@tencent-connect/openclaw-qqbot 1.7.0 → 1.7.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +216 -49
- package/README.zh.md +216 -4
- package/dist/index.d.ts +1 -0
- package/dist/index.js +1 -0
- package/dist/src/api.d.ts +6 -0
- package/dist/src/api.js +33 -4
- package/dist/src/approval-handler.d.ts +47 -0
- package/dist/src/approval-handler.js +372 -0
- package/dist/src/channel.js +72 -0
- package/dist/src/config.d.ts +5 -1
- package/dist/src/config.js +12 -2
- package/dist/src/gateway.js +175 -170
- package/dist/src/slash-commands.d.ts +7 -2
- package/dist/src/slash-commands.js +354 -3
- package/dist/src/tools/channel.js +1 -4
- package/dist/src/tools/remind.js +0 -1
- package/dist/src/transport/index.d.ts +10 -0
- package/dist/src/transport/index.js +9 -0
- package/dist/src/transport/webhook-transport.d.ts +67 -0
- package/dist/src/transport/webhook-transport.js +245 -0
- package/dist/src/transport/webhook-verify.d.ts +48 -0
- package/dist/src/transport/webhook-verify.js +98 -0
- package/dist/src/types.d.ts +85 -0
- package/dist/src/utils/audio-convert.js +37 -9
- package/index.ts +1 -0
- package/package.json +1 -1
- package/scripts/postinstall-link-sdk.js +44 -0
- package/scripts/upgrade-via-npm.sh +358 -62
- package/scripts/upgrade-via-source.sh +122 -85
- package/src/api.ts +50 -5
- package/src/approval-handler.ts +505 -0
- package/src/channel.ts +76 -0
- package/src/config.ts +15 -2
- package/src/gateway.ts +181 -169
- package/src/onboarding.ts +8 -0
- package/src/openclaw-plugin-sdk.d.ts +127 -2
- package/src/slash-commands.ts +390 -5
- package/src/tools/channel.ts +1 -7
- package/src/tools/remind.ts +0 -2
- package/src/transport/index.ts +11 -0
- package/src/transport/webhook-transport.ts +332 -0
- package/src/transport/webhook-verify.ts +119 -0
- package/src/types.ts +100 -1
- package/src/typings/openclaw-webhook-ingress.d.ts +66 -0
- package/src/utils/audio-convert.ts +37 -9
|
@@ -0,0 +1,245 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Webhook Transport — receive QQ Bot events via HTTP POST callbacks.
|
|
3
|
+
*
|
|
4
|
+
* Uses OpenClaw plugin-sdk's `registerWebhookTargetWithPluginRoute` (模式 C)
|
|
5
|
+
* to register webhook HTTP routes through the framework's gateway HTTP server,
|
|
6
|
+
* sharing the same port and benefiting from built-in rate limiting & in-flight guards.
|
|
7
|
+
*
|
|
8
|
+
* Architecture:
|
|
9
|
+
* 1. On gateway startAccount, register a webhook target via plugin-sdk
|
|
10
|
+
* 2. Framework routes POST requests to our handler
|
|
11
|
+
* 3. Handler verifies Ed25519 signatures and dispatches events
|
|
12
|
+
* 4. Returns op:12 ACK immediately, processes events asynchronously
|
|
13
|
+
* 5. On account stop (abortSignal), unregister the target
|
|
14
|
+
*
|
|
15
|
+
* Configuration (openclaw.yaml):
|
|
16
|
+
* ```yaml
|
|
17
|
+
* channels:
|
|
18
|
+
* qqbot:
|
|
19
|
+
* appId: "xxx"
|
|
20
|
+
* clientSecret: "xxx"
|
|
21
|
+
* transport: webhook
|
|
22
|
+
* webhook:
|
|
23
|
+
* path: /qqbot/webhook
|
|
24
|
+
* ```
|
|
25
|
+
*/
|
|
26
|
+
import { registerWebhookTargetWithPluginRoute, withResolvedWebhookRequestPipeline, resolveWebhookTargetWithAuthOrRejectSync, createWebhookInFlightLimiter, createFixedWindowRateLimiter, readWebhookBodyOrReject, } from "openclaw/plugin-sdk/webhook-ingress";
|
|
27
|
+
import { verifyWebhookSignature, signValidationResponse } from "./webhook-verify.js";
|
|
28
|
+
// ============ Constants ============
|
|
29
|
+
const OP_DISPATCH = 0;
|
|
30
|
+
const OP_HTTP_CALLBACK_ACK = 12;
|
|
31
|
+
const OP_VALIDATION = 13;
|
|
32
|
+
const PLUGIN_ID = "openclaw-qqbot";
|
|
33
|
+
const DEFAULT_WEBHOOK_PATH = "/qqbot/webhook";
|
|
34
|
+
// ============ Module state ============
|
|
35
|
+
/** Per-path target registry (shared across all accounts) */
|
|
36
|
+
const webhookTargets = new Map();
|
|
37
|
+
/** Per-account event handler map */
|
|
38
|
+
const eventHandlers = new Map();
|
|
39
|
+
/** Module-level logger (set by the last startWebhookTransport call) */
|
|
40
|
+
let log;
|
|
41
|
+
/** Shared rate limiter (fixed window, per source IP) */
|
|
42
|
+
let rateLimiter = null;
|
|
43
|
+
/** Shared in-flight limiter */
|
|
44
|
+
let inFlightLimiter = null;
|
|
45
|
+
function ensureGuards() {
|
|
46
|
+
if (!rateLimiter) {
|
|
47
|
+
rateLimiter = createFixedWindowRateLimiter({
|
|
48
|
+
windowMs: 60_000,
|
|
49
|
+
maxRequests: 600,
|
|
50
|
+
maxTrackedKeys: 4096,
|
|
51
|
+
});
|
|
52
|
+
}
|
|
53
|
+
if (!inFlightLimiter) {
|
|
54
|
+
inFlightLimiter = createWebhookInFlightLimiter({
|
|
55
|
+
maxInFlightPerKey: 8,
|
|
56
|
+
maxTrackedKeys: 4096,
|
|
57
|
+
});
|
|
58
|
+
}
|
|
59
|
+
return { rateLimiter, inFlightLimiter };
|
|
60
|
+
}
|
|
61
|
+
// ============ Main handler ============
|
|
62
|
+
/**
|
|
63
|
+
* Shared HTTP handler for all QQBot webhook routes.
|
|
64
|
+
* Registered once per unique path, dispatches to the correct account target.
|
|
65
|
+
*/
|
|
66
|
+
async function handleQQBotWebhookRequest(req, res) {
|
|
67
|
+
const guards = ensureGuards();
|
|
68
|
+
const handled = await withResolvedWebhookRequestPipeline({
|
|
69
|
+
req,
|
|
70
|
+
res,
|
|
71
|
+
targetsByPath: webhookTargets,
|
|
72
|
+
rateLimiter: guards.rateLimiter,
|
|
73
|
+
inFlightLimiter: guards.inFlightLimiter,
|
|
74
|
+
requireJsonContentType: true,
|
|
75
|
+
handle: async ({ targets }) => {
|
|
76
|
+
// Read raw body (up to 1MB, 30s timeout)
|
|
77
|
+
const bodyResult = await readWebhookBodyOrReject({
|
|
78
|
+
req,
|
|
79
|
+
res,
|
|
80
|
+
maxBytes: 1024 * 1024,
|
|
81
|
+
timeoutMs: 30_000,
|
|
82
|
+
});
|
|
83
|
+
if (!bodyResult.ok)
|
|
84
|
+
return;
|
|
85
|
+
const rawBodyStr = bodyResult.value;
|
|
86
|
+
const rawBody = Buffer.from(rawBodyStr, "utf-8");
|
|
87
|
+
let payload;
|
|
88
|
+
try {
|
|
89
|
+
payload = JSON.parse(rawBodyStr);
|
|
90
|
+
}
|
|
91
|
+
catch (err) {
|
|
92
|
+
log?.error(`[qqbot:webhook] Failed to parse request body as JSON: ${err instanceof Error ? err.message : String(err)}, body preview: ${rawBodyStr.slice(0, 200)}`);
|
|
93
|
+
res.statusCode = 400;
|
|
94
|
+
res.end(JSON.stringify({ error: "invalid json" }));
|
|
95
|
+
return;
|
|
96
|
+
}
|
|
97
|
+
// ── op:13 — Callback URL validation (before signature check) ──
|
|
98
|
+
if (payload.op === OP_VALIDATION) {
|
|
99
|
+
handleValidation(payload, targets, res);
|
|
100
|
+
return;
|
|
101
|
+
}
|
|
102
|
+
// ── Signature verification → resolve target ──
|
|
103
|
+
const timestamp = getHeader(req, "x-signature-timestamp") ?? "";
|
|
104
|
+
const signature = getHeader(req, "x-signature-ed25519") ?? "";
|
|
105
|
+
if (!timestamp || !signature) {
|
|
106
|
+
log?.warn?.(`[qqbot:webhook] Missing signature headers — timestamp: "${timestamp}", signature: "${signature}", url: ${req.url}`);
|
|
107
|
+
res.statusCode = 401;
|
|
108
|
+
res.end(JSON.stringify({ error: "missing signature headers" }));
|
|
109
|
+
return;
|
|
110
|
+
}
|
|
111
|
+
const matchedTarget = resolveWebhookTargetWithAuthOrRejectSync({
|
|
112
|
+
targets,
|
|
113
|
+
res,
|
|
114
|
+
isMatch: (target) => verifyWebhookSignature({
|
|
115
|
+
body: rawBody,
|
|
116
|
+
timestamp,
|
|
117
|
+
signature,
|
|
118
|
+
botSecret: target.clientSecret,
|
|
119
|
+
}),
|
|
120
|
+
unauthorizedStatusCode: 401,
|
|
121
|
+
unauthorizedMessage: JSON.stringify({ error: "invalid signature" }),
|
|
122
|
+
});
|
|
123
|
+
if (!matchedTarget) {
|
|
124
|
+
log?.warn?.(`[qqbot:webhook] Signature verification failed for path: ${req.url}, timestamp: ${timestamp}`);
|
|
125
|
+
return; // response already sent by resolver
|
|
126
|
+
}
|
|
127
|
+
// ── ACK immediately ──
|
|
128
|
+
res.statusCode = 200;
|
|
129
|
+
res.setHeader("Content-Type", "application/json");
|
|
130
|
+
res.end(JSON.stringify({ op: OP_HTTP_CALLBACK_ACK, d: 0 }));
|
|
131
|
+
// ── Async dispatch (fire-and-forget) ──
|
|
132
|
+
if (payload.op === OP_DISPATCH) {
|
|
133
|
+
const handler = eventHandlers.get(matchedTarget.accountId);
|
|
134
|
+
if (handler) {
|
|
135
|
+
Promise.resolve(handler({
|
|
136
|
+
eventType: payload.t ?? "",
|
|
137
|
+
data: payload.d,
|
|
138
|
+
seq: payload.s,
|
|
139
|
+
})).catch((err) => {
|
|
140
|
+
log?.error(`[qqbot:${matchedTarget.accountId}] Event handler error for "${payload.t}": ${err instanceof Error ? err.message : String(err)}`);
|
|
141
|
+
});
|
|
142
|
+
}
|
|
143
|
+
else {
|
|
144
|
+
log?.warn?.(`[qqbot:webhook] No event handler registered for account: ${matchedTarget.accountId}, event: ${payload.t}`);
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
},
|
|
148
|
+
});
|
|
149
|
+
return handled;
|
|
150
|
+
}
|
|
151
|
+
// ============ Validation handler (op:13) ============
|
|
152
|
+
function handleValidation(payload, targets, res) {
|
|
153
|
+
const d = payload.d;
|
|
154
|
+
if (!d?.plain_token || !d?.event_ts) {
|
|
155
|
+
log?.warn?.(`[qqbot:webhook] Invalid validation payload (op:13): missing plain_token or event_ts, got: ${JSON.stringify(d)}`);
|
|
156
|
+
res.statusCode = 400;
|
|
157
|
+
res.end(JSON.stringify({ error: "invalid validation payload" }));
|
|
158
|
+
return;
|
|
159
|
+
}
|
|
160
|
+
// Use the first target's secret for validation
|
|
161
|
+
// (op:13 is sent during URL registration, only one bot should be using the path at that time)
|
|
162
|
+
const target = targets[0];
|
|
163
|
+
if (!target) {
|
|
164
|
+
log?.error(`[qqbot:webhook] No target registered for validation (op:13), cannot sign response`);
|
|
165
|
+
res.statusCode = 500;
|
|
166
|
+
res.end(JSON.stringify({ error: "no target registered" }));
|
|
167
|
+
return;
|
|
168
|
+
}
|
|
169
|
+
const response = signValidationResponse({
|
|
170
|
+
plainToken: d.plain_token,
|
|
171
|
+
eventTs: d.event_ts,
|
|
172
|
+
botSecret: target.clientSecret,
|
|
173
|
+
});
|
|
174
|
+
res.statusCode = 200;
|
|
175
|
+
res.setHeader("Content-Type", "application/json");
|
|
176
|
+
res.end(JSON.stringify(response));
|
|
177
|
+
}
|
|
178
|
+
// ============ Public API ============
|
|
179
|
+
/**
|
|
180
|
+
* Start the webhook transport for a given account.
|
|
181
|
+
*
|
|
182
|
+
* Registers a webhook target on the framework's plugin HTTP route system.
|
|
183
|
+
* The handler verifies Ed25519 signatures, ACKs immediately, and dispatches
|
|
184
|
+
* events asynchronously via the provided `onEvent` callback.
|
|
185
|
+
*
|
|
186
|
+
* Returns when the abortSignal is triggered (account stopped).
|
|
187
|
+
*/
|
|
188
|
+
export async function startWebhookTransport(opts) {
|
|
189
|
+
const { account, abortSignal, onEvent, onReady, onError, log: optLog } = opts;
|
|
190
|
+
log = optLog;
|
|
191
|
+
const webhookPath = account.config.webhook?.path ?? DEFAULT_WEBHOOK_PATH;
|
|
192
|
+
log?.info(`[qqbot:${account.accountId}] Starting webhook transport on path: ${webhookPath}`);
|
|
193
|
+
// Register event handler for this account
|
|
194
|
+
eventHandlers.set(account.accountId, onEvent);
|
|
195
|
+
// Register webhook target + plugin HTTP route
|
|
196
|
+
const { unregister } = registerWebhookTargetWithPluginRoute({
|
|
197
|
+
targetsByPath: webhookTargets,
|
|
198
|
+
target: {
|
|
199
|
+
path: webhookPath,
|
|
200
|
+
accountId: account.accountId,
|
|
201
|
+
appId: account.appId,
|
|
202
|
+
clientSecret: account.clientSecret,
|
|
203
|
+
},
|
|
204
|
+
route: {
|
|
205
|
+
auth: "plugin",
|
|
206
|
+
match: "exact",
|
|
207
|
+
pluginId: PLUGIN_ID,
|
|
208
|
+
source: "qqbot-webhook",
|
|
209
|
+
accountId: account.accountId,
|
|
210
|
+
replaceExisting: true,
|
|
211
|
+
log: (msg) => log?.info(msg),
|
|
212
|
+
handler: handleQQBotWebhookRequest,
|
|
213
|
+
},
|
|
214
|
+
onLastPathTargetRemoved: () => {
|
|
215
|
+
log?.info(`[qqbot] Last webhook target removed from path: ${webhookPath}`);
|
|
216
|
+
},
|
|
217
|
+
});
|
|
218
|
+
log?.info(`[qqbot:${account.accountId}] Webhook transport registered on path: ${webhookPath}`);
|
|
219
|
+
onReady?.();
|
|
220
|
+
// Wait until abort signal fires
|
|
221
|
+
await new Promise((resolve) => {
|
|
222
|
+
if (abortSignal.aborted) {
|
|
223
|
+
resolve();
|
|
224
|
+
return;
|
|
225
|
+
}
|
|
226
|
+
abortSignal.addEventListener("abort", () => resolve(), { once: true });
|
|
227
|
+
});
|
|
228
|
+
// Cleanup
|
|
229
|
+
unregister();
|
|
230
|
+
eventHandlers.delete(account.accountId);
|
|
231
|
+
log?.info(`[qqbot:${account.accountId}] Webhook transport stopped`);
|
|
232
|
+
}
|
|
233
|
+
/**
|
|
234
|
+
* Resolve the webhook path for a given account (for external configuration / setWebhook calls).
|
|
235
|
+
*/
|
|
236
|
+
export function resolveWebhookPath(account) {
|
|
237
|
+
return account.config.webhook?.path ?? DEFAULT_WEBHOOK_PATH;
|
|
238
|
+
}
|
|
239
|
+
// ============ Helpers ============
|
|
240
|
+
function getHeader(req, key) {
|
|
241
|
+
const val = req.headers[key];
|
|
242
|
+
if (Array.isArray(val))
|
|
243
|
+
return val[0];
|
|
244
|
+
return val;
|
|
245
|
+
}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Webhook signature verification — Ed25519.
|
|
3
|
+
*
|
|
4
|
+
* QQ Open Platform uses Ed25519 for webhook callback verification:
|
|
5
|
+
* 1. Bot secret is padded/truncated to 32 bytes as the Ed25519 seed.
|
|
6
|
+
* 2. The public key verifies `timestamp + body` against `X-Signature-Ed25519`.
|
|
7
|
+
* 3. For callback URL validation (op:13), signs `event_ts + plain_token`.
|
|
8
|
+
*
|
|
9
|
+
* Reference: https://bot.q.qq.com/wiki/develop/api-v2/dev-prepare/interface-framework/event-emit.html
|
|
10
|
+
*/
|
|
11
|
+
/**
|
|
12
|
+
* Sign a message using the bot's Ed25519 private key.
|
|
13
|
+
* Returns hex-encoded signature.
|
|
14
|
+
*/
|
|
15
|
+
export declare function ed25519Sign(botSecret: string, message: Buffer): string;
|
|
16
|
+
/**
|
|
17
|
+
* Verify an Ed25519 signature from a QQ webhook callback request.
|
|
18
|
+
*
|
|
19
|
+
* @param params.body - Raw request body (Buffer)
|
|
20
|
+
* @param params.timestamp - Value of `X-Signature-Timestamp` header
|
|
21
|
+
* @param params.signature - Value of `X-Signature-Ed25519` header (hex string)
|
|
22
|
+
* @param params.botSecret - The bot's AppSecret
|
|
23
|
+
* @returns `true` if signature is valid
|
|
24
|
+
*/
|
|
25
|
+
export declare function verifyWebhookSignature(params: {
|
|
26
|
+
body: Buffer;
|
|
27
|
+
timestamp: string;
|
|
28
|
+
signature: string;
|
|
29
|
+
botSecret: string;
|
|
30
|
+
}): boolean;
|
|
31
|
+
/**
|
|
32
|
+
* Generate the response for callback URL validation (op:13).
|
|
33
|
+
*
|
|
34
|
+
* QQ sends `{ op: 13, d: { plain_token, event_ts } }` to verify
|
|
35
|
+
* the callback URL. We must return `{ plain_token, signature }`.
|
|
36
|
+
*
|
|
37
|
+
* @param params.plainToken - The `plain_token` from the validation request
|
|
38
|
+
* @param params.eventTs - The `event_ts` from the validation request
|
|
39
|
+
* @param params.botSecret - The bot's AppSecret
|
|
40
|
+
*/
|
|
41
|
+
export declare function signValidationResponse(params: {
|
|
42
|
+
plainToken: string;
|
|
43
|
+
eventTs: string;
|
|
44
|
+
botSecret: string;
|
|
45
|
+
}): {
|
|
46
|
+
plain_token: string;
|
|
47
|
+
signature: string;
|
|
48
|
+
};
|
|
@@ -0,0 +1,98 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Webhook signature verification — Ed25519.
|
|
3
|
+
*
|
|
4
|
+
* QQ Open Platform uses Ed25519 for webhook callback verification:
|
|
5
|
+
* 1. Bot secret is padded/truncated to 32 bytes as the Ed25519 seed.
|
|
6
|
+
* 2. The public key verifies `timestamp + body` against `X-Signature-Ed25519`.
|
|
7
|
+
* 3. For callback URL validation (op:13), signs `event_ts + plain_token`.
|
|
8
|
+
*
|
|
9
|
+
* Reference: https://bot.q.qq.com/wiki/develop/api-v2/dev-prepare/interface-framework/event-emit.html
|
|
10
|
+
*/
|
|
11
|
+
import * as crypto from "node:crypto";
|
|
12
|
+
// ============ Seed derivation ============
|
|
13
|
+
/**
|
|
14
|
+
* Derive an Ed25519 seed (32 bytes) from the bot secret.
|
|
15
|
+
* QQ's spec: repeat the secret until >= 32 chars, then truncate to 32.
|
|
16
|
+
*/
|
|
17
|
+
function deriveSeed(botSecret) {
|
|
18
|
+
let seed = botSecret;
|
|
19
|
+
while (seed.length < 32) {
|
|
20
|
+
seed = seed + seed;
|
|
21
|
+
}
|
|
22
|
+
return Buffer.from(seed.slice(0, 32), "utf-8");
|
|
23
|
+
}
|
|
24
|
+
/**
|
|
25
|
+
* Generate Ed25519 key pair from bot secret.
|
|
26
|
+
*/
|
|
27
|
+
function getKeyPair(botSecret) {
|
|
28
|
+
const seed = deriveSeed(botSecret);
|
|
29
|
+
// Node.js Ed25519: create private key from raw 32-byte seed
|
|
30
|
+
const privateKey = crypto.createPrivateKey({
|
|
31
|
+
key: Buffer.concat([
|
|
32
|
+
// Ed25519 PKCS8 DER prefix for 32-byte seed
|
|
33
|
+
Buffer.from("302e020100300506032b657004220420", "hex"),
|
|
34
|
+
seed,
|
|
35
|
+
]),
|
|
36
|
+
format: "der",
|
|
37
|
+
type: "pkcs8",
|
|
38
|
+
});
|
|
39
|
+
const publicKey = crypto.createPublicKey(privateKey);
|
|
40
|
+
return { privateKey, publicKey };
|
|
41
|
+
}
|
|
42
|
+
// ============ Signature generation ============
|
|
43
|
+
/**
|
|
44
|
+
* Sign a message using the bot's Ed25519 private key.
|
|
45
|
+
* Returns hex-encoded signature.
|
|
46
|
+
*/
|
|
47
|
+
export function ed25519Sign(botSecret, message) {
|
|
48
|
+
const { privateKey } = getKeyPair(botSecret);
|
|
49
|
+
const signature = crypto.sign(null, message, privateKey);
|
|
50
|
+
return signature.toString("hex");
|
|
51
|
+
}
|
|
52
|
+
// ============ Signature verification ============
|
|
53
|
+
/**
|
|
54
|
+
* Verify an Ed25519 signature from a QQ webhook callback request.
|
|
55
|
+
*
|
|
56
|
+
* @param params.body - Raw request body (Buffer)
|
|
57
|
+
* @param params.timestamp - Value of `X-Signature-Timestamp` header
|
|
58
|
+
* @param params.signature - Value of `X-Signature-Ed25519` header (hex string)
|
|
59
|
+
* @param params.botSecret - The bot's AppSecret
|
|
60
|
+
* @returns `true` if signature is valid
|
|
61
|
+
*/
|
|
62
|
+
export function verifyWebhookSignature(params) {
|
|
63
|
+
const { body, timestamp, signature, botSecret } = params;
|
|
64
|
+
try {
|
|
65
|
+
const { publicKey } = getKeyPair(botSecret);
|
|
66
|
+
const message = Buffer.concat([
|
|
67
|
+
Buffer.from(timestamp, "utf-8"),
|
|
68
|
+
body,
|
|
69
|
+
]);
|
|
70
|
+
const sigBuffer = Buffer.from(signature, "hex");
|
|
71
|
+
return crypto.verify(null, message, publicKey, sigBuffer);
|
|
72
|
+
}
|
|
73
|
+
catch (err) {
|
|
74
|
+
console.warn(`[qqbot:webhook-verify] Ed25519 verification threw: ${err instanceof Error ? err.message : String(err)}`);
|
|
75
|
+
return false;
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
// ============ Callback URL validation (op:13) ============
|
|
79
|
+
/**
|
|
80
|
+
* Generate the response for callback URL validation (op:13).
|
|
81
|
+
*
|
|
82
|
+
* QQ sends `{ op: 13, d: { plain_token, event_ts } }` to verify
|
|
83
|
+
* the callback URL. We must return `{ plain_token, signature }`.
|
|
84
|
+
*
|
|
85
|
+
* @param params.plainToken - The `plain_token` from the validation request
|
|
86
|
+
* @param params.eventTs - The `event_ts` from the validation request
|
|
87
|
+
* @param params.botSecret - The bot's AppSecret
|
|
88
|
+
*/
|
|
89
|
+
export function signValidationResponse(params) {
|
|
90
|
+
const { plainToken, eventTs, botSecret } = params;
|
|
91
|
+
// Sign: event_ts + plain_token
|
|
92
|
+
const message = Buffer.from(eventTs + plainToken, "utf-8");
|
|
93
|
+
const signature = ed25519Sign(botSecret, message);
|
|
94
|
+
return {
|
|
95
|
+
plain_token: plainToken,
|
|
96
|
+
signature,
|
|
97
|
+
};
|
|
98
|
+
}
|
package/dist/src/types.d.ts
CHANGED
|
@@ -26,6 +26,8 @@ export interface ResolvedQQBotAccount {
|
|
|
26
26
|
imageServerBaseUrl?: string;
|
|
27
27
|
/** 是否支持 markdown 消息(默认 true) */
|
|
28
28
|
markdownSupport: boolean;
|
|
29
|
+
/** User-Agent 追加后缀(从通道级配置 channels.qqbot.userAgentSuffix 解析) */
|
|
30
|
+
userAgentSuffix?: string;
|
|
29
31
|
config: QQBotAccountConfig;
|
|
30
32
|
}
|
|
31
33
|
/** 群消息策略:open=全响应 | allowlist=白名单 | disabled=不响应 */
|
|
@@ -50,6 +52,13 @@ export interface GroupConfig {
|
|
|
50
52
|
/** 群历史消息缓存条数(0 禁用,默认 20) */
|
|
51
53
|
historyLimit?: number;
|
|
52
54
|
}
|
|
55
|
+
/** 消息接收传输方式 */
|
|
56
|
+
export type TransportMode = "websocket" | "webhook";
|
|
57
|
+
/** Webhook 传输配置 */
|
|
58
|
+
export interface WebhookTransportConfig {
|
|
59
|
+
/** 监听路径(默认 /qqbot/webhook) */
|
|
60
|
+
path?: string;
|
|
61
|
+
}
|
|
53
62
|
/**
|
|
54
63
|
* QQ Bot 账户配置
|
|
55
64
|
*/
|
|
@@ -61,6 +70,10 @@ export interface QQBotAccountConfig {
|
|
|
61
70
|
clientSecretFile?: string;
|
|
62
71
|
dmPolicy?: "open" | "pairing" | "allowlist";
|
|
63
72
|
allowFrom?: string[];
|
|
73
|
+
/** 消息接收传输方式:websocket(默认)| webhook */
|
|
74
|
+
transport?: TransportMode;
|
|
75
|
+
/** webhook 传输配置(transport="webhook" 时生效) */
|
|
76
|
+
webhook?: WebhookTransportConfig;
|
|
64
77
|
/** 群消息策略(默认 allowlist) */
|
|
65
78
|
groupPolicy?: GroupPolicy;
|
|
66
79
|
/** 群白名单(groupPolicy 为 allowlist 时生效) */
|
|
@@ -107,6 +120,12 @@ export interface QQBotAccountConfig {
|
|
|
107
120
|
* 示例: "ryantest/openclaw-qqbot"
|
|
108
121
|
*/
|
|
109
122
|
upgradePkg?: string;
|
|
123
|
+
/**
|
|
124
|
+
* 群消息是否默认需要 @机器人才响应(默认 true)
|
|
125
|
+
* 优先级低于 groups.{groupId}.requireMention 和 groups."*".requireMention
|
|
126
|
+
* 设为 false 时,所有群默认无需 @ 即触发回复(仍可被群级配置覆盖)
|
|
127
|
+
*/
|
|
128
|
+
defaultRequireMention?: boolean;
|
|
110
129
|
/**
|
|
111
130
|
* 出站消息合并回复(debounce)配置
|
|
112
131
|
* 当短时间内收到多次 deliver 时,将文本合并为一条消息发送,避免消息轰炸
|
|
@@ -323,6 +342,72 @@ export interface InteractionEvent {
|
|
|
323
342
|
};
|
|
324
343
|
};
|
|
325
344
|
}
|
|
345
|
+
/**
|
|
346
|
+
* 按钮 Action 类型
|
|
347
|
+
* 0=跳转链接 1=回调型(INTERACTION_CREATE) 2=指令型(直接发文本) 3=mqqapi
|
|
348
|
+
*/
|
|
349
|
+
export type KeyboardActionType = 0 | 1 | 2 | 3;
|
|
350
|
+
/** 按钮权限 */
|
|
351
|
+
export interface KeyboardPermission {
|
|
352
|
+
/** 0=全体 1=管理员 2=按钮指定 3=身份组 */
|
|
353
|
+
type: 0 | 1 | 2 | 3;
|
|
354
|
+
specify_role_ids?: string[];
|
|
355
|
+
specify_user_ids?: string[];
|
|
356
|
+
}
|
|
357
|
+
/** 二次确认弹窗 */
|
|
358
|
+
export interface KeyboardModal {
|
|
359
|
+
content: string;
|
|
360
|
+
confirm_text?: string;
|
|
361
|
+
cancel_text?: string;
|
|
362
|
+
}
|
|
363
|
+
/** 按钮 Action */
|
|
364
|
+
export interface KeyboardAction {
|
|
365
|
+
type: KeyboardActionType;
|
|
366
|
+
data?: string;
|
|
367
|
+
/** true = 点击后直接发出(Enter)*/
|
|
368
|
+
enter?: boolean;
|
|
369
|
+
/** 仅指令型(type=2):是否把指令发到输入框(reply=true)还是静默发出 */
|
|
370
|
+
reply?: boolean;
|
|
371
|
+
permission?: KeyboardPermission;
|
|
372
|
+
click_limit?: number;
|
|
373
|
+
unsupport_tips?: string;
|
|
374
|
+
modal?: KeyboardModal;
|
|
375
|
+
}
|
|
376
|
+
/** 按钮渲染数据 */
|
|
377
|
+
export interface KeyboardRenderData {
|
|
378
|
+
label: string;
|
|
379
|
+
visited_label?: string;
|
|
380
|
+
/** 0=灰色线框 1=蓝色线框 2=推荐回复专用 3=红色字体 4=蓝色背景 */
|
|
381
|
+
style?: 0 | 1 | 2 | 3 | 4;
|
|
382
|
+
}
|
|
383
|
+
/** 单个按钮 */
|
|
384
|
+
export interface KeyboardButton {
|
|
385
|
+
id: string;
|
|
386
|
+
render_data?: KeyboardRenderData;
|
|
387
|
+
action?: KeyboardAction;
|
|
388
|
+
group_id?: string;
|
|
389
|
+
}
|
|
390
|
+
/** 一行按钮 */
|
|
391
|
+
export interface KeyboardRow {
|
|
392
|
+
buttons: KeyboardButton[];
|
|
393
|
+
}
|
|
394
|
+
/** CustomKeyboard(自定义按钮内容) */
|
|
395
|
+
export interface CustomKeyboard {
|
|
396
|
+
rows: KeyboardRow[];
|
|
397
|
+
}
|
|
398
|
+
/** MessageKeyboard(keyboard / prompt_keyboard.keyboard 共用) */
|
|
399
|
+
export interface MessageKeyboard {
|
|
400
|
+
/** 模板 ID(与 content 二选一) */
|
|
401
|
+
id?: string;
|
|
402
|
+
/** 自定义内容 */
|
|
403
|
+
content?: CustomKeyboard;
|
|
404
|
+
}
|
|
405
|
+
/**
|
|
406
|
+
* Inline Keyboard(消息内嵌按钮,需平台审核)
|
|
407
|
+
* 发送字段:keyboard
|
|
408
|
+
* JSON: { "keyboard": { "id": "...", "content": { "rows": [...] } } }
|
|
409
|
+
*/
|
|
410
|
+
export type InlineKeyboard = MessageKeyboard;
|
|
326
411
|
/**
|
|
327
412
|
* WebSocket 事件负载
|
|
328
413
|
*/
|
|
@@ -1,8 +1,29 @@
|
|
|
1
1
|
import * as fs from "node:fs";
|
|
2
2
|
import * as path from "node:path";
|
|
3
3
|
import { execFile } from "node:child_process";
|
|
4
|
-
import { decode, encode, isSilk } from "silk-wasm";
|
|
5
4
|
import { detectFfmpeg, isWindows } from "./platform.js";
|
|
5
|
+
// silk-wasm 动态加载(可选依赖,未安装时降级为不支持语音编解码)
|
|
6
|
+
let silkWasm = null;
|
|
7
|
+
let silkWasmLoaded = false;
|
|
8
|
+
async function loadSilkWasm() {
|
|
9
|
+
if (silkWasmLoaded)
|
|
10
|
+
return silkWasm;
|
|
11
|
+
silkWasmLoaded = true;
|
|
12
|
+
try {
|
|
13
|
+
silkWasm = await import("silk-wasm");
|
|
14
|
+
}
|
|
15
|
+
catch {
|
|
16
|
+
console.warn("[audio-convert] silk-wasm not available, voice encoding/decoding disabled");
|
|
17
|
+
silkWasm = null;
|
|
18
|
+
}
|
|
19
|
+
return silkWasm;
|
|
20
|
+
}
|
|
21
|
+
// 同步版本的 isSilk(用于不方便 await 的场景),首次调用前需先 loadSilkWasm
|
|
22
|
+
function isSilkSync(data) {
|
|
23
|
+
if (!silkWasm)
|
|
24
|
+
return false;
|
|
25
|
+
return silkWasm.isSilk(data);
|
|
26
|
+
}
|
|
6
27
|
/**
|
|
7
28
|
* 检查文件是否为 SILK 格式(QQ/微信语音常用格式)
|
|
8
29
|
* QQ 语音文件通常以 .amr 扩展名保存,但实际编码可能是 SILK v3
|
|
@@ -11,7 +32,7 @@ import { detectFfmpeg, isWindows } from "./platform.js";
|
|
|
11
32
|
function isSilkFile(filePath) {
|
|
12
33
|
try {
|
|
13
34
|
const buf = fs.readFileSync(filePath);
|
|
14
|
-
return
|
|
35
|
+
return isSilkSync(new Uint8Array(buf.buffer, buf.byteOffset, buf.byteLength));
|
|
15
36
|
}
|
|
16
37
|
catch {
|
|
17
38
|
return false;
|
|
@@ -76,13 +97,14 @@ export async function convertSilkToWav(inputPath, outputDir) {
|
|
|
76
97
|
// 转为 Uint8Array 以兼容 silk-wasm 类型要求
|
|
77
98
|
const rawData = new Uint8Array(strippedBuf.buffer, strippedBuf.byteOffset, strippedBuf.byteLength);
|
|
78
99
|
// 验证是否为 SILK 格式
|
|
79
|
-
|
|
100
|
+
const silk = await loadSilkWasm();
|
|
101
|
+
if (!silk || !silk.isSilk(rawData)) {
|
|
80
102
|
return null;
|
|
81
103
|
}
|
|
82
104
|
// SILK 解码为 PCM (s16le)
|
|
83
105
|
// QQ 语音通常采样率为 24000Hz
|
|
84
106
|
const sampleRate = 24000;
|
|
85
|
-
const result = await decode(rawData, sampleRate);
|
|
107
|
+
const result = await silk.decode(rawData, sampleRate);
|
|
86
108
|
// PCM → WAV
|
|
87
109
|
const wavBuffer = pcmToWav(result.data, sampleRate);
|
|
88
110
|
// 写入 WAV 文件
|
|
@@ -317,8 +339,12 @@ export async function textToSpeechPCM(text, ttsCfg) {
|
|
|
317
339
|
throw lastError ?? new Error("TTS failed: all formats exhausted");
|
|
318
340
|
}
|
|
319
341
|
export async function pcmToSilk(pcmBuffer, sampleRate) {
|
|
342
|
+
const silk = await loadSilkWasm();
|
|
343
|
+
if (!silk) {
|
|
344
|
+
throw new Error("silk-wasm not available, cannot encode PCM to SILK. Install silk-wasm to enable voice sending.");
|
|
345
|
+
}
|
|
320
346
|
const pcmData = new Uint8Array(pcmBuffer.buffer, pcmBuffer.byteOffset, pcmBuffer.byteLength);
|
|
321
|
-
const result = await encode(pcmData, sampleRate);
|
|
347
|
+
const result = await silk.encode(pcmData, sampleRate);
|
|
322
348
|
return {
|
|
323
349
|
silkBuffer: Buffer.from(result.data.buffer, result.data.byteOffset, result.data.byteLength),
|
|
324
350
|
duration: result.duration,
|
|
@@ -365,10 +391,11 @@ export async function audioFileToSilkBase64(filePath, directUploadFormats) {
|
|
|
365
391
|
return buf.toString("base64");
|
|
366
392
|
}
|
|
367
393
|
// 1. .slk / .amr 扩展名 → 检测 SILK 魔数,是 SILK 则直传
|
|
394
|
+
const silk = await loadSilkWasm();
|
|
368
395
|
if ([".slk", ".slac"].includes(ext)) {
|
|
369
396
|
const stripped = stripAmrHeader(buf);
|
|
370
397
|
const raw = new Uint8Array(stripped.buffer, stripped.byteOffset, stripped.byteLength);
|
|
371
|
-
if (isSilk(raw)) {
|
|
398
|
+
if (silk?.isSilk(raw)) {
|
|
372
399
|
console.log(`[audio-convert] SILK file, direct use: ${filePath} (${buf.length} bytes)`);
|
|
373
400
|
return buf.toString("base64");
|
|
374
401
|
}
|
|
@@ -377,7 +404,7 @@ export async function audioFileToSilkBase64(filePath, directUploadFormats) {
|
|
|
377
404
|
const rawCheck = new Uint8Array(buf.buffer, buf.byteOffset, buf.byteLength);
|
|
378
405
|
const strippedCheck = stripAmrHeader(buf);
|
|
379
406
|
const strippedRaw = new Uint8Array(strippedCheck.buffer, strippedCheck.byteOffset, strippedCheck.byteLength);
|
|
380
|
-
if (isSilk(rawCheck) || isSilk(strippedRaw)) {
|
|
407
|
+
if (silk?.isSilk(rawCheck) || silk?.isSilk(strippedRaw)) {
|
|
381
408
|
console.log(`[audio-convert] SILK detected by header: ${filePath} (${buf.length} bytes)`);
|
|
382
409
|
return buf.toString("base64");
|
|
383
410
|
}
|
|
@@ -458,10 +485,11 @@ export async function audioFileToSilkFile(filePath, directUploadFormats) {
|
|
|
458
485
|
return filePath;
|
|
459
486
|
}
|
|
460
487
|
// 1. 已经是 SILK 编码 → 直接返回原文件
|
|
488
|
+
const silk = await loadSilkWasm();
|
|
461
489
|
if ([".slk", ".slac"].includes(ext)) {
|
|
462
490
|
const stripped = stripAmrHeader(buf);
|
|
463
491
|
const raw = new Uint8Array(stripped.buffer, stripped.byteOffset, stripped.byteLength);
|
|
464
|
-
if (isSilk(raw)) {
|
|
492
|
+
if (silk?.isSilk(raw)) {
|
|
465
493
|
console.log(`[audio-convert] SILK file, direct use: ${filePath} (${buf.length} bytes)`);
|
|
466
494
|
return filePath;
|
|
467
495
|
}
|
|
@@ -469,7 +497,7 @@ export async function audioFileToSilkFile(filePath, directUploadFormats) {
|
|
|
469
497
|
const rawCheck = new Uint8Array(buf.buffer, buf.byteOffset, buf.byteLength);
|
|
470
498
|
const strippedCheck = stripAmrHeader(buf);
|
|
471
499
|
const strippedRaw = new Uint8Array(strippedCheck.buffer, strippedCheck.byteOffset, strippedCheck.byteLength);
|
|
472
|
-
if (isSilk(rawCheck) || isSilk(strippedRaw)) {
|
|
500
|
+
if (silk?.isSilk(rawCheck) || silk?.isSilk(strippedRaw)) {
|
|
473
501
|
console.log(`[audio-convert] SILK detected by header: ${filePath} (${buf.length} bytes)`);
|
|
474
502
|
return filePath;
|
|
475
503
|
}
|
package/index.ts
CHANGED
package/package.json
CHANGED
|
@@ -110,6 +110,50 @@ if (!openclawRoot) {
|
|
|
110
110
|
}
|
|
111
111
|
}
|
|
112
112
|
|
|
113
|
+
// Strategy 4: pnpm global installation
|
|
114
|
+
// pnpm stores globals in ~/Library/pnpm/global/<ver>/.pnpm/<pkg>@<version>.../node_modules/<pkg>
|
|
115
|
+
// or resolves via `pnpm root -g`
|
|
116
|
+
if (!openclawRoot) {
|
|
117
|
+
// 4a: try `pnpm root -g`
|
|
118
|
+
try {
|
|
119
|
+
const pnpmGlobalRoot = execSync("pnpm root -g", { encoding: "utf-8" }).trim();
|
|
120
|
+
for (const name of CLI_NAMES) {
|
|
121
|
+
const candidate = join(pnpmGlobalRoot, name);
|
|
122
|
+
if (existsSync(join(candidate, "package.json"))) {
|
|
123
|
+
openclawRoot = candidate;
|
|
124
|
+
break;
|
|
125
|
+
}
|
|
126
|
+
}
|
|
127
|
+
} catch {}
|
|
128
|
+
|
|
129
|
+
// 4b: resolve from the real binary path into .pnpm store
|
|
130
|
+
if (!openclawRoot) {
|
|
131
|
+
const whichCmd = process.platform === "win32" ? "where" : "which";
|
|
132
|
+
for (const name of CLI_NAMES) {
|
|
133
|
+
try {
|
|
134
|
+
const bin = execSync(`${whichCmd} ${name}`, { encoding: "utf-8" }).trim().split("\n")[0];
|
|
135
|
+
if (!bin) continue;
|
|
136
|
+
const realBin = realpathSync(bin);
|
|
137
|
+
// pnpm bin layout: .../node_modules/.pnpm/<pkg>@<ver>.../node_modules/<pkg>/dist/bin.js
|
|
138
|
+
// or .../node_modules/<pkg>/dist/bin.js (hoisted)
|
|
139
|
+
// Walk up to find node_modules/<name>/package.json
|
|
140
|
+
let dir = dirname(realBin);
|
|
141
|
+
for (let i = 0; i < 8; i++) {
|
|
142
|
+
const candidate = join(dir, "node_modules", name);
|
|
143
|
+
if (existsSync(join(candidate, "package.json"))) {
|
|
144
|
+
openclawRoot = candidate;
|
|
145
|
+
break;
|
|
146
|
+
}
|
|
147
|
+
const parent = dirname(dir);
|
|
148
|
+
if (parent === dir) break;
|
|
149
|
+
dir = parent;
|
|
150
|
+
}
|
|
151
|
+
if (openclawRoot) break;
|
|
152
|
+
} catch {}
|
|
153
|
+
}
|
|
154
|
+
}
|
|
155
|
+
}
|
|
156
|
+
|
|
113
157
|
if (!openclawRoot) {
|
|
114
158
|
// Not fatal — plugin may work if openclaw loads it with proper alias resolution
|
|
115
159
|
// But log a warning so upgrade scripts can detect the failure
|