fix(subscriptions): use x-api-key connectionParams format for WebSocket auth

The Unraid graphql-ws server expects the API key directly in connectionParams as `x-api-key`, not nested under `headers`. The old format caused the server to fall through to cookie auth and crash on `undefined.csrf_token`. Fixed in snapshot.py (×2), manager.py, diagnostics.py, and updated the integration test assertion to match the correct payload shape.
2026-03-23 12:39:24 -07:00 · 2026-03-15 22:56:58 -04:00
parent 06368ce156
commit c37d4b1c5a
9 changed files with 1076 additions and 70 deletions
--- a/unraid_mcp/subscriptions/manager.py
+++ b/unraid_mcp/subscriptions/manager.py
@@ -280,9 +280,8 @@ class SubscriptionManager:

                    if UNRAID_API_KEY:
                        logger.debug(f"[AUTH:{subscription_name}] Adding authentication payload")
-                        # Use standard X-API-Key header format (matching HTTP client)
-                        auth_payload = {"headers": {"X-API-Key": UNRAID_API_KEY}}
-                        init_payload["payload"] = auth_payload
+                        # Use graphql-ws connectionParams format (direct key, not nested headers)
+                        init_payload["payload"] = {"x-api-key": UNRAID_API_KEY}
                    else:
                        logger.warning(
                            f"[AUTH:{subscription_name}] No API key available for authentication"