@dingxiang-me/openclaw-wechat 2.0.0 → 2.1.0

package/src/wecom/pairing.js

@@ -0,0 +1,188 @@
+import { normalizeWecomAllowFromEntry } from "../core.js";
+
+function normalizeAccountId(accountId) {
+  const normalized = String(accountId ?? "default").trim().toLowerCase();
+  return normalized || "default";
+}
+
+function uniqueAllowFrom(values = []) {
+  const out = [];
+  const seen = new Set();
+  for (const value of Array.isArray(values) ? values : []) {
+    const normalized = normalizeWecomAllowFromEntry(value);
+    if (!normalized || seen.has(normalized)) continue;
+    seen.add(normalized);
+    out.push(normalized);
+  }
+  return out;
+}
+
+function getPairingRuntime(api) {
+  const pairing = api?.runtime?.channel?.pairing;
+  if (!pairing || typeof pairing !== "object") return null;
+  if (typeof pairing.readAllowFromStore !== "function") return null;
+  if (typeof pairing.upsertPairingRequest !== "function") return null;
+  if (typeof pairing.buildPairingReply !== "function") return null;
+  return pairing;
+}
+
+function matchesAllowFrom({ allowFrom = [], senderId = "", isWecomSenderAllowed } = {}) {
+  const normalizedAllowFrom = Array.isArray(allowFrom) ? allowFrom : [];
+  if (normalizedAllowFrom.includes("*")) return true;
+  if (typeof isWecomSenderAllowed !== "function") return false;
+  return isWecomSenderAllowed({
+    senderId,
+    allowFrom: normalizedAllowFrom,
+  });
+}
+
+export async function readWecomPairingAllowFromStore({ api, accountId = "default" } = {}) {
+  const pairing = getPairingRuntime(api);
+  if (!pairing) return [];
+  try {
+    const storeEntries = await pairing.readAllowFromStore({
+      channel: "wecom",
+      accountId: normalizeAccountId(accountId),
+    });
+    return uniqueAllowFrom(storeEntries);
+  } catch (err) {
+    api?.logger?.warn?.(`wecom: failed to read pairing store: ${String(err?.message || err)}`);
+    return [];
+  }
+}
+
+export async function resolveWecomDirectMessageAccess({
+  api,
+  accountId = "default",
+  dmPolicy = {},
+  allowFromPolicy = {},
+  normalizedFromUser = "",
+  isAdminUser = false,
+  isWecomSenderAllowed,
+} = {}) {
+  const mode = String(dmPolicy?.mode ?? "open").trim().toLowerCase() || "open";
+  const normalizedSender = normalizeWecomAllowFromEntry(normalizedFromUser);
+  const configuredAllowFrom = uniqueAllowFrom(dmPolicy?.allowFrom);
+  const baseAllowFrom = Array.isArray(allowFromPolicy?.allowFrom) ? allowFromPolicy.allowFrom : [];
+  const senderAllowedByBasePolicy =
+    isAdminUser ||
+    matchesAllowFrom({
+      senderId: normalizedSender,
+      allowFrom: baseAllowFrom,
+      isWecomSenderAllowed,
+    });
+
+  if (mode === "deny") {
+    return {
+      decision: "block",
+      reason: "dm-deny",
+      rejectText: dmPolicy?.rejectMessage || "当前渠道私聊已关闭，请联系管理员。",
+      configuredAllowFrom,
+      effectiveAllowFrom: configuredAllowFrom,
+      storeAllowFrom: [],
+    };
+  }
+
+  if (mode === "open") {
+    return {
+      decision: senderAllowedByBasePolicy ? "allow" : "block",
+      reason: senderAllowedByBasePolicy ? "dm-open" : "allowFrom",
+      rejectText: senderAllowedByBasePolicy
+        ? ""
+        : allowFromPolicy?.rejectMessage || "当前账号未授权，请联系管理员。",
+      configuredAllowFrom,
+      effectiveAllowFrom: configuredAllowFrom,
+      storeAllowFrom: [],
+    };
+  }
+
+  if (mode === "allowlist") {
+    const allowed =
+      isAdminUser ||
+      matchesAllowFrom({
+        senderId: normalizedSender,
+        allowFrom: configuredAllowFrom,
+        isWecomSenderAllowed,
+      });
+    return {
+      decision: senderAllowedByBasePolicy && allowed ? "allow" : "block",
+      reason: !senderAllowedByBasePolicy ? "allowFrom" : allowed ? "dm-allowlist" : "dm-allowlist-blocked",
+      rejectText: !senderAllowedByBasePolicy
+        ? allowFromPolicy?.rejectMessage || "当前账号未授权，请联系管理员。"
+        : dmPolicy?.rejectMessage || "当前私聊账号未授权，请联系管理员。",
+      configuredAllowFrom,
+      effectiveAllowFrom: configuredAllowFrom,
+      storeAllowFrom: [],
+    };
+  }
+
+  if (!senderAllowedByBasePolicy) {
+    return {
+      decision: "block",
+      reason: "allowFrom",
+      rejectText: allowFromPolicy?.rejectMessage || "当前账号未授权，请联系管理员。",
+      configuredAllowFrom,
+      effectiveAllowFrom: configuredAllowFrom,
+      storeAllowFrom: [],
+    };
+  }
+
+  const storeAllowFrom = await readWecomPairingAllowFromStore({
+    api,
+    accountId,
+  });
+  const effectiveAllowFrom = uniqueAllowFrom([...configuredAllowFrom, ...storeAllowFrom]);
+  const allowed =
+    isAdminUser ||
+    matchesAllowFrom({
+      senderId: normalizedSender,
+      allowFrom: effectiveAllowFrom,
+      isWecomSenderAllowed,
+    });
+  return {
+    decision: allowed ? "allow" : "pairing",
+    reason: allowed ? "dm-pairing-approved" : "dm-pairing",
+    rejectText: allowed ? "" : dmPolicy?.rejectMessage || "当前私聊需先完成配对审批。",
+    configuredAllowFrom,
+    effectiveAllowFrom,
+    storeAllowFrom,
+  };
+}
+
+export async function issueWecomPairingChallenge({
+  api,
+  accountId = "default",
+  fromUser = "",
+  normalizedFromUser = "",
+  sendPairingReply,
+} = {}) {
+  const pairing = getPairingRuntime(api);
+  const senderId = normalizeWecomAllowFromEntry(normalizedFromUser || fromUser);
+  if (!pairing || !senderId || typeof sendPairingReply !== "function") {
+    return { created: false, unsupported: true };
+  }
+
+  const { code, created } = await pairing.upsertPairingRequest({
+    channel: "wecom",
+    accountId: normalizeAccountId(accountId),
+    id: senderId,
+    meta: {
+      name: String(fromUser ?? "").trim() || undefined,
+    },
+  });
+  if (!created) {
+    return { created: false, code };
+  }
+
+  const replyText = pairing.buildPairingReply({
+    channel: "wecom",
+    idLine: `Your WeCom user id: ${senderId}`,
+    code,
+  });
+  try {
+    await sendPairingReply(replyText);
+  } catch (err) {
+    api?.logger?.warn?.(`wecom: pairing reply failed: ${String(err?.message || err)}`);
+  }
+  return { created: true, code, replyText };
+}

package/src/wecom/plugin-constants.js

@@ -1,5 +1,5 @@
 export const MAX_REQUEST_BODY_SIZE = 1024 * 1024;
-export const PLUGIN_VERSION = "2.0.0";
+export const PLUGIN_VERSION = "2.1.0";
 export const WECOM_TEMP_DIR_NAME = "openclaw-wechat";
 export const WECOM_TEMP_FILE_RETENTION_MS = 30 * 60 * 1000;
 export const WECOM_MIN_FILE_SIZE = 5;

package/src/wecom/target-utils.js

@@ -3,13 +3,38 @@ export function createWecomTargetResolver({ resolveWecomTarget } = {}) {
     throw new Error("createWecomTargetResolver: resolveWecomTarget is required");
   }
 
+  function readString(value) {
+    return String(value ?? "").trim();
+  }
+
+  function pickFirstString(...values) {
+    for (const value of values) {
+      const normalized = readString(value);
+      if (normalized) return normalized;
+    }
+    return "";
+  }
+
   function normalizeWecomResolvedTarget(rawTarget) {
     if (rawTarget && typeof rawTarget === "object") {
-      const toUser = String(rawTarget.toUser ?? "").trim();
-      const toParty = String(rawTarget.toParty ?? "").trim();
-      const toTag = String(rawTarget.toTag ?? "").trim();
-      const chatId = String(rawTarget.chatId ?? "").trim();
-      const webhook = String(rawTarget.webhook ?? "").trim();
+      const toUser = pickFirstString(
+        rawTarget.toUser,
+        rawTarget.userId,
+        rawTarget.userid,
+        rawTarget.user,
+        rawTarget.username,
+      );
+      const toParty = pickFirstString(
+        rawTarget.toParty,
+        rawTarget.partyId,
+        rawTarget.partyid,
+        rawTarget.deptId,
+        rawTarget.deptid,
+        rawTarget.departmentId,
+      );
+      const toTag = pickFirstString(rawTarget.toTag, rawTarget.tagId, rawTarget.tagid);
+      const chatId = pickFirstString(rawTarget.chatId, rawTarget.chatid, rawTarget.groupId, rawTarget.groupid);
+      const webhook = pickFirstString(rawTarget.webhook, rawTarget.webhookId, rawTarget.webhookTarget);
       if (toUser || toParty || toTag || chatId || webhook) {
         return {
           ...(toUser ? { toUser } : {}),
@@ -19,6 +44,17 @@ export function createWecomTargetResolver({ resolveWecomTarget } = {}) {
           ...(webhook ? { webhook } : {}),
         };
       }
+      const nestedTarget = pickFirstString(
+        rawTarget.to,
+        rawTarget.target,
+        rawTarget.value,
+        rawTarget.address,
+        rawTarget.rawTarget,
+      );
+      if (nestedTarget) {
+        const resolvedNestedTarget = resolveWecomTarget(nestedTarget);
+        return resolvedNestedTarget && typeof resolvedNestedTarget === "object" ? resolvedNestedTarget : null;
+      }
     }
     const resolved = resolveWecomTarget(rawTarget);
     return resolved && typeof resolved === "object" ? resolved : null;

package/src/wecom/voice-transcription-process.js

@@ -1,4 +1,7 @@
 import { spawn } from "node:child_process";
+import { constants as fsConstants } from "node:fs";
+import { access } from "node:fs/promises";
+import { delimiter } from "node:path";
 
 function assertFunction(name, value) {
   if (typeof value !== "function") {
@@ -9,6 +12,8 @@ function assertFunction(name, value) {
 export function createVoiceTranscriptionProcessRuntime({
   runProcessWithTimeoutImpl,
   checkCommandAvailableImpl,
+  processEnv = process.env,
+  accessImpl = access,
 } = {}) {
   const ffmpegPathCheckCache = {
     checked: false,
@@ -16,6 +21,50 @@ export function createVoiceTranscriptionProcessRuntime({
   };
   const commandPathCheckCache = new Map();
 
+  function readString(value) {
+    return String(value ?? "").trim();
+  }
+
+  function uniqueStrings(values) {
+    return Array.from(
+      new Set(
+        values
+          .map((value) => readString(value))
+          .filter(Boolean),
+      ),
+    );
+  }
+
+  function listCandidateCommandPaths(command) {
+    const normalizedCommand = readString(command);
+    if (!normalizedCommand) return [];
+    if (normalizedCommand.includes("/")) {
+      return [normalizedCommand];
+    }
+    const homeDir = readString(processEnv?.HOME);
+    const pathDirs = readString(processEnv?.PATH)
+      .split(delimiter)
+      .map((entry) => readString(entry))
+      .filter(Boolean);
+    const pythonUserBins = homeDir
+      ? ["3.8", "3.9", "3.10", "3.11", "3.12", "3.13"].map(
+          (version) => `${homeDir}/Library/Python/${version}/bin`,
+        )
+      : [];
+    const searchDirs = uniqueStrings([
+      ...pathDirs,
+      homeDir ? `${homeDir}/.local/bin` : "",
+      homeDir ? `${homeDir}/bin` : "",
+      ...pythonUserBins,
+      "/usr/local/bin",
+      "/opt/homebrew/bin",
+    ]);
+    return uniqueStrings([
+      normalizedCommand,
+      ...searchDirs.map((dir) => `${dir}/${normalizedCommand}`),
+    ]);
+  }
+
   function runProcessWithTimeout({ command, args, timeoutMs = 15000, allowNonZeroExitCode = false }) {
     if (typeof runProcessWithTimeoutImpl === "function") {
       return runProcessWithTimeoutImpl({ command, args, timeoutMs, allowNonZeroExitCode });
@@ -72,6 +121,16 @@ export function createVoiceTranscriptionProcessRuntime({
     if (commandPathCheckCache.has(normalized)) {
       return commandPathCheckCache.get(normalized);
     }
+    if (normalized.includes("/")) {
+      try {
+        await accessImpl(normalized, fsConstants.X_OK);
+        commandPathCheckCache.set(normalized, true);
+        return true;
+      } catch {
+        commandPathCheckCache.set(normalized, false);
+        return false;
+      }
+    }
     try {
       await runProcessWithTimeout({
         command: normalized,
@@ -101,15 +160,18 @@ export function createVoiceTranscriptionProcessRuntime({
   function listLocalWhisperCommandCandidates({ voiceConfig } = {}) {
     const provider = String(voiceConfig?.provider ?? "").trim().toLowerCase();
     const explicitCommand = String(voiceConfig?.command ?? "").trim();
-    const fallbackCandidates =
+    const fallbackCommandNames =
       provider === "local-whisper"
         ? ["whisper"]
         : provider === "local-whisper-cli"
           ? ["whisper-cli"]
           : [];
-    const candidates = explicitCommand ? [explicitCommand, ...fallbackCandidates] : fallbackCandidates;
+    const commandNames = explicitCommand
+      ? uniqueStrings([explicitCommand, ...fallbackCommandNames])
+      : uniqueStrings(fallbackCommandNames);
+    const candidates = uniqueStrings(commandNames.flatMap((command) => listCandidateCommandPaths(command)));
 
-    if (candidates.length === 0) {
+    if (commandNames.length === 0) {
       return {
         provider,
         explicitCommand,

package/src/wecom/voice-transcription.js

@@ -29,6 +29,7 @@ export function createWecomVoiceTranscriber({
   const processRuntime = createVoiceTranscriptionProcessRuntime({
     runProcessWithTimeoutImpl,
     checkCommandAvailableImpl,
+    processEnv,
   });
   const {
     runProcessWithTimeout,
@@ -206,7 +207,7 @@ export function createWecomVoiceTranscriber({
         if (voiceConfig.requireModelPath !== false && !voiceConfig.modelPath) {
           throw new Error("voiceTranscription.modelPath is required for local-whisper-cli (or set requireModelPath=false)");
         }
-        return transcribeWithWhisperCli({
+        return await transcribeWithWhisperCli({
           command,
           modelPath: voiceConfig.modelPath,
           audioPath,
@@ -217,7 +218,7 @@ export function createWecomVoiceTranscriber({
       }
 
       if (provider === "local-whisper") {
-        return transcribeWithWhisperPython({
+        return await transcribeWithWhisperPython({
           command,
           model: voiceConfig.model,
           audioPath,

package/src/wecom/webhook-adapter-normalize.js

@@ -18,6 +18,25 @@ export function dedupeUrlList(urls) {
   return out;
 }
 
+function dedupeMediaEntries(entries) {
+  const seen = new Map();
+  for (const rawEntry of Array.isArray(entries) ? entries : []) {
+    if (!rawEntry || typeof rawEntry !== "object") continue;
+    const url = normalizeToken(rawEntry.url);
+    if (!url) continue;
+    const aesKey = normalizeToken(rawEntry.aesKey);
+    const existing = seen.get(url);
+    if (!existing) {
+      seen.set(url, { url, aesKey });
+      continue;
+    }
+    if (!existing.aesKey && aesKey) {
+      seen.set(url, { url, aesKey });
+    }
+  }
+  return Array.from(seen.values());
+}
+
 export function collectWecomBotImageUrls(imageLike) {
   return dedupeUrlList([
     imageLike?.url,
@@ -28,6 +47,16 @@ export function collectWecomBotImageUrls(imageLike) {
   ]);
 }
 
+export function collectWecomBotImageEntries(imageLike) {
+  const aesKey = normalizeToken(imageLike?.aeskey || imageLike?.aes_key || imageLike?.aesKey);
+  return dedupeMediaEntries(
+    collectWecomBotImageUrls(imageLike).map((url) => ({
+      url,
+      aesKey,
+    })),
+  );
+}
+
 export function normalizeWecomBotOutboundMediaUrls(payload = {}) {
   return dedupeUrlList([
     payload?.mediaUrl,