@wps365/openclaw-wpsxiezuo 1.11.7 → 1.11.8-beta.0

package/dist/channel/event-crypto.js

@@ -0,0 +1,35 @@
+/**
+ * WPS 事件加解密与签名校验。
+ *
+ * Webhook 事件使用 HMAC-SHA256 签名 + AES-256-CBC 加密。
+ * 从 v1 monitor.ts 中抽取，对标飞书 src/channel/event-handlers.ts 的加解密层。
+ */
+import * as crypto from "node:crypto";
+export function isEncryptedEvent(body) {
+    if (!body || typeof body !== "object")
+        return false;
+    const b = body;
+    return (typeof b.encrypted_data === "string" &&
+        typeof b.nonce === "string" &&
+        typeof b.signature === "string" &&
+        typeof b.topic === "string" &&
+        typeof b.time === "number");
+}
+export function verifySignature(params) {
+    const content = `${params.appId}:${params.topic}:${params.nonce}:${params.time}:${params.encryptedData}`;
+    const hmac = crypto.createHmac("sha256", params.appSecret);
+    hmac.update(content);
+    const expected = hmac.digest("base64url").replace(/=+$/, "");
+    return expected === params.signature;
+}
+export function decryptEventData(encryptedData, appSecret, nonce) {
+    const cipherHex = crypto.createHash("md5").update(appSecret).digest("hex");
+    const key = Buffer.from(cipherHex, "utf-8");
+    const iv = Buffer.from(nonce, "utf-8").subarray(0, 16);
+    const encrypted = Buffer.from(encryptedData, "base64");
+    const decipher = crypto.createDecipheriv("aes-256-cbc", key, iv);
+    let decrypted = decipher.update(encrypted);
+    decrypted = Buffer.concat([decrypted, decipher.final()]);
+    return decrypted.toString("utf-8");
+}
+//# sourceMappingURL=event-crypto.js.map

package/dist/channel/event-handlers.js

@@ -0,0 +1,206 @@
+/**
+ * WPS 入站事件处理 — Webhook HTTP + SDK 长连接双模式。
+ *
+ * 对标飞书 src/channel/event-handlers.ts：
+ * - Webhook: Express POST → challenge / 加解密 / 分发
+ * - SDK: open-event-sdk 映射为统一 WpsEventPayload
+ *
+ * 不包含业务逻辑（session / routing / reply），仅做事件基础设施。
+ */
+import { MESSAGE_TOPIC } from "./event-types.js";
+import { isEncryptedEvent, verifySignature, decryptEventData } from "./event-crypto.js";
+// ── 公共工具 ──────────────────────────────────────────────────
+export function shouldSkipNonMessageTopic(topic) {
+    return typeof topic === "string" && topic.trim() !== "" && topic !== MESSAGE_TOPIC;
+}
+function toRecord(value) {
+    return value && typeof value === "object" ? value : {};
+}
+function firstString(...values) {
+    for (const v of values) {
+        if (typeof v === "string" && v.trim())
+            return v.trim();
+        if (typeof v === "number" && Number.isFinite(v))
+            return String(v);
+    }
+    return "";
+}
+export function buildMessageContent(msg) {
+    const c = msg.content;
+    if (!c || typeof c !== "object")
+        return {};
+    const raw = c;
+    const nestedText = raw.text;
+    if (nestedText && typeof nestedText === "object" && nestedText !== null && "content" in nestedText) {
+        const cVal = nestedText.content;
+        const textPreview = typeof cVal === "string"
+            ? cVal.trim()
+            : typeof cVal === "number" && Number.isFinite(cVal)
+                ? String(cVal)
+                : "";
+        // WPS 常在 rich_text 旁挂空的 text.content；若此处无条件 return raw，会跳过下面的 rich_text 抽取
+        if (textPreview !== "") {
+            return raw;
+        }
+    }
+    if (typeof raw.text === "string") {
+        return { text: { content: raw.text, type: "plain" } };
+    }
+    const image = raw.image;
+    if (image && typeof image === "object") {
+        const imgFileId = typeof image.file_id === "string" ? image.file_id : "";
+        const imgStorageKey = typeof image.storage_key === "string" ? image.storage_key : "";
+        const imgKey = typeof image.key === "string" ? image.key : "";
+        const resolvedSk = imgFileId || imgStorageKey || imgKey;
+        if (resolvedSk) {
+            return { image: { ...image, storage_key: resolvedSk } };
+        }
+        return raw;
+    }
+    const file = raw.file;
+    if (file && typeof file === "object") {
+        const fileType = typeof file.type === "string" ? file.type : "";
+        const cloud = file.cloud;
+        if ((fileType === "cloud" || cloud) && cloud && typeof cloud === "object") {
+            return { file: { type: "cloud", cloud } };
+        }
+        const fileId = file.file_id;
+        if (fileId) {
+            return { file: { type: "local", local: { storage_key: fileId, name: file.name ?? "file" } } };
+        }
+        const local = file.local;
+        if (local && typeof local === "object") {
+            return { file: { type: "local", local } };
+        }
+    }
+    const richText = raw.rich_text;
+    if (richText && typeof richText === "object") {
+        return raw;
+    }
+    return raw;
+}
+function mapMentions(input) {
+    if (!Array.isArray(input))
+        return undefined;
+    const mapped = input
+        .map((item) => toRecord(item))
+        .map((r) => {
+        const identity = toRecord(r.identity);
+        const identityMapped = {
+            id: typeof identity.id === "string" ? identity.id : undefined,
+            app_id: typeof identity.app_id === "string" ? identity.app_id : undefined,
+            name: typeof identity.name === "string" ? identity.name : undefined,
+            type: typeof identity.type === "string" ? identity.type : undefined,
+            company_id: typeof identity.company_id === "string" ? identity.company_id : undefined,
+        };
+        const hasIdentity = Object.values(identityMapped).some((v) => v !== undefined);
+        return {
+            type: typeof r.type === "string" ? r.type : undefined,
+            id: typeof r.id === "string" ? r.id : undefined,
+            user_id: typeof r.user_id === "string" ? r.user_id : undefined,
+            userId: typeof r.userId === "string" ? r.userId : undefined,
+            offset: typeof r.offset === "number" ? r.offset : undefined,
+            length: typeof r.length === "number" ? r.length : undefined,
+            ...(hasIdentity ? { identity: identityMapped } : {}),
+        };
+    })
+        .filter((m) => Boolean(m.id || m.user_id || m.userId || m.type || m.identity));
+    return mapped.length > 0 ? mapped : undefined;
+}
+function mapReplyTo(input) {
+    const record = toRecord(input);
+    const sender = toRecord(record.sender);
+    const senderId = typeof record.sender_id === "string" ? record.sender_id : undefined;
+    const senderInnerId = typeof sender.id === "string" ? sender.id : undefined;
+    if (!senderId && !senderInnerId)
+        return undefined;
+    return {
+        sender_id: senderId,
+        sender: senderInnerId ? { id: senderInnerId } : undefined,
+    };
+}
+/** 将 open-event-sdk 消息事件转为统一 WpsEventPayload */
+export function mapSdkMessageToPayload(data) {
+    const rawData = toRecord(data);
+    const rawMsg = toRecord(data.message);
+    const sendMs = data.send_time < 1e12 ? Math.floor(data.send_time * 1000) : data.send_time;
+    const chatId = String(data.chat.id);
+    const messageId = String(data.message.id);
+    const senderId = String(data.sender.id);
+    return {
+        topic: typeof rawData.topic === "string" ? rawData.topic : MESSAGE_TOPIC,
+        event_id: firstString(rawData.event_id, rawData.id, messageId) || undefined,
+        company_id: firstString(rawData.company_id, rawData.companyId, rawData.corp_id) || undefined,
+        chat: { id: chatId, type: data.chat.type },
+        message: {
+            id: messageId,
+            type: data.message.type,
+            content: buildMessageContent(data.message),
+            sender: { id: senderId, type: data.sender.type },
+            mentions: mapMentions(rawMsg.mentions),
+            reply_to: mapReplyTo(rawMsg.reply_to),
+        },
+        quote_msg_id: firstString(rawData.quote_msg_id, rawData.quote_message_id, typeof rawMsg.quote_msg_id === "string" ? rawMsg.quote_msg_id : undefined) || undefined,
+        sender: {
+            id: senderId,
+            type: data.sender.type,
+            name: data.sender.extended_attribute?.name,
+        },
+        send_time: sendMs,
+    };
+}
+/**
+ * 处理单个 Webhook POST body：
+ * - challenge 验证 → 返回 { challenge }
+ * - 加密事件 → 签名校验 + 解密
+ * - 明文事件 → 直接透传
+ */
+export function processWebhookBody(body, creds, enableEncryption, log) {
+    const record = toRecord(body);
+    if (typeof record.challenge === "string") {
+        log?.info?.("WPS webhook challenge verification");
+        return { challenge: record.challenge };
+    }
+    if (enableEncryption && isEncryptedEvent(body)) {
+        const enc = body;
+        if (enc.topic !== MESSAGE_TOPIC) {
+            log?.info?.(`WPS webhook skip non-message topic=${enc.topic}`);
+            return { ok: false, error: "skip", status: 200 };
+        }
+        const valid = verifySignature({
+            appId: creds.appId,
+            appSecret: creds.appSecret,
+            topic: enc.topic,
+            nonce: enc.nonce,
+            time: enc.time,
+            encryptedData: enc.encrypted_data,
+            signature: enc.signature,
+        });
+        if (!valid) {
+            log?.error?.("WPS signature verification failed");
+            return { ok: false, error: "Invalid signature", status: 403 };
+        }
+        try {
+            const decrypted = decryptEventData(enc.encrypted_data, creds.appSecret, enc.nonce);
+            const payload = JSON.parse(decrypted);
+            payload.topic = enc.topic;
+            if (!payload.event_id)
+                payload.event_id = payload.message?.id;
+            log?.info?.(`WPS decrypted event: topic=${enc.topic}, operation=${enc.operation}`);
+            return { ok: true, payload };
+        }
+        catch (err) {
+            log?.error?.("WPS decryption failed:", err);
+            return { ok: false, error: "Decryption failed", status: 400 };
+        }
+    }
+    const payload = body;
+    if (shouldSkipNonMessageTopic(payload.topic)) {
+        log?.info?.(`WPS webhook skip non-message topic=${String(payload.topic)}`);
+        return { ok: false, error: "skip", status: 200 };
+    }
+    if (!payload.event_id)
+        payload.event_id = payload.message?.id;
+    return { ok: true, payload };
+}
+//# sourceMappingURL=event-handlers.js.map

package/dist/channel/event-types.js

@@ -0,0 +1,6 @@
+/**
+ * WPS 入站事件类型定义。
+ * 对标飞书 src/channel/event-types.ts。
+ */
+export const MESSAGE_TOPIC = "kso.app_chat.message";
+//# sourceMappingURL=event-types.js.map

package/dist/channel/inbound-context-cache.js

@@ -0,0 +1,27 @@
+/**
+ * Per-account 最近入站上下文缓存（纯内存）。
+ *
+ * 在 handleInbound 阶段写入，在 handleAction 阶段读取作为 fallback，
+ * 作为防御层：当 agent 意外传入 AK（应用 ID）作为 to 时自动修正。
+ *
+ * 正常路径下 OriginatingTo 已设为正确的 user:/chat: 目标，
+ * 此缓存仅在极端场景下被触发。
+ *
+ * 独立模块，避免 handler.ts ↔ plugin.ts 循环依赖。
+ */
+const lastInboundCtxMap = new Map();
+const INBOUND_CTX_TTL_MS = 30 * 60 * 1000;
+export function setLastInboundContext(accountId, ctx) {
+    lastInboundCtxMap.set(accountId, { ...ctx, ts: Date.now() });
+}
+export function getLastInboundContext(accountId) {
+    const entry = lastInboundCtxMap.get(accountId);
+    if (!entry)
+        return undefined;
+    if (Date.now() - entry.ts > INBOUND_CTX_TTL_MS) {
+        lastInboundCtxMap.delete(accountId);
+        return undefined;
+    }
+    return entry;
+}
+//# sourceMappingURL=inbound-context-cache.js.map

package/dist/channel/index.js

@@ -0,0 +1,8 @@
+/**
+ * Channel module exports
+ */
+export * from "./event-types.js";
+export * from "./event-crypto.js";
+export * from "./event-handlers.js";
+export * from "./sdk-provider.js";
+//# sourceMappingURL=index.js.map