@kodelyth/nextcloud-talk 2026.5.42 → 2026.6.2

package/src/monitor.ts

@@ -1,385 +0,0 @@
-import { createServer, type IncomingMessage, type Server, type ServerResponse } from "node:http";
-import { safeParseJsonWithSchema } from "klaw/plugin-sdk/extension-shared";
-import {
-  WEBHOOK_RATE_LIMIT_DEFAULTS,
-  createAuthRateLimiter,
-  isRequestBodyLimitError,
-  readRequestBodyWithLimit,
-  requestBodyErrorToText,
-} from "klaw/plugin-sdk/webhook-ingress";
-import { z } from "zod";
-import type { NextcloudTalkReplayGuard } from "./replay-guard.js";
-import { extractNextcloudTalkHeaders, verifyNextcloudTalkSignature } from "./signature.js";
-import type {
-  NextcloudTalkInboundMessage,
-  NextcloudTalkWebhookHeaders,
-  NextcloudTalkWebhookPayload,
-  NextcloudTalkWebhookServerOptions,
-} from "./types.js";
-
-const DEFAULT_WEBHOOK_MAX_BODY_BYTES = 1024 * 1024;
-const PREAUTH_WEBHOOK_MAX_BODY_BYTES = 64 * 1024;
-const PREAUTH_WEBHOOK_BODY_TIMEOUT_MS = 5_000;
-const HEALTH_PATH = "/healthz";
-const WEBHOOK_AUTH_RATE_LIMIT_SCOPE = "nextcloud-talk-webhook-auth";
-const NextcloudTalkWebhookPayloadSchema: z.ZodType<NextcloudTalkWebhookPayload> = z.object({
-  type: z.enum(["Create", "Update", "Delete"]),
-  actor: z.object({
-    type: z.literal("Person"),
-    id: z.string().min(1),
-    name: z.string(),
-  }),
-  object: z.object({
-    type: z.literal("Note"),
-    id: z.string().min(1),
-    name: z.string(),
-    content: z.string(),
-    mediaType: z.string(),
-  }),
-  target: z.object({
-    type: z.literal("Collection"),
-    id: z.string().min(1),
-    name: z.string(),
-  }),
-});
-const WEBHOOK_ERRORS = {
-  missingSignatureHeaders: "Missing signature headers",
-  invalidBackend: "Invalid backend",
-  invalidSignature: "Invalid signature",
-  invalidPayloadFormat: "Invalid payload format",
-  payloadTooLarge: "Payload too large",
-  internalServerError: "Internal server error",
-} as const;
-
-export class NextcloudTalkRetryableWebhookError extends Error {
-  constructor(message: string, options?: ErrorOptions) {
-    super(message, options);
-    this.name = "NextcloudTalkRetryableWebhookError";
-  }
-}
-
-export async function processNextcloudTalkReplayGuardedMessage(params: {
-  replayGuard: NextcloudTalkReplayGuard;
-  accountId: string;
-  message: NextcloudTalkInboundMessage;
-  handleMessage: () => Promise<void>;
-}): Promise<"processed" | "duplicate"> {
-  const claim = await params.replayGuard.claimMessage({
-    accountId: params.accountId,
-    roomToken: params.message.roomToken,
-    messageId: params.message.messageId,
-  });
-  if (claim !== "claimed") {
-    return "duplicate";
-  }
-
-  try {
-    await params.handleMessage();
-    await params.replayGuard.commitMessage({
-      accountId: params.accountId,
-      roomToken: params.message.roomToken,
-      messageId: params.message.messageId,
-    });
-    return "processed";
-  } catch (error) {
-    if (error instanceof NextcloudTalkRetryableWebhookError) {
-      params.replayGuard.releaseMessage({
-        accountId: params.accountId,
-        roomToken: params.message.roomToken,
-        messageId: params.message.messageId,
-        error,
-      });
-    } else {
-      // Generic failures are treated as non-retryable because the handler may already
-      // have produced a visible side effect, and replaying the webhook would duplicate it.
-      await params.replayGuard.commitMessage({
-        accountId: params.accountId,
-        roomToken: params.message.roomToken,
-        messageId: params.message.messageId,
-      });
-    }
-    throw error;
-  }
-}
-
-function formatError(err: unknown): string {
-  if (err instanceof Error) {
-    return err.message;
-  }
-  return typeof err === "string" ? err : JSON.stringify(err);
-}
-
-function parseWebhookPayload(body: string): NextcloudTalkWebhookPayload | null {
-  return safeParseJsonWithSchema(NextcloudTalkWebhookPayloadSchema, body);
-}
-
-function writeJsonResponse(
-  res: ServerResponse,
-  status: number,
-  body?: Record<string, unknown>,
-): void {
-  if (body) {
-    res.writeHead(status, { "Content-Type": "application/json" });
-    res.end(JSON.stringify(body));
-    return;
-  }
-  res.writeHead(status);
-  res.end();
-}
-
-function writeWebhookError(res: ServerResponse, status: number, error: string): void {
-  if (res.headersSent) {
-    return;
-  }
-  writeJsonResponse(res, status, { error });
-}
-
-function validateWebhookHeaders(params: {
-  req: IncomingMessage;
-  res: ServerResponse;
-  isBackendAllowed?: (backend: string) => boolean;
-}): NextcloudTalkWebhookHeaders | null {
-  const headers = extractNextcloudTalkHeaders(
-    params.req.headers as Record<string, string | string[] | undefined>,
-  );
-  if (!headers) {
-    writeWebhookError(params.res, 400, WEBHOOK_ERRORS.missingSignatureHeaders);
-    return null;
-  }
-  if (params.isBackendAllowed && !params.isBackendAllowed(headers.backend)) {
-    writeWebhookError(params.res, 401, WEBHOOK_ERRORS.invalidBackend);
-    return null;
-  }
-  return headers;
-}
-
-function verifyWebhookSignature(params: {
-  headers: NextcloudTalkWebhookHeaders;
-  body: string;
-  secret: string;
-  res: ServerResponse;
-  clientIp: string;
-  authRateLimiter: ReturnType<typeof createAuthRateLimiter>;
-}): boolean {
-  const isValid = verifyNextcloudTalkSignature({
-    signature: params.headers.signature,
-    random: params.headers.random,
-    body: params.body,
-    secret: params.secret,
-  });
-  if (!isValid) {
-    params.authRateLimiter.recordFailure(params.clientIp, WEBHOOK_AUTH_RATE_LIMIT_SCOPE);
-    writeWebhookError(params.res, 401, WEBHOOK_ERRORS.invalidSignature);
-    return false;
-  }
-  params.authRateLimiter.reset(params.clientIp, WEBHOOK_AUTH_RATE_LIMIT_SCOPE);
-  return true;
-}
-
-function decodeWebhookCreateMessage(params: {
-  body: string;
-  res: ServerResponse;
-}):
-  | { kind: "message"; message: NextcloudTalkInboundMessage }
-  | { kind: "ignore" }
-  | { kind: "invalid" } {
-  const payload = parseWebhookPayload(params.body);
-  if (!payload) {
-    writeWebhookError(params.res, 400, WEBHOOK_ERRORS.invalidPayloadFormat);
-    return { kind: "invalid" };
-  }
-  if (payload.type !== "Create") {
-    return { kind: "ignore" };
-  }
-  return { kind: "message", message: payloadToInboundMessage(payload) };
-}
-
-function payloadToInboundMessage(
-  payload: NextcloudTalkWebhookPayload,
-): NextcloudTalkInboundMessage {
-  // Payload doesn't indicate DM vs room; mark as group and let inbound handler refine.
-  const isGroupChat = true;
-
-  return {
-    messageId: payload.object.id,
-    roomToken: payload.target.id,
-    roomName: payload.target.name,
-    senderId: payload.actor.id,
-    senderName: payload.actor.name ?? "",
-    text: payload.object.content || payload.object.name || "",
-    mediaType: payload.object.mediaType || "text/plain",
-    timestamp: Date.now(),
-    isGroupChat,
-  };
-}
-
-export function readNextcloudTalkWebhookBody(
-  req: IncomingMessage,
-  maxBodyBytes: number,
-): Promise<string> {
-  return readRequestBodyWithLimit(req, {
-    // This read happens before signature verification, so keep the unauthenticated
-    // body budget bounded even if the operator-configured post-parse limit is larger.
-    maxBytes: Math.min(maxBodyBytes, PREAUTH_WEBHOOK_MAX_BODY_BYTES),
-    timeoutMs: PREAUTH_WEBHOOK_BODY_TIMEOUT_MS,
-  });
-}
-
-export function createNextcloudTalkWebhookServer(opts: NextcloudTalkWebhookServerOptions): {
-  server: Server;
-  start: () => Promise<void>;
-  stop: () => void;
-} {
-  const { port, host, path, secret, onMessage, onError, abortSignal } = opts;
-  const maxBodyBytes =
-    typeof opts.maxBodyBytes === "number" &&
-    Number.isFinite(opts.maxBodyBytes) &&
-    opts.maxBodyBytes > 0
-      ? Math.floor(opts.maxBodyBytes)
-      : DEFAULT_WEBHOOK_MAX_BODY_BYTES;
-  const readBody = opts.readBody ?? readNextcloudTalkWebhookBody;
-  const isBackendAllowed = opts.isBackendAllowed;
-  const shouldProcessMessage = opts.shouldProcessMessage;
-  const processMessage = opts.processMessage;
-  const authRateLimitMaxRequests =
-    typeof opts.authRateLimit?.maxRequests === "number"
-      ? opts.authRateLimit.maxRequests
-      : WEBHOOK_RATE_LIMIT_DEFAULTS.maxRequests;
-  const authRateLimitWindowMs =
-    typeof opts.authRateLimit?.windowMs === "number"
-      ? opts.authRateLimit.windowMs
-      : WEBHOOK_RATE_LIMIT_DEFAULTS.windowMs;
-  const webhookAuthRateLimiter = createAuthRateLimiter({
-    maxAttempts: authRateLimitMaxRequests,
-    windowMs: authRateLimitWindowMs,
-    lockoutMs: authRateLimitWindowMs,
-    exemptLoopback: false,
-    pruneIntervalMs: authRateLimitWindowMs,
-  });
-
-  const server = createServer(async (req: IncomingMessage, res: ServerResponse) => {
-    if (req.url === HEALTH_PATH) {
-      res.writeHead(200, { "Content-Type": "text/plain" });
-      res.end("ok");
-      return;
-    }
-
-    if (req.url !== path || req.method !== "POST") {
-      res.writeHead(404);
-      res.end();
-      return;
-    }
-
-    const clientIp = req.socket.remoteAddress ?? "unknown";
-    if (!webhookAuthRateLimiter.check(clientIp, WEBHOOK_AUTH_RATE_LIMIT_SCOPE).allowed) {
-      res.writeHead(429);
-      res.end("Too Many Requests");
-      return;
-    }
-
-    try {
-      const headers = validateWebhookHeaders({
-        req,
-        res,
-        isBackendAllowed,
-      });
-      if (!headers) {
-        return;
-      }
-
-      const body = await readBody(req, maxBodyBytes);
-
-      const hasValidSignature = verifyWebhookSignature({
-        headers,
-        body,
-        secret,
-        res,
-        clientIp,
-        authRateLimiter: webhookAuthRateLimiter,
-      });
-      if (!hasValidSignature) {
-        return;
-      }
-
-      const decoded = decodeWebhookCreateMessage({
-        body,
-        res,
-      });
-      if (decoded.kind === "invalid") {
-        return;
-      }
-      if (decoded.kind === "ignore") {
-        writeJsonResponse(res, 200);
-        return;
-      }
-
-      const message = decoded.message;
-      if (processMessage) {
-        writeJsonResponse(res, 200);
-        try {
-          await processMessage(message);
-        } catch (err) {
-          onError?.(err instanceof Error ? err : new Error(formatError(err)));
-        }
-        return;
-      }
-
-      if (shouldProcessMessage) {
-        const shouldProcess = await shouldProcessMessage(message);
-        if (!shouldProcess) {
-          writeJsonResponse(res, 200);
-          return;
-        }
-      }
-
-      writeJsonResponse(res, 200);
-
-      try {
-        await onMessage(message);
-      } catch (err) {
-        onError?.(err instanceof Error ? err : new Error(formatError(err)));
-      }
-    } catch (err) {
-      if (isRequestBodyLimitError(err, "PAYLOAD_TOO_LARGE")) {
-        writeWebhookError(res, 413, WEBHOOK_ERRORS.payloadTooLarge);
-        return;
-      }
-      if (isRequestBodyLimitError(err, "REQUEST_BODY_TIMEOUT")) {
-        writeWebhookError(res, 408, requestBodyErrorToText("REQUEST_BODY_TIMEOUT"));
-        return;
-      }
-      const error = err instanceof Error ? err : new Error(formatError(err));
-      onError?.(error);
-      writeWebhookError(res, 500, WEBHOOK_ERRORS.internalServerError);
-    }
-  });
-
-  const start = (): Promise<void> => {
-    return new Promise((resolve) => {
-      server.listen(port, host, () => resolve());
-    });
-  };
-
-  let stopped = false;
-  const stop = () => {
-    if (stopped) {
-      return;
-    }
-    stopped = true;
-    try {
-      server.close();
-    } catch {
-      // ignore close races while shutting down
-    }
-  };
-
-  if (abortSignal) {
-    if (abortSignal.aborted) {
-      stop();
-    } else {
-      abortSignal.addEventListener("abort", stop, { once: true });
-    }
-  }
-
-  return { server, start, stop };
-}

package/src/normalize.ts

@@ -1,44 +0,0 @@
-export function stripNextcloudTalkTargetPrefix(raw: string): string | undefined {
-  const trimmed = raw.trim();
-  if (!trimmed) {
-    return undefined;
-  }
-
-  let normalized = trimmed;
-
-  if (normalized.startsWith("nextcloud-talk:")) {
-    normalized = normalized.slice("nextcloud-talk:".length).trim();
-  } else if (normalized.startsWith("nc-talk:")) {
-    normalized = normalized.slice("nc-talk:".length).trim();
-  } else if (normalized.startsWith("nc:")) {
-    normalized = normalized.slice("nc:".length).trim();
-  }
-
-  if (normalized.startsWith("room:")) {
-    normalized = normalized.slice("room:".length).trim();
-  }
-
-  if (!normalized) {
-    return undefined;
-  }
-
-  return normalized;
-}
-
-export function normalizeNextcloudTalkMessagingTarget(raw: string): string | undefined {
-  const normalized = stripNextcloudTalkTargetPrefix(raw);
-  return normalized ? `nextcloud-talk:${normalized}`.toLowerCase() : undefined;
-}
-
-export function looksLikeNextcloudTalkTargetId(raw: string): boolean {
-  const trimmed = raw.trim();
-  if (!trimmed) {
-    return false;
-  }
-
-  if (/^(nextcloud-talk|nc-talk|nc):/i.test(trimmed)) {
-    return true;
-  }
-
-  return /^[a-z0-9]{8,}$/i.test(trimmed);
-}

package/src/policy.ts

@@ -1,111 +0,0 @@
-import {
-  buildChannelKeyCandidates,
-  normalizeChannelSlug,
-  resolveChannelEntryMatchWithFallback,
-  resolveNestedAllowlistDecision,
-} from "klaw/plugin-sdk/channel-targets";
-import type { AllowlistMatch, ChannelGroupContext, GroupToolPolicyConfig } from "../runtime-api.js";
-import type { NextcloudTalkRoomConfig } from "./types.js";
-
-export function normalizeNextcloudTalkAllowEntry(raw: string): string {
-  return raw
-    .trim()
-    .replace(/^(nextcloud-talk|nc-talk|nc):/i, "")
-    .toLowerCase();
-}
-
-export function normalizeNextcloudTalkAllowlist(
-  values: Array<string | number> | undefined,
-): string[] {
-  return (values ?? [])
-    .map((value) => normalizeNextcloudTalkAllowEntry(String(value)))
-    .filter(Boolean);
-}
-
-export function resolveNextcloudTalkAllowlistMatch(params: {
-  allowFrom: Array<string | number> | undefined;
-  senderId: string;
-}): AllowlistMatch<"wildcard" | "id"> {
-  const allowFrom = normalizeNextcloudTalkAllowlist(params.allowFrom);
-  if (allowFrom.length === 0) {
-    return { allowed: false };
-  }
-  if (allowFrom.includes("*")) {
-    return { allowed: true, matchKey: "*", matchSource: "wildcard" };
-  }
-  const senderId = normalizeNextcloudTalkAllowEntry(params.senderId);
-  if (allowFrom.includes(senderId)) {
-    return { allowed: true, matchKey: senderId, matchSource: "id" };
-  }
-  return { allowed: false };
-}
-
-type NextcloudTalkRoomMatch = {
-  roomConfig?: NextcloudTalkRoomConfig;
-  wildcardConfig?: NextcloudTalkRoomConfig;
-  roomKey?: string;
-  matchSource?: "direct" | "parent" | "wildcard";
-  allowed: boolean;
-  allowlistConfigured: boolean;
-};
-
-export function resolveNextcloudTalkRoomMatch(params: {
-  rooms?: Record<string, NextcloudTalkRoomConfig>;
-  roomToken: string;
-}): NextcloudTalkRoomMatch {
-  const rooms = params.rooms ?? {};
-  const allowlistConfigured = Object.keys(rooms).length > 0;
-  const roomCandidates = buildChannelKeyCandidates(params.roomToken);
-  const match = resolveChannelEntryMatchWithFallback({
-    entries: rooms,
-    keys: roomCandidates,
-    wildcardKey: "*",
-    normalizeKey: normalizeChannelSlug,
-  });
-  const roomConfig = match.entry;
-  const allowed = resolveNestedAllowlistDecision({
-    outerConfigured: allowlistConfigured,
-    outerMatched: Boolean(roomConfig),
-    innerConfigured: false,
-    innerMatched: false,
-  });
-
-  return {
-    roomConfig,
-    wildcardConfig: match.wildcardEntry,
-    roomKey: match.matchKey ?? match.key,
-    matchSource: match.matchSource,
-    allowed,
-    allowlistConfigured,
-  };
-}
-
-export function resolveNextcloudTalkGroupToolPolicy(
-  params: ChannelGroupContext,
-): GroupToolPolicyConfig | undefined {
-  const cfg = params.cfg as {
-    channels?: { "nextcloud-talk"?: { rooms?: Record<string, NextcloudTalkRoomConfig> } };
-  };
-  const roomToken = params.groupId?.trim();
-  if (!roomToken) {
-    return undefined;
-  }
-  const match = resolveNextcloudTalkRoomMatch({
-    rooms: cfg.channels?.["nextcloud-talk"]?.rooms,
-    roomToken,
-  });
-  return match.roomConfig?.tools ?? match.wildcardConfig?.tools;
-}
-
-export function resolveNextcloudTalkRequireMention(params: {
-  roomConfig?: NextcloudTalkRoomConfig;
-  wildcardConfig?: NextcloudTalkRoomConfig;
-}): boolean {
-  if (typeof params.roomConfig?.requireMention === "boolean") {
-    return params.roomConfig.requireMention;
-  }
-  if (typeof params.wildcardConfig?.requireMention === "boolean") {
-    return params.wildcardConfig.requireMention;
-  }
-  return true;
-}

package/src/replay-guard.ts

@@ -1,128 +0,0 @@
-import path from "node:path";
-import { createClaimableDedupe } from "klaw/plugin-sdk/persistent-dedupe";
-
-const DEFAULT_REPLAY_TTL_MS = 24 * 60 * 60 * 1000;
-const DEFAULT_MEMORY_MAX_SIZE = 1_000;
-const DEFAULT_FILE_MAX_ENTRIES = 10_000;
-
-function sanitizeSegment(value: string): string {
-  const trimmed = value.trim();
-  if (!trimmed) {
-    return "default";
-  }
-  return trimmed.replace(/[^a-zA-Z0-9_-]/g, "_");
-}
-
-function buildReplayKey(params: { roomToken: string; messageId: string }): string | null {
-  const roomToken = params.roomToken.trim();
-  const messageId = params.messageId.trim();
-  if (!roomToken || !messageId) {
-    return null;
-  }
-  return `${roomToken}:${messageId}`;
-}
-
-type NextcloudTalkReplayGuardOptions = {
-  stateDir?: string;
-  ttlMs?: number;
-  memoryMaxSize?: number;
-  fileMaxEntries?: number;
-  onDiskError?: (error: unknown) => void;
-};
-
-export type NextcloudTalkReplayGuard = {
-  claimMessage: (params: {
-    accountId: string;
-    roomToken: string;
-    messageId: string;
-  }) => Promise<"claimed" | "duplicate" | "inflight" | "invalid">;
-  commitMessage: (params: {
-    accountId: string;
-    roomToken: string;
-    messageId: string;
-  }) => Promise<boolean>;
-  releaseMessage: (params: {
-    accountId: string;
-    roomToken: string;
-    messageId: string;
-    error?: unknown;
-  }) => void;
-  shouldProcessMessage: (params: {
-    accountId: string;
-    roomToken: string;
-    messageId: string;
-  }) => Promise<boolean>;
-};
-
-export function createNextcloudTalkReplayGuard(
-  options: NextcloudTalkReplayGuardOptions,
-): NextcloudTalkReplayGuard {
-  const stateDir = options.stateDir?.trim();
-  const baseOptions = {
-    ttlMs: options.ttlMs ?? DEFAULT_REPLAY_TTL_MS,
-    memoryMaxSize: options.memoryMaxSize ?? DEFAULT_MEMORY_MAX_SIZE,
-  };
-  const dedupe = createClaimableDedupe(
-    stateDir
-      ? {
-          ...baseOptions,
-          fileMaxEntries: options.fileMaxEntries ?? DEFAULT_FILE_MAX_ENTRIES,
-          resolveFilePath: (namespace) =>
-            path.join(
-              stateDir,
-              "nextcloud-talk",
-              "replay-dedupe",
-              `${sanitizeSegment(namespace)}.json`,
-            ),
-          onDiskError: options.onDiskError,
-        }
-      : baseOptions,
-  );
-
-  return {
-    claimMessage: async ({ accountId, roomToken, messageId }) => {
-      const replayKey = buildReplayKey({ roomToken, messageId });
-      if (!replayKey) {
-        return "invalid";
-      }
-      const result = await dedupe.claim(replayKey, {
-        namespace: accountId,
-      });
-      return result.kind;
-    },
-    commitMessage: async ({ accountId, roomToken, messageId }) => {
-      const replayKey = buildReplayKey({ roomToken, messageId });
-      if (!replayKey) {
-        return true;
-      }
-      return await dedupe.commit(replayKey, {
-        namespace: accountId,
-      });
-    },
-    releaseMessage: ({ accountId, roomToken, messageId, error }) => {
-      const replayKey = buildReplayKey({ roomToken, messageId });
-      if (!replayKey) {
-        return;
-      }
-      dedupe.release(replayKey, {
-        namespace: accountId,
-        error,
-      });
-    },
-    shouldProcessMessage: async ({ accountId, roomToken, messageId }) => {
-      const replayKey = buildReplayKey({ roomToken, messageId });
-      if (!replayKey) {
-        return true;
-      }
-      const result = await dedupe.claim(replayKey, {
-        namespace: accountId,
-      });
-      if (result.kind !== "claimed") {
-        return false;
-      }
-      return await dedupe.commit(replayKey, {
-        namespace: accountId,
-      });
-    },
-  };
-}