From fc59b02255e3b91e8329b6bf02517102b05d0996 Mon Sep 17 00:00:00 2001
From: Timothy Pogue <me@pogue.dev>
Date: Thu, 24 Nov 2022 13:41:10 -0700
Subject: [PATCH] prevent ws endpoint from running without valid token

---
 freqtrade/rpc/api_server/api_auth.py |  2 --
 freqtrade/rpc/api_server/api_ws.py   | 11 ++++++-----
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/freqtrade/rpc/api_server/api_auth.py b/freqtrade/rpc/api_server/api_auth.py
index ee66fce2b..71f1145a9 100644
--- a/freqtrade/rpc/api_server/api_auth.py
+++ b/freqtrade/rpc/api_server/api_auth.py
@@ -81,8 +81,6 @@ async def validate_ws_token(
     except HTTPException:
         pass
 
-    # No checks passed, deny the connection
-    logger.debug("Denying websocket request.")
     # If it doesn't match, close the websocket connection
     await ws.close(code=status.WS_1008_POLICY_VIOLATION)
 
diff --git a/freqtrade/rpc/api_server/api_ws.py b/freqtrade/rpc/api_server/api_ws.py
index fe2968c05..77950923d 100644
--- a/freqtrade/rpc/api_server/api_ws.py
+++ b/freqtrade/rpc/api_server/api_ws.py
@@ -97,8 +97,9 @@ async def message_endpoint(
     rpc: RPC = Depends(get_rpc),
     message_stream: MessageStream = Depends(get_message_stream)
 ):
-    async with create_channel(websocket) as channel:
-        await channel.run_channel_tasks(
-            channel_reader(channel, rpc),
-            channel_broadcaster(channel, message_stream)
-        )
+    if token:
+        async with create_channel(websocket) as channel:
+            await channel.run_channel_tasks(
+                channel_reader(channel, rpc),
+                channel_broadcaster(channel, message_stream)
+            )