@x.ken/wecom 1.0.0

package/src/crypto.ts

@@ -0,0 +1,113 @@
+import { createDecipheriv, createHash } from "node:crypto";
+
+export function calculateSignature(
+  token: string,
+  timestamp: string,
+  nonce: string,
+  encrypt: string
+): string {
+  const arr = [token, timestamp, nonce, encrypt].sort();
+  const str = arr.join("");
+  return createHash("sha1").update(str).digest("hex");
+}
+
+export function verifySignature(
+  token: string,
+  timestamp: string,
+  nonce: string,
+  encrypt: string,
+  signature: string
+): boolean {
+  const calculated = calculateSignature(token, timestamp, nonce, encrypt);
+  return calculated === signature;
+}
+
+export function decryptMessage(
+  encodingAESKey: string,
+  encryptedMsg: string,
+  corpId: string
+): string {
+  const aesKeyBase64 = encodingAESKey + "=";
+  const aesKey = Buffer.from(aesKeyBase64, "base64");
+
+  if (aesKey.length !== 32) {
+    throw new Error(`Invalid AES key length: ${aesKey.length}, expected 32`);
+  }
+
+  const encryptedBuffer = Buffer.from(encryptedMsg, "base64");
+
+  const iv = aesKey.slice(0, 16);
+  const decipher = createDecipheriv("aes-256-cbc", aesKey, iv);
+  decipher.setAutoPadding(false);
+
+  const decrypted = Buffer.concat([
+    decipher.update(encryptedBuffer),
+    decipher.final(),
+  ] as Buffer[]) as Buffer;
+
+  if (decrypted.length < 20) {
+    throw new Error("Decrypted message too short");
+  }
+
+  let offset = 16;
+
+  const msgLen = decrypted.readUInt32BE(offset);
+  offset += 4;
+
+  if (offset + msgLen > decrypted.length) {
+    throw new Error("Invalid message length");
+  }
+
+  const msg = decrypted.slice(offset, offset + msgLen).toString("utf8");
+
+  // WeCom CorpId 格式是固定的 18 字节 (如 ww21aeaac549e9a9f5)
+  // 正确的消息格式: [16B随机数][4B msgLen][msgLen B 消息][18B CorpId][4B随机数]
+  const expectedCorpIdLen = 18;
+
+  // 计算 corpId 的起始位置
+  const corpIdOffset = offset + msgLen;
+
+  // 检查剩余 buffer 是否足够长
+  if (corpIdOffset + expectedCorpIdLen > decrypted.length) {
+    throw new Error(
+      `Invalid message: not enough bytes for CorpId. corpIdOffset=${corpIdOffset}, decryptedLen=${decrypted.length}`
+    );
+  }
+
+  const receivedCorpIdBuffer = decrypted.slice(corpIdOffset, corpIdOffset + expectedCorpIdLen);
+  const receivedCorpId = receivedCorpIdBuffer.toString("utf8").trim();
+
+  // 从配置中清理 corpId（去除可能的隐藏字符和空格）
+  const cleanCorpId = corpId.trim();
+
+  if (receivedCorpId !== cleanCorpId) {
+    console.error("[WeCom Crypto] CorpId mismatch debug:");
+    console.error("  Expected (config, cleaned):", JSON.stringify(cleanCorpId), "len:", cleanCorpId.length);
+    console.error("  Received (from message):", JSON.stringify(receivedCorpId), "len:", receivedCorpId.length);
+    console.error("  Expected bytes:", Buffer.from(cleanCorpId).toString("hex"));
+    console.error("  Received bytes:", receivedCorpIdBuffer.toString("hex"));
+
+    throw new Error(
+      `CorpId mismatch: expected ${cleanCorpId}, got ${receivedCorpId}`
+    );
+  }
+
+  return msg;
+}
+
+function removePKCS7Padding(buffer: Buffer | Buffer[]): Buffer {
+  const buf = Array.isArray(buffer) ? Buffer.concat(buffer) : buffer;
+  const paddingLength = buf[buf.length - 1];
+
+  if (paddingLength < 1 || paddingLength > 32) {
+    throw new Error("Invalid PKCS7 padding");
+  }
+
+  for (let i = 0; i < paddingLength; i++) {
+    if (buf[buf.length - 1 - i] !== paddingLength) {
+      throw new Error("Invalid PKCS7 padding");
+    }
+  }
+
+  return buf.slice(0, buf.length - paddingLength);
+}

package/src/gateway.ts

@@ -0,0 +1,413 @@
+import { registerPluginHttpRoute, type ChannelGatewayContext } from "clawdbot/plugin-sdk";
+import type { IncomingMessage } from "node:http";
+import { wecomClient, type WeComMessage } from "./client.js";
+import { parseMultipart } from "./multipart.js";
+import { writeFile } from "node:fs/promises";
+import { join } from "node:path";
+import { tmpdir } from "node:os";
+import { randomUUID } from "node:crypto";
+import { verifySignature, decryptMessage, calculateSignature } from "./crypto.js";
+import { parseWeComMessage, formatMessageForClawdbot } from "./message-parser.js";
+import { XMLParser } from "fast-xml-parser";
+import { getWeComRuntime } from "./runtime.js";
+
+async function readBody(req: IncomingMessage): Promise<Buffer> {
+  const chunks: Buffer[] = [];
+  for await (const chunk of req) {
+    chunks.push(chunk);
+  }
+  return Buffer.concat(chunks);
+}
+
+export function startWeComAccount(ctx: ChannelGatewayContext) {
+  const accountId = ctx.account.accountId;
+  const config = ctx.account.config as any;
+
+  const unregisterMessage = registerPluginHttpRoute({
+    pluginId: "wecom",
+    accountId,
+    path: "/wecom/message",
+    handler: async (req, res) => {
+      const url = new URL(req.url || "", `http://${req.headers.host}`);
+
+      if (req.method === "GET") {
+        const msgSignature = url.searchParams.get("msg_signature");
+        const timestamp = url.searchParams.get("timestamp");
+        const nonce = url.searchParams.get("nonce");
+        const echostr = url.searchParams.get("echostr");
+
+        const token = config.token;
+
+        if (!token) {
+          res.statusCode = 500;
+          res.end("Token not configured");
+          return;
+        }
+
+        if (!msgSignature || !timestamp || !nonce || !echostr) {
+          res.statusCode = 400;
+          res.end("Missing required parameters");
+          return;
+        }
+
+        try {
+          const expectedSignature = calculateSignature(token, timestamp, nonce, echostr);
+          if (expectedSignature !== msgSignature) {
+            res.statusCode = 403;
+            res.end("Invalid signature");
+            return;
+          }
+
+          const encodingAESKey = config.encodingAESKey;
+          const corpid = config.corpid;
+
+          if (!encodingAESKey || !corpid) {
+            res.statusCode = 500;
+            res.end("encodingAESKey or corpid not configured");
+            return;
+          }
+
+          const decryptedEchoStr = decryptMessage(encodingAESKey, echostr, corpid);
+          res.statusCode = 200;
+          res.setHeader("Content-Type", "text/plain");
+          res.end(decryptedEchoStr);
+        } catch (error) {
+          console.error("WeChat verification failed:", error);
+          res.statusCode = 500;
+          res.end(String(error));
+        }
+        return;
+      }
+
+      if (req.method !== "POST") {
+        res.statusCode = 405;
+        res.end("Method Not Allowed");
+        return;
+      }
+
+      try {
+        const contentType = req.headers["content-type"] || "";
+
+        const isEncryptedWeComMessage =
+          contentType.includes("text/xml") ||
+          contentType.includes("application/xml") ||
+          url.searchParams.has("msg_signature");
+
+        if (isEncryptedWeComMessage) {
+          await handleEncryptedWeComMessage(req, res, url, ctx, accountId);
+        } else {
+          await handleLegacyMessage(req, res, contentType, ctx, accountId);
+        }
+      } catch (e) {
+        console.error("WeCom handler error:", e);
+        if (!res.writableEnded) {
+          res.statusCode = 500;
+          res.end(String(e));
+        }
+      }
+    },
+  });
+
+  const unregisterPoll = registerPluginHttpRoute({
+    pluginId: "wecom",
+    accountId,
+    path: "/wecom/messages",
+    handler: async (req, res) => {
+      if (req.method !== "GET") {
+        res.statusCode = 405;
+        res.end("Method Not Allowed");
+        return;
+      }
+
+      const url = new URL(req.url || "", `http://${req.headers.host}`);
+      const email = url.searchParams.get("email");
+
+      if (!email) {
+        res.statusCode = 400;
+        res.end("Missing email param");
+        return;
+      }
+
+      const messages = wecomClient.getPendingMessages(email);
+      res.setHeader("Content-Type", "application/json");
+      res.end(JSON.stringify({ messages }));
+    },
+  });
+
+  return {
+    stop: () => {
+      unregisterMessage();
+      unregisterPoll();
+    },
+  };
+}
+
+async function handleEncryptedWeComMessage(
+  req: IncomingMessage,
+  res: any,
+  url: URL,
+  ctx: ChannelGatewayContext,
+  accountId: string
+) {
+  const config = ctx.account.config as any;
+
+  const msgSignature = url.searchParams.get("msg_signature");
+  const timestamp = url.searchParams.get("timestamp");
+  const nonce = url.searchParams.get("nonce");
+
+  const token = config.token;
+  const encodingAESKey = config.encodingAESKey;
+  const corpid = config.corpid;
+
+  if (!token || !encodingAESKey || !corpid) {
+    res.statusCode = 500;
+    res.end("Token, encodingAESKey or corpid not configured");
+    return;
+  }
+
+  if (!msgSignature || !timestamp || !nonce) {
+    res.statusCode = 400;
+    res.end("Missing signature parameters");
+    return;
+  }
+
+  const rawBody = await readBody(req);
+  const xmlString = rawBody.toString("utf8");
+
+  console.log("=== Received WeChat Encrypted Message ===");
+  console.log("XML:", xmlString);
+
+  const parser = new XMLParser({
+    ignoreAttributes: false,
+    parseTagValue: false,
+    trimValues: true,
+  });
+
+  const xmlObj = parser.parse(xmlString);
+  const encryptedMsg = xmlObj.xml?.Encrypt || xmlObj.xml?.encrypt;
+
+  if (!encryptedMsg) {
+    res.statusCode = 400;
+    res.end("Missing Encrypt field in XML");
+    return;
+  }
+
+  const isValid = verifySignature(token, timestamp, nonce, encryptedMsg, msgSignature);
+  if (!isValid) {
+    console.error("Invalid message signature");
+    res.statusCode = 403;
+    res.end("Invalid signature");
+    return;
+  }
+
+  let decryptedXml: string;
+  try {
+    decryptedXml = decryptMessage(encodingAESKey, encryptedMsg, corpid);
+    console.log("=== Decrypted Message XML ===");
+    console.log(decryptedXml);
+  } catch (error) {
+    console.error("Decryption failed:", error);
+    res.statusCode = 500;
+    res.end("Decryption failed");
+    return;
+  }
+
+  const wecomMessage = parseWeComMessage(decryptedXml);
+  console.log("=== Parsed WeChat Message ===");
+  console.log(JSON.stringify(wecomMessage, null, 2));
+
+  const { text, mediaUrls } = formatMessageForClawdbot(wecomMessage);
+  const userId = wecomMessage.FromUserName;
+
+  console.log("=== WeCom Context to Agent ===");
+  console.log("From:", userId);
+  console.log("Body:", text);
+  console.log("MediaUrls:", mediaUrls);
+  console.log("===================================");
+
+  res.statusCode = 200;
+  res.setHeader("Content-Type", "text/plain");
+  res.end("success");
+
+  const systemPrompt = config.systemPrompt?.trim() || undefined;
+
+  const core = getWeComRuntime();
+
+  await core.channel.reply.dispatchReplyWithBufferedBlockDispatcher({
+    ctx: {
+      From: userId,
+      Body: text,
+      AccountId: accountId,
+      SessionKey: `wecom:${accountId}:${userId}`,
+      MediaUrls: mediaUrls,
+      GroupSystemPrompt: systemPrompt,
+    },
+    cfg: ctx.cfg,
+    dispatcherOptions: {
+      responsePrefix: "",
+      deliver: async (payload) => {
+        console.log("=== WeCom Deliver Payload ===");
+        console.log("Text:", payload.text);
+        console.log("MediaUrl:", payload.mediaUrl);
+        console.log("================================");
+
+        // 配置验证
+        if (!config.corpid) {
+          console.error("[WeCom Error] corpid not configured! Please add to clawdbot.json:");
+          console.error("  channels.wecom.corpid: 'ww...'");
+        }
+        if (!config.corpsecret) {
+          console.error("[WeCom Error] corpsecret not configured! Please add to clawdbot.json:");
+          console.error("  channels.wecom.corpsecret: 'your-corp-secret'");
+        }
+        if (!config.agentid) {
+          console.error("[WeCom Error] agentid not configured! Please add to clawdbot.json:");
+          console.error("  channels.wecom.agentid: 1000006");
+        }
+
+        const msg: WeComMessage = {
+          text: payload.text,
+          mediaUrl: payload.mediaUrl
+        };
+
+        await wecomClient.sendMessage(userId, msg, {
+          corpid: config.corpid,
+          corpsecret: config.corpsecret,
+          agentid: config.agentid,
+          token: config.token,
+          encodingAESKey: config.encodingAESKey
+        });
+      },
+      onError: (err) => {
+        console.error("WeCom dispatch error:", err);
+      },
+    },
+    replyOptions: {},
+  });
+}
+
+async function handleLegacyMessage(
+  req: IncomingMessage,
+  res: any,
+  contentType: string,
+  ctx: ChannelGatewayContext,
+  accountId: string
+) {
+  let email: string | undefined;
+  let text: string | undefined;
+  let imageUrl: string | undefined;
+  let sync = false;
+  const files: Array<{ filename: string; path: string; mimetype: string }> = [];
+
+  if (contentType.includes("application/json")) {
+    const raw = await readBody(req);
+    if (raw.length === 0) {
+      res.statusCode = 400;
+      res.end("Empty body");
+      return;
+    }
+    const body = JSON.parse(raw.toString());
+    email = body.email;
+    text = body.text;
+    imageUrl = body.imageUrl;
+    sync = Boolean(body.sync);
+  } else if (contentType.includes("multipart/form-data")) {
+    const boundary = contentType.split("boundary=")[1]?.split(";")[0];
+    if (!boundary) throw new Error("No boundary");
+    const buffer = await readBody(req);
+    const result = parseMultipart(buffer, boundary);
+
+    email = result.fields.email;
+    text = result.fields.text;
+    sync = result.fields.sync === "true";
+
+    for (const file of result.files) {
+      const tempPath = join(tmpdir(), `wecom-${randomUUID()}-${file.filename}`);
+      await writeFile(tempPath, file.data);
+      files.push({
+        filename: file.filename,
+        path: tempPath,
+        mimetype: file.mimetype,
+      });
+    }
+  }
+
+  if (!email) {
+    res.statusCode = 400;
+    res.end("Missing email");
+    return;
+  }
+
+  if (sync) {
+    wecomClient.registerPendingRequest(email, res);
+  } else {
+    res.statusCode = 200;
+    res.setHeader("Content-Type", "application/json");
+    res.end(JSON.stringify({ status: "ok" }));
+  }
+
+  const mediaUrls: string[] = [];
+  if (imageUrl) mediaUrls.push(imageUrl);
+  for (const file of files) {
+    mediaUrls.push(`file://${file.path}`);
+  }
+
+  let enrichedText = text || "";
+  if (files.length > 0) {
+    enrichedText += "\n\n[上传的文件]";
+    for (const file of files) {
+      enrichedText += `\n- ${file.filename}: ${file.path}`;
+    }
+  }
+
+  console.log("=== WeCom Context to Agent ===");
+  console.log("From:", email);
+  console.log("Body:", enrichedText);
+  console.log("MediaUrls:", mediaUrls);
+  console.log("Files count:", files.length);
+  console.log("===================================");
+
+  const config = ctx.account.config as any;
+  const systemPrompt = config.systemPrompt?.trim() || undefined;
+
+  const core = getWeComRuntime();
+
+  await core.channel.reply.dispatchReplyWithBufferedBlockDispatcher({
+    ctx: {
+      From: email,
+      Body: enrichedText,
+      AccountId: accountId,
+      SessionKey: `wecom:${accountId}:${email}`,
+      MediaUrls: mediaUrls.length > 0 ? mediaUrls : undefined,
+      GroupSystemPrompt: systemPrompt,
+    },
+    cfg: ctx.cfg,
+    dispatcherOptions: {
+      responsePrefix: "",
+      deliver: async (payload) => {
+        console.log("=== WeCom Deliver Payload ===");
+        console.log("Text:", payload.text);
+        console.log("MediaUrl:", payload.mediaUrl);
+        console.log("================================");
+
+        const config = ctx.account.config as any;
+        const msg: WeComMessage = {
+          text: payload.text,
+          mediaUrl: payload.mediaUrl
+        };
+
+        await wecomClient.sendMessage(email!, msg, {
+          corpid: config.corpid,
+          corpsecret: config.corpsecret,
+          agentid: config.agentid,
+          token: config.token,
+          encodingAESKey: config.encodingAESKey
+        });
+      },
+      onError: (err) => {
+        console.error("WeCom dispatch error:", err);
+      },
+    },
+    replyOptions: {},
+  });
+}

package/src/message-parser.ts

@@ -0,0 +1,195 @@
+import { XMLParser } from "fast-xml-parser";
+
+export type WeComMessageType = "text" | "image" | "voice" | "video" | "location" | "link" | "event";
+
+export interface WeComMessageBase {
+  ToUserName: string;
+  FromUserName: string;
+  CreateTime: number;
+  MsgType: WeComMessageType;
+  AgentID: number;
+  MsgId?: string;
+}
+
+export interface WeComTextMessage extends WeComMessageBase {
+  MsgType: "text";
+  Content: string;
+}
+
+export interface WeComImageMessage extends WeComMessageBase {
+  MsgType: "image";
+  PicUrl: string;
+  MediaId: string;
+}
+
+export interface WeComVoiceMessage extends WeComMessageBase {
+  MsgType: "voice";
+  MediaId: string;
+  Format: string;
+}
+
+export interface WeComVideoMessage extends WeComMessageBase {
+  MsgType: "video";
+  MediaId: string;
+  ThumbMediaId: string;
+}
+
+export interface WeComLocationMessage extends WeComMessageBase {
+  MsgType: "location";
+  Location_X: number;
+  Location_Y: number;
+  Scale: number;
+  Label: string;
+  AppType?: string;
+}
+
+export interface WeComLinkMessage extends WeComMessageBase {
+  MsgType: "link";
+  Title: string;
+  Description: string;
+  Url: string;
+  PicUrl: string;
+}
+
+export type WeComMessage =
+  | WeComTextMessage
+  | WeComImageMessage
+  | WeComVoiceMessage
+  | WeComVideoMessage
+  | WeComLocationMessage
+  | WeComLinkMessage;
+
+export function parseWeComMessage(xml: string): WeComMessage {
+  const parser = new XMLParser({
+    ignoreAttributes: false,
+    parseTagValue: true,
+    parseAttributeValue: true,
+    trimValues: true,
+  });
+
+  const result = parser.parse(xml);
+
+  if (!result.xml) {
+    throw new Error("Invalid WeChat message XML: missing <xml> root");
+  }
+
+  const msg = result.xml;
+
+  if (!msg.ToUserName || !msg.FromUserName || !msg.MsgType) {
+    throw new Error("Invalid WeChat message: missing required fields");
+  }
+
+  const baseMessage = {
+    ToUserName: String(msg.ToUserName),
+    FromUserName: String(msg.FromUserName),
+    CreateTime: Number(msg.CreateTime) || 0,
+    MsgType: msg.MsgType as WeComMessageType,
+    AgentID: Number(msg.AgentID) || 0,
+    MsgId: msg.MsgId ? String(msg.MsgId) : undefined,
+  };
+
+  switch (msg.MsgType) {
+    case "text":
+      return {
+        ...baseMessage,
+        MsgType: "text",
+        Content: String(msg.Content || ""),
+      } as WeComTextMessage;
+
+    case "image":
+      return {
+        ...baseMessage,
+        MsgType: "image",
+        PicUrl: String(msg.PicUrl || ""),
+        MediaId: String(msg.MediaId || ""),
+      } as WeComImageMessage;
+
+    case "voice":
+      return {
+        ...baseMessage,
+        MsgType: "voice",
+        MediaId: String(msg.MediaId || ""),
+        Format: String(msg.Format || ""),
+      } as WeComVoiceMessage;
+
+    case "video":
+      return {
+        ...baseMessage,
+        MsgType: "video",
+        MediaId: String(msg.MediaId || ""),
+        ThumbMediaId: String(msg.ThumbMediaId || ""),
+      } as WeComVideoMessage;
+
+    case "location":
+      return {
+        ...baseMessage,
+        MsgType: "location",
+        Location_X: Number(msg.Location_X) || 0,
+        Location_Y: Number(msg.Location_Y) || 0,
+        Scale: Number(msg.Scale) || 0,
+        Label: String(msg.Label || ""),
+        AppType: msg.AppType ? String(msg.AppType) : undefined,
+      } as WeComLocationMessage;
+
+    case "link":
+      return {
+        ...baseMessage,
+        MsgType: "link",
+        Title: String(msg.Title || ""),
+        Description: String(msg.Description || ""),
+        Url: String(msg.Url || ""),
+        PicUrl: String(msg.PicUrl || ""),
+      } as WeComLinkMessage;
+
+    default:
+      throw new Error(`Unsupported message type: ${msg.MsgType}`);
+  }
+}
+
+export function formatMessageForClawdbot(message: WeComMessage): {
+  text: string;
+  mediaUrls?: string[];
+} {
+  const mediaUrls: string[] = [];
+  let text = "";
+
+  switch (message.MsgType) {
+    case "text":
+      text = message.Content;
+      break;
+
+    case "image":
+      text = "[图片消息]";
+      if (message.PicUrl) {
+        mediaUrls.push(message.PicUrl);
+      }
+      break;
+
+    case "voice":
+      text = `[语音消息]\n格式: ${message.Format}\nMediaId: ${message.MediaId}`;
+      break;
+
+    case "video":
+      text = `[视频消息]\nMediaId: ${message.MediaId}`;
+      break;
+
+    case "location":
+      text = `[位置消息]\n位置: ${message.Label}\n坐标: ${message.Location_X}, ${message.Location_Y}\n缩放: ${message.Scale}`;
+      break;
+
+    case "link":
+      text = `[链接消息]\n标题: ${message.Title}\n描述: ${message.Description}\n链接: ${message.Url}`;
+      if (message.PicUrl) {
+        mediaUrls.push(message.PicUrl);
+      }
+      break;
+
+    default:
+      text = "[未知消息类型]";
+  }
+
+  return {
+    text,
+    mediaUrls: mediaUrls.length > 0 ? mediaUrls : undefined,
+  };
+}