From 32362b0ac2a88c3bac91b2e34c57f3605586f04d Mon Sep 17 00:00:00 2001
From: hailin <hailin.zhao@gdzx.xyz>
Date: Tue, 30 Dec 2025 06:31:41 -0800
Subject: [PATCH] fix(sign-session): add join_token to
 GetSignSessionByInviteCode API
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The sign session flow was failing with "invalid token" error because
the GetSignSessionByInviteCode API did not return a join_token, unlike
the keygen GetSessionByInviteCode API.

Changes:
- Account Service: Generate wildcard JWT join token in GetSignSessionByInviteCode
- service-party-app: Update types and handlers to include joinToken in session
- service-party-app: Pass joinToken when joining sign session

This makes the sign flow consistent with the keygen flow.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .../adapters/input/http/co_managed_handler.go | 23 ++++++++++++++++++-
 .../service-party-app/electron/main.ts        |  1 +
 .../electron/modules/account-client.ts        |  1 +
 .../service-party-app/src/pages/Sign.tsx      |  2 ++
 .../service-party-app/src/types/electron.d.ts |  1 +
 5 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/backend/mpc-system/services/account/adapters/input/http/co_managed_handler.go b/backend/mpc-system/services/account/adapters/input/http/co_managed_handler.go
index 1df8112c..6be70714 100644
--- a/backend/mpc-system/services/account/adapters/input/http/co_managed_handler.go
+++ b/backend/mpc-system/services/account/adapters/input/http/co_managed_handler.go
@@ -664,10 +664,30 @@ func (h *CoManagedHTTPHandler) GetSignSessionByInviteCode(c *gin.Context) {
 		return
 	}
 
+	// Generate a wildcard join token for this session
+	// This allows any participant to join using this token
+	var joinToken string
+	if h.jwtService != nil {
+		sessionUUID, err := uuid.Parse(sessionID)
+		if err == nil {
+			// Token valid until session expires
+			tokenExpiry := time.Until(expiresAt)
+			if tokenExpiry > 0 {
+				joinToken, err = h.jwtService.GenerateJoinToken(sessionUUID, "*", tokenExpiry)
+				if err != nil {
+					logger.Warn("Failed to generate join token for sign session",
+						zap.String("session_id", sessionID),
+						zap.Error(err))
+				}
+			}
+		}
+	}
+
 	logger.Info("Found sign session for invite_code",
 		zap.String("invite_code", inviteCode),
 		zap.String("session_id", sessionID),
-		zap.String("wallet_name", walletName))
+		zap.String("wallet_name", walletName),
+		zap.Bool("has_join_token", joinToken != ""))
 
 	c.JSON(http.StatusOK, gin.H{
 		"session_id":        sessionID,
@@ -679,5 +699,6 @@ func (h *CoManagedHTTPHandler) GetSignSessionByInviteCode(c *gin.Context) {
 		"completed_parties": statusResp.CompletedParties,
 		"total_parties":     statusResp.TotalParties,
 		"expires_at":        expiresAt.UnixMilli(),
+		"join_token":        joinToken,
 	})
 }
diff --git a/backend/mpc-system/services/service-party-app/electron/main.ts b/backend/mpc-system/services/service-party-app/electron/main.ts
index 47eeceb6..5ea93e96 100644
--- a/backend/mpc-system/services/service-party-app/electron/main.ts
+++ b/backend/mpc-system/services/service-party-app/electron/main.ts
@@ -1073,6 +1073,7 @@ function setupIpcHandlers() {
           currentParticipants: result?.joined_count || 0,
           status: result?.status,
           parties: result?.parties,
+          joinToken: result?.join_token,
         },
       };
     } catch (error) {
diff --git a/backend/mpc-system/services/service-party-app/electron/modules/account-client.ts b/backend/mpc-system/services/service-party-app/electron/modules/account-client.ts
index c0e16dcc..c1e654ee 100644
--- a/backend/mpc-system/services/service-party-app/electron/modules/account-client.ts
+++ b/backend/mpc-system/services/service-party-app/electron/modules/account-client.ts
@@ -137,6 +137,7 @@ export interface GetSignSessionByInviteCodeResponse {
   expires_at: number;
   parties: SignPartyInfo[];
   joined_count: number;
+  join_token?: string;
 }
 
 // 错误响应
diff --git a/backend/mpc-system/services/service-party-app/src/pages/Sign.tsx b/backend/mpc-system/services/service-party-app/src/pages/Sign.tsx
index 8b1ac783..abcf5e3d 100644
--- a/backend/mpc-system/services/service-party-app/src/pages/Sign.tsx
+++ b/backend/mpc-system/services/service-party-app/src/pages/Sign.tsx
@@ -20,6 +20,7 @@ interface SigningSession {
   threshold: { t: number; n: number };
   currentParticipants: number;
   initiator: string;
+  joinToken?: string;
 }
 
 export default function Sign() {
@@ -135,6 +136,7 @@ export default function Sign() {
         sessionId: signingSession!.sessionId,
         shareId: selectedShare.id,
         password: password,
+        joinToken: signingSession!.joinToken,
       });
 
       if (result.success) {
diff --git a/backend/mpc-system/services/service-party-app/src/types/electron.d.ts b/backend/mpc-system/services/service-party-app/src/types/electron.d.ts
index 35ec0fbd..ad31781e 100644
--- a/backend/mpc-system/services/service-party-app/src/types/electron.d.ts
+++ b/backend/mpc-system/services/service-party-app/src/types/electron.d.ts
@@ -179,6 +179,7 @@ interface SigningSession {
   threshold: { t: number; n: number };
   currentParticipants: number;
   initiator: string;
+  joinToken?: string;
 }
 
 interface ValidateSigningSessionResult {