token = String(data: data, encoding: .utf8)? | |
| .trimmingCharacters(in: .whitespacesAndNewlines), | |
| !token.isEmpty else { | |
| return nil | |
| } | |
| return token | |
| } | |
| /// Resolve the daemon HTTP token path. | |
| /// Uses BASE_DATA_DIR when set to match daemon root resolution. | |
| func resolveHttpTokenPath(environment: [String: String]? = nil) -> String { | |
| let env = environment ?? ProcessInfo.processInfo.environment | |
| if let baseDir = env["BASE_DATA_DIR"]?.trimmingCharacters(in: .whitespacesAndNewlines), !baseDir.isEmpty { | |
| return expandHomePath(baseDir) + "/.vellum/http-token" | |
| } | |
| return NSHomeDirectory() + "/.vellum/http-token" | |
| } | |
| /// Read the daemon HTTP bearer token from disk (~/.vellum/http-token). | |
| func readHttpToken(environment: [String: String]? = nil) -> String? { | |
| let tokenPath = resolveHttpTokenPath(environment: environment) | |
| guard let data = try? Data(contentsOf: URL(fileURLWithPath: tokenPath)), | |
| let token = String(data: data, encoding: .utf8)? | |
| .trimmingCharacters(in: .whitespacesAndNewlines), | |
| !token.isEmpty else { | |
| return nil | |
| } | |
| return token | |
| } | |
Was this helpful? React with 👍 or 👎 to provide feedback.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7523217c77
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| /// Read the daemon HTTP bearer token from disk (~/.vellum/http-token). | ||
| func readHttpToken() -> String? { | ||
| let tokenPath = NSHomeDirectory() + "/.vellum/http-token" |
There was a problem hiding this comment.
Use the same root-dir resolution as the daemon when reading http-token; this helper currently hardcodes ~/.vellum/http-token, but the daemon writes the bearer token under (BASE_DATA_DIR || $HOME)/.vellum/http-token (assistant/src/util/platform.ts + assistant/src/daemon/lifecycle.ts). In environments that set BASE_DATA_DIR (custom data roots, containerized/dev setups), readHttpToken() returns nil, so lazy-loaded video requests are sent without a valid token and fail with 401.
Useful? React with 👍 / 👎.
|
Addressed in #5055 |
1 participant
Summary
🤖 Generated with Claude Code