npm - @ihazz/bitrix24 - Versions diffs - 0.2.5 → 1.0.1 - Mend

@ihazz/bitrix24 0.2.5 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

package/README.md +138 -156
package/index.ts +46 -11
package/openclaw.plugin.json +1 -0
package/package.json +1 -1
package/skills/bitrix24/SKILL.md +96 -0
package/src/access-control.ts +102 -48
package/src/api.ts +434 -232
package/src/channel.ts +1492 -366
package/src/commands.ts +169 -31
package/src/config-schema.ts +8 -3
package/src/config.ts +11 -0
package/src/dedup.ts +4 -0
package/src/i18n.ts +127 -0
package/src/inbound-handler.ts +306 -110
package/src/media-service.ts +218 -65
package/src/message-utils.ts +252 -10
package/src/polling-service.ts +240 -0
package/src/rate-limiter.ts +11 -6
package/src/send-service.ts +140 -60
package/src/types.ts +279 -185
package/src/utils.ts +54 -3
package/tests/access-control.test.ts +174 -58
package/tests/api.test.ts +95 -0
package/tests/channel.test.ts +231 -10
package/tests/commands.test.ts +57 -0
package/tests/config.test.ts +5 -1
package/tests/i18n.test.ts +47 -0
package/tests/inbound-handler.test.ts +554 -69
package/tests/index.test.ts +94 -0
package/tests/media-service.test.ts +146 -51
package/tests/message-utils.test.ts +64 -0
package/tests/polling-service.test.ts +77 -0
package/tests/rate-limiter.test.ts +2 -2
package/tests/send-service.test.ts +145 -0

package/src/access-control.ts CHANGED Viewed

@@ -1,43 +1,69 @@
 import type { Bitrix24AccountConfig } from './types.js';
 import type { PluginRuntime, ChannelPairingAdapter } from './runtime.js';
+import { stripChannelPrefix } from './utils.js';
 /**
  * Normalize an allowFrom entry — strip platform prefixes.
  * "bitrix24:42" → "42", "b24:42" → "42", "bx24:42" → "42", "42" → "42"
  */
 export function normalizeAllowEntry(entry: string): string {
-  return entry.trim().replace(/^(bitrix24|b24|bx24):/i, '');
+  return stripChannelPrefix(entry.trim());
+}
+export function normalizeAllowList(entries: string[] | undefined): string[] {
+  if (!Array.isArray(entries)) {
+    return [];
+  }
+  return [...new Set(
+    entries
+      .map((entry) => normalizeAllowEntry(String(entry)))
+      .filter(Boolean),
+  )];
+}
+/**
+ * Extract the owner user ID from a Bitrix24 inbound webhook URL.
+ * Format: https://{portal}/rest/{user_id}/{webhook_token}/
+ */
+export function getWebhookUserId(webhookUrl: string | undefined): string | null {
+  if (!webhookUrl) return null;
+  try {
+    const url = new URL(webhookUrl);
+    const pathParts = url.pathname.split('/').filter(Boolean);
+    const restIndex = pathParts.indexOf('rest');
+    if (restIndex < 0 || pathParts.length <= restIndex + 2) {
+      return null;
+    }
+    const userId = pathParts[restIndex + 1];
+    return userId ? normalizeAllowEntry(userId) : null;
+  } catch {
+    return null;
+  }
 }
 /**
  * Check whether a sender is allowed to communicate with the bot.
  *
- * @returns `true` if the sender is allowed, `false` otherwise.
+ * Pairing requires runtime state, so the synchronous helper cannot approve access.
  */
 export function checkAccess(
   senderId: string,
   config: Bitrix24AccountConfig,
+  _options?: { dialogId?: string; isDirect?: boolean },
 ): boolean {
-  const policy = config.dmPolicy ?? 'pairing';
-  switch (policy) {
-    case 'open':
-      return true;
-    case 'allowlist': {
-      const allowList = config.allowFrom;
-      if (!allowList || allowList.length === 0) return false;
-      const normalized = allowList.map(normalizeAllowEntry);
-      return normalized.includes(String(senderId));
-    }
+  const dmPolicy = config.dmPolicy ?? 'webhookUser';
+  const identity = resolveAccessIdentity(senderId);
-    case 'pairing':
-      // Pairing requires runtime — use checkAccessWithPairing() instead
-      return false;
-    default:
-      return false;
+  if (dmPolicy === 'webhookUser') {
+    const webhookUserId = getWebhookUserId(config.webhookUrl);
+    return webhookUserId === identity;
   }
+  return false;
 }
 export type AccessResult = 'allow' | 'deny' | 'pairing';
@@ -49,6 +75,8 @@ export type AccessResult = 'allow' | 'deny' | 'pairing';
  */
 export async function checkAccessWithPairing(params: {
   senderId: string;
+  dialogId?: string;
+  isDirect?: boolean;
   config: Bitrix24AccountConfig;
   runtime: PluginRuntime;
   accountId: string;
@@ -56,44 +84,70 @@ export async function checkAccessWithPairing(params: {
   sendReply: (text: string) => Promise<void>;
   logger?: { debug: (...args: unknown[]) => void };
 }): Promise<AccessResult> {
-  const { senderId, config, runtime, accountId, pairingAdapter, sendReply, logger } = params;
-  const policy = config.dmPolicy ?? 'pairing';
-  if (policy === 'open') return 'allow';
+  const {
+    senderId,
+    dialogId,
+    isDirect,
+    config,
+    runtime,
+    accountId,
+    pairingAdapter,
+    sendReply,
+    logger,
+  } = params;
+  const identity = resolveAccessIdentity(senderId);
+  const dmPolicy = config.dmPolicy ?? 'webhookUser';
-  // Read file-based allowFrom store and merge with config
-  const storeAllowFrom = await runtime.channel.pairing.readAllowFromStore('bitrix24', '', accountId);
-  const configAllowFrom = (config.allowFrom ?? []).map(normalizeAllowEntry);
-  const merged = [...new Set([...configAllowFrom, ...storeAllowFrom])];
-  const normalizedSender = normalizeAllowEntry(String(senderId));
+  if (dmPolicy === 'webhookUser') {
+    const webhookUserId = getWebhookUserId(config.webhookUrl);
-  if (merged.includes(normalizedSender)) return 'allow';
+    if (webhookUserId && webhookUserId === identity) {
+      return 'allow';
+    }
-  if (policy === 'allowlist') {
-    logger?.debug('Access denied (allowlist)', { senderId });
+    logger?.debug('Access denied (webhookUser)', { senderId, dialogId, webhookUserId, identity });
     return 'deny';
   }
-  // policy === 'pairing'
-  const { code, created } = await runtime.channel.pairing.upsertPairingRequest({
-    channel: 'bitrix24',
-    id: senderId,
-    accountId,
-    meta: {},
-    pairingAdapter,
-  });
+  const storeAllowFrom = await runtime.channel.pairing.readAllowFromStore('bitrix24', '', accountId);
+  const approved = [...new Set([
+    ...normalizeAllowList(config.allowFrom),
+    ...normalizeAllowList(storeAllowFrom),
+  ])];
-  if (created) {
-    const reply = runtime.channel.pairing.buildPairingReply({
-      code,
+  if (approved.includes(identity)) return 'allow';
+  try {
+    const { code, created } = await runtime.channel.pairing.upsertPairingRequest({
       channel: 'bitrix24',
+      id: identity,
       accountId,
+      meta: {},
+      pairingAdapter,
     });
-    // buildPairingReply returns a string directly, not an object
-    const replyText = typeof reply === 'string' ? reply : (reply as { text?: string })?.text ?? String(reply);
-    await sendReply(replyText);
+    if (created) {
+      const reply = runtime.channel.pairing.buildPairingReply({
+        code,
+        channel: 'bitrix24',
+        accountId,
+      });
+      const replyText = typeof reply === 'string'
+        ? reply
+        : (reply && typeof reply === 'object' && 'text' in reply && typeof (reply as Record<string, unknown>).text === 'string')
+          ? (reply as Record<string, unknown>).text as string
+          : String(reply);
+      await sendReply(replyText);
+    }
+    logger?.debug('Pairing request handled', { senderId, dialogId, identity, code, created });
+    return 'pairing';
+  } catch (err) {
+    logger?.debug('Pairing request failed, falling back to deny', { senderId, dialogId, identity, error: err });
+    return 'deny';
   }
+}
-  logger?.debug('Pairing request handled', { senderId, code, created });
-  return 'pairing';
+function resolveAccessIdentity(senderId: string): string {
+  return normalizeAllowEntry(String(senderId));
 }