fix(subscriptions): use x-api-key connectionParams format for WebSocket auth

The Unraid graphql-ws server expects the API key directly in connectionParams as `x-api-key`, not nested under `headers`. The old format caused the server to fall through to cookie auth and crash on `undefined.csrf_token`. Fixed in snapshot.py (×2), manager.py, diagnostics.py, and updated the integration test assertion to match the correct payload shape.
2026-03-23 12:39:24 -07:00 · 2026-03-15 22:56:58 -04:00
parent 06368ce156
commit c37d4b1c5a
9 changed files with 1076 additions and 70 deletions
--- a/unraid_mcp/subscriptions/diagnostics.py
+++ b/unraid_mcp/subscriptions/diagnostics.py
@@ -130,7 +130,7 @@ def register_diagnostic_tools(mcp: FastMCP) -> None:
                    json.dumps(
                        {
                            "type": "connection_init",
-                            "payload": {"headers": {"X-API-Key": UNRAID_API_KEY}},
+                            "payload": {"x-api-key": UNRAID_API_KEY},
                        }
                    )
                )
--- a/unraid_mcp/subscriptions/manager.py
+++ b/unraid_mcp/subscriptions/manager.py
@@ -280,9 +280,8 @@ class SubscriptionManager:

                    if UNRAID_API_KEY:
                        logger.debug(f"[AUTH:{subscription_name}] Adding authentication payload")
-                        # Use standard X-API-Key header format (matching HTTP client)
-                        auth_payload = {"headers": {"X-API-Key": UNRAID_API_KEY}}
-                        init_payload["payload"] = auth_payload
+                        # Use graphql-ws connectionParams format (direct key, not nested headers)
+                        init_payload["payload"] = {"x-api-key": UNRAID_API_KEY}
                    else:
                        logger.warning(
                            f"[AUTH:{subscription_name}] No API key available for authentication"
--- a/unraid_mcp/subscriptions/snapshot.py
+++ b/unraid_mcp/subscriptions/snapshot.py
@@ -52,7 +52,7 @@ async def subscribe_once(
        # Handshake
        init: dict[str, Any] = {"type": "connection_init"}
        if UNRAID_API_KEY:
-            init["payload"] = {"headers": {"X-API-Key": UNRAID_API_KEY}}
+            init["payload"] = {"x-api-key": UNRAID_API_KEY}
        await ws.send(json.dumps(init))

        raw = await asyncio.wait_for(ws.recv(), timeout=timeout)
@@ -127,7 +127,7 @@ async def subscribe_collect(

        init: dict[str, Any] = {"type": "connection_init"}
        if UNRAID_API_KEY:
-            init["payload"] = {"headers": {"X-API-Key": UNRAID_API_KEY}}
+            init["payload"] = {"x-api-key": UNRAID_API_KEY}
        await ws.send(json.dumps(init))

        raw = await asyncio.wait_for(ws.recv(), timeout=timeout)