@syengup/friday-channel-next 0.0.1

package/src/http/handlers/cancel.ts

@@ -0,0 +1,35 @@
+import type { IncomingMessage, ServerResponse } from "node:http";
+import { abortRun } from "../../agent/abort-run.js";
+import { sseEmitter } from "../../sse/emitter.js";
+import { readJsonBody } from "../middleware/body.js";
+import { extractBearerToken } from "../middleware/auth.js";
+
+export async function handleCancel(req: IncomingMessage, res: ServerResponse): Promise<boolean> {
+  if (req.method !== "POST") {
+    res.statusCode = 405;
+    res.setHeader("Content-Type", "application/json");
+    res.end(JSON.stringify({ error: "Method Not Allowed" }));
+    return true;
+  }
+  const token = extractBearerToken(req);
+  if (!token) {
+    res.statusCode = 401;
+    res.setHeader("Content-Type", "application/json");
+    res.end(JSON.stringify({ error: "Unauthorized: bearer token mismatch" }));
+    return true;
+  }
+  const body = await readJsonBody(req);
+  const runId = typeof body?.runId === "string" ? body.runId.trim() : "";
+  if (!runId) {
+    res.statusCode = 400;
+    res.setHeader("Content-Type", "application/json");
+    res.end(JSON.stringify({ error: "Missing runId" }));
+    return true;
+  }
+  await abortRun(runId);
+  sseEmitter.untrackRun(runId);
+  res.statusCode = 200;
+  res.setHeader("Content-Type", "application/json");
+  res.end(JSON.stringify({ ok: true, runId, cancelled: true }));
+  return true;
+}

package/src/http/handlers/files-download.ts

@@ -0,0 +1,239 @@
+/**
+ * File download handler for GET /friday-next/files/:id
+ *
+ * Sources checked (in order):
+ * 1. In-memory file index (POST /friday-next/files and resolved attachments this session)
+ * 2. Plugin-root `attachments/` on disk (same basename as URL token; survives restarts)
+ * 3. OpenClaw media buffer (~/.openclaw/media/inbound/<id>)
+ */
+
+import type { IncomingMessage, ServerResponse } from "node:http";
+import { extractBearerToken } from "../middleware/auth.js";
+import {
+  getExternalFileSourceByUrlToken,
+  getFile,
+  guessMimeType,
+  readAttachmentFileFromDisk,
+  readFile,
+} from "./files.js";
+import path from "node:path";
+import fs from "node:fs";
+import os from "node:os";
+
+const MIME_FROM_EXT: Record<string, string> = {
+  png: "image/png",
+  jpg: "image/jpeg",
+  jpeg: "image/jpeg",
+  gif: "image/gif",
+  webp: "image/webp",
+  heic: "image/heic",
+  pdf: "application/pdf",
+  mp4: "video/mp4",
+  mov: "video/quicktime",
+  mp3: "audio/mpeg",
+  wav: "audio/wav",
+  ogg: "audio/ogg",
+  opus: "audio/opus",
+  m4a: "audio/mp4",
+  aac: "audio/aac",
+  flac: "audio/flac",
+};
+
+function sendError(res: ServerResponse, status: number, message: string): void {
+  if (res.headersSent) return;
+  res.statusCode = status;
+  res.setHeader("Content-Type", "application/json; charset=utf-8");
+  res.end(JSON.stringify({ error: message }));
+}
+
+/** Avoid decodeURIComponent throwing on malformed % sequences (would surface as 500). */
+function tryDecodeURIComponent(segment: string): string | null {
+  try {
+    return decodeURIComponent(segment);
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Safe Content-Disposition: strip CR/LF/quotes from basename; add RFC 5987 filename* for Unicode.
+ */
+function contentDispositionInline(filename: string): string {
+  const base =
+    path.basename(filename).replace(/[\r\n"]/g, "_").replace(/\\/g, "_") || "file";
+  const ascii = /^[\x20-\x7E]*$/.test(base) ? base : "file";
+  return `inline; filename="${ascii}"; filename*=UTF-8''${encodeURIComponent(base)}`;
+}
+
+/**
+ * Full-body or single-range 206 response. iOS/Safari often sends Range for JPEG; proxies may error if mishandled.
+ */
+function sendBuffer(
+  req: IncomingMessage,
+  res: ServerResponse,
+  buffer: Buffer,
+  mimeType: string,
+  filename: string,
+): void {
+  const total = buffer.length;
+  const disposition = contentDispositionInline(filename);
+  const rangeRaw = req.headers.range;
+  const range =
+    typeof rangeRaw === "string" && /^bytes=/i.test(rangeRaw.trim())
+      ? rangeRaw.trim()
+      : undefined;
+
+  res.setHeader("Accept-Ranges", "bytes");
+  res.setHeader("Cache-Control", "private, max-age=3600");
+  res.setHeader("Content-Type", mimeType);
+  res.setHeader("Content-Disposition", disposition);
+
+  if (!range || total === 0) {
+    res.statusCode = 200;
+    res.setHeader("Content-Length", String(total));
+    res.end(buffer);
+    return;
+  }
+
+  const m = /^bytes=(\d*)-(\d*)$/i.exec(range);
+  if (!m) {
+    res.statusCode = 200;
+    res.setHeader("Content-Length", String(total));
+    res.end(buffer);
+    return;
+  }
+
+  let start = 0;
+  let end = total - 1;
+
+  if (m[1] === "" && m[2] !== "") {
+    const suffixLen = parseInt(m[2]!, 10);
+    if (!Number.isFinite(suffixLen) || suffixLen <= 0) {
+      res.statusCode = 200;
+      res.setHeader("Content-Length", String(total));
+      res.end(buffer);
+      return;
+    }
+    start = Math.max(0, total - suffixLen);
+    end = total - 1;
+  } else if (m[1] !== "" && m[2] === "") {
+    start = parseInt(m[1]!, 10);
+    end = total - 1;
+  } else if (m[1] !== "" && m[2] !== "") {
+    start = parseInt(m[1]!, 10);
+    end = parseInt(m[2]!, 10);
+  }
+
+  if (!Number.isFinite(start) || !Number.isFinite(end) || start > end || start >= total) {
+    res.statusCode = 416;
+    res.setHeader("Content-Range", `bytes */${total}`);
+    res.end();
+    return;
+  }
+  if (end >= total) end = total - 1;
+  const chunk = buffer.subarray(start, end + 1);
+  res.statusCode = 206;
+  res.setHeader("Content-Length", String(chunk.length));
+  res.setHeader("Content-Range", `bytes ${start}-${end}/${total}`);
+  res.end(chunk);
+}
+
+export async function handleFilesDownload(
+  req: IncomingMessage,
+  res: ServerResponse,
+): Promise<boolean> {
+  try {
+    if (req.method !== "GET") {
+      sendError(res, 405, "Method Not Allowed");
+      return true;
+    }
+
+    if (!extractBearerToken(req)) {
+      sendError(res, 401, "Unauthorized");
+      return true;
+    }
+
+    let url: URL;
+    try {
+      url = new URL(req.url ?? "/", "http://localhost");
+    } catch {
+      sendError(res, 400, "Bad request URL");
+      return true;
+    }
+
+    const segments = url.pathname.split("/").filter(Boolean);
+    const rawSeg = segments[segments.length - 1] ?? "";
+    const fileToken = tryDecodeURIComponent(rawSeg);
+    if (fileToken === null) {
+      sendError(res, 400, "Invalid file path encoding");
+      return true;
+    }
+
+    if (!fileToken || fileToken === "files") {
+      sendError(res, 400, "Missing file ID");
+      return true;
+    }
+
+    // 1. Try Friday's own in-memory file index
+    const file = getFile(fileToken);
+    if (file) {
+      const { buffer, mimeType } = readFile(fileToken);
+      if (buffer) {
+        sendBuffer(req, res, buffer, mimeType, file.filename);
+        return true;
+      }
+    }
+
+    // 1.2 Plugin-root attachments/ (survives gateway restarts; basename = URL token)
+    const fromAttachments = readAttachmentFileFromDisk(fileToken);
+    if (fromAttachments) {
+      sendBuffer(req, res, fromAttachments.buffer, fromAttachments.mimeType, fromAttachments.filename);
+      return true;
+    }
+
+    // 1.4 Best-effort external source by token (when copy-to-attachments failed earlier)
+    const externalSource = getExternalFileSourceByUrlToken(fileToken);
+    if (externalSource && fs.existsSync(externalSource)) {
+      try {
+        const buffer = fs.readFileSync(externalSource);
+        const filename = path.basename(externalSource);
+        sendBuffer(req, res, buffer, guessMimeType(filename), filename);
+        return true;
+      } catch {
+        // continue fallback chain
+      }
+    }
+
+    // 2. Try OpenClaw media buffer (~/.openclaw/media/inbound/<id>)
+    // fileId may include an extension (e.g. "uuid.png") — strip it to get the base id
+    const baseId = fileToken.replace(/\.[^.]+$/, "");
+    const mediaDir = path.join(os.homedir(), ".openclaw", "media", "inbound");
+    const candidates = [
+      path.join(mediaDir, baseId),
+      path.join(mediaDir, fileToken),
+    ];
+
+    for (const filePath of candidates) {
+      if (fs.existsSync(filePath)) {
+        try {
+          const st = fs.statSync(filePath);
+          if (!st.isFile()) continue;
+          const buffer = fs.readFileSync(filePath);
+          const ext = path.extname(fileToken).toLowerCase().replace(/^\./, "");
+          const mimeType = MIME_FROM_EXT[ext] ?? "application/octet-stream";
+          sendBuffer(req, res, buffer, mimeType, fileToken);
+          return true;
+        } catch {
+          // fall through to 404
+        }
+      }
+    }
+
+    sendError(res, 404, "File not found");
+    return true;
+  } catch (err) {
+    console.error(`[Friday-FILES] GET download failed: ${String(err)}`);
+    sendError(res, 500, "Internal Server Error");
+    return true;
+  }
+}

package/src/http/handlers/files-upload.ts

@@ -0,0 +1,166 @@
+/**
+ * File upload handler for POST /friday-next/files
+ *
+ * Handles multipart file uploads from the iOS app.
+ * Stores files and returns file IDs that can be referenced in messages.
+ */
+
+import type { IncomingMessage, ServerResponse } from "node:http";
+import { extractBearerToken } from "../middleware/auth.js";
+import { storeFile, guessMimeType } from "./files.js";
+
+interface ParsedMultipart {
+  fields: Record<string, string>;
+  files: Array<{ filename: string; buffer: Buffer; contentType: string }>;
+}
+
+async function parseMultipartBody(
+  req: IncomingMessage,
+  boundaryContentType: string,
+): Promise<ParsedMultipart | null> {
+  const boundaryMatch = boundaryContentType.match(/boundary=(?:"([^"]+)"|([^;]+))/i);
+  if (!boundaryMatch) return null;
+  const boundary = boundaryMatch[1] ?? boundaryMatch[2];
+  if (!boundary) return null;
+
+  const chunks: Buffer[] = [];
+  await new Promise<void>((resolve, reject) => {
+    req.on("data", (c: Buffer) => chunks.push(c));
+    req.on("end", resolve);
+    req.on("error", reject);
+  });
+
+  const body = Buffer.concat(chunks);
+  const parts: ParsedMultipart = { fields: {}, files: [] };
+
+  const boundaryBuffer = Buffer.from(`--${boundary}`);
+
+  let start = 0;
+  while (start < body.length) {
+    const idx = bufferIndexOf(body, boundaryBuffer, start);
+    if (idx === -1) break;
+
+    const nextStart = idx + boundaryBuffer.length;
+    if (body[nextStart] === 0x2d && body[nextStart + 1] === 0x2d) {
+      // "--" after boundary = end
+      break;
+    }
+    if (body[nextStart] !== 0x0d || body[nextStart + 1] !== 0x0a) {
+      start = nextStart;
+      continue;
+    }
+
+    const headerEnd = bufferIndexOf(body, Buffer.from("\r\n\r\n"), nextStart + 2);
+    if (headerEnd === -1) {
+      start = nextStart;
+      continue;
+    }
+
+    const headers = body.subarray(idx + boundaryBuffer.length + 2, headerEnd).toString("utf-8");
+    const contentDisposition = extractHeaderValue(headers, "Content-Disposition");
+    const contentTypeHeader = extractHeaderValue(headers, "Content-Type");
+
+    const filenameMatch = contentDisposition?.match(/filename="([^"]+)"/);
+    const nameMatch = contentDisposition?.match(/name="([^"]+)"/);
+    const filename = filenameMatch?.[1] ?? nameMatch?.[1] ?? "file";
+    const isFile = Boolean(filenameMatch);
+
+    const dataStart = headerEnd + 4;
+    // Search for the closing boundary marker (\r\n--boundary) rather than just
+    // \r\n, since binary file data may contain CRLF bytes.
+    const closingBoundary = Buffer.from(`\r\n--${boundary}`);
+    const endIdx = bufferIndexOf(body, closingBoundary, dataStart);
+    const end = endIdx === -1 ? body.length - 2 : endIdx;
+
+    if (isFile) {
+      const buffer = body.subarray(dataStart, end);
+      const mimeType = contentTypeHeader ?? guessMimeType(filename);
+      parts.files.push({ filename, buffer, contentType: mimeType });
+    } else if (nameMatch) {
+      const value = body.subarray(dataStart, end).toString("utf-8").trim();
+      parts.fields[nameMatch[1]] = value;
+    }
+
+    start = end + 2;
+  }
+
+  return parts;
+}
+
+function extractHeaderValue(headers: string, name: string): string | undefined {
+  const lines = headers.split(/\r\n/);
+  for (const line of lines) {
+    const [key, ...valueParts] = line.split(":");
+    if (key.trim().toLowerCase() === name.toLowerCase()) {
+      return valueParts.join(":").trim();
+    }
+  }
+  return undefined;
+}
+
+function bufferIndexOf(haystack: Buffer, needle: Buffer, start = 0): number {
+  for (let i = start; i <= haystack.length - needle.length; i++) {
+    let match = true;
+    for (let j = 0; j < needle.length; j++) {
+      if (haystack[i + j] !== needle[j]) {
+        match = false;
+        break;
+      }
+    }
+    if (match) return i;
+  }
+  return -1;
+}
+
+export async function handleFilesUpload(
+  req: IncomingMessage,
+  res: ServerResponse,
+): Promise<boolean> {
+  if (req.method !== "POST") {
+    res.statusCode = 405;
+    res.setHeader("Content-Type", "application/json");
+    res.end(JSON.stringify({ error: "Method Not Allowed" }));
+    return true;
+  }
+
+  const token = extractBearerToken(req);
+  if (!token) {
+    res.statusCode = 401;
+    res.setHeader("Content-Type", "application/json");
+    res.end(JSON.stringify({ error: "Unauthorized: bearer token mismatch" }));
+    return true;
+  }
+
+  const contentType = req.headers["content-type"] ?? "";
+  const parsed = await parseMultipartBody(req, contentType);
+
+  if (!parsed) {
+    res.statusCode = 400;
+    res.setHeader("Content-Type", "application/json");
+    res.end(JSON.stringify({ error: "Invalid multipart form data" }));
+    return true;
+  }
+
+  if (parsed.files.length === 0) {
+    res.statusCode = 400;
+    res.setHeader("Content-Type", "application/json");
+    res.end(JSON.stringify({ error: "No files provided" }));
+    return true;
+  }
+
+  const files = parsed.files.map((file) => {
+    const stored = storeFile(file.buffer, file.filename, file.contentType);
+    return {
+      id: stored.id,
+      filename: stored.filename,
+      mimeType: stored.mimeType,
+      size: stored.size,
+      url: `/friday-next/files/${encodeURIComponent(stored.urlToken)}`,
+    };
+  });
+
+  res.statusCode = 200;
+  res.setHeader("Content-Type", "application/json");
+  res.end(JSON.stringify({ files }));
+  return true;
+}