@sunnoy/wecom 1.2.0 → 1.4.0

package/package.json

@@ -1,17 +1,17 @@
 {
     "name": "@sunnoy/wecom",
-    "version": "1.2.0",
+    "version": "1.4.0",
     "description": "Enterprise WeChat AI Bot channel plugin for OpenClaw",
     "type": "module",
     "main": "index.js",
     "files": [
         "index.js",
+        "wecom",
         "crypto.js",
         "dynamic-agent.js",
         "image-processor.js",
         "logger.js",
         "README.md",
-        "README_ZH.md",
         "LICENSE",
         "CONTRIBUTING.md",
         "stream-manager.js",
@@ -22,6 +22,12 @@
     "peerDependencies": {
         "openclaw": "*"
     },
+    "scripts": {
+        "test": "npm run test:unit",
+        "test:unit": "node --test tests/*.test.js",
+        "test:e2e": "node --test tests/e2e/*.e2e.test.js",
+        "test:e2e:ali-ai": "bash tests/e2e/run-ali-ai.sh"
+    },
     "openclaw": {
         "extensions": [
             "./index.js"

package/wecom/accounts.js

@@ -0,0 +1,258 @@
+/**
+ * Multi-account resolution layer.
+ *
+ * Design: dictionary-based — each key under `channels.wecom` is an account ID,
+ * and its value contains the full per-account config (token, encodingAesKey,
+ * agent, webhooks, etc.).
+ *
+ * Legacy single-account configs (where `token` exists directly under `wecom`)
+ * are auto-detected and treated as accountId = "default".
+ *
+ * ── Multi-account config ───────────────────────────────────────────
+ *
+ *   channels:
+ *     wecom:
+ *       bot1:
+ *         token: "bot-token-a"
+ *         encodingAesKey: "..."
+ *         agent:
+ *           corpId: "ww1234"
+ *           corpSecret: "secret-a"
+ *           agentId: 1000001
+ *         webhooks:
+ *           ops-group: "key-xxx"
+ *       bot2:
+ *         token: "bot-token-b"
+ *         encodingAesKey: "..."
+ *         agent:
+ *           corpId: "ww5678"
+ *           corpSecret: "secret-b"
+ *           agentId: 1000002
+ *
+ * ── Legacy single-account config (auto-detected, fully compatible) ─
+ *
+ *   channels:
+ *     wecom:
+ *       token: "bot-token-a"
+ *       encodingAesKey: "..."
+ *       agent:
+ *         corpId: "ww1234"
+ *         corpSecret: "secret-a"
+ *         agentId: 1000001
+ */
+
+import { logger } from "../logger.js";
+import { DEFAULT_ACCOUNT_ID } from "./constants.js";
+
+// Keys that belong to the top-level wecom config and are NOT account IDs.
+const RESERVED_KEYS = new Set([
+  "enabled",
+  "token",
+  "encodingAesKey",
+  "agent",
+  "webhooks",
+  "webhookPath",
+  "name",
+  "allowFrom",
+  "commandAllowlist",
+  "commandBlockMessage",
+]);
+
+// ── Helpers ─────────────────────────────────────────────────────────
+
+/**
+ * Detect whether the wecom config block is legacy (single-account) format.
+ * Heuristic: if `token` exists directly under `channels.wecom`, it's legacy.
+ */
+function isLegacyConfig(wecom) {
+  return typeof wecom?.token === "string";
+}
+
+/**
+ * Build a resolved account object from a per-account config block.
+ */
+function buildAccount(accountId, accountCfg) {
+  const agent = accountCfg?.agent;
+  const webhooks = accountCfg?.webhooks;
+  const agentConfigured = Boolean(agent?.corpId && agent?.corpSecret && agent?.agentId);
+  const agentInboundConfigured = Boolean(
+    agent?.corpId && agent?.corpSecret && agent?.agentId && agent?.token && agent?.encodingAesKey,
+  );
+
+  return {
+    accountId,
+    name: accountCfg?.name || accountId,
+    enabled: accountCfg?.enabled !== false,
+    configured: Boolean(accountCfg?.token && accountCfg?.encodingAesKey) || agentConfigured,
+    token: accountCfg?.token || "",
+    encodingAesKey: accountCfg?.encodingAesKey || "",
+    webhookPath:
+      accountCfg?.webhookPath ||
+      (accountId === DEFAULT_ACCOUNT_ID ? "/webhooks/wecom" : `/webhooks/wecom/${accountId}`),
+    config: accountCfg || {},
+    agentConfigured,
+    agentInboundConfigured,
+    webhooksConfigured: Boolean(webhooks && Object.keys(webhooks).length > 0),
+    agentCredentials: agentConfigured
+      ? { corpId: agent.corpId, corpSecret: agent.corpSecret, agentId: agent.agentId }
+      : null,
+  };
+}
+
+/**
+ * Normalize a raw account key → canonical ID (lowercase, safe chars only).
+ */
+function normalizeAccountKey(key) {
+  return String(key).trim().toLowerCase().replace(/[^a-z0-9_-]/g, "_");
+}
+
+// ── Public API ──────────────────────────────────────────────────────
+
+/**
+ * List all configured account IDs.
+ * Returns `["default"]` for legacy single-account configs.
+ */
+export function listAccountIds(cfg) {
+  const wecom = cfg?.channels?.wecom;
+  if (!wecom || wecom.enabled === false) return [];
+
+  // Legacy single-account → just "default".
+  if (isLegacyConfig(wecom)) return [DEFAULT_ACCOUNT_ID];
+
+  // Dictionary mode — each non-reserved key is an account.
+  const ids = [];
+  for (const key of Object.keys(wecom)) {
+    if (RESERVED_KEYS.has(key)) continue;
+    const val = wecom[key];
+    if (val && typeof val === "object" && !Array.isArray(val)) {
+      const id = normalizeAccountKey(key);
+      if (id && !ids.includes(id)) ids.push(id);
+    }
+  }
+
+  if (ids.length === 0) {
+    logger.warn("[accounts] wecom config has no account entries and no legacy token — returning empty");
+  }
+  return ids;
+}
+
+/**
+ * Resolve a single account by its ID.
+ */
+export function resolveAccount(cfg, accountId) {
+  const wecom = cfg?.channels?.wecom;
+  if (!wecom) return null;
+
+  const resolvedId = accountId || DEFAULT_ACCOUNT_ID;
+
+  // Legacy single-account: the entire wecom block IS the account config.
+  if (isLegacyConfig(wecom)) {
+    if (resolvedId !== DEFAULT_ACCOUNT_ID) {
+      logger.warn(`[accounts] legacy config does not have account "${resolvedId}"`);
+      return buildAccount(resolvedId, { enabled: false });
+    }
+    return buildAccount(DEFAULT_ACCOUNT_ID, wecom);
+  }
+
+  // Dictionary mode: look up key (case-insensitive).
+  const normalizedId = normalizeAccountKey(resolvedId);
+  for (const key of Object.keys(wecom)) {
+    if (RESERVED_KEYS.has(key)) continue;
+    if (normalizeAccountKey(key) === normalizedId) {
+      const val = wecom[key];
+      if (val && typeof val === "object" && !Array.isArray(val)) {
+        return buildAccount(normalizedId, val);
+      }
+    }
+  }
+
+  // Not found.
+  return buildAccount(resolvedId, { enabled: false });
+}
+
+/**
+ * Resolve all accounts as a Map<accountId, account>.
+ */
+export function resolveAllAccounts(cfg) {
+  const ids = listAccountIds(cfg);
+  const accounts = new Map();
+  for (const id of ids) {
+    accounts.set(id, resolveAccount(cfg, id));
+  }
+  return accounts;
+}
+
+/**
+ * Extract Agent API credentials for a given accountId.
+ * Returns `{ corpId, corpSecret, agentId }` or null.
+ */
+export function resolveAgentConfigForAccount(cfg, accountId) {
+  const account = resolveAccount(cfg, accountId);
+  return account?.agentCredentials ?? null;
+}
+
+/**
+ * Detect duplicate tokens / agentIds across accounts.
+ * Returns an array of conflict descriptions (empty = no conflicts).
+ */
+export function detectAccountConflicts(cfg) {
+  const accounts = resolveAllAccounts(cfg);
+  const conflicts = [];
+
+  const tokenOwners = new Map();
+  const agentIdOwners = new Map();
+
+  for (const [id, account] of accounts) {
+    if (!account.enabled) continue;
+
+    // Check bot token uniqueness.
+    const token = account.token?.trim();
+    if (token) {
+      const key = token.toLowerCase();
+      if (tokenOwners.has(key)) {
+        const owner = tokenOwners.get(key);
+        conflicts.push({
+          type: "duplicate_token",
+          accounts: [owner, id],
+          message: `账号 "${id}" 与 "${owner}" 使用了相同的 Bot Token，会导致消息错乱。`,
+        });
+      } else {
+        tokenOwners.set(key, id);
+      }
+    }
+
+    // Check agent corpId+agentId uniqueness.
+    const creds = account.agentCredentials;
+    if (creds) {
+      const key = `${creds.corpId}:${creds.agentId}`;
+      if (agentIdOwners.has(key)) {
+        const owner = agentIdOwners.get(key);
+        conflicts.push({
+          type: "duplicate_agent",
+          accounts: [owner, id],
+          message: `账号 "${id}" 与 "${owner}" 使用了相同的 Agent 配置 (${creds.corpId}/${creds.agentId})。`,
+        });
+      } else {
+        agentIdOwners.set(key, id);
+      }
+    }
+  }
+
+  return conflicts;
+}
+
+/**
+ * Find which accountId owns a given bot token.
+ * Useful for inbound routing when the request carries a token.
+ */
+export function findAccountByToken(cfg, token) {
+  if (!token) return null;
+  const key = token.trim().toLowerCase();
+  const accounts = resolveAllAccounts(cfg);
+  for (const [id, account] of accounts) {
+    if (account.enabled && account.token?.trim().toLowerCase() === key) {
+      return id;
+    }
+  }
+  return null;
+}

package/wecom/agent-api.js

@@ -0,0 +1,251 @@
+/**
+ * WeCom Agent API Client
+ * Manages AccessToken caching and API calls for self-built applications.
+ */
+
+import crypto from "node:crypto";
+import { logger } from "../logger.js";
+import {
+  AGENT_API_ENDPOINTS,
+  AGENT_API_REQUEST_TIMEOUT_MS,
+  TOKEN_REFRESH_BUFFER_MS,
+} from "./constants.js";
+
+/**
+ * Token cache: Map<corpId:agentId, { token, expiresAt, refreshPromise }>
+ */
+const tokenCaches = new Map();
+
+/**
+ * Get a valid AccessToken, with caching and concurrent-refresh protection.
+ * @param {object} agent - { corpId, corpSecret, agentId }
+ * @returns {Promise<string>}
+ */
+export async function getAccessToken(agent) {
+  const cacheKey = `${agent.corpId}:${agent.agentId}`;
+  let cache = tokenCaches.get(cacheKey);
+
+  if (!cache) {
+    cache = { token: "", expiresAt: 0, refreshPromise: null };
+    tokenCaches.set(cacheKey, cache);
+  }
+
+  const now = Date.now();
+  if (cache.token && cache.expiresAt > now + TOKEN_REFRESH_BUFFER_MS) {
+    return cache.token;
+  }
+
+  // Reuse in-flight refresh to prevent concurrent token requests.
+  if (cache.refreshPromise) {
+    return cache.refreshPromise;
+  }
+
+  cache.refreshPromise = (async () => {
+    try {
+      const url = `${AGENT_API_ENDPOINTS.GET_TOKEN}?corpid=${encodeURIComponent(agent.corpId)}&corpsecret=${encodeURIComponent(agent.corpSecret)}`;
+      const res = await fetch(url, { signal: AbortSignal.timeout(AGENT_API_REQUEST_TIMEOUT_MS) });
+      const json = await res.json();
+
+      if (!json?.access_token) {
+        throw new Error(`gettoken failed: ${json?.errcode} ${json?.errmsg}`);
+      }
+
+      cache.token = json.access_token;
+      cache.expiresAt = Date.now() + (json.expires_in ?? 7200) * 1000;
+      return cache.token;
+    } finally {
+      cache.refreshPromise = null;
+    }
+  })();
+
+  return cache.refreshPromise;
+}
+
+/**
+ * Send a text message via Agent API.
+ *
+ * Uses `message/send` for user/party/tag targets, `appchat/send` for group chats.
+ *
+ * @param {object} params
+ * @param {object} params.agent  - { corpId, corpSecret, agentId }
+ * @param {string} [params.toUser]
+ * @param {string} [params.toParty]
+ * @param {string} [params.toTag]
+ * @param {string} [params.chatId]
+ * @param {string} params.text
+ */
+export async function agentSendText(params) {
+  const { agent, toUser, toParty, toTag, chatId, text } = params;
+  const token = await getAccessToken(agent);
+
+  const useChat = Boolean(chatId);
+  const url = useChat
+    ? `${AGENT_API_ENDPOINTS.SEND_APPCHAT}?access_token=${encodeURIComponent(token)}`
+    : `${AGENT_API_ENDPOINTS.SEND_MESSAGE}?access_token=${encodeURIComponent(token)}`;
+
+  const body = useChat
+    ? { chatid: chatId, msgtype: "text", text: { content: text } }
+    : {
+        touser: toUser,
+        toparty: toParty,
+        totag: toTag,
+        msgtype: "text",
+        agentid: agent.agentId,
+        text: { content: text },
+      };
+
+  const res = await fetch(url, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(body),
+    signal: AbortSignal.timeout(AGENT_API_REQUEST_TIMEOUT_MS),
+  });
+  const json = await res.json();
+
+  if (json?.errcode !== 0) {
+    throw new Error(`agent send text failed: ${json?.errcode} ${json?.errmsg}`);
+  }
+
+  if (json?.invaliduser || json?.invalidparty || json?.invalidtag) {
+    const details = [
+      json.invaliduser ? `invaliduser=${json.invaliduser}` : "",
+      json.invalidparty ? `invalidparty=${json.invalidparty}` : "",
+      json.invalidtag ? `invalidtag=${json.invalidtag}` : "",
+    ]
+      .filter(Boolean)
+      .join(", ");
+    throw new Error(`agent send text partial failure: ${details}`);
+  }
+}
+
+/**
+ * Upload a temporary media file to WeCom.
+ *
+ * @param {object} params
+ * @param {object} params.agent   - { corpId, corpSecret, agentId }
+ * @param {"image"|"voice"|"video"|"file"} params.type
+ * @param {Buffer} params.buffer
+ * @param {string} params.filename
+ * @returns {Promise<string>} media_id
+ */
+export async function agentUploadMedia(params) {
+  const { agent, type, buffer, filename } = params;
+  const token = await getAccessToken(agent);
+  const url = `${AGENT_API_ENDPOINTS.UPLOAD_MEDIA}?access_token=${encodeURIComponent(token)}&type=${encodeURIComponent(type)}`;
+
+  // Manually construct multipart/form-data (no extra dependencies).
+  const boundary = `----WebKitFormBoundary${crypto.randomBytes(16).toString("hex")}`;
+
+  const contentTypeMap = {
+    jpg: "image/jpeg",
+    jpeg: "image/jpeg",
+    png: "image/png",
+    gif: "image/gif",
+    bmp: "image/bmp",
+    amr: "voice/amr",
+    mp4: "video/mp4",
+  };
+  const ext = filename.split(".").pop()?.toLowerCase() || "";
+  const fileContentType = contentTypeMap[ext] || "application/octet-stream";
+
+  const header = Buffer.from(
+    `--${boundary}\r\n` +
+      `Content-Disposition: form-data; name="media"; filename="${filename}"; filelength=${buffer.length}\r\n` +
+      `Content-Type: ${fileContentType}\r\n\r\n`,
+  );
+  const footer = Buffer.from(`\r\n--${boundary}--\r\n`);
+  const body = Buffer.concat([header, buffer, footer]);
+
+  const res = await fetch(url, {
+    method: "POST",
+    headers: {
+      "Content-Type": `multipart/form-data; boundary=${boundary}`,
+      "Content-Length": String(body.length),
+    },
+    body,
+    signal: AbortSignal.timeout(AGENT_API_REQUEST_TIMEOUT_MS),
+  });
+  const json = await res.json();
+
+  if (!json?.media_id) {
+    throw new Error(`agent upload media failed: ${json?.errcode} ${json?.errmsg}`);
+  }
+  return json.media_id;
+}
+
+/**
+ * Send a media message (image/voice/video/file) via Agent API.
+ *
+ * @param {object} params
+ * @param {object} params.agent
+ * @param {string} [params.toUser]
+ * @param {string} [params.toParty]
+ * @param {string} [params.toTag]
+ * @param {string} [params.chatId]
+ * @param {string} params.mediaId
+ * @param {"image"|"voice"|"video"|"file"} params.mediaType
+ */
+export async function agentSendMedia(params) {
+  const { agent, toUser, toParty, toTag, chatId, mediaId, mediaType } = params;
+  const token = await getAccessToken(agent);
+
+  const useChat = Boolean(chatId);
+  const url = useChat
+    ? `${AGENT_API_ENDPOINTS.SEND_APPCHAT}?access_token=${encodeURIComponent(token)}`
+    : `${AGENT_API_ENDPOINTS.SEND_MESSAGE}?access_token=${encodeURIComponent(token)}`;
+
+  const mediaPayload = { media_id: mediaId };
+  const body = useChat
+    ? { chatid: chatId, msgtype: mediaType, [mediaType]: mediaPayload }
+    : {
+        touser: toUser,
+        toparty: toParty,
+        totag: toTag,
+        msgtype: mediaType,
+        agentid: agent.agentId,
+        [mediaType]: mediaPayload,
+      };
+
+  const res = await fetch(url, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(body),
+    signal: AbortSignal.timeout(AGENT_API_REQUEST_TIMEOUT_MS),
+  });
+  const json = await res.json();
+
+  if (json?.errcode !== 0) {
+    throw new Error(`agent send ${mediaType} failed: ${json?.errcode} ${json?.errmsg}`);
+  }
+}
+
+/**
+ * Download a temporary media file from WeCom by media_id.
+ *
+ * @param {object} params
+ * @param {object} params.agent
+ * @param {string} params.mediaId
+ * @returns {Promise<{ buffer: Buffer, contentType: string }>}
+ */
+export async function agentDownloadMedia(params) {
+  const { agent, mediaId } = params;
+  const token = await getAccessToken(agent);
+  const url = `${AGENT_API_ENDPOINTS.DOWNLOAD_MEDIA}?access_token=${encodeURIComponent(token)}&media_id=${encodeURIComponent(mediaId)}`;
+
+  const res = await fetch(url, { signal: AbortSignal.timeout(AGENT_API_REQUEST_TIMEOUT_MS) });
+
+  if (!res.ok) {
+    throw new Error(`agent download media failed: ${res.status}`);
+  }
+
+  const contentType = res.headers.get("content-type") || "application/octet-stream";
+
+  // WeCom may return an error JSON body instead of binary media.
+  if (contentType.includes("application/json")) {
+    const json = await res.json();
+    throw new Error(`agent download media failed: ${json?.errcode} ${json?.errmsg}`);
+  }
+
+  const arrayBuf = await res.arrayBuffer();
+  return { buffer: Buffer.from(arrayBuf), contentType };
+}