@onebots/core 0.5.0 → 1.0.4

package/lib/middleware/token-validator.js

@@ -0,0 +1,198 @@
+/**
+ * 访问令牌验证中间件
+ * 支持多种令牌格式和验证方式
+ */
+import { createLogger } from '../logger.js';
+import { logInvalidToken, logAuthFailure } from './security-audit.js';
+import crypto from 'crypto';
+const logger = createLogger('TokenValidator');
+/**
+ * 创建令牌验证中间件
+ */
+export function createTokenValidator(config = {}) {
+    const { tokenName = 'access_token', fromHeader = true, fromQuery = true, validator, required = true, errorMessage = 'Invalid or missing access token', } = config;
+    return async (ctx, next) => {
+        // 从多个位置提取令牌
+        let token;
+        if (fromHeader) {
+            // 从 Authorization header 获取
+            const authHeader = ctx.get('authorization');
+            if (authHeader) {
+                // 支持 Bearer token 格式
+                const match = authHeader.match(/^Bearer\s+(.+)$/i);
+                if (match) {
+                    token = match[1];
+                }
+                else {
+                    token = authHeader;
+                }
+            }
+        }
+        if (!token && fromQuery) {
+            // 从 query 参数获取
+            token = ctx.query[tokenName];
+        }
+        // 检查令牌是否存在
+        if (!token) {
+            if (required) {
+                logInvalidToken(ctx);
+                ctx.status = 401;
+                ctx.body = {
+                    error: 'Unauthorized',
+                    message: errorMessage,
+                };
+                return;
+            }
+            else {
+                // 可选令牌，继续执行
+                return next();
+            }
+        }
+        // 验证令牌
+        let isValid = true;
+        if (validator) {
+            try {
+                isValid = await validator(token, ctx);
+            }
+            catch (error) {
+                logger.error('Token validation error', {
+                    error: error.message,
+                    path: ctx.path,
+                });
+                isValid = false;
+            }
+        }
+        else {
+            // 默认验证：检查令牌不为空
+            isValid = token.length > 0;
+        }
+        if (!isValid) {
+            logInvalidToken(ctx, token);
+            ctx.status = 401;
+            ctx.body = {
+                error: 'Unauthorized',
+                message: errorMessage,
+            };
+            return;
+        }
+        // 将令牌存储到 context 中，供后续使用
+        ctx.state.token = token;
+        await next();
+    };
+}
+/**
+ * 创建基于配置的令牌验证器
+ * 从配置中读取 access_token 列表进行验证
+ */
+export function createConfigTokenValidator(expectedTokens) {
+    const tokenSet = new Set(expectedTokens.filter(Boolean));
+    return createTokenValidator({
+        validator: (token) => {
+            return tokenSet.has(token);
+        },
+    });
+}
+/**
+ * HMAC 签名验证
+ */
+export function createHMACValidator(secret, algorithm = 'sha256') {
+    return async (ctx, next) => {
+        const signature = ctx.get('x-signature') || ctx.query.signature;
+        if (!signature) {
+            logAuthFailure(ctx, 'Missing signature');
+            ctx.status = 401;
+            ctx.body = {
+                error: 'Unauthorized',
+                message: 'Missing signature',
+            };
+            return;
+        }
+        // 获取请求体
+        const body = ctx.request.body || ctx.request.rawBody || '';
+        const bodyString = typeof body === 'string' ? body : JSON.stringify(body);
+        // 计算 HMAC
+        const hmac = crypto.createHmac(algorithm, secret);
+        hmac.update(bodyString);
+        const expectedSignature = hmac.digest('hex');
+        // 使用时间安全比较
+        const isValid = crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expectedSignature));
+        if (!isValid) {
+            logAuthFailure(ctx, 'Invalid signature');
+            ctx.status = 401;
+            ctx.body = {
+                error: 'Unauthorized',
+                message: 'Invalid signature',
+            };
+            return;
+        }
+        await next();
+    };
+}
+/**
+ * 创建带令牌管理的验证器
+ * 支持令牌过期检查和自动刷新
+ */
+export function createManagedTokenValidator(tokenManager, config = {}) {
+    const baseValidator = createTokenValidator(config);
+    return async (ctx, next) => {
+        const token = ctx.get('authorization')?.replace(/^Bearer\s+/i, '') ||
+            ctx.query[config.tokenName || 'access_token'];
+        if (!token) {
+            if (config.required !== false) {
+                logInvalidToken(ctx);
+                ctx.status = 401;
+                ctx.body = {
+                    error: 'Unauthorized',
+                    message: config.errorMessage || 'Invalid or missing access token',
+                };
+                return;
+            }
+            return next();
+        }
+        // 验证令牌
+        const validation = tokenManager.validateToken(token);
+        if (!validation.valid) {
+            if (validation.expired) {
+                logInvalidToken(ctx, token);
+                ctx.status = 401;
+                ctx.body = {
+                    error: 'Unauthorized',
+                    message: 'Token expired',
+                    code: 'TOKEN_EXPIRED',
+                };
+                return;
+            }
+            else {
+                logInvalidToken(ctx, token);
+                ctx.status = 401;
+                ctx.body = {
+                    error: 'Unauthorized',
+                    message: config.errorMessage || 'Invalid access token',
+                };
+                return;
+            }
+        }
+        // 将令牌信息存储到 context
+        ctx.state.token = token;
+        ctx.state.tokenInfo = validation.info;
+        await next();
+    };
+}
+/**
+ * 组合多个验证器
+ */
+export function combineValidators(...validators) {
+    return async (ctx, next) => {
+        for (const validator of validators) {
+            await validator(ctx, async () => {
+                // 空函数，用于链式调用
+            });
+            // 如果验证失败，响应已设置，直接返回
+            if (ctx.status === 401) {
+                return;
+            }
+        }
+        // 所有验证通过，继续执行
+        await next();
+    };
+}

package/lib/protocol.d.ts

@@ -3,7 +3,6 @@ import { Account } from "./account.js";
 import { Adapter } from "./adapter.js";
 import { Dict } from "./types.js";
 import { Router } from "./router.js";
-import { BaseApp } from "./base-app.js";
 /**
  * Base Protocol class
  * Represents a communication protocol (e.g., OneBot, Milky, Satori)
@@ -14,7 +13,7 @@ export declare abstract class Protocol<V extends string = string, C = any> exten
     config: Protocol.FullConfig<C>;
     abstract readonly name: string;
     abstract readonly version: V;
-    get app(): BaseApp;
+    get app(): import("./base-app.js").BaseApp;
     get router(): Router;
     get logger(): import("log4js").Logger;
     constructor(adapter: Adapter, account: Account, config: Protocol.FullConfig<C>);
@@ -95,6 +94,6 @@ export declare namespace Protocol {
      */
     export type Factory<T extends Protocol = Protocol> = Creator<T> | Construct<T>;
     export function isClassFactory<T extends Protocol = Protocol>(factory: Factory<T>): factory is Construct<T>;
-    export function createFilter(filters: Filters): (event: Dict) => any;
+    export function createFilter(filters?: Filters): any;
     export {};
 }

package/lib/protocol.js

@@ -41,6 +41,10 @@ export class Protocol extends EventEmitter {
     }
     Protocol.isClassFactory = isClassFactory;
     function createFilter(filters) {
+        // 如果没有 filters，返回始终为 true 的过滤器
+        if (!filters || Object.keys(filters).length === 0) {
+            return () => true;
+        }
         const isLogicKey = (key) => {
             return [
                 "$and",

package/lib/rate-limiter.d.ts

@@ -0,0 +1,88 @@
+/**
+ * API 速率限制器
+ * 防止触发平台的速率限制
+ */
+export interface RateLimiterOptions {
+    /** 时间窗口内允许的最大请求数 */
+    maxRequests: number;
+    /** 时间窗口大小（毫秒） */
+    windowMs: number;
+    /** 请求之间的最小间隔（毫秒） */
+    minInterval?: number;
+    /** 超出限制时是否排队等待 */
+    queueExcess?: boolean;
+    /** 队列最大长度 */
+    maxQueueSize?: number;
+}
+/**
+ * 令牌桶速率限制器
+ */
+export declare class RateLimiter {
+    private tokens;
+    private lastRefill;
+    private queue;
+    private processing;
+    private lastRequest;
+    private readonly maxRequests;
+    private readonly windowMs;
+    private readonly minInterval;
+    private readonly queueExcess;
+    private readonly maxQueueSize;
+    constructor(options: RateLimiterOptions);
+    /**
+     * 补充令牌
+     */
+    private refillTokens;
+    /**
+     * 尝试获取令牌
+     */
+    private tryAcquire;
+    /**
+     * 计算需要等待的时间
+     */
+    private getWaitTime;
+    /**
+     * 执行受限函数
+     */
+    execute<T>(fn: () => Promise<T>): Promise<T>;
+    /**
+     * 处理队列
+     */
+    private processQueue;
+    /**
+     * 获取当前状态
+     */
+    getStatus(): {
+        availableTokens: number;
+        queueLength: number;
+        isProcessing: boolean;
+    };
+    /**
+     * 清空队列
+     */
+    clearQueue(): void;
+    private sleep;
+}
+/**
+ * 速率限制错误
+ */
+export declare class RateLimitError extends Error {
+    constructor(message: string);
+}
+/**
+ * 平台速率限制预设
+ */
+export declare const RateLimitPresets: {
+    /** Discord - 50 请求/秒 */
+    discord: RateLimiterOptions;
+    /** Telegram - 30 消息/秒（群组 20/分钟） */
+    telegram: RateLimiterOptions;
+    /** QQ - 5 消息/秒 */
+    qq: RateLimiterOptions;
+    /** 通用 - 10 请求/秒 */
+    default: RateLimiterOptions;
+};
+/**
+ * 创建带速率限制的函数包装器
+ */
+export declare function withRateLimit<T extends (...args: any[]) => Promise<any>>(fn: T, limiter: RateLimiter): T;

package/lib/rate-limiter.js

@@ -0,0 +1,196 @@
+/**
+ * API 速率限制器
+ * 防止触发平台的速率限制
+ */
+/**
+ * 令牌桶速率限制器
+ */
+export class RateLimiter {
+    tokens;
+    lastRefill;
+    queue = [];
+    processing = false;
+    lastRequest = 0;
+    maxRequests;
+    windowMs;
+    minInterval;
+    queueExcess;
+    maxQueueSize;
+    constructor(options) {
+        this.maxRequests = options.maxRequests;
+        this.windowMs = options.windowMs;
+        this.minInterval = options.minInterval ?? 0;
+        this.queueExcess = options.queueExcess ?? true;
+        this.maxQueueSize = options.maxQueueSize ?? 100;
+        this.tokens = this.maxRequests;
+        this.lastRefill = Date.now();
+    }
+    /**
+     * 补充令牌
+     */
+    refillTokens() {
+        const now = Date.now();
+        const elapsed = now - this.lastRefill;
+        const tokensToAdd = (elapsed / this.windowMs) * this.maxRequests;
+        this.tokens = Math.min(this.maxRequests, this.tokens + tokensToAdd);
+        this.lastRefill = now;
+    }
+    /**
+     * 尝试获取令牌
+     */
+    tryAcquire() {
+        this.refillTokens();
+        if (this.tokens >= 1) {
+            this.tokens -= 1;
+            return true;
+        }
+        return false;
+    }
+    /**
+     * 计算需要等待的时间
+     */
+    getWaitTime() {
+        this.refillTokens();
+        if (this.tokens >= 1) {
+            return 0;
+        }
+        // 计算获得一个令牌需要的时间
+        const tokensNeeded = 1 - this.tokens;
+        return (tokensNeeded / this.maxRequests) * this.windowMs;
+    }
+    /**
+     * 执行受限函数
+     */
+    async execute(fn) {
+        // 检查最小间隔
+        const now = Date.now();
+        const timeSinceLastRequest = now - this.lastRequest;
+        if (timeSinceLastRequest < this.minInterval) {
+            await this.sleep(this.minInterval - timeSinceLastRequest);
+        }
+        // 尝试获取令牌
+        if (this.tryAcquire()) {
+            this.lastRequest = Date.now();
+            return fn();
+        }
+        // 如果不排队，直接抛出错误
+        if (!this.queueExcess) {
+            throw new RateLimitError('Rate limit exceeded');
+        }
+        // 检查队列大小
+        if (this.queue.length >= this.maxQueueSize) {
+            throw new RateLimitError('Rate limit queue is full');
+        }
+        // 加入队列
+        return new Promise((resolve, reject) => {
+            this.queue.push({ execute: fn, resolve, reject });
+            this.processQueue();
+        });
+    }
+    /**
+     * 处理队列
+     */
+    async processQueue() {
+        if (this.processing || this.queue.length === 0) {
+            return;
+        }
+        this.processing = true;
+        while (this.queue.length > 0) {
+            const waitTime = this.getWaitTime();
+            if (waitTime > 0) {
+                await this.sleep(waitTime);
+            }
+            // 检查最小间隔
+            const timeSinceLastRequest = Date.now() - this.lastRequest;
+            if (timeSinceLastRequest < this.minInterval) {
+                await this.sleep(this.minInterval - timeSinceLastRequest);
+            }
+            if (this.tryAcquire()) {
+                const request = this.queue.shift();
+                if (request) {
+                    this.lastRequest = Date.now();
+                    try {
+                        const result = await request.execute();
+                        request.resolve(result);
+                    }
+                    catch (error) {
+                        request.reject(error instanceof Error ? error : new Error(String(error)));
+                    }
+                }
+            }
+        }
+        this.processing = false;
+    }
+    /**
+     * 获取当前状态
+     */
+    getStatus() {
+        this.refillTokens();
+        return {
+            availableTokens: Math.floor(this.tokens),
+            queueLength: this.queue.length,
+            isProcessing: this.processing,
+        };
+    }
+    /**
+     * 清空队列
+     */
+    clearQueue() {
+        const error = new RateLimitError('Queue cleared');
+        this.queue.forEach(request => request.reject(error));
+        this.queue = [];
+    }
+    sleep(ms) {
+        return new Promise(resolve => setTimeout(resolve, ms));
+    }
+}
+/**
+ * 速率限制错误
+ */
+export class RateLimitError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'RateLimitError';
+    }
+}
+/**
+ * 平台速率限制预设
+ */
+export const RateLimitPresets = {
+    /** Discord - 50 请求/秒 */
+    discord: {
+        maxRequests: 50,
+        windowMs: 1000,
+        minInterval: 50,
+        queueExcess: true,
+    },
+    /** Telegram - 30 消息/秒（群组 20/分钟） */
+    telegram: {
+        maxRequests: 30,
+        windowMs: 1000,
+        minInterval: 50,
+        queueExcess: true,
+    },
+    /** QQ - 5 消息/秒 */
+    qq: {
+        maxRequests: 5,
+        windowMs: 1000,
+        minInterval: 200,
+        queueExcess: true,
+    },
+    /** 通用 - 10 请求/秒 */
+    default: {
+        maxRequests: 10,
+        windowMs: 1000,
+        minInterval: 100,
+        queueExcess: true,
+    },
+};
+/**
+ * 创建带速率限制的函数包装器
+ */
+export function withRateLimit(fn, limiter) {
+    return ((...args) => {
+        return limiter.execute(() => fn(...args));
+    });
+}

package/lib/registry.d.ts

@@ -2,6 +2,7 @@ import { Protocol } from "./protocol.js";
 import { Adapter } from "./adapter.js";
 import { BaseApp } from "./base-app.js";
 import { Account } from "./account.js";
+import type { Schema } from "./config-validator.js";
 /**
  * Protocol Registry
  * Manages registration and retrieval of protocol implementations
@@ -9,6 +10,7 @@ import { Account } from "./account.js";
 export declare class ProtocolRegistry {
     private static protocols;
     private static metadata;
+    private static schemas;
     /**
      * Register a protocol implementation
      * @param name Protocol name (e.g., 'onebot', 'milky', 'satori')
@@ -17,6 +19,18 @@ export declare class ProtocolRegistry {
      * @param metadata Optional protocol metadata
      */
     static register(name: string, version: string, factory: Protocol.Factory, metadata?: Partial<Protocol.Metadata>): void;
+    /**
+     * Register a protocol config schema (key format: name.version)
+     */
+    static registerSchema(key: string, schema: Schema): void;
+    /**
+     * Get a protocol config schema by key
+     */
+    static getSchema(key: string): Schema | undefined;
+    /**
+     * Get all protocol config schemas
+     */
+    static getAllSchemas(): Record<string, Schema>;
     /**
      * Get a protocol factory
      * @param name Protocol name
@@ -63,6 +77,7 @@ export declare class ProtocolRegistry {
 export declare class AdapterRegistry {
     private static adapters;
     private static metadata;
+    private static schemas;
     /**
      * Register an adapter implementation
      * @param name Adapter name/platform (e.g., 'wechat', 'dingtalk', 'qq')
@@ -70,6 +85,18 @@ export declare class AdapterRegistry {
      * @param metadata Optional adapter metadata
      */
     static register(name: string, factory: Adapter.Factory, metadata?: Partial<Adapter.Metadata>): void;
+    /**
+     * Register an adapter config schema
+     */
+    static registerSchema(name: string, schema: Schema): void;
+    /**
+     * Get an adapter config schema
+     */
+    static getSchema(name: string): Schema | undefined;
+    /**
+     * Get all adapter config schemas
+     */
+    static getAllSchemas(): Record<string, Schema>;
     /**
      * Get an adapter factory
      * @param name Adapter name/platform

package/lib/registry.js

@@ -7,6 +7,7 @@ import { Adapter } from "./adapter.js";
 export class ProtocolRegistry {
     static protocols = new Map();
     static metadata = new Map();
+    static schemas = new Map();
     /**
      * Register a protocol implementation
      * @param name Protocol name (e.g., 'onebot', 'milky', 'satori')
@@ -36,6 +37,24 @@ export class ProtocolRegistry {
             }
         }
     }
+    /**
+     * Register a protocol config schema (key format: name.version)
+     */
+    static registerSchema(key, schema) {
+        this.schemas.set(key, schema);
+    }
+    /**
+     * Get a protocol config schema by key
+     */
+    static getSchema(key) {
+        return this.schemas.get(key);
+    }
+    /**
+     * Get all protocol config schemas
+     */
+    static getAllSchemas() {
+        return Object.fromEntries(this.schemas.entries());
+    }
     /**
      * Get a protocol factory
      * @param name Protocol name
@@ -83,11 +102,6 @@ export class ProtocolRegistry {
      */
     static create(name, version, adapter, account, config) {
         const factory = this.get(name, version);
-        console.log({
-            name,
-            version,
-            account: account.account_id
-        });
         if (!factory) {
             throw new Error(`Protocol ${name}/${version} not registered`);
         }
@@ -127,6 +141,7 @@ export class ProtocolRegistry {
     static clear() {
         this.protocols.clear();
         this.metadata.clear();
+        this.schemas.clear();
     }
 }
 /**
@@ -136,6 +151,7 @@ export class ProtocolRegistry {
 export class AdapterRegistry {
     static adapters = new Map();
     static metadata = new Map();
+    static schemas = new Map();
     /**
      * Register an adapter implementation
      * @param name Adapter name/platform (e.g., 'wechat', 'dingtalk', 'qq')
@@ -156,6 +172,24 @@ export class AdapterRegistry {
             });
         }
     }
+    /**
+     * Register an adapter config schema
+     */
+    static registerSchema(name, schema) {
+        this.schemas.set(name, schema);
+    }
+    /**
+     * Get an adapter config schema
+     */
+    static getSchema(name) {
+        return this.schemas.get(name);
+    }
+    /**
+     * Get all adapter config schemas
+     */
+    static getAllSchemas() {
+        return Object.fromEntries(this.schemas.entries());
+    }
     /**
      * Get an adapter factory
      * @param name Adapter name/platform
@@ -213,5 +247,6 @@ export class AdapterRegistry {
     static clear() {
         this.adapters.clear();
         this.metadata.clear();
+        this.schemas.clear();
     }
 }