@foxden-app/foxclaw 0.2.0

package/dist/channels/weixin/ilink/login_qr.js

@@ -0,0 +1,233 @@
+import { randomUUID } from 'node:crypto';
+import { apiGetFetch } from './api.js';
+import { FIXED_QR_BASE_URL } from './constants.js';
+import { getIlinkRuntimeContext } from './context.js';
+import { redactToken } from './redact.js';
+const ACTIVE_LOGIN_TTL_MS = 5 * 60_000;
+const QR_LONG_POLL_TIMEOUT_MS = 35_000;
+export const DEFAULT_ILINK_BOT_TYPE = '3';
+const activeLogins = new Map();
+function isLoginFresh(login) {
+    return Date.now() - login.startedAt < ACTIVE_LOGIN_TTL_MS;
+}
+function purgeExpiredLogins() {
+    for (const [id, login] of activeLogins) {
+        if (!isLoginFresh(login)) {
+            activeLogins.delete(id);
+        }
+    }
+}
+async function fetchQRCode(apiBaseUrl, botType) {
+    const log = getIlinkRuntimeContext().logger;
+    log.info(`Fetching QR code from: ${apiBaseUrl} bot_type=${botType}`);
+    const rawText = await apiGetFetch({
+        baseUrl: apiBaseUrl,
+        endpoint: `ilink/bot/get_bot_qrcode?bot_type=${encodeURIComponent(botType)}`,
+        label: 'fetchQRCode',
+    });
+    return JSON.parse(rawText);
+}
+async function pollQRStatus(apiBaseUrl, qrcode) {
+    const log = getIlinkRuntimeContext().logger;
+    log.debug(`Long-poll QR status from: ${apiBaseUrl} qrcode=***`);
+    try {
+        const rawText = await apiGetFetch({
+            baseUrl: apiBaseUrl,
+            endpoint: `ilink/bot/get_qrcode_status?qrcode=${encodeURIComponent(qrcode)}`,
+            timeoutMs: QR_LONG_POLL_TIMEOUT_MS,
+            label: 'pollQRStatus',
+        });
+        log.debug(`pollQRStatus: body=${rawText.substring(0, 200)}`);
+        return JSON.parse(rawText);
+    }
+    catch (err) {
+        if (err instanceof Error && err.name === 'AbortError') {
+            log.debug(`pollQRStatus: client-side timeout after ${QR_LONG_POLL_TIMEOUT_MS}ms, returning wait`);
+            return { status: 'wait' };
+        }
+        log.warn(`pollQRStatus: network/gateway error, will retry: ${String(err)}`);
+        return { status: 'wait' };
+    }
+}
+export async function startWeixinLoginWithQr(opts) {
+    const log = getIlinkRuntimeContext().logger;
+    const sessionKey = opts.accountId || randomUUID();
+    purgeExpiredLogins();
+    const existing = activeLogins.get(sessionKey);
+    if (!opts.force && existing && isLoginFresh(existing) && existing.qrcodeUrl) {
+        return {
+            qrcodeUrl: existing.qrcodeUrl,
+            message: '二维码已就绪，请使用微信扫描。',
+            sessionKey,
+        };
+    }
+    try {
+        const botType = opts.botType || DEFAULT_ILINK_BOT_TYPE;
+        log.info(`Starting Weixin login with bot_type=${botType}`);
+        const qrResponse = await fetchQRCode(FIXED_QR_BASE_URL, botType);
+        log.info(`QR code received, qrcode=${redactToken(qrResponse.qrcode)} imgContentLen=${qrResponse.qrcode_img_content?.length ?? 0}`);
+        const login = {
+            sessionKey,
+            id: randomUUID(),
+            qrcode: qrResponse.qrcode,
+            qrcodeUrl: qrResponse.qrcode_img_content,
+            startedAt: Date.now(),
+        };
+        activeLogins.set(sessionKey, login);
+        return {
+            qrcodeUrl: qrResponse.qrcode_img_content,
+            message: '使用微信扫描以下二维码，以完成连接。',
+            sessionKey,
+        };
+    }
+    catch (err) {
+        log.error(`Failed to start Weixin login: ${String(err)}`);
+        return {
+            message: `Failed to start login: ${String(err)}`,
+            sessionKey,
+        };
+    }
+}
+const MAX_QR_REFRESH_COUNT = 3;
+export async function waitForWeixinLogin(opts) {
+    const log = getIlinkRuntimeContext().logger;
+    const notify = opts.notify ?? (() => { });
+    const activeLogin = activeLogins.get(opts.sessionKey);
+    if (!activeLogin) {
+        log.warn(`waitForWeixinLogin: no active login sessionKey=${opts.sessionKey}`);
+        return {
+            connected: false,
+            message: '当前没有进行中的登录，请先发起登录。',
+        };
+    }
+    if (!isLoginFresh(activeLogin)) {
+        log.warn(`waitForWeixinLogin: login QR expired sessionKey=${opts.sessionKey}`);
+        activeLogins.delete(opts.sessionKey);
+        return {
+            connected: false,
+            message: '二维码已过期，请重新生成。',
+        };
+    }
+    const timeoutMs = Math.max(opts.timeoutMs ?? 480_000, 1000);
+    const deadline = Date.now() + timeoutMs;
+    let scannedPrinted = false;
+    let qrRefreshCount = 1;
+    activeLogin.currentApiBaseUrl = FIXED_QR_BASE_URL;
+    log.info('Starting to poll QR code status...');
+    while (Date.now() < deadline) {
+        try {
+            const currentBaseUrl = activeLogin.currentApiBaseUrl ?? FIXED_QR_BASE_URL;
+            const statusResponse = await pollQRStatus(currentBaseUrl, activeLogin.qrcode);
+            log.debug(`pollQRStatus: status=${statusResponse.status} hasBotToken=${Boolean(statusResponse.bot_token)} hasBotId=${Boolean(statusResponse.ilink_bot_id)}`);
+            activeLogin.status = statusResponse.status;
+            switch (statusResponse.status) {
+                case 'wait':
+                    if (opts.verbose) {
+                        notify('.');
+                    }
+                    break;
+                case 'scaned':
+                    if (!scannedPrinted) {
+                        notify('\n已扫码，请在微信中继续操作...\n');
+                        scannedPrinted = true;
+                    }
+                    break;
+                case 'expired': {
+                    qrRefreshCount++;
+                    if (qrRefreshCount > MAX_QR_REFRESH_COUNT) {
+                        log.warn(`waitForWeixinLogin: QR expired ${MAX_QR_REFRESH_COUNT} times, giving up sessionKey=${opts.sessionKey}`);
+                        activeLogins.delete(opts.sessionKey);
+                        return {
+                            connected: false,
+                            message: '登录超时：二维码多次过期，请重新开始登录流程。',
+                        };
+                    }
+                    notify(`\n二维码已过期，正在刷新...(${qrRefreshCount}/${MAX_QR_REFRESH_COUNT})\n`);
+                    log.info(`waitForWeixinLogin: QR expired, refreshing (${qrRefreshCount}/${MAX_QR_REFRESH_COUNT})`);
+                    try {
+                        const botType = opts.botType || DEFAULT_ILINK_BOT_TYPE;
+                        const qrResponse = await fetchQRCode(FIXED_QR_BASE_URL, botType);
+                        activeLogin.qrcode = qrResponse.qrcode;
+                        activeLogin.qrcodeUrl = qrResponse.qrcode_img_content;
+                        activeLogin.startedAt = Date.now();
+                        scannedPrinted = false;
+                        log.info(`waitForWeixinLogin: new QR code obtained qrcode=${redactToken(qrResponse.qrcode)}`);
+                        notify('新二维码已生成，请重新扫描\n\n');
+                        activeLogins.set(opts.sessionKey, activeLogin);
+                        opts.onQrRefreshed?.(qrResponse.qrcode_img_content);
+                    }
+                    catch (refreshErr) {
+                        log.error(`waitForWeixinLogin: failed to refresh QR code: ${String(refreshErr)}`);
+                        activeLogins.delete(opts.sessionKey);
+                        return {
+                            connected: false,
+                            message: `刷新二维码失败: ${String(refreshErr)}`,
+                        };
+                    }
+                    break;
+                }
+                case 'scaned_but_redirect': {
+                    const redirectHost = statusResponse.redirect_host;
+                    if (redirectHost) {
+                        const newBaseUrl = `https://${redirectHost}`;
+                        activeLogin.currentApiBaseUrl = newBaseUrl;
+                        log.info(`waitForWeixinLogin: IDC redirect, switching polling host to ${redirectHost}`);
+                    }
+                    else {
+                        log.warn(`waitForWeixinLogin: received scaned_but_redirect but redirect_host is missing, continuing with current host`);
+                    }
+                    break;
+                }
+                case 'confirmed': {
+                    if (!statusResponse.ilink_bot_id) {
+                        activeLogins.delete(opts.sessionKey);
+                        log.error('Login confirmed but ilink_bot_id missing from response');
+                        return {
+                            connected: false,
+                            message: '登录失败：服务器未返回 ilink_bot_id。',
+                        };
+                    }
+                    const botToken = statusResponse.bot_token?.trim();
+                    if (!botToken) {
+                        activeLogins.delete(opts.sessionKey);
+                        log.error('Login confirmed but bot_token missing from response');
+                        return {
+                            connected: false,
+                            message: '登录失败：服务器未返回 bot_token。',
+                        };
+                    }
+                    activeLogin.botToken = botToken;
+                    activeLogins.delete(opts.sessionKey);
+                    log.info(`Login confirmed ilink_bot_id=${statusResponse.ilink_bot_id} ilink_user_id=${redactToken(statusResponse.ilink_user_id)}`);
+                    return {
+                        connected: true,
+                        botToken,
+                        accountId: statusResponse.ilink_bot_id,
+                        message: '与微信连接成功。',
+                        ...(statusResponse.baseurl !== undefined && statusResponse.baseurl !== ''
+                            ? { baseUrl: statusResponse.baseurl }
+                            : {}),
+                        ...(statusResponse.ilink_user_id !== undefined
+                            ? { userId: statusResponse.ilink_user_id }
+                            : {}),
+                    };
+                }
+            }
+        }
+        catch (err) {
+            log.error(`Error polling QR status: ${String(err)}`);
+            activeLogins.delete(opts.sessionKey);
+            return {
+                connected: false,
+                message: `Login failed: ${String(err)}`,
+            };
+        }
+        await new Promise((r) => setTimeout(r, 1000));
+    }
+    log.warn(`waitForWeixinLogin: timed out waiting for QR scan sessionKey=${opts.sessionKey} timeoutMs=${timeoutMs}`);
+    activeLogins.delete(opts.sessionKey);
+    return {
+        connected: false,
+        message: '登录超时，请重试。',
+    };
+}

package/dist/channels/weixin/ilink/media_image.d.ts

@@ -0,0 +1,11 @@
+import type { MessageItem } from './types.js';
+/**
+ * Download and decrypt a single IMAGE MessageItem to a local file.
+ * Returns undefined if not an image or missing CDN refs.
+ */
+export declare function downloadWeixinImageItemToFile(params: {
+    item: MessageItem;
+    cdnBaseUrl: string;
+    destDir: string;
+    label?: string;
+}): Promise<string | undefined>;

package/dist/channels/weixin/ilink/media_image.js

@@ -0,0 +1,44 @@
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import { getIlinkRuntimeContext } from './context.js';
+import { downloadAndDecryptBuffer, downloadPlainCdnBuffer } from './pic_decrypt.js';
+import { MessageItemType } from './types.js';
+import { tempFileName } from './random.js';
+const WEIXIN_IMAGE_MAX_BYTES = 20 * 1024 * 1024;
+/**
+ * Download and decrypt a single IMAGE MessageItem to a local file.
+ * Returns undefined if not an image or missing CDN refs.
+ */
+export async function downloadWeixinImageItemToFile(params) {
+    const log = getIlinkRuntimeContext().logger;
+    const { item, cdnBaseUrl, destDir, label = 'weixin-image' } = params;
+    if (item.type !== MessageItemType.IMAGE) {
+        return undefined;
+    }
+    const img = item.image_item;
+    if (!img?.media?.encrypt_query_param && !img?.media?.full_url) {
+        return undefined;
+    }
+    const aesKeyBase64 = img.aeskey
+        ? Buffer.from(img.aeskey, 'hex').toString('base64')
+        : img.media?.aes_key;
+    try {
+        const buf = aesKeyBase64
+            ? await downloadAndDecryptBuffer(img.media.encrypt_query_param ?? '', aesKeyBase64, cdnBaseUrl, `${label} image`, img.media?.full_url)
+            : await downloadPlainCdnBuffer(img.media.encrypt_query_param ?? '', cdnBaseUrl, `${label} image-plain`, img.media?.full_url);
+        if (buf.length > WEIXIN_IMAGE_MAX_BYTES) {
+            log.warn(`${label}: image too large ${buf.length} bytes, skipping`);
+            return undefined;
+        }
+        await fs.mkdir(destDir, { recursive: true });
+        const name = tempFileName('weixin-inbound', '.bin');
+        const filePath = path.join(destDir, name);
+        await fs.writeFile(filePath, buf);
+        log.debug(`${label}: saved image to ${filePath} bytes=${buf.length}`);
+        return filePath;
+    }
+    catch (err) {
+        log.error(`${label}: image download/decrypt failed: ${String(err)}`);
+        return undefined;
+    }
+}

package/dist/channels/weixin/ilink/mime.d.ts

@@ -0,0 +1,3 @@
+export declare function getMimeFromFilename(filename: string): string;
+export declare function getExtensionFromMime(mimeType: string): string;
+export declare function getExtensionFromContentTypeOrUrl(contentType: string | null, url: string): string;

package/dist/channels/weixin/ilink/mime.js

@@ -0,0 +1,36 @@
+import path from 'node:path';
+const EXTENSION_TO_MIME = {
+    '.png': 'image/png',
+    '.jpg': 'image/jpeg',
+    '.jpeg': 'image/jpeg',
+    '.gif': 'image/gif',
+    '.webp': 'image/webp',
+    '.bmp': 'image/bmp',
+    '.pdf': 'application/pdf',
+    '.txt': 'text/plain',
+    '.zip': 'application/zip',
+};
+const MIME_TO_EXTENSION = {
+    'image/jpeg': '.jpg',
+    'image/png': '.png',
+    'image/gif': '.gif',
+    'image/webp': '.webp',
+    'image/bmp': '.bmp',
+};
+export function getMimeFromFilename(filename) {
+    const ext = path.extname(filename).toLowerCase();
+    return EXTENSION_TO_MIME[ext] ?? 'application/octet-stream';
+}
+export function getExtensionFromMime(mimeType) {
+    const ct = mimeType.split(';')[0].trim().toLowerCase();
+    return MIME_TO_EXTENSION[ct] ?? '.bin';
+}
+export function getExtensionFromContentTypeOrUrl(contentType, url) {
+    if (contentType) {
+        const ext = getExtensionFromMime(contentType);
+        if (ext !== '.bin')
+            return ext;
+    }
+    const ext = path.extname(new URL(url).pathname).toLowerCase();
+    return EXTENSION_TO_MIME[ext] ? ext : '.bin';
+}

package/dist/channels/weixin/ilink/pic_decrypt.d.ts

@@ -0,0 +1,2 @@
+export declare function downloadAndDecryptBuffer(encryptedQueryParam: string, aesKeyBase64: string, cdnBaseUrl: string, label: string, fullUrl?: string): Promise<Buffer>;
+export declare function downloadPlainCdnBuffer(encryptedQueryParam: string, cdnBaseUrl: string, label: string, fullUrl?: string): Promise<Buffer>;

package/dist/channels/weixin/ilink/pic_decrypt.js

@@ -0,0 +1,56 @@
+import { decryptAesEcb } from './aes_ecb.js';
+import { buildCdnDownloadUrl, ENABLE_CDN_URL_FALLBACK } from './cdn_url.js';
+import { getIlinkRuntimeContext } from './context.js';
+async function fetchCdnBytes(url, label) {
+    const log = getIlinkRuntimeContext().logger;
+    const res = await fetch(url);
+    log.debug(`${label}: response status=${res.status} ok=${res.ok}`);
+    if (!res.ok) {
+        const body = await res.text().catch(() => '(unreadable)');
+        throw new Error(`${label}: CDN download ${res.status} ${res.statusText} body=${body}`);
+    }
+    return Buffer.from(await res.arrayBuffer());
+}
+function parseAesKey(aesKeyBase64, label) {
+    const decoded = Buffer.from(aesKeyBase64, 'base64');
+    if (decoded.length === 16) {
+        return decoded;
+    }
+    if (decoded.length === 32 && /^[0-9a-fA-F]{32}$/.test(decoded.toString('ascii'))) {
+        return Buffer.from(decoded.toString('ascii'), 'hex');
+    }
+    throw new Error(`${label}: invalid aes_key encoding`);
+}
+export async function downloadAndDecryptBuffer(encryptedQueryParam, aesKeyBase64, cdnBaseUrl, label, fullUrl) {
+    const log = getIlinkRuntimeContext().logger;
+    const key = parseAesKey(aesKeyBase64, label);
+    let url;
+    if (fullUrl) {
+        url = fullUrl;
+    }
+    else if (ENABLE_CDN_URL_FALLBACK) {
+        url = buildCdnDownloadUrl(encryptedQueryParam, cdnBaseUrl);
+    }
+    else {
+        throw new Error(`${label}: fullUrl is required`);
+    }
+    log.debug(`${label}: fetching url=${url}`);
+    const encrypted = await fetchCdnBytes(url, label);
+    const decrypted = decryptAesEcb(encrypted, key);
+    return decrypted;
+}
+export async function downloadPlainCdnBuffer(encryptedQueryParam, cdnBaseUrl, label, fullUrl) {
+    const log = getIlinkRuntimeContext().logger;
+    let url;
+    if (fullUrl) {
+        url = fullUrl;
+    }
+    else if (ENABLE_CDN_URL_FALLBACK) {
+        url = buildCdnDownloadUrl(encryptedQueryParam, cdnBaseUrl);
+    }
+    else {
+        throw new Error(`${label}: fullUrl is required`);
+    }
+    log.debug(`${label}: fetching url=${url}`);
+    return fetchCdnBytes(url, label);
+}

package/dist/channels/weixin/ilink/random.d.ts

@@ -0,0 +1,2 @@
+export declare function generateId(prefix: string): string;
+export declare function tempFileName(prefix: string, ext: string): string;

package/dist/channels/weixin/ilink/random.js

@@ -0,0 +1,7 @@
+import crypto from 'node:crypto';
+export function generateId(prefix) {
+    return `${prefix}:${Date.now()}-${crypto.randomBytes(4).toString('hex')}`;
+}
+export function tempFileName(prefix, ext) {
+    return `${prefix}-${Date.now()}-${crypto.randomBytes(4).toString('hex')}${ext}`;
+}

package/dist/channels/weixin/ilink/redact.d.ts

@@ -0,0 +1,4 @@
+export declare function truncate(s: string | undefined, max: number): string;
+export declare function redactToken(token: string | undefined, prefixLen?: number): string;
+export declare function redactBody(body: string | undefined, maxLen?: number): string;
+export declare function redactUrl(rawUrl: string): string;

package/dist/channels/weixin/ilink/redact.js

@@ -0,0 +1,34 @@
+const DEFAULT_BODY_MAX_LEN = 200;
+const DEFAULT_TOKEN_PREFIX_LEN = 6;
+export function truncate(s, max) {
+    if (!s)
+        return '';
+    if (s.length <= max)
+        return s;
+    return `${s.slice(0, max)}…(len=${s.length})`;
+}
+export function redactToken(token, prefixLen = DEFAULT_TOKEN_PREFIX_LEN) {
+    if (!token)
+        return '(none)';
+    if (token.length <= prefixLen)
+        return `****(len=${token.length})`;
+    return `${token.slice(0, prefixLen)}…(len=${token.length})`;
+}
+export function redactBody(body, maxLen = DEFAULT_BODY_MAX_LEN) {
+    if (!body)
+        return '(empty)';
+    const redacted = body.replace(/"(context_token|bot_token|token|authorization|Authorization)"\s*:\s*"[^"]*"/g, '"$1":"<redacted>"');
+    if (redacted.length <= maxLen)
+        return redacted;
+    return `${redacted.slice(0, maxLen)}…(truncated, totalLen=${redacted.length})`;
+}
+export function redactUrl(rawUrl) {
+    try {
+        const u = new URL(rawUrl);
+        const base = `${u.origin}${u.pathname}`;
+        return u.search ? `${base}?<redacted>` : base;
+    }
+    catch {
+        return truncate(rawUrl, 80);
+    }
+}

package/dist/channels/weixin/ilink/runtime_attach.d.ts

@@ -0,0 +1,3 @@
+import type { Logger } from '../../../logger.js';
+/** Wire bridge {@link Logger} and package version into iLink HTTP helpers. */
+export declare function attachIlinkRuntimeFromBridgeLogger(logger: Logger, routeTag?: string | null): void;

package/dist/channels/weixin/ilink/runtime_attach.js

@@ -0,0 +1,13 @@
+import { BRIDGE_PACKAGE_VERSION, ILINK_APP_CLIENT_VERSION, ILINK_APP_ID } from './constants.js';
+import { setIlinkRuntimeContext } from './context.js';
+/** Wire bridge {@link Logger} and package version into iLink HTTP helpers. */
+export function attachIlinkRuntimeFromBridgeLogger(logger, routeTag) {
+    const trimmed = routeTag?.trim();
+    setIlinkRuntimeContext({
+        logger,
+        channelVersion: BRIDGE_PACKAGE_VERSION,
+        ilinkAppId: ILINK_APP_ID,
+        ilinkAppClientVersion: ILINK_APP_CLIENT_VERSION,
+        ...(trimmed ? { routeTag: trimmed } : {}),
+    });
+}

package/dist/channels/weixin/ilink/send.d.ts

@@ -0,0 +1,21 @@
+import type { WeixinApiOptions } from './api.js';
+import type { UploadedFileInfo } from './upload.js';
+export declare function sendMessageWeixin(params: {
+    to: string;
+    text: string;
+    opts: WeixinApiOptions & {
+        contextToken?: string;
+    };
+}): Promise<{
+    messageId: string;
+}>;
+export declare function sendImageMessageWeixin(params: {
+    to: string;
+    text: string;
+    uploaded: UploadedFileInfo;
+    opts: WeixinApiOptions & {
+        contextToken?: string;
+    };
+}): Promise<{
+    messageId: string;
+}>;

package/dist/channels/weixin/ilink/send.js

@@ -0,0 +1,108 @@
+import { sendMessage as sendMessageApi } from './api.js';
+import { getIlinkRuntimeContext } from './context.js';
+import { generateId } from './random.js';
+import { MessageItemType, MessageState, MessageType } from './types.js';
+function generateClientId() {
+    return generateId('bridge-weixin');
+}
+function buildTextMessageReq(params) {
+    const { to, text, contextToken, clientId } = params;
+    const item_list = text ? [{ type: MessageItemType.TEXT, text_item: { text } }] : [];
+    const msg = {
+        from_user_id: '',
+        to_user_id: to,
+        client_id: clientId,
+        message_type: MessageType.BOT,
+        message_state: MessageState.FINISH,
+        ...(item_list.length > 0 ? { item_list } : {}),
+        ...(contextToken !== undefined && contextToken !== '' ? { context_token: contextToken } : {}),
+    };
+    return { msg };
+}
+export async function sendMessageWeixin(params) {
+    const log = getIlinkRuntimeContext().logger;
+    const { to, text, opts } = params;
+    if (!opts.contextToken) {
+        log.warn(`sendMessageWeixin: contextToken missing for to=${to}, sending without context`);
+    }
+    const clientId = generateClientId();
+    const req = buildTextMessageReq({
+        to,
+        text,
+        clientId,
+        ...(opts.contextToken !== undefined && opts.contextToken !== '' ? { contextToken: opts.contextToken } : {}),
+    });
+    try {
+        await sendMessageApi({
+            baseUrl: opts.baseUrl,
+            body: req,
+            ...(opts.timeoutMs !== undefined ? { timeoutMs: opts.timeoutMs } : {}),
+            ...(opts.token !== undefined && opts.token !== '' ? { token: opts.token } : {}),
+        });
+    }
+    catch (err) {
+        log.error(`sendMessageWeixin: failed to=${to} clientId=${clientId} err=${String(err)}`);
+        throw err;
+    }
+    return { messageId: clientId };
+}
+async function sendMediaItems(params) {
+    const log = getIlinkRuntimeContext().logger;
+    const { to, text, mediaItem, opts, label } = params;
+    const items = [];
+    if (text) {
+        items.push({ type: MessageItemType.TEXT, text_item: { text } });
+    }
+    items.push(mediaItem);
+    let lastClientId = '';
+    for (const item of items) {
+        lastClientId = generateClientId();
+        const msg = {
+            from_user_id: '',
+            to_user_id: to,
+            client_id: lastClientId,
+            message_type: MessageType.BOT,
+            message_state: MessageState.FINISH,
+            item_list: [item],
+            ...(opts.contextToken !== undefined && opts.contextToken !== '' ? { context_token: opts.contextToken } : {}),
+        };
+        const req = { msg };
+        try {
+            await sendMessageApi({
+                baseUrl: opts.baseUrl,
+                body: req,
+                ...(opts.timeoutMs !== undefined ? { timeoutMs: opts.timeoutMs } : {}),
+                ...(opts.token !== undefined && opts.token !== '' ? { token: opts.token } : {}),
+            });
+        }
+        catch (err) {
+            log.error(`${label}: failed to=${to} clientId=${lastClientId} err=${String(err)}`);
+            throw err;
+        }
+    }
+    log.info(`${label}: success to=${to} clientId=${lastClientId}`);
+    return { messageId: lastClientId };
+}
+function uploadedAesKeyBase64(uploaded) {
+    return Buffer.from(uploaded.aeskey, 'hex').toString('base64');
+}
+export async function sendImageMessageWeixin(params) {
+    const log = getIlinkRuntimeContext().logger;
+    const { to, text, uploaded, opts } = params;
+    if (!opts.contextToken) {
+        log.warn(`sendImageMessageWeixin: contextToken missing for to=${to}, sending without context`);
+    }
+    log.info(`sendImageMessageWeixin: to=${to} filekey=${uploaded.filekey} fileSize=${uploaded.fileSize} aeskey=present`);
+    const imageItem = {
+        type: MessageItemType.IMAGE,
+        image_item: {
+            media: {
+                encrypt_query_param: uploaded.downloadEncryptedQueryParam,
+                aes_key: uploadedAesKeyBase64(uploaded),
+                encrypt_type: 1,
+            },
+            mid_size: uploaded.fileSizeCiphertext,
+        },
+    };
+    return sendMediaItems({ to, text, mediaItem: imageItem, opts, label: 'sendImageMessageWeixin' });
+}

package/dist/channels/weixin/ilink/session_guard.d.ts

@@ -0,0 +1,6 @@
+export declare const SESSION_EXPIRED_ERRCODE = -14;
+export declare function pauseSession(accountId: string): void;
+export declare function isSessionPaused(accountId: string): boolean;
+export declare function getRemainingPauseMs(accountId: string): number;
+export declare function assertSessionActive(accountId: string): void;
+export declare function resetSessionGuardForTest(): void;

package/dist/channels/weixin/ilink/session_guard.js

@@ -0,0 +1,39 @@
+import { getIlinkRuntimeContext } from './context.js';
+const SESSION_PAUSE_DURATION_MS = 60 * 60 * 1000;
+export const SESSION_EXPIRED_ERRCODE = -14;
+const pauseUntilMap = new Map();
+export function pauseSession(accountId) {
+    const until = Date.now() + SESSION_PAUSE_DURATION_MS;
+    pauseUntilMap.set(accountId, until);
+    getIlinkRuntimeContext().logger.info(`session-guard: paused accountId=${accountId} until=${new Date(until).toISOString()}`);
+}
+export function isSessionPaused(accountId) {
+    const until = pauseUntilMap.get(accountId);
+    if (until === undefined)
+        return false;
+    if (Date.now() >= until) {
+        pauseUntilMap.delete(accountId);
+        return false;
+    }
+    return true;
+}
+export function getRemainingPauseMs(accountId) {
+    const until = pauseUntilMap.get(accountId);
+    if (until === undefined)
+        return 0;
+    const remaining = until - Date.now();
+    if (remaining <= 0) {
+        pauseUntilMap.delete(accountId);
+        return 0;
+    }
+    return remaining;
+}
+export function assertSessionActive(accountId) {
+    if (isSessionPaused(accountId)) {
+        const remainingMin = Math.ceil(getRemainingPauseMs(accountId) / 60_000);
+        throw new Error(`session paused for accountId=${accountId}, ${remainingMin} min remaining (errcode ${SESSION_EXPIRED_ERRCODE})`);
+    }
+}
+export function resetSessionGuardForTest() {
+    pauseUntilMap.clear();
+}