@chrysb/alphaclaw 0.2.2 → 0.3.0

package/lib/server/webhook-middleware.js

@@ -0,0 +1,195 @@
+const http = require("http");
+const https = require("https");
+const { URL } = require("url");
+
+const kRedactedHeaderKeys = new Set(["authorization", "cookie", "x-webhook-token"]);
+
+const normalizeIp = (ip) => String(ip || "").replace(/^::ffff:/, "");
+
+const sanitizeHeaders = (headers) => {
+  const sanitized = {};
+  for (const [key, value] of Object.entries(headers || {})) {
+    const normalizedKey = String(key || "").toLowerCase();
+    if (!normalizedKey) continue;
+    if (kRedactedHeaderKeys.has(normalizedKey)) {
+      sanitized[normalizedKey] = "[REDACTED]";
+      continue;
+    }
+    sanitized[normalizedKey] = Array.isArray(value) ? value.join(", ") : String(value || "");
+  }
+  return sanitized;
+};
+
+const extractBodyBuffer = (req) => {
+  if (Buffer.isBuffer(req.body)) return req.body;
+  if (typeof req.body === "string") return Buffer.from(req.body, "utf8");
+  if (req.body && typeof req.body === "object") {
+    return Buffer.from(JSON.stringify(req.body), "utf8");
+  }
+  return Buffer.alloc(0);
+};
+
+const truncateText = (text, maxBytes) => {
+  const buffer = Buffer.isBuffer(text) ? text : Buffer.from(String(text || ""), "utf8");
+  if (buffer.length <= maxBytes) {
+    return { text: buffer.toString("utf8"), truncated: false };
+  }
+  return {
+    text: buffer.subarray(0, maxBytes).toString("utf8"),
+    truncated: true,
+  };
+};
+
+const toGatewayRequestHeaders = ({ reqHeaders, contentLength, authorization }) => {
+  const headers = { ...reqHeaders };
+  delete headers.host;
+  delete headers["content-length"];
+  delete headers["transfer-encoding"];
+  headers["content-length"] = String(contentLength);
+  if (authorization) headers.authorization = authorization;
+  return headers;
+};
+
+const resolveHookName = (req) => {
+  const paramPath =
+    req?.params?.path ??
+    req?.params?.[0] ??
+    req?.params?.["*"] ??
+    "";
+  const fromParams = String(paramPath).split("/").filter(Boolean)[0] || "";
+  if (fromParams) return decodeURIComponent(fromParams);
+
+  const pathname = String(req?.path || req?.originalUrl || "").split("?")[0];
+  const segments = pathname.split("/").filter(Boolean);
+  if (segments.length >= 2 && (segments[0] === "hooks" || segments[0] === "webhook")) {
+    return decodeURIComponent(segments[1] || "");
+  }
+  return "";
+};
+
+const resolveGatewayPath = ({ pathname, search }) => {
+  if (pathname.startsWith("/webhook/")) {
+    return `/hooks/${pathname.slice("/webhook/".length)}${search || ""}`;
+  }
+  return `${pathname}${search || ""}`;
+};
+
+const createWebhookMiddleware = ({
+  gatewayUrl,
+  insertRequest,
+  maxPayloadBytes = 50 * 1024,
+}) => {
+  const gateway = new URL(gatewayUrl);
+  const protocolClient = gateway.protocol === "https:" ? https : http;
+
+  return (req, res) => {
+    const inboundUrl = new URL(req.url, `http://${req.headers.host || "localhost"}`);
+    let tokenFromQuery = "";
+    if (!req.headers.authorization && inboundUrl.searchParams.has("token")) {
+      tokenFromQuery = String(inboundUrl.searchParams.get("token") || "");
+      inboundUrl.searchParams.delete("token");
+    }
+
+    const bodyBuffer = extractBodyBuffer(req);
+    const hookName = resolveHookName(req);
+    const sourceIp = normalizeIp(
+      req.ip || req.headers["x-forwarded-for"] || req.socket?.remoteAddress || "",
+    );
+    const sanitizedHeaders = sanitizeHeaders(req.headers);
+    const payload = truncateText(bodyBuffer, maxPayloadBytes);
+
+    const gatewayHeaders = toGatewayRequestHeaders({
+      reqHeaders: req.headers,
+      contentLength: bodyBuffer.length,
+      authorization: tokenFromQuery ? `Bearer ${tokenFromQuery}` : req.headers.authorization,
+    });
+
+    const requestOptions = {
+      protocol: gateway.protocol,
+      hostname: gateway.hostname,
+      port: gateway.port,
+      method: req.method,
+      path: resolveGatewayPath({
+        pathname: inboundUrl.pathname,
+        search: inboundUrl.search,
+      }),
+      headers: gatewayHeaders,
+    };
+
+    const proxyReq = protocolClient.request(requestOptions, (proxyRes) => {
+      const responseChunks = [];
+      let responseSize = 0;
+      let responseTruncated = false;
+
+      proxyRes.on("data", (chunk) => {
+        if (!Buffer.isBuffer(chunk)) return;
+        if (responseSize >= maxPayloadBytes) {
+          responseTruncated = true;
+          return;
+        }
+        const remaining = maxPayloadBytes - responseSize;
+        if (chunk.length > remaining) {
+          responseChunks.push(chunk.subarray(0, remaining));
+          responseSize += remaining;
+          responseTruncated = true;
+          return;
+        }
+        responseChunks.push(chunk);
+        responseSize += chunk.length;
+      });
+
+      proxyRes.on("end", () => {
+        const responseText = Buffer.concat(responseChunks).toString("utf8");
+        const gatewayBody = responseTruncated ? `${responseText}\n[TRUNCATED]` : responseText;
+        try {
+          insertRequest({
+            hookName,
+            method: req.method,
+            headers: sanitizedHeaders,
+            payload: payload.text,
+            payloadTruncated: payload.truncated,
+            payloadSize: bodyBuffer.length,
+            sourceIp,
+            gatewayStatus: proxyRes.statusCode || null,
+            gatewayBody,
+          });
+        } catch (err) {
+          console.error("[webhook] failed to write request log:", err.message);
+        }
+      });
+
+      res.statusCode = proxyRes.statusCode || 502;
+      for (const [key, value] of Object.entries(proxyRes.headers || {})) {
+        if (value == null) continue;
+        res.setHeader(key, value);
+      }
+      proxyRes.pipe(res);
+    });
+
+    proxyReq.on("error", (err) => {
+      try {
+        insertRequest({
+          hookName,
+          method: req.method,
+          headers: sanitizedHeaders,
+          payload: payload.text,
+          payloadTruncated: payload.truncated,
+          payloadSize: bodyBuffer.length,
+          sourceIp,
+          gatewayStatus: 502,
+          gatewayBody: err.message || "Gateway unavailable",
+        });
+      } catch {}
+      if (!res.headersSent) {
+        res.status(502).json({ error: "Gateway unavailable" });
+      }
+    });
+
+    if (bodyBuffer.length > 0) {
+      proxyReq.write(bodyBuffer);
+    }
+    proxyReq.end();
+  };
+};
+
+module.exports = { createWebhookMiddleware };

package/lib/server/webhooks-db.js

@@ -0,0 +1,265 @@
+const fs = require("fs");
+const path = require("path");
+const { DatabaseSync } = require("node:sqlite");
+
+let db = null;
+let pruneTimer = null;
+
+const kDefaultRequestLimit = 50;
+const kMaxRequestLimit = 200;
+const kPruneIntervalMs = 12 * 60 * 60 * 1000;
+
+const ensureDb = () => {
+  if (!db) throw new Error("Webhooks DB not initialized");
+  return db;
+};
+
+const createSchema = (database) => {
+  database.exec(`
+    CREATE TABLE IF NOT EXISTS webhook_requests (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      hook_name TEXT NOT NULL,
+      method TEXT,
+      headers TEXT,
+      payload TEXT,
+      payload_truncated INTEGER DEFAULT 0,
+      payload_size INTEGER,
+      source_ip TEXT,
+      gateway_status INTEGER,
+      gateway_body TEXT,
+      created_at TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ','now'))
+    );
+  `);
+  database.exec(`
+    CREATE INDEX IF NOT EXISTS idx_webhook_requests_hook_ts
+    ON webhook_requests(hook_name, created_at DESC);
+  `);
+};
+
+const initWebhooksDb = ({ rootDir, pruneDays = 30 }) => {
+  const dbDir = path.join(rootDir, "db");
+  fs.mkdirSync(dbDir, { recursive: true });
+  const dbPath = path.join(dbDir, "webhooks.db");
+  db = new DatabaseSync(dbPath);
+  createSchema(db);
+  pruneOldEntries(pruneDays);
+  if (pruneTimer) clearInterval(pruneTimer);
+  pruneTimer = setInterval(() => {
+    try {
+      pruneOldEntries(pruneDays);
+    } catch (err) {
+      console.error("[webhooks-db] prune error:", err.message);
+    }
+  }, kPruneIntervalMs);
+  if (typeof pruneTimer.unref === "function") pruneTimer.unref();
+  return { path: dbPath };
+};
+
+const parseJsonText = (value) => {
+  if (typeof value !== "string" || !value) return null;
+  try {
+    return JSON.parse(value);
+  } catch {
+    return null;
+  }
+};
+
+const toRequestModel = (row) => {
+  if (!row) return null;
+  return {
+    id: row.id,
+    hookName: row.hook_name,
+    method: row.method || "",
+    headers: parseJsonText(row.headers) || {},
+    payload: row.payload || "",
+    payloadTruncated: !!row.payload_truncated,
+    payloadSize: Number(row.payload_size || 0),
+    sourceIp: row.source_ip || "",
+    gatewayStatus: row.gateway_status == null ? null : Number(row.gateway_status),
+    gatewayBody: row.gateway_body || "",
+    createdAt: row.created_at,
+    status:
+      row.gateway_status >= 200 && row.gateway_status < 300 ? "success" : "error",
+  };
+};
+
+const insertRequest = ({
+  hookName,
+  method,
+  headers,
+  payload,
+  payloadTruncated,
+  payloadSize,
+  sourceIp,
+  gatewayStatus,
+  gatewayBody,
+}) => {
+  const database = ensureDb();
+  const stmt = database.prepare(`
+    INSERT INTO webhook_requests (
+      hook_name,
+      method,
+      headers,
+      payload,
+      payload_truncated,
+      payload_size,
+      source_ip,
+      gateway_status,
+      gateway_body
+    ) VALUES (
+      $hook_name,
+      $method,
+      $headers,
+      $payload,
+      $payload_truncated,
+      $payload_size,
+      $source_ip,
+      $gateway_status,
+      $gateway_body
+    )
+  `);
+  const info = stmt.run({
+    $hook_name: hookName,
+    $method: method || "",
+    $headers: JSON.stringify(headers || {}),
+    $payload: payload || "",
+    $payload_truncated: payloadTruncated ? 1 : 0,
+    $payload_size: Number(payloadSize || 0),
+    $source_ip: sourceIp || "",
+    $gateway_status:
+      Number.isFinite(Number(gatewayStatus)) ? Number(gatewayStatus) : null,
+    $gateway_body: gatewayBody || "",
+  });
+  return Number(info.lastInsertRowid || 0);
+};
+
+const resolveStatusWhereClause = (status) => {
+  if (status === "success") return "AND gateway_status >= 200 AND gateway_status < 300";
+  if (status === "error")
+    return "AND (gateway_status IS NULL OR gateway_status < 200 OR gateway_status >= 300)";
+  return "";
+};
+
+const getRequests = (hookName, { limit, offset, status = "all" } = {}) => {
+  const database = ensureDb();
+  const safeLimit = Math.max(
+    1,
+    Math.min(Number.parseInt(String(limit || kDefaultRequestLimit), 10) || kDefaultRequestLimit, kMaxRequestLimit),
+  );
+  const safeOffset = Math.max(0, Number.parseInt(String(offset || 0), 10) || 0);
+  const statusClause = resolveStatusWhereClause(status);
+  const rows = database
+    .prepare(`
+      SELECT
+        id,
+        hook_name,
+        method,
+        headers,
+        payload,
+        payload_truncated,
+        payload_size,
+        source_ip,
+        gateway_status,
+        gateway_body,
+        created_at
+      FROM webhook_requests
+      WHERE hook_name = $hook_name
+      ${statusClause}
+      ORDER BY created_at DESC
+      LIMIT $limit
+      OFFSET $offset
+    `)
+    .all({
+      $hook_name: hookName,
+      $limit: safeLimit,
+      $offset: safeOffset,
+    });
+  return rows.map(toRequestModel);
+};
+
+const getRequestById = (hookName, id) => {
+  const database = ensureDb();
+  const row = database
+    .prepare(`
+      SELECT
+        id,
+        hook_name,
+        method,
+        headers,
+        payload,
+        payload_truncated,
+        payload_size,
+        source_ip,
+        gateway_status,
+        gateway_body,
+        created_at
+      FROM webhook_requests
+      WHERE hook_name = $hook_name
+        AND id = $id
+      LIMIT 1
+    `)
+    .get({
+      $hook_name: hookName,
+      $id: Number.parseInt(String(id || 0), 10) || 0,
+    });
+  return toRequestModel(row);
+};
+
+const getHookSummaries = () => {
+  const database = ensureDb();
+  const rows = database
+    .prepare(`
+      SELECT
+        hook_name,
+        MAX(created_at) AS last_received,
+        COUNT(*) AS total_count,
+        SUM(CASE WHEN gateway_status >= 200 AND gateway_status < 300 THEN 1 ELSE 0 END) AS success_count,
+        SUM(CASE WHEN gateway_status IS NULL OR gateway_status < 200 OR gateway_status >= 300 THEN 1 ELSE 0 END) AS error_count
+      FROM webhook_requests
+      GROUP BY hook_name
+    `)
+    .all();
+  return rows.map((row) => ({
+    hookName: row.hook_name,
+    lastReceived: row.last_received || null,
+    totalCount: Number(row.total_count || 0),
+    successCount: Number(row.success_count || 0),
+    errorCount: Number(row.error_count || 0),
+  }));
+};
+
+const deleteRequestsByHook = (hookName) => {
+  const database = ensureDb();
+  const result = database
+    .prepare(`
+      DELETE FROM webhook_requests
+      WHERE hook_name = $hook_name
+    `)
+    .run({
+      $hook_name: String(hookName || ""),
+    });
+  return Number(result.changes || 0);
+};
+
+const pruneOldEntries = (days = 30) => {
+  const database = ensureDb();
+  const safeDays = Math.max(1, Number.parseInt(String(days || 30), 10) || 30);
+  const modifier = `-${safeDays} days`;
+  const result = database
+    .prepare(`
+      DELETE FROM webhook_requests
+      WHERE created_at < strftime('%Y-%m-%dT%H:%M:%fZ', 'now', $modifier)
+    `)
+    .run({ $modifier: modifier });
+  return Number(result.changes || 0);
+};
+
+module.exports = {
+  initWebhooksDb,
+  insertRequest,
+  getRequests,
+  getRequestById,
+  getHookSummaries,
+  deleteRequestsByHook,
+  pruneOldEntries,
+};

package/lib/server/webhooks.js

@@ -0,0 +1,238 @@
+const path = require("path");
+
+const kNamePattern = /^[a-z0-9]+(?:-[a-z0-9]+)*$/;
+const kTransformsDir = "hooks/transforms";
+
+const getConfigPath = ({ OPENCLAW_DIR }) =>
+  path.join(OPENCLAW_DIR, "openclaw.json");
+
+const readConfig = ({ fs, constants }) => {
+  const configPath = getConfigPath(constants);
+  const cfg = JSON.parse(fs.readFileSync(configPath, "utf8"));
+  return { cfg, configPath };
+};
+
+const writeConfig = ({ fs, configPath, cfg }) => {
+  fs.writeFileSync(configPath, JSON.stringify(cfg, null, 2));
+};
+
+const getTransformRelativePath = (name) =>
+  `${kTransformsDir}/${name}/${name}-transform.mjs`;
+const getTransformModulePath = (name) => `${name}/${name}-transform.mjs`;
+const getTransformAbsolutePath = ({ OPENCLAW_DIR }, name) =>
+  path.join(OPENCLAW_DIR, getTransformRelativePath(name));
+const getTransformDirectoryRelativePath = (name) => `${kTransformsDir}/${name}`;
+const getTransformDirectoryAbsolutePath = ({ OPENCLAW_DIR }, name) =>
+  path.join(OPENCLAW_DIR, getTransformDirectoryRelativePath(name));
+const normalizeTransformModulePath = ({ modulePath, name }) => {
+  const rawModulePath = String(modulePath || "")
+    .trim()
+    .replace(/^\/+/, "");
+  const fallbackModulePath = getTransformModulePath(name);
+  const nextModulePath = rawModulePath || fallbackModulePath;
+  if (nextModulePath.startsWith(`${kTransformsDir}/`)) {
+    return nextModulePath.slice(kTransformsDir.length + 1);
+  }
+  return nextModulePath;
+};
+
+const ensureHooksRoot = (cfg) => {
+  if (!cfg.hooks) cfg.hooks = {};
+  if (!Array.isArray(cfg.hooks.mappings)) {
+    cfg.hooks.mappings = [];
+  }
+  if (typeof cfg.hooks.enabled !== "boolean") cfg.hooks.enabled = true;
+  if (typeof cfg.hooks.path !== "string" || !cfg.hooks.path.trim())
+    cfg.hooks.path = "/hooks";
+  if (typeof cfg.hooks.token !== "string" || !cfg.hooks.token.trim()) {
+    cfg.hooks.token = "${WEBHOOK_TOKEN}";
+  }
+  return cfg.hooks.mappings;
+};
+
+const getMappingHookName = (mapping) =>
+  String(mapping?.match?.path || "").trim();
+const isWebhookMapping = (mapping) => !!getMappingHookName(mapping);
+const findMappingIndexByName = (mappings, name) =>
+  mappings.findIndex((mapping) => getMappingHookName(mapping) === name);
+
+const validateWebhookName = (name) => {
+  const normalized = String(name || "")
+    .trim()
+    .toLowerCase();
+  if (!normalized) throw new Error("Webhook name is required");
+  if (!kNamePattern.test(normalized)) {
+    throw new Error(
+      "Webhook name must be lowercase letters, numbers, and hyphens",
+    );
+  }
+  return normalized;
+};
+
+const resolveTransformPathFromMapping = (name, mapping) => {
+  const modulePath = normalizeTransformModulePath({
+    modulePath: mapping?.transform?.module,
+    name,
+  });
+  return `${kTransformsDir}/${modulePath}`;
+};
+
+const normalizeMappingTransformModules = (mappings) => {
+  let changed = false;
+  for (const mapping of mappings || []) {
+    const name = getMappingHookName(mapping);
+    if (!name) continue;
+    const normalizedModulePath = normalizeTransformModulePath({
+      modulePath: mapping?.transform?.module,
+      name,
+    });
+    if (
+      !mapping.transform ||
+      mapping.transform.module !== normalizedModulePath
+    ) {
+      mapping.transform = {
+        ...(mapping.transform || {}),
+        module: normalizedModulePath,
+      };
+      changed = true;
+    }
+  }
+  return changed;
+};
+
+const listWebhooks = ({ fs, constants }) => {
+  const { cfg } = readConfig({ fs, constants });
+  const mappings = ensureHooksRoot(cfg);
+  return mappings
+    .filter(isWebhookMapping)
+    .map((mapping) => {
+      const name = getMappingHookName(mapping);
+      const transformPath = resolveTransformPathFromMapping(name, mapping);
+      const transformAbsolutePath = path.join(
+        constants.OPENCLAW_DIR,
+        transformPath,
+      );
+      let createdAt = null;
+      try {
+        const stat = fs.statSync(transformAbsolutePath);
+        createdAt =
+          stat.birthtime?.toISOString?.() ||
+          stat.ctime?.toISOString?.() ||
+          null;
+      } catch {}
+      return {
+        name,
+        enabled: true,
+        createdAt,
+        path: `/hooks/${name}`,
+        transformPath,
+        transformExists: fs.existsSync(transformAbsolutePath),
+      };
+    })
+    .sort((a, b) => a.name.localeCompare(b.name));
+};
+
+const getWebhookDetail = ({ fs, constants, name }) => {
+  const webhookName = validateWebhookName(name);
+  const hooks = listWebhooks({ fs, constants });
+  const detail = hooks.find((item) => item.name === webhookName);
+  if (!detail) return null;
+  const transformAbsolutePath = path.join(
+    constants.OPENCLAW_DIR,
+    detail.transformPath,
+  );
+  return {
+    ...detail,
+    transformExists: fs.existsSync(transformAbsolutePath),
+  };
+};
+
+const ensureStarterTransform = ({ fs, constants, name }) => {
+  const transformAbsolutePath = getTransformAbsolutePath(constants, name);
+  fs.mkdirSync(path.dirname(transformAbsolutePath), { recursive: true });
+  if (fs.existsSync(transformAbsolutePath)) return transformAbsolutePath;
+  fs.writeFileSync(
+    transformAbsolutePath,
+    [
+      "export default async function transform(payload, context) {",
+      "  const data = payload.payload || payload;",
+      "  return {",
+      "    message: data.message,",
+      `    name: data.name || "${name}",`,
+      '    wakeMode: data.wakeMode || "now",',
+      "  };",
+      "}",
+      "",
+    ].join("\n"),
+  );
+  return transformAbsolutePath;
+};
+
+const createWebhook = ({ fs, constants, name }) => {
+  const webhookName = validateWebhookName(name);
+  const { cfg, configPath } = readConfig({ fs, constants });
+  if (!cfg.hooks) cfg.hooks = {};
+  const mappings = ensureHooksRoot(cfg);
+  const normalizedModules = normalizeMappingTransformModules(mappings);
+  if (findMappingIndexByName(mappings, webhookName) !== -1) {
+    throw new Error(`Webhook "${webhookName}" already exists`);
+  }
+  mappings.push({
+    match: { path: webhookName },
+    action: "agent",
+    name: webhookName,
+    wakeMode: "now",
+    transform: { module: getTransformModulePath(webhookName) },
+  });
+
+  if (normalizedModules) {
+    // Keep all existing mappings consistent with transformsDir-relative module paths.
+    cfg.hooks.mappings = mappings;
+  }
+  writeConfig({ fs, configPath, cfg });
+  ensureStarterTransform({ fs, constants, name: webhookName });
+  return getWebhookDetail({ fs, constants, name: webhookName });
+};
+
+const deleteWebhook = ({ fs, constants, name, deleteTransformDir = false }) => {
+  const webhookName = validateWebhookName(name);
+  const { cfg, configPath } = readConfig({ fs, constants });
+  const mappings = ensureHooksRoot(cfg);
+  const normalizedModules = normalizeMappingTransformModules(mappings);
+  const index = findMappingIndexByName(mappings, webhookName);
+  if (index === -1) {
+    if (normalizedModules) writeConfig({ fs, configPath, cfg });
+    return false;
+  }
+  mappings.splice(index, 1);
+  writeConfig({ fs, configPath, cfg });
+  let deletedTransformDir = false;
+  if (deleteTransformDir) {
+    const transformDirAbsolutePath = getTransformDirectoryAbsolutePath(
+      constants,
+      webhookName,
+    );
+    if (fs.existsSync(transformDirAbsolutePath)) {
+      fs.rmSync(transformDirAbsolutePath, { recursive: true, force: true });
+      deletedTransformDir = !fs.existsSync(transformDirAbsolutePath);
+      if (!deletedTransformDir) {
+        throw new Error(
+          `Failed to delete transform directory: ${getTransformDirectoryRelativePath(webhookName)}`,
+        );
+      }
+    }
+  }
+  return {
+    removed: true,
+    deletedTransformDir,
+  };
+};
+
+module.exports = {
+  listWebhooks,
+  getWebhookDetail,
+  createWebhook,
+  deleteWebhook,
+  validateWebhookName,
+  getTransformRelativePath,
+};