@chbo297/infoflow 2026.3.18 → 2026.5.4

package/dist/src/infoflow-req-parse.js

@@ -0,0 +1,394 @@
+import { createHash, createDecipheriv, timingSafeEqual } from "node:crypto";
+import { createDedupeCache } from "openclaw/plugin-sdk/core";
+// ---------------------------------------------------------------------------
+// Message deduplication
+// ---------------------------------------------------------------------------
+import { handlePrivateChatMessage, handleGroupChatMessage } from "./bot.js";
+import { getInfoflowParseLog, formatInfoflowError, logVerbose } from "./logging.js";
+// ---------------------------------------------------------------------------
+// Large-integer precision protection
+// ---------------------------------------------------------------------------
+// Infoflow message IDs (e.g. 1859713223686736431) exceed Number.MAX_SAFE_INTEGER (2^53-1).
+// JSON.parse silently truncates these to imprecise values.
+// We extract precise strings from raw JSON text via regex and patch the parsed object.
+const ID_KEYS = ["messageid", "msgid", "MsgId", "msgkey"];
+/**
+ * Patches large integer ID fields in `obj` with precise string values
+ * extracted from `rawText` via regex, bypassing JSON.parse precision loss.
+ * Only patches values with 16+ digits (smaller integers are safe).
+ */
+function patchPreciseIds(rawText, obj) {
+    for (const key of ID_KEYS) {
+        const re = new RegExp(`"${key}"\\s*:\\s*(\\d{16,})`, "g");
+        const preciseValues = [];
+        let m;
+        while ((m = re.exec(rawText)) !== null) {
+            preciseValues.push(m[1]);
+        }
+        if (preciseValues.length > 0) {
+            patchField(obj, key, preciseValues, 0);
+        }
+    }
+}
+/** Recursively walks `obj` and replaces numeric fields named `key` with precise strings (in order). */
+function patchField(obj, key, values, idx) {
+    if (obj == null || typeof obj !== "object")
+        return idx;
+    if (Array.isArray(obj)) {
+        for (const item of obj) {
+            idx = patchField(item, key, values, idx);
+        }
+        return idx;
+    }
+    const rec = obj;
+    if (key in rec && typeof rec[key] === "number" && idx < values.length) {
+        rec[key] = values[idx++];
+    }
+    for (const v of Object.values(rec)) {
+        if (v != null && typeof v === "object") {
+            idx = patchField(v, key, values, idx);
+        }
+    }
+    return idx;
+}
+const DEDUP_TTL_MS = 5 * 60 * 1000; // 5 minutes
+const DEDUP_MAX_SIZE = 1000;
+const messageCache = createDedupeCache({
+    ttlMs: DEDUP_TTL_MS,
+    maxSize: DEDUP_MAX_SIZE,
+});
+/**
+ * Extracts a dedup key from the decrypted message data.
+ *
+ * Priority:
+ *   1. message.header.messageid || message.header.msgid || MsgId
+ *   2. fallback: "{fromuserid}_{groupid}_{ctime}"
+ */
+function extractDedupeKey(msgData) {
+    const message = msgData.message;
+    const header = (message?.header ?? {});
+    // Priority 1: explicit message ID
+    const msgId = header.messageid ?? header.msgid ?? msgData.MsgId;
+    if (msgId != null) {
+        return String(msgId);
+    }
+    // Priority 2: composite key
+    const fromuserid = header.fromuserid ?? msgData.FromUserId ?? msgData.fromuserid;
+    const groupid = msgData.groupid ?? header.groupid;
+    const ctime = header.ctime ?? Date.now();
+    if (fromuserid != null) {
+        return `${fromuserid}_${groupid ?? "dm"}_${ctime}`;
+    }
+    return null;
+}
+/**
+ * Returns true if the message is a duplicate (already seen within TTL).
+ * Uses shared dedupe cache implementation.
+ */
+export function isDuplicateMessage(msgData) {
+    const key = extractDedupeKey(msgData);
+    if (!key)
+        return false; // Cannot extract key, allow through
+    return messageCache.check(key);
+}
+/**
+ * Records a sent message ID in the dedup cache.
+ * Called after successfully sending a message to prevent
+ * the bot from processing its own outbound messages as inbound.
+ */
+export function recordSentMessageId(messageId) {
+    if (messageId == null)
+        return;
+    messageCache.check(messageId);
+}
+// ---------------------------------------------------------------------------
+// AES-ECB Decryption Utilities
+// ---------------------------------------------------------------------------
+/**
+ * Decodes a Base64 URLSafe encoded string to a Buffer.
+ * Handles the URL-safe alphabet (- → +, _ → /) and auto-pads with '='.
+ */
+function base64UrlSafeDecode(s) {
+    const base64 = s.replace(/-/g, "+").replace(/_/g, "/");
+    const padLen = (4 - (base64.length % 4)) % 4;
+    return Buffer.from(base64 + "=".repeat(padLen), "base64");
+}
+/**
+ * Decrypts an AES-ECB encrypted message.
+ * @param encryptedMsg - Base64 URLSafe encoded ciphertext
+ * @param encodingAESKey - Base64 URLSafe encoded AES key (supports 16/24/32 byte keys)
+ * @returns Decrypted UTF-8 string
+ */
+function decryptMessage(encryptedMsg, encodingAESKey) {
+    const aesKey = base64UrlSafeDecode(encodingAESKey);
+    const cipherText = base64UrlSafeDecode(encryptedMsg);
+    // Select AES algorithm based on key length
+    let algorithm;
+    switch (aesKey.length) {
+        case 16:
+            algorithm = "aes-128-ecb";
+            break;
+        case 24:
+            algorithm = "aes-192-ecb";
+            break;
+        case 32:
+            algorithm = "aes-256-ecb";
+            break;
+        default:
+            throw new Error(`Invalid AES key length: ${aesKey.length} bytes (expected 16, 24, or 32)`);
+    }
+    // ECB mode does not use an IV (pass null)
+    const decipher = createDecipheriv(algorithm, aesKey, null);
+    const decrypted = Buffer.concat([decipher.update(cipherText), decipher.final()]);
+    return decrypted.toString("utf8");
+}
+/**
+ * Parses an XML message string into a key-value object.
+ * Handles simple XML structures like <xml><Tag>value</Tag></xml>.
+ */
+function parseXmlMessage(xmlString) {
+    try {
+        const result = {};
+        // Match <TagName>content</TagName> patterns
+        const tagRegex = /<(\w+)>(?:<!\[CDATA\[([\s\S]*?)\]\]>|([^<]*))<\/\1>/g;
+        let match;
+        while ((match = tagRegex.exec(xmlString)) !== null) {
+            const tagName = match[1];
+            // CDATA content or plain text content
+            const content = match[2] ?? match[3] ?? "";
+            result[tagName] = content.trim();
+        }
+        return Object.keys(result).length > 0 ? result : null;
+    }
+    catch {
+        return null;
+    }
+}
+// ---------------------------------------------------------------------------
+// Body readers
+// ---------------------------------------------------------------------------
+const MAX_BODY_SIZE = 20 * 1024 * 1024; // 20 MB
+/** Load raw body as a string from the request stream; enforces max size. */
+export async function loadRawBody(req, maxBytes = MAX_BODY_SIZE) {
+    const chunks = [];
+    let total = 0;
+    let done = false;
+    return await new Promise((resolve) => {
+        req.on("data", (chunk) => {
+            if (done)
+                return;
+            total += chunk.length;
+            if (total > maxBytes) {
+                done = true;
+                resolve({ ok: false, error: "payload too large" });
+                req.destroy();
+                return;
+            }
+            chunks.push(chunk);
+        });
+        req.on("end", () => {
+            if (done)
+                return;
+            done = true;
+            const raw = Buffer.concat(chunks).toString("utf8");
+            resolve({ ok: true, raw });
+        });
+        req.on("error", (err) => {
+            if (done)
+                return;
+            done = true;
+            resolve({ ok: false, error: err instanceof Error ? err.message : String(err) });
+        });
+    });
+}
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+/**
+ * Parses and dispatches an incoming Infoflow webhook request.
+ *
+ * 1. Parses Content-Type header once.
+ * 2. form-urlencoded:
+ *    - echostr present → signature verification → 200/403
+ *    - messageJson present → private chat (dm) handling
+ * 3. text/plain → group chat handling (raw body is encrypted ciphertext)
+ * 4. Other Content-Type → 400
+ *
+ * Returns a ParseResult indicating whether the request was handled and the response to send.
+ *
+ * NOTE: Only echostr has signature verification; message webhooks use AES-ECB mode.
+ * This is an Infoflow API constraint. This mode will not be modified until the service is upgraded.
+ */
+export async function parseAndDispatchInfoflowRequest(req, rawBody, targets) {
+    const contentType = String(req.headers["content-type"] ?? "").toLowerCase();
+    logVerbose(`[infoflow] parseAndDispatch: contentType=${contentType}, bodyLen=${rawBody.length}`);
+    // --- form-urlencoded: echostr verification + private chat ---
+    if (contentType.startsWith("application/x-www-form-urlencoded")) {
+        const form = new URLSearchParams(rawBody);
+        // echostr signature verification (try all accounts' tokens for multi-account support)
+        const echostr = form.get("echostr") ?? "";
+        if (echostr) {
+            const signature = form.get("signature") ?? "";
+            const timestamp = form.get("timestamp") ?? "";
+            const rn = form.get("rn") ?? "";
+            for (const target of targets) {
+                const checkToken = target.account.config.checkToken ?? "";
+                if (!checkToken)
+                    continue;
+                const expectedSig = createHash("md5")
+                    .update(`${rn}${timestamp}${checkToken}`)
+                    .digest("hex");
+                if (signature.length === expectedSig.length &&
+                    timingSafeEqual(Buffer.from(signature), Buffer.from(expectedSig))) {
+                    return { handled: true, statusCode: 200, body: echostr };
+                }
+            }
+            getInfoflowParseLog().error(`[infoflow] echostr signature mismatch (tried ${targets.length} account(s))`);
+            return { handled: true, statusCode: 403, body: "Invalid signature" };
+        }
+        // private chat message (messageJson field in form)
+        const messageJsonStr = form.get("messageJson") ?? "";
+        if (messageJsonStr) {
+            return handlePrivateMessage(messageJsonStr, targets);
+        }
+        getInfoflowParseLog().error(`[infoflow] form-urlencoded but missing echostr or messageJson`);
+        return { handled: true, statusCode: 400, body: "missing echostr or messageJson" };
+    }
+    // --- text/plain: group chat ---
+    if (contentType.startsWith("text/plain")) {
+        return handleGroupMessage(rawBody, targets);
+    }
+    // --- unsupported Content-Type ---
+    getInfoflowParseLog().error(`[infoflow] unsupported contentType: ${contentType}`);
+    return { handled: true, statusCode: 400, body: "unsupported content type" };
+}
+/**
+ * Shared helper to decrypt message content and dispatch to handler.
+ * Iterates through accounts, attempts decryption, parses content, checks for duplicates.
+ * Dispatches asynchronously (fire-and-forget) with centralized error logging.
+ */
+function tryDecryptAndDispatch(params) {
+    const { encryptedContent, targets, chatType, fallbackParser, dispatchFn } = params;
+    if (targets.length === 0) {
+        getInfoflowParseLog().error(`[infoflow] ${chatType}: no target configured`);
+        return { handled: true, statusCode: 500, body: "no target configured" };
+    }
+    if (!encryptedContent.trim()) {
+        getInfoflowParseLog().error(`[infoflow] ${chatType}: empty encrypted content`);
+        return { handled: true, statusCode: 400, body: "empty content" };
+    }
+    for (const target of targets) {
+        const { encodingAESKey } = target.account.config;
+        if (!encodingAESKey)
+            continue;
+        let decryptedContent;
+        try {
+            decryptedContent = decryptMessage(encryptedContent, encodingAESKey);
+        }
+        catch {
+            continue; // Try next account
+        }
+        logVerbose(`[infoflow] ${chatType}: decryptedContent=(${decryptedContent})`);
+        // Parse as JSON first, then try fallback parser (XML for private)
+        let msgData = null;
+        try {
+            msgData = JSON.parse(decryptedContent);
+            patchPreciseIds(decryptedContent, msgData);
+        }
+        catch {
+            if (fallbackParser) {
+                msgData = fallbackParser(decryptedContent);
+            }
+        }
+        if (msgData && Object.keys(msgData).length > 0) {
+            if (isDuplicateMessage(msgData)) {
+                logVerbose(`[infoflow] ${chatType}: duplicate message, skipping`);
+                return { handled: true, statusCode: 200, body: "success" };
+            }
+            target.statusSink?.({ lastInboundAt: Date.now() });
+            // Fire-and-forget with centralized error handling
+            void dispatchFn(target, msgData).catch((err) => {
+                getInfoflowParseLog().error(`[infoflow] ${chatType} handler error: ${formatInfoflowError(err)}`);
+            });
+            return { handled: true, statusCode: 200, body: "success" };
+        }
+    }
+    getInfoflowParseLog().error(`[infoflow] ${chatType}: decryption failed for all ${targets.length} account(s)`);
+    return { handled: true, statusCode: 500, body: "decryption failed for all accounts" };
+}
+// ---------------------------------------------------------------------------
+// Private chat handler
+// ---------------------------------------------------------------------------
+/**
+ * Handles a private (dm) chat message.
+ * Decrypts the Encrypt field with encodingAESKey (AES-ECB),
+ * parses the decrypted content, then dispatches to bot.ts.
+ */
+function handlePrivateMessage(messageJsonStr, targets) {
+    let messageJson;
+    try {
+        messageJson = JSON.parse(messageJsonStr);
+        patchPreciseIds(messageJsonStr, messageJson);
+    }
+    catch {
+        getInfoflowParseLog().error(`[infoflow] private: invalid messageJson`);
+        return { handled: true, statusCode: 400, body: "invalid messageJson" };
+    }
+    const encrypt = typeof messageJson.Encrypt === "string" ? messageJson.Encrypt : "";
+    if (!encrypt) {
+        getInfoflowParseLog().error(`[infoflow] private: missing Encrypt field`);
+        return { handled: true, statusCode: 400, body: "missing Encrypt field in messageJson" };
+    }
+    return tryDecryptAndDispatch({
+        encryptedContent: encrypt,
+        targets,
+        chatType: "direct",
+        fallbackParser: parseXmlMessage,
+        dispatchFn: (target, msgData) => handlePrivateChatMessage({
+            cfg: target.config,
+            msgData,
+            accountId: target.account.accountId,
+            statusSink: target.statusSink,
+        }),
+    });
+}
+// ---------------------------------------------------------------------------
+// Group chat handler
+// ---------------------------------------------------------------------------
+/**
+ * Handles a group chat message.
+ * The rawBody itself is an AES-encrypted ciphertext (Base64URLSafe encoded).
+ * Decrypts and dispatches to bot.ts.
+ */
+function handleGroupMessage(rawBody, targets) {
+    return tryDecryptAndDispatch({
+        encryptedContent: rawBody,
+        targets,
+        chatType: "group",
+        dispatchFn: (target, msgData) => handleGroupChatMessage({
+            cfg: target.config,
+            msgData,
+            accountId: target.account.accountId,
+            statusSink: target.statusSink,
+        }),
+    });
+}
+// ---------------------------------------------------------------------------
+// Test-only exports (@internal — not part of the public API)
+// ---------------------------------------------------------------------------
+/** @internal */
+export const _extractDedupeKey = extractDedupeKey;
+/** @internal */
+export const _isDuplicateMessage = isDuplicateMessage;
+/** @internal */
+export const _base64UrlSafeDecode = base64UrlSafeDecode;
+/** @internal */
+export const _decryptMessage = decryptMessage;
+/** @internal */
+export const _parseXmlMessage = parseXmlMessage;
+/** @internal — Clears the message dedup cache. Only use in tests. */
+export function _resetMessageCache() {
+    messageCache.clear();
+}
+/** @internal */
+export const _patchPreciseIds = patchPreciseIds;

package/dist/src/logging.js

@@ -0,0 +1,102 @@
+/**
+ * Structured logging module for Infoflow extension.
+ * Provides consistent logging interface across all Infoflow modules.
+ */
+import { getInfoflowRuntime } from "./runtime.js";
+// ---------------------------------------------------------------------------
+// Logger Factory
+// ---------------------------------------------------------------------------
+/**
+ * Creates a child logger with infoflow-specific bindings.
+ * Uses the PluginRuntime logging system for structured output.
+ */
+function createInfoflowLogger(module) {
+    const runtime = getInfoflowRuntime();
+    const bindings = { subsystem: "gateway/channels/infoflow" };
+    if (module) {
+        bindings.module = module;
+    }
+    return runtime.logging.getChildLogger(bindings);
+}
+// ---------------------------------------------------------------------------
+// Module-specific Loggers (lazy initialization)
+// ---------------------------------------------------------------------------
+let _sendLog = null;
+let _webhookLog = null;
+let _botLog = null;
+let _parseLog = null;
+/**
+ * Logger for send operations (private/group message sending).
+ */
+export function getInfoflowSendLog() {
+    if (!_sendLog) {
+        _sendLog = createInfoflowLogger("send");
+    }
+    return _sendLog;
+}
+/**
+ * Logger for webhook/monitor operations.
+ */
+export function getInfoflowWebhookLog() {
+    if (!_webhookLog) {
+        _webhookLog = createInfoflowLogger("webhook");
+    }
+    return _webhookLog;
+}
+/**
+ * Logger for bot/message processing operations.
+ */
+export function getInfoflowBotLog() {
+    if (!_botLog) {
+        _botLog = createInfoflowLogger("bot");
+    }
+    return _botLog;
+}
+/**
+ * Logger for request parsing operations.
+ */
+export function getInfoflowParseLog() {
+    if (!_parseLog) {
+        _parseLog = createInfoflowLogger("parse");
+    }
+    return _parseLog;
+}
+/**
+ * Format error message for logging.
+ * @param err - The error to format
+ * @param options - Formatting options
+ */
+export function formatInfoflowError(err, options) {
+    if (err instanceof Error) {
+        if (options?.includeStack && err.stack) {
+            return err.stack;
+        }
+        return err.message;
+    }
+    return String(err);
+}
+/**
+ * Log a message when verbose mode is enabled.
+ * Checks shouldLogVerbose() via PluginRuntime, then writes to console for
+ * --verbose terminal output. Safe to call before runtime is initialized.
+ */
+export function logVerbose(message) {
+    try {
+        if (!getInfoflowRuntime().logging.shouldLogVerbose())
+            return;
+        console.log(message);
+    }
+    catch {
+        // runtime not available, skip verbose logging
+    }
+}
+// ---------------------------------------------------------------------------
+// Test-only exports (@internal)
+// ---------------------------------------------------------------------------
+/** @internal — Reset all cached loggers. Only use in tests. */
+export function _resetLoggers() {
+    _sendLog = null;
+    _webhookLog = null;
+    _botLog = null;
+    _parseLog = null;
+}

package/dist/src/markdown-local-images.js

@@ -0,0 +1,65 @@
+/**
+ * Parses markdown for local image links and splits content into ordered segments
+ * (text or image URL) so the channel can send text + image + text as separate messages.
+ */
+function isLocalPath(url) {
+    const trimmed = url.trim();
+    if (!trimmed)
+        return false;
+    return (trimmed.startsWith("/") ||
+        trimmed.startsWith("./") ||
+        trimmed.startsWith("../") ||
+        trimmed.startsWith("~") ||
+        trimmed.startsWith("file://"));
+}
+/** Markdown image ![alt](url) and link [label](url) – capture URL from both */
+const MARKDOWN_IMAGE_OR_LINK_RE = /!?\[[^\]]*\]\(([^)]+)\)/g;
+/**
+ * Splits markdown into ordered segments. Local image URLs (including file://) are
+ * extracted so they can be sent as native image messages; surrounding text is kept in order.
+ * - If the whole input is a single line that looks like a local path, returns one image segment.
+ * - Otherwise finds ![alt](url) and [label](url); when url is local, produces text + image + text segments.
+ */
+export function parseMarkdownForLocalImages(text) {
+    const trimmed = text.trimEnd();
+    if (!trimmed) {
+        return [{ type: "text", content: text }];
+    }
+    // Single line that is a local path: treat entire content as one image
+    if (!trimmed.includes("\n")) {
+        if (isLocalPath(trimmed)) {
+            return [{ type: "image", content: trimmed }];
+        }
+        // Backtick-wrapped path e.g. `/tmp/foo.png` → treat as image
+        const backtickMatch = trimmed.match(/^`([^`]+)`$/);
+        if (backtickMatch && isLocalPath(backtickMatch[1].trim())) {
+            return [{ type: "image", content: backtickMatch[1].trim() }];
+        }
+        // Angle-bracket-wrapped path e.g. <file:///tmp/foo.png> → treat as image
+        const angleMatch = trimmed.match(/^<([^>]+)>$/);
+        if (angleMatch && isLocalPath(angleMatch[1].trim())) {
+            return [{ type: "image", content: angleMatch[1].trim() }];
+        }
+    }
+    const segments = [];
+    let lastIndex = 0;
+    const re = new RegExp(MARKDOWN_IMAGE_OR_LINK_RE.source, "g");
+    let match;
+    while ((match = re.exec(text)) !== null) {
+        const url = match[1].trim();
+        if (!isLocalPath(url))
+            continue;
+        if (match.index > lastIndex) {
+            segments.push({ type: "text", content: text.slice(lastIndex, match.index) });
+        }
+        segments.push({ type: "image", content: url });
+        lastIndex = re.lastIndex;
+    }
+    if (segments.length === 0) {
+        return [{ type: "text", content: text }];
+    }
+    if (lastIndex < text.length) {
+        segments.push({ type: "text", content: text.slice(lastIndex) });
+    }
+    return segments;
+}