Allow websocket connection to pass in Authorization header to conversation validator (#8405)

Co-authored-by: openhands <openhands@all-hands.dev>

openhands/server/listen_socket.py

@@ -72,9 +72,12 @@ async def connect(connection_id: str, environ):
             raise ConnectionRefusedError('No conversation_id in query params')
 
         cookies_str = environ.get('HTTP_COOKIE', '')
+        # Get Authorization header from the environment
+        # Headers in WSGI/ASGI are prefixed with 'HTTP_' and have dashes replaced with underscores
+        authorization_header = environ.get('HTTP_AUTHORIZATION', None)
         conversation_validator = create_conversation_validator()
         user_id, github_user_id = await conversation_validator.validate(
-            conversation_id, cookies_str
+            conversation_id, cookies_str, authorization_header
         )
 
         settings_store = await SettingsStoreImpl.get_instance(config, user_id)

openhands/storage/conversation/conversation_validator.py

@@ -7,7 +7,10 @@ class ConversationValidator:
     """Storage for conversation metadata. May or may not support multiple users depending on the environment."""
 
     async def validate(
-        self, conversation_id: str, cookies_str: str
+        self,
+        conversation_id: str,
+        cookies_str: str,
+        authorization_header: str | None = None,
     ) -> tuple[None, None]:
         return None, None