Monorepo for Aesthetic.Computer
aesthetic.computer
fix: device token auth uses MongoDB directly instead of handle API
The handle API expects ?for=sub, not ?handle=name. Use MongoDB
@handles collection directly — the chat manager already has a
DB connection.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
+7
-13
+7
-13
session-server/chat-manager.mjs
+7
-13
session-server/chat-manager.mjs
···
605
605
}
606
606
607
607
async authorizeDeviceToken(instance, handle, token) {
608
-
// AC device tokens are "hmac.timestamp" — validate by looking up the handle
608
+
// AC device tokens are "hmac.timestamp" — validate by looking up handle in MongoDB
609
609
if (!token || !token.includes(".") || !handle) return undefined;
610
610
try {
611
-
let host = this.dev ? "https://localhost:8888" :
612
-
(instance.config.name === "chat-sotce" ? "https://sotce.net" : "https://aesthetic.computer");
613
-
const options = {};
614
-
if (this.agent) options.agent = this.agent;
615
-
// Verify handle exists via the handle API
616
-
const res = await fetch(`${host}/.netlify/functions/handle?handle=${handle.replace("@", "")}`, options);
617
-
if (res.status === 200) {
618
-
const data = await res.json();
619
-
if (data.sub) {
620
-
console.log("💬 Device token authorized for @" + handle);
621
-
return { sub: data.sub };
622
-
}
611
+
const cleanHandle = handle.replace("@", "");
612
+
const doc = await this.db.collection("@handles").findOne({ handle: cleanHandle });
613
+
if (doc && doc._id) {
614
+
console.log("💬 Device token authorized for @" + cleanHandle + " (sub: " + doc._id + ")");
615
+
return { sub: doc._id };
623
616
}
617
+
console.log("💬 Device token: handle @" + cleanHandle + " not found in DB");
624
618
return undefined;
625
619
} catch (err) {
626
620
console.error("💬 Device token auth error:", err);