@ihazz/bitrix24 0.1.5 → 0.1.6

package/src/media-service.ts

@@ -0,0 +1,186 @@
+import { randomUUID } from 'node:crypto';
+import { writeFile, readFile, mkdir } from 'node:fs/promises';
+import { tmpdir } from 'node:os';
+import { join, basename } from 'node:path';
+import { Bitrix24Api } from './api.js';
+import { defaultLogger } from './utils.js';
+
+interface Logger {
+  info: (...args: unknown[]) => void;
+  warn: (...args: unknown[]) => void;
+  error: (...args: unknown[]) => void;
+  debug: (...args: unknown[]) => void;
+}
+
+export interface DownloadedMedia {
+  path: string;
+  contentType: string;
+  name: string;
+}
+
+const MIME_MAP: Record<string, string> = {
+  jpg: 'image/jpeg',
+  jpeg: 'image/jpeg',
+  png: 'image/png',
+  gif: 'image/gif',
+  webp: 'image/webp',
+  svg: 'image/svg+xml',
+  bmp: 'image/bmp',
+  ico: 'image/x-icon',
+  tiff: 'image/tiff',
+  tif: 'image/tiff',
+  mp4: 'video/mp4',
+  webm: 'video/webm',
+  avi: 'video/x-msvideo',
+  mov: 'video/quicktime',
+  mkv: 'video/x-matroska',
+  mp3: 'audio/mpeg',
+  wav: 'audio/wav',
+  ogg: 'audio/ogg',
+  flac: 'audio/flac',
+  pdf: 'application/pdf',
+  doc: 'application/msword',
+  docx: 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+  xls: 'application/vnd.ms-excel',
+  xlsx: 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+  ppt: 'application/vnd.ms-powerpoint',
+  pptx: 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
+  zip: 'application/zip',
+  rar: 'application/x-rar-compressed',
+  gz: 'application/gzip',
+  tar: 'application/x-tar',
+  txt: 'text/plain',
+  csv: 'text/csv',
+  html: 'text/html',
+  css: 'text/css',
+  js: 'application/javascript',
+  json: 'application/json',
+  xml: 'application/xml',
+};
+
+function mimeFromExtension(ext: string): string {
+  return MIME_MAP[ext.toLowerCase()] ?? 'application/octet-stream';
+}
+
+const MEDIA_DIR = join(tmpdir(), 'openclaw-b24-media');
+
+export class MediaService {
+  private api: Bitrix24Api;
+  private logger: Logger;
+  private dirReady = false;
+
+  constructor(api: Bitrix24Api, logger?: Logger) {
+    this.api = api;
+    this.logger = logger ?? defaultLogger;
+  }
+
+  private async ensureDir(): Promise<void> {
+    if (this.dirReady) return;
+    await mkdir(MEDIA_DIR, { recursive: true });
+    this.dirReady = true;
+  }
+
+  /**
+   * Download a file from B24 and save it locally.
+   * Uses the user's access token to call disk.file.get for the download URL.
+   */
+  async downloadMedia(params: {
+    fileId: string;
+    fileName: string;
+    extension: string;
+    clientEndpoint: string;
+    userToken: string;
+  }): Promise<DownloadedMedia | null> {
+    const { fileId, fileName, extension, clientEndpoint, userToken } = params;
+
+    try {
+      // Get download URL from B24 REST API
+      const fileInfo = await this.api.getFileInfo(
+        clientEndpoint,
+        userToken,
+        Number(fileId),
+      );
+
+      const downloadUrl = fileInfo.DOWNLOAD_URL;
+      if (!downloadUrl) {
+        this.logger.warn('No DOWNLOAD_URL for file', { fileId });
+        return null;
+      }
+
+      // Download the file
+      const response = await fetch(downloadUrl);
+      if (!response.ok) {
+        this.logger.warn('Failed to download file', {
+          fileId,
+          status: response.status,
+        });
+        return null;
+      }
+
+      const buffer = Buffer.from(await response.arrayBuffer());
+
+      // Save to temp directory with UUID prefix for uniqueness
+      await this.ensureDir();
+      const savePath = join(MEDIA_DIR, `${randomUUID()}_${fileName}`);
+      await writeFile(savePath, buffer);
+
+      const contentType = mimeFromExtension(extension);
+      this.logger.debug('Downloaded media', {
+        fileId,
+        fileName,
+        contentType,
+        size: buffer.length,
+        path: savePath,
+      });
+
+      return { path: savePath, contentType, name: fileName };
+    } catch (err) {
+      this.logger.error('Error downloading media', { fileId, error: err });
+      return null;
+    }
+  }
+
+  /**
+   * Upload a local file to a B24 chat.
+   * 3-step process: get folder → upload → commit.
+   */
+  async uploadMediaToChat(params: {
+    localPath: string;
+    fileName: string;
+    chatId: number;
+    clientEndpoint: string;
+    botToken: string;
+  }): Promise<boolean> {
+    const { localPath, fileName, chatId, clientEndpoint, botToken } = params;
+
+    try {
+      // Read the file
+      const content = await readFile(localPath);
+
+      // Step 1: Get chat folder
+      const folderId = await this.api.getChatFolder(clientEndpoint, botToken, chatId);
+
+      // Step 2: Upload file (base64)
+      const diskId = await this.api.uploadFile(
+        clientEndpoint,
+        botToken,
+        folderId,
+        fileName,
+        content,
+      );
+
+      // Step 3: Publish to chat
+      await this.api.commitFileToChat(clientEndpoint, botToken, chatId, diskId);
+
+      this.logger.debug('Uploaded media to chat', { fileName, chatId, diskId });
+      return true;
+    } catch (err) {
+      this.logger.error('Error uploading media to chat', {
+        fileName,
+        chatId,
+        error: err,
+      });
+      return false;
+    }
+  }
+}

package/src/runtime.ts

@@ -6,6 +6,13 @@ interface ReplyPayload {
   channelData?: Record<string, unknown>;
 }
 
+/** Adapter provided by the channel plugin for pairing support */
+export interface ChannelPairingAdapter {
+  idLabel: string;
+  normalizeAllowEntry?: (entry: string) => string;
+  notifyApproval?: (params: { cfg: Record<string, unknown>; id: string; runtime?: unknown }) => Promise<void>;
+}
+
 export interface PluginRuntime {
   config: {
     loadConfig: () => Record<string, unknown>;
@@ -50,6 +57,22 @@ export interface PluginRuntime {
       recordInboundSession: (params: Record<string, unknown>) => Promise<void>;
       [key: string]: unknown;
     };
+    pairing: {
+      readAllowFromStore: (channel: string, env: string, accountId: string) => Promise<string[]>;
+      upsertPairingRequest: (params: {
+        channel: string;
+        id: string;
+        accountId: string;
+        meta?: Record<string, unknown>;
+        pairingAdapter: ChannelPairingAdapter;
+      }) => Promise<{ code: string; created: boolean }>;
+      buildPairingReply: (params: {
+        code: string;
+        channel: string;
+        accountId: string;
+      }) => { text: string };
+      [key: string]: unknown;
+    };
     [key: string]: unknown;
   };
   logging: {

package/src/types.ts

@@ -293,6 +293,7 @@ export interface B24MediaItem {
   extension: string;
   size: number;
   type: 'image' | 'file';
+  urlDownload?: string;
 }
 
 // ─── Portal State ────────────────────────────────────────────────────────────

package/tests/access-control.test.ts

@@ -1,5 +1,6 @@
-import { describe, it, expect } from 'vitest';
-import { checkAccess, normalizeAllowEntry } from '../src/access-control.js';
+import { describe, it, expect, vi } from 'vitest';
+import { checkAccess, normalizeAllowEntry, checkAccessWithPairing } from '../src/access-control.js';
+import type { PluginRuntime, ChannelPairingAdapter } from '../src/runtime.js';
 
 describe('normalizeAllowEntry', () => {
   it('strips bitrix24: prefix', () => {
@@ -14,6 +15,12 @@ describe('normalizeAllowEntry', () => {
     expect(normalizeAllowEntry('bx24:7')).toBe('7');
   });
 
+  it('strips prefixes case-insensitively', () => {
+    expect(normalizeAllowEntry('Bitrix24:42')).toBe('42');
+    expect(normalizeAllowEntry('B24:100')).toBe('100');
+    expect(normalizeAllowEntry('BX24:7')).toBe('7');
+  });
+
   it('returns plain ID as-is', () => {
     expect(normalizeAllowEntry('42')).toBe('42');
   });
@@ -29,8 +36,8 @@ describe('checkAccess', () => {
     expect(checkAccess('999', { dmPolicy: 'open' })).toBe(true);
   });
 
-  it('defaults to open when no policy set', () => {
-    expect(checkAccess('1', {})).toBe(true);
+  it('defaults to pairing (returns false without runtime)', () => {
+    expect(checkAccess('1', {})).toBe(false);
   });
 
   it('allows listed users in allowlist mode', () => {
@@ -61,7 +68,172 @@ describe('checkAccess', () => {
     expect(checkAccess('1', config)).toBe(false);
   });
 
-  it('treats pairing as open (post-MVP)', () => {
-    expect(checkAccess('1', { dmPolicy: 'pairing' })).toBe(true);
+  it('returns false for pairing mode (requires runtime)', () => {
+    expect(checkAccess('1', { dmPolicy: 'pairing' })).toBe(false);
+  });
+});
+
+// ─── checkAccessWithPairing ─────────────────────────────────────────────────
+
+function makeMockRuntime(storeAllowFrom: string[] = []): PluginRuntime {
+  return {
+    config: { loadConfig: () => ({}) },
+    channel: {
+      routing: { resolveAgentRoute: vi.fn() },
+      reply: {
+        finalizeInboundContext: vi.fn(),
+        dispatchReplyWithBufferedBlockDispatcher: vi.fn(),
+      },
+      session: { recordInboundSession: vi.fn() },
+      pairing: {
+        readAllowFromStore: vi.fn().mockResolvedValue(storeAllowFrom),
+        upsertPairingRequest: vi.fn().mockResolvedValue({ code: 'ABCD1234', created: true }),
+        buildPairingReply: vi.fn().mockReturnValue({ text: 'Your pairing code: ABCD1234' }),
+      },
+    },
+    logging: { getChildLogger: () => ({ info: vi.fn(), warn: vi.fn(), error: vi.fn(), debug: vi.fn() }) },
+  } as unknown as PluginRuntime;
+}
+
+const mockAdapter: ChannelPairingAdapter = {
+  idLabel: 'bitrix24UserId',
+  normalizeAllowEntry: (entry) => entry.replace(/^(bitrix24|b24|bx24):/i, ''),
+};
+
+const silentLogger = { debug: () => {} };
+
+describe('checkAccessWithPairing', () => {
+  it('returns allow for open policy', async () => {
+    const runtime = makeMockRuntime();
+    const result = await checkAccessWithPairing({
+      senderId: '1',
+      config: { dmPolicy: 'open' },
+      runtime,
+      accountId: 'default',
+      pairingAdapter: mockAdapter,
+      sendReply: vi.fn(),
+      logger: silentLogger,
+    });
+    expect(result).toBe('allow');
+    // Should NOT read store for open policy
+    expect(runtime.channel.pairing.readAllowFromStore).not.toHaveBeenCalled();
+  });
+
+  it('returns allow when sender is in config allowFrom', async () => {
+    const runtime = makeMockRuntime();
+    const result = await checkAccessWithPairing({
+      senderId: '42',
+      config: { dmPolicy: 'pairing', allowFrom: ['42'] },
+      runtime,
+      accountId: 'default',
+      pairingAdapter: mockAdapter,
+      sendReply: vi.fn(),
+      logger: silentLogger,
+    });
+    expect(result).toBe('allow');
+  });
+
+  it('returns allow when sender is in file store', async () => {
+    const runtime = makeMockRuntime(['42']);
+    const result = await checkAccessWithPairing({
+      senderId: '42',
+      config: { dmPolicy: 'pairing' },
+      runtime,
+      accountId: 'default',
+      pairingAdapter: mockAdapter,
+      sendReply: vi.fn(),
+      logger: silentLogger,
+    });
+    expect(result).toBe('allow');
+  });
+
+  it('merges config and store allowFrom (deduped)', async () => {
+    const runtime = makeMockRuntime(['42', '99']);
+    const result = await checkAccessWithPairing({
+      senderId: '99',
+      config: { dmPolicy: 'allowlist', allowFrom: ['42'] },
+      runtime,
+      accountId: 'default',
+      pairingAdapter: mockAdapter,
+      sendReply: vi.fn(),
+      logger: silentLogger,
+    });
+    expect(result).toBe('allow');
+  });
+
+  it('returns deny for allowlist when sender not in merged list', async () => {
+    const runtime = makeMockRuntime(['42']);
+    const result = await checkAccessWithPairing({
+      senderId: '999',
+      config: { dmPolicy: 'allowlist', allowFrom: ['1'] },
+      runtime,
+      accountId: 'default',
+      pairingAdapter: mockAdapter,
+      sendReply: vi.fn(),
+      logger: silentLogger,
+    });
+    expect(result).toBe('deny');
+  });
+
+  it('upserts pairing request and sends reply for new pairing', async () => {
+    const runtime = makeMockRuntime();
+    const sendReply = vi.fn();
+    const result = await checkAccessWithPairing({
+      senderId: '77',
+      config: { dmPolicy: 'pairing' },
+      runtime,
+      accountId: 'default',
+      pairingAdapter: mockAdapter,
+      sendReply,
+      logger: silentLogger,
+    });
+    expect(result).toBe('pairing');
+    expect(runtime.channel.pairing.upsertPairingRequest).toHaveBeenCalledWith({
+      channel: 'bitrix24',
+      id: '77',
+      accountId: 'default',
+      meta: {},
+      pairingAdapter: mockAdapter,
+    });
+    expect(runtime.channel.pairing.buildPairingReply).toHaveBeenCalledWith({
+      code: 'ABCD1234',
+      channel: 'bitrix24',
+      accountId: 'default',
+    });
+    expect(sendReply).toHaveBeenCalledWith('Your pairing code: ABCD1234');
+  });
+
+  it('does not send reply for duplicate pairing request', async () => {
+    const runtime = makeMockRuntime();
+    (runtime.channel.pairing.upsertPairingRequest as ReturnType<typeof vi.fn>).mockResolvedValue({
+      code: 'ABCD1234',
+      created: false,
+    });
+    const sendReply = vi.fn();
+    const result = await checkAccessWithPairing({
+      senderId: '77',
+      config: { dmPolicy: 'pairing' },
+      runtime,
+      accountId: 'default',
+      pairingAdapter: mockAdapter,
+      sendReply,
+      logger: silentLogger,
+    });
+    expect(result).toBe('pairing');
+    expect(sendReply).not.toHaveBeenCalled();
+  });
+
+  it('normalizes config allowFrom entries with prefixes', async () => {
+    const runtime = makeMockRuntime();
+    const result = await checkAccessWithPairing({
+      senderId: '42',
+      config: { dmPolicy: 'pairing', allowFrom: ['b24:42'] },
+      runtime,
+      accountId: 'default',
+      pairingAdapter: mockAdapter,
+      sendReply: vi.fn(),
+      logger: silentLogger,
+    });
+    expect(result).toBe('allow');
   });
 });