@nextclaw/channel-plugin-feishu 0.2.13 → 0.2.15

package/src/nextclaw-sdk/network-body.ts

@@ -0,0 +1,245 @@
+import type { IncomingMessage, ServerResponse } from "node:http";
+
+export type RequestBodyLimitErrorCode =
+  | "PAYLOAD_TOO_LARGE"
+  | "REQUEST_BODY_TIMEOUT"
+  | "CONNECTION_CLOSED";
+
+class RequestBodyLimitError extends Error {
+  readonly code: RequestBodyLimitErrorCode;
+  readonly statusCode: number;
+
+  constructor(code: RequestBodyLimitErrorCode) {
+    super(code);
+    this.name = "RequestBodyLimitError";
+    this.code = code;
+    this.statusCode = code === "PAYLOAD_TOO_LARGE" ? 413 : code === "REQUEST_BODY_TIMEOUT" ? 408 : 400;
+  }
+}
+
+function requestBodyErrorToText(code: RequestBodyLimitErrorCode): string {
+  switch (code) {
+    case "PAYLOAD_TOO_LARGE":
+      return "Payload too large";
+    case "REQUEST_BODY_TIMEOUT":
+      return "Request body timeout";
+    default:
+      return "Connection closed";
+  }
+}
+
+function parseContentLengthHeader(req: IncomingMessage): number | null {
+  const header = req.headers["content-length"];
+  const raw = Array.isArray(header) ? header[0] : header;
+  if (typeof raw !== "string") {
+    return null;
+  }
+  const parsed = Number.parseInt(raw, 10);
+  return Number.isFinite(parsed) && parsed >= 0 ? parsed : null;
+}
+
+async function readRequestBodyWithLimit(
+  req: IncomingMessage,
+  options: { maxBytes: number; timeoutMs?: number; encoding?: BufferEncoding },
+): Promise<string> {
+  const maxBytes = Math.max(1, Math.floor(options.maxBytes));
+  const timeoutMs =
+    typeof options.timeoutMs === "number" && options.timeoutMs > 0
+      ? Math.floor(options.timeoutMs)
+      : 30_000;
+  const encoding = options.encoding ?? "utf-8";
+
+  const declaredLength = parseContentLengthHeader(req);
+  if (declaredLength !== null && declaredLength > maxBytes) {
+    throw new RequestBodyLimitError("PAYLOAD_TOO_LARGE");
+  }
+
+  return await new Promise((resolve, reject) => {
+    let done = false;
+    let ended = false;
+    let totalBytes = 0;
+    const chunks: Buffer[] = [];
+
+    const finish = (cb: () => void) => {
+      if (done) {
+        return;
+      }
+      done = true;
+      req.removeListener("data", onData);
+      req.removeListener("end", onEnd);
+      req.removeListener("error", onError);
+      req.removeListener("close", onClose);
+      clearTimeout(timer);
+      cb();
+    };
+
+    const fail = (error: Error) => finish(() => reject(error));
+
+    const onData = (chunk: Buffer | string) => {
+      const buffer = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);
+      totalBytes += buffer.length;
+      if (totalBytes > maxBytes) {
+        if (!req.destroyed) {
+          req.destroy();
+        }
+        fail(new RequestBodyLimitError("PAYLOAD_TOO_LARGE"));
+        return;
+      }
+      chunks.push(buffer);
+    };
+
+    const onEnd = () => {
+      ended = true;
+      finish(() => resolve(Buffer.concat(chunks).toString(encoding)));
+    };
+    const onError = (error: Error) => fail(error);
+    const onClose = () => {
+      if (!done && !ended) {
+        fail(new RequestBodyLimitError("CONNECTION_CLOSED"));
+      }
+    };
+
+    const timer = setTimeout(() => {
+      if (!req.destroyed) {
+        req.destroy();
+      }
+      fail(new RequestBodyLimitError("REQUEST_BODY_TIMEOUT"));
+    }, timeoutMs);
+
+    req.on("data", onData);
+    req.on("end", onEnd);
+    req.on("error", onError);
+    req.on("close", onClose);
+  });
+}
+
+export async function readJsonBodyWithLimit(
+  req: IncomingMessage,
+  options: { maxBytes: number; timeoutMs?: number; emptyObjectOnEmpty?: boolean },
+): Promise<
+  | { ok: true; value: unknown }
+  | { ok: false; error: string; code: RequestBodyLimitErrorCode | "INVALID_JSON" }
+> {
+  try {
+    const raw = await readRequestBodyWithLimit(req, options);
+    const trimmed = raw.trim();
+    if (!trimmed) {
+      if (options.emptyObjectOnEmpty === false) {
+        return { ok: false, code: "INVALID_JSON", error: "empty payload" };
+      }
+      return { ok: true, value: {} };
+    }
+    try {
+      return { ok: true, value: JSON.parse(trimmed) as unknown };
+    } catch (error) {
+      return {
+        ok: false,
+        code: "INVALID_JSON",
+        error: error instanceof Error ? error.message : String(error),
+      };
+    }
+  } catch (error) {
+    if (error instanceof RequestBodyLimitError) {
+      return { ok: false, code: error.code, error: requestBodyErrorToText(error.code) };
+    }
+    return {
+      ok: false,
+      code: "INVALID_JSON",
+      error: error instanceof Error ? error.message : String(error),
+    };
+  }
+}
+
+export function installRequestBodyLimitGuard(
+  req: IncomingMessage,
+  res: ServerResponse,
+  options: { maxBytes: number; timeoutMs?: number; responseFormat?: "json" | "text" },
+) {
+  const maxBytes = Math.max(1, Math.floor(options.maxBytes));
+  const timeoutMs =
+    typeof options.timeoutMs === "number" && options.timeoutMs > 0
+      ? Math.floor(options.timeoutMs)
+      : 30_000;
+  const responseFormat = options.responseFormat ?? "json";
+
+  let tripped = false;
+  let code: RequestBodyLimitErrorCode | null = null;
+  let done = false;
+  let ended = false;
+  let totalBytes = 0;
+
+  const finish = () => {
+    if (done) {
+      return;
+    }
+    done = true;
+    req.removeListener("data", onData);
+    req.removeListener("end", onEnd);
+    req.removeListener("close", onClose);
+    req.removeListener("error", onError);
+    clearTimeout(timer);
+  };
+
+  const respond = (error: RequestBodyLimitError) => {
+    if (res.headersSent) {
+      return;
+    }
+    const text = requestBodyErrorToText(error.code);
+    res.statusCode = error.statusCode;
+    if (responseFormat === "text") {
+      res.setHeader("Content-Type", "text/plain; charset=utf-8");
+      res.end(text);
+      return;
+    }
+    res.setHeader("Content-Type", "application/json; charset=utf-8");
+    res.end(JSON.stringify({ error: text }));
+  };
+
+  const trip = (error: RequestBodyLimitError) => {
+    if (tripped) {
+      return;
+    }
+    tripped = true;
+    code = error.code;
+    finish();
+    respond(error);
+    if (!req.destroyed) {
+      req.destroy();
+    }
+  };
+
+  const onData = (chunk: Buffer | string) => {
+    const buffer = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);
+    totalBytes += buffer.length;
+    if (totalBytes > maxBytes) {
+      trip(new RequestBodyLimitError("PAYLOAD_TOO_LARGE"));
+    }
+  };
+  const onEnd = () => {
+    ended = true;
+    finish();
+  };
+  const onClose = () => {
+    if (!ended) {
+      finish();
+    }
+  };
+  const onError = () => finish();
+  const timer = setTimeout(() => trip(new RequestBodyLimitError("REQUEST_BODY_TIMEOUT")), timeoutMs);
+
+  req.on("data", onData);
+  req.on("end", onEnd);
+  req.on("close", onClose);
+  req.on("error", onError);
+
+  const declaredLength = parseContentLengthHeader(req);
+  if (declaredLength !== null && declaredLength > maxBytes) {
+    trip(new RequestBodyLimitError("PAYLOAD_TOO_LARGE"));
+  }
+
+  return {
+    dispose: finish,
+    isTripped: () => tripped,
+    code: () => code,
+  };
+}

package/src/nextclaw-sdk/network-fetch.ts

@@ -0,0 +1,129 @@
+import crypto from "node:crypto";
+import os from "node:os";
+import { mkdtemp, rm } from "node:fs/promises";
+import path from "node:path";
+
+function sanitizePrefix(prefix: string): string {
+  const normalized = prefix.replace(/[^a-zA-Z0-9_-]+/g, "-").replace(/^-+|-+$/g, "");
+  return normalized || "tmp";
+}
+
+function sanitizeFileName(fileName: string): string {
+  const normalized = path.basename(fileName).replace(/[^a-zA-Z0-9._-]+/g, "-");
+  return normalized.replace(/^-+|-+$/g, "") || "download.bin";
+}
+
+function resolveTempRoot(tmpDir?: string): string {
+  return tmpDir ?? process.env.NEXTCLAW_TMP_DIR?.trim() ?? os.tmpdir();
+}
+
+export async function withTempDownloadPath<T>(
+  params: {
+    prefix: string;
+    fileName?: string;
+    tmpDir?: string;
+  },
+  fn: (tmpPath: string) => Promise<T>,
+): Promise<T> {
+  const root = resolveTempRoot(params.tmpDir);
+  const dir = await mkdtemp(path.join(root, `${sanitizePrefix(params.prefix)}-`));
+  const tempPath = path.join(dir, sanitizeFileName(params.fileName ?? "download.bin"));
+  try {
+    return await fn(tempPath);
+  } finally {
+    try {
+      await rm(dir, { recursive: true, force: true });
+    } catch {}
+  }
+}
+
+export async function fetchWithSsrFGuard(params: {
+  url: string;
+  fetchImpl?: (input: RequestInfo | URL, init?: RequestInit) => Promise<Response>;
+  init?: RequestInit;
+  timeoutMs?: number;
+  signal?: AbortSignal;
+  policy?: {
+    allowedHostnames?: string[];
+  };
+  auditContext?: string;
+}): Promise<{
+  response: Response;
+  finalUrl: string;
+  release: () => Promise<void>;
+}> {
+  const fetcher = params.fetchImpl ?? globalThis.fetch;
+  if (!fetcher) {
+    throw new Error("fetch is not available");
+  }
+  const parsed = new URL(params.url);
+  if (!["http:", "https:"].includes(parsed.protocol)) {
+    throw new Error("Invalid URL: must be http or https");
+  }
+  const allowedHostnames = params.policy?.allowedHostnames?.map((entry) => entry.trim()).filter(Boolean) ?? [];
+  if (allowedHostnames.length > 0 && !allowedHostnames.includes(parsed.hostname)) {
+    throw new Error(
+      `${params.auditContext ?? "guarded-fetch"} blocked hostname "${parsed.hostname}"`,
+    );
+  }
+
+  const controller = new AbortController();
+  const timeoutId =
+    params.timeoutMs && params.timeoutMs > 0
+      ? setTimeout(() => controller.abort(), params.timeoutMs)
+      : undefined;
+  const relay = () => controller.abort();
+  if (params.signal) {
+    if (params.signal.aborted) {
+      controller.abort();
+    } else {
+      params.signal.addEventListener("abort", relay, { once: true });
+    }
+  }
+
+  const response = await fetcher(parsed.toString(), {
+    ...(params.init ?? {}),
+    signal: controller.signal,
+  });
+  const finalUrl = response.url || parsed.toString();
+  const finalHostname = new URL(finalUrl).hostname;
+  if (allowedHostnames.length > 0 && !allowedHostnames.includes(finalHostname)) {
+    clearTimeout(timeoutId);
+    if (params.signal) {
+      params.signal.removeEventListener("abort", relay);
+    }
+    throw new Error(
+      `${params.auditContext ?? "guarded-fetch"} blocked redirected hostname "${finalHostname}"`,
+    );
+  }
+
+  return {
+    response,
+    finalUrl,
+    release: async () => {
+      clearTimeout(timeoutId);
+      if (params.signal) {
+        params.signal.removeEventListener("abort", relay);
+      }
+    },
+  };
+}
+
+export function buildRandomTempFilePath(params: {
+  prefix: string;
+  extension?: string;
+  tmpDir?: string;
+  now?: number;
+  uuid?: string;
+}): string {
+  const prefix = sanitizePrefix(params.prefix);
+  const extension = params.extension
+    ? `.${params.extension.replace(/^\.+/, "").replace(/[^a-zA-Z0-9._-]+/g, "")}`
+    : "";
+  const now =
+    typeof params.now === "number" && Number.isFinite(params.now)
+      ? Math.trunc(params.now)
+      : Date.now();
+  const uuid = params.uuid?.trim() || crypto.randomUUID();
+  return path.join(resolveTempRoot(params.tmpDir), `${prefix}-${now}-${uuid}${extension}`);
+}

package/src/nextclaw-sdk/network-webhook.ts

@@ -0,0 +1,182 @@
+import type { IncomingMessage, ServerResponse } from "node:http";
+
+function pruneMapToMaxSize<K, V>(map: Map<K, V>, maxSize: number): void {
+  while (map.size > maxSize) {
+    const firstKey = map.keys().next().value;
+    if (firstKey === undefined) {
+      break;
+    }
+    map.delete(firstKey);
+  }
+}
+
+export const WEBHOOK_RATE_LIMIT_DEFAULTS = Object.freeze({
+  windowMs: 60_000,
+  maxRequests: 120,
+  maxTrackedKeys: 4_096,
+});
+
+export const WEBHOOK_ANOMALY_COUNTER_DEFAULTS = Object.freeze({
+  maxTrackedKeys: 4_096,
+  ttlMs: 6 * 60 * 60_000,
+  logEvery: 25,
+});
+
+export function createFixedWindowRateLimiter(options: {
+  windowMs: number;
+  maxRequests: number;
+  maxTrackedKeys: number;
+  pruneIntervalMs?: number;
+}) {
+  const state = new Map<string, { count: number; windowStartMs: number }>();
+  const windowMs = Math.max(1, Math.floor(options.windowMs));
+  const maxRequests = Math.max(1, Math.floor(options.maxRequests));
+  const maxTrackedKeys = Math.max(1, Math.floor(options.maxTrackedKeys));
+  const pruneIntervalMs = Math.max(1, Math.floor(options.pruneIntervalMs ?? windowMs));
+  let lastPruneMs = 0;
+
+  const touch = (key: string, value: { count: number; windowStartMs: number }) => {
+    state.delete(key);
+    state.set(key, value);
+  };
+
+  const prune = (nowMs: number) => {
+    for (const [key, entry] of state) {
+      if (nowMs - entry.windowStartMs >= windowMs) {
+        state.delete(key);
+      }
+    }
+  };
+
+  return {
+    isRateLimited(key: string, nowMs = Date.now()): boolean {
+      if (!key) {
+        return false;
+      }
+      if (nowMs - lastPruneMs >= pruneIntervalMs) {
+        prune(nowMs);
+        lastPruneMs = nowMs;
+      }
+      const existing = state.get(key);
+      if (!existing || nowMs - existing.windowStartMs >= windowMs) {
+        touch(key, { count: 1, windowStartMs: nowMs });
+        pruneMapToMaxSize(state, maxTrackedKeys);
+        return false;
+      }
+      const nextCount = existing.count + 1;
+      touch(key, { count: nextCount, windowStartMs: existing.windowStartMs });
+      pruneMapToMaxSize(state, maxTrackedKeys);
+      return nextCount > maxRequests;
+    },
+    size: () => state.size,
+    clear: () => {
+      state.clear();
+      lastPruneMs = 0;
+    },
+  };
+}
+
+export function createWebhookAnomalyTracker(options?: {
+  maxTrackedKeys?: number;
+  ttlMs?: number;
+  logEvery?: number;
+  trackedStatusCodes?: readonly number[];
+}) {
+  const trackedStatusCodes = new Set(options?.trackedStatusCodes ?? [400, 401, 408, 413, 415, 429]);
+  const counters = new Map<string, { count: number; updatedAtMs: number }>();
+  const maxTrackedKeys = Math.max(
+    1,
+    Math.floor(options?.maxTrackedKeys ?? WEBHOOK_ANOMALY_COUNTER_DEFAULTS.maxTrackedKeys),
+  );
+  const ttlMs = Math.max(
+    0,
+    Math.floor(options?.ttlMs ?? WEBHOOK_ANOMALY_COUNTER_DEFAULTS.ttlMs),
+  );
+  const logEvery = Math.max(
+    1,
+    Math.floor(options?.logEvery ?? WEBHOOK_ANOMALY_COUNTER_DEFAULTS.logEvery),
+  );
+
+  const prune = (nowMs: number) => {
+    if (ttlMs <= 0) {
+      return;
+    }
+    for (const [key, entry] of counters) {
+      if (nowMs - entry.updatedAtMs >= ttlMs) {
+        counters.delete(key);
+      }
+    }
+  };
+
+  return {
+    record(params: {
+      key: string;
+      statusCode: number;
+      message: (count: number) => string;
+      log?: (message: string) => void;
+      nowMs?: number;
+    }): number {
+      if (!trackedStatusCodes.has(params.statusCode)) {
+        return 0;
+      }
+      const nowMs = params.nowMs ?? Date.now();
+      prune(nowMs);
+      const existing = counters.get(params.key);
+      const nextCount = (existing?.count ?? 0) + 1;
+      counters.set(params.key, { count: nextCount, updatedAtMs: nowMs });
+      pruneMapToMaxSize(counters, maxTrackedKeys);
+      if (params.log && (nextCount === 1 || nextCount % logEvery === 0)) {
+        params.log(params.message(nextCount));
+      }
+      return nextCount;
+    },
+    size: () => counters.size,
+    clear: () => counters.clear(),
+  };
+}
+
+function isJsonContentType(value: string | string[] | undefined): boolean {
+  const first = Array.isArray(value) ? value[0] : value;
+  if (!first) {
+    return false;
+  }
+  const mediaType = first.split(";", 1)[0]?.trim().toLowerCase();
+  return mediaType === "application/json" || Boolean(mediaType?.endsWith("+json"));
+}
+
+export function applyBasicWebhookRequestGuards(params: {
+  req: IncomingMessage;
+  res: ServerResponse;
+  allowMethods?: readonly string[];
+  rateLimiter?: { isRateLimited: (key: string, nowMs?: number) => boolean };
+  rateLimitKey?: string;
+  nowMs?: number;
+  requireJsonContentType?: boolean;
+}): boolean {
+  const allowMethods = params.allowMethods?.length ? params.allowMethods : null;
+  if (allowMethods && !allowMethods.includes(params.req.method ?? "")) {
+    params.res.statusCode = 405;
+    params.res.setHeader("Allow", allowMethods.join(", "));
+    params.res.end("Method Not Allowed");
+    return false;
+  }
+  if (
+    params.rateLimiter &&
+    params.rateLimitKey &&
+    params.rateLimiter.isRateLimited(params.rateLimitKey, params.nowMs ?? Date.now())
+  ) {
+    params.res.statusCode = 429;
+    params.res.end("Too Many Requests");
+    return false;
+  }
+  if (
+    params.requireJsonContentType &&
+    params.req.method === "POST" &&
+    !isJsonContentType(params.req.headers["content-type"])
+  ) {
+    params.res.statusCode = 415;
+    params.res.end("Unsupported Media Type");
+    return false;
+  }
+  return true;
+}

package/src/nextclaw-sdk/network.ts

@@ -0,0 +1,13 @@
+export {
+  buildRandomTempFilePath,
+  fetchWithSsrFGuard,
+  withTempDownloadPath,
+} from "./network-fetch.js";
+export {
+  applyBasicWebhookRequestGuards,
+  createFixedWindowRateLimiter,
+  createWebhookAnomalyTracker,
+  WEBHOOK_ANOMALY_COUNTER_DEFAULTS,
+  WEBHOOK_RATE_LIMIT_DEFAULTS,
+} from "./network-webhook.js";
+export { installRequestBodyLimitGuard, readJsonBodyWithLimit } from "./network-body.js";

package/src/nextclaw-sdk/runtime-store.ts

@@ -0,0 +1,26 @@
+export function createPluginRuntimeStore<T>(errorMessage: string): {
+  setRuntime: (next: T) => void;
+  clearRuntime: () => void;
+  tryGetRuntime: () => T | null;
+  getRuntime: () => T;
+} {
+  let runtime: T | null = null;
+
+  return {
+    setRuntime(next: T) {
+      runtime = next;
+    },
+    clearRuntime() {
+      runtime = null;
+    },
+    tryGetRuntime() {
+      return runtime;
+    },
+    getRuntime() {
+      if (!runtime) {
+        throw new Error(errorMessage);
+      }
+      return runtime;
+    },
+  };
+}

package/src/nextclaw-sdk/secrets-config.ts

@@ -0,0 +1,109 @@
+import type { ClawdbotConfig, DmPolicy, GroupPolicy } from "./types.js";
+
+export function mergeAllowFromEntries(
+  current: Array<string | number> | null | undefined,
+  additions: Array<string | number>,
+): string[] {
+  const merged = [...(current ?? []), ...additions].map((entry) => String(entry).trim()).filter(Boolean);
+  return [...new Set(merged)];
+}
+
+export function splitOnboardingEntries(raw: string): string[] {
+  return raw
+    .split(/[\n,;]+/g)
+    .map((entry) => entry.trim())
+    .filter(Boolean);
+}
+
+function patchTopLevelChannelConfig(params: {
+  cfg: ClawdbotConfig;
+  channel: string;
+  enabled?: boolean;
+  patch: Record<string, unknown>;
+}): ClawdbotConfig {
+  const channelConfig =
+    (params.cfg.channels?.[params.channel] as Record<string, unknown> | undefined) ?? {};
+  return {
+    ...params.cfg,
+    channels: {
+      ...params.cfg.channels,
+      [params.channel]: {
+        ...channelConfig,
+        ...(params.enabled ? { enabled: true } : {}),
+        ...params.patch,
+      },
+    },
+  };
+}
+
+function addWildcardAllowFrom(allowFrom?: Array<string | number> | null): string[] {
+  const next = (allowFrom ?? []).map((entry) => String(entry).trim()).filter(Boolean);
+  if (!next.includes("*")) {
+    next.push("*");
+  }
+  return next;
+}
+
+export function setTopLevelChannelAllowFrom(params: {
+  cfg: ClawdbotConfig;
+  channel: string;
+  allowFrom: string[];
+  enabled?: boolean;
+}): ClawdbotConfig {
+  return patchTopLevelChannelConfig({
+    cfg: params.cfg,
+    channel: params.channel,
+    enabled: params.enabled,
+    patch: { allowFrom: params.allowFrom },
+  });
+}
+
+export function setTopLevelChannelDmPolicyWithAllowFrom(params: {
+  cfg: ClawdbotConfig;
+  channel: string;
+  dmPolicy: DmPolicy;
+  getAllowFrom?: (cfg: ClawdbotConfig) => Array<string | number> | undefined;
+}): ClawdbotConfig {
+  const channelConfig =
+    (params.cfg.channels?.[params.channel] as Record<string, unknown> | undefined) ?? {};
+  const existingAllowFrom =
+    params.getAllowFrom?.(params.cfg) ??
+    (channelConfig.allowFrom as Array<string | number> | undefined) ??
+    undefined;
+  const allowFrom = params.dmPolicy === "open" ? addWildcardAllowFrom(existingAllowFrom) : undefined;
+  return patchTopLevelChannelConfig({
+    cfg: params.cfg,
+    channel: params.channel,
+    patch: {
+      dmPolicy: params.dmPolicy,
+      ...(allowFrom ? { allowFrom } : {}),
+    },
+  });
+}
+
+export function setTopLevelChannelGroupPolicy(params: {
+  cfg: ClawdbotConfig;
+  channel: string;
+  groupPolicy: GroupPolicy;
+  enabled?: boolean;
+}): ClawdbotConfig {
+  return patchTopLevelChannelConfig({
+    cfg: params.cfg,
+    channel: params.channel,
+    enabled: params.enabled,
+    patch: { groupPolicy: params.groupPolicy },
+  });
+}
+
+export function buildSingleChannelSecretPromptState(params: {
+  accountConfigured: boolean;
+  hasConfigToken: boolean;
+  allowEnv: boolean;
+  envValue?: string;
+}) {
+  return {
+    accountConfigured: params.accountConfigured,
+    hasConfigToken: params.hasConfigToken,
+    canUseEnv: params.allowEnv && Boolean(params.envValue?.trim()) && !params.hasConfigToken,
+  };
+}