@yanhaidao/wecom 2.2.28 → 2.3.3

package/src/gateway-monitor.ts

@@ -12,10 +12,11 @@ import {
 } from "./config/index.js";
 import { registerAgentWebhookTarget, registerWecomWebhookTarget } from "./monitor.js";
 import type { ResolvedWecomAccount, WecomConfig } from "./types/index.js";
+import { WEBHOOK_PATHS } from "./types/constants.js";
 
 type AccountRouteRegistryItem = {
   botPaths: string[];
-  agentPath?: string;
+  agentPaths: string[];
 };
 
 const accountRouteRegistry = new Map<string, AccountRouteRegistryItem>();
@@ -41,7 +42,7 @@ function logRegisteredRouteSummary(
       const routes = accountRouteRegistry.get(accountId);
       if (!routes) return undefined;
       const botText = routes.botPaths.length > 0 ? routes.botPaths.join(", ") : "未启用";
-      const agentText = routes.agentPath ?? "未启用";
+      const agentText = routes.agentPaths.length > 0 ? routes.agentPaths.join(", ") : "未启用";
       return `accountId=${accountId}（Bot: ${botText}；Agent: ${agentText}）`;
     })
     .filter((entry): entry is string => Boolean(entry));
@@ -74,6 +75,30 @@ function waitForAbortSignal(abortSignal: AbortSignal): Promise<void> {
   });
 }
 
+function uniquePaths(paths: string[]): string[] {
+  return Array.from(new Set(paths.map((path) => path.trim()).filter(Boolean)));
+}
+
+function resolveBotRegistrationPaths(params: { accountId: string; matrixMode: boolean }): string[] {
+  if (params.matrixMode) {
+    return uniquePaths([
+      `${WEBHOOK_PATHS.BOT_PLUGIN}/${params.accountId}`,
+      `${WEBHOOK_PATHS.BOT_ALT}/${params.accountId}`,
+    ]);
+  }
+  return uniquePaths([WEBHOOK_PATHS.BOT_PLUGIN, WEBHOOK_PATHS.BOT, WEBHOOK_PATHS.BOT_ALT]);
+}
+
+function resolveAgentRegistrationPaths(params: { accountId: string; matrixMode: boolean }): string[] {
+  if (params.matrixMode) {
+    return uniquePaths([
+      `${WEBHOOK_PATHS.AGENT_PLUGIN}/${params.accountId}`,
+      `${WEBHOOK_PATHS.AGENT}/${params.accountId}`,
+    ]);
+  }
+  return uniquePaths([WEBHOOK_PATHS.AGENT_PLUGIN, WEBHOOK_PATHS.AGENT]);
+}
+
 /**
  * Keeps WeCom webhook targets registered for the account lifecycle.
  * The promise only settles after gateway abort/reload signals shutdown.
@@ -129,12 +154,13 @@ export async function monitorWecomProvider(
 
   const unregisters: Array<() => void> = [];
   const botPaths: string[] = [];
-  let agentPath: string | undefined;
+  const agentPaths: string[] = [];
   try {
     if (bot && botConfigured) {
-      const paths = matrixMode
-        ? [`/wecom/bot/${account.accountId}`]
-        : ["/wecom", "/wecom/bot"];
+      const paths = resolveBotRegistrationPaths({
+        accountId: account.accountId,
+        matrixMode,
+      });
       for (const path of paths) {
         unregisters.push(
           registerWecomWebhookTarget({
@@ -154,20 +180,25 @@ export async function monitorWecomProvider(
     }
 
     if (agent && agentConfigured) {
-      const path = matrixMode ? `/wecom/agent/${account.accountId}` : "/wecom/agent";
-      unregisters.push(
-        registerAgentWebhookTarget({
-          agent,
-          config: cfg,
-          runtime: ctx.runtime,
-          path,
-        }),
-      );
-      agentPath = path;
-      ctx.log?.info(`[${account.accountId}] wecom agent webhook registered at ${path}`);
+      const paths = resolveAgentRegistrationPaths({
+        accountId: account.accountId,
+        matrixMode,
+      });
+      for (const path of paths) {
+        unregisters.push(
+          registerAgentWebhookTarget({
+            agent,
+            config: cfg,
+            runtime: ctx.runtime,
+            path,
+          }),
+        );
+      }
+      agentPaths.push(...paths);
+      ctx.log?.info(`[${account.accountId}] wecom agent webhook registered at ${paths.join(", ")}`);
     }
 
-    accountRouteRegistry.set(account.accountId, { botPaths, agentPath });
+    accountRouteRegistry.set(account.accountId, { botPaths, agentPaths });
     const shouldLogSummary =
       expectedRouteSummaryAccountIds.length <= 1 ||
       expectedRouteSummaryAccountIds.every((accountId) => accountRouteRegistry.has(accountId));
@@ -180,8 +211,8 @@ export async function monitorWecomProvider(
       running: true,
       configured: true,
       webhookPath: botConfigured
-        ? (matrixMode ? `/wecom/bot/${account.accountId}` : "/wecom/bot")
-        : (matrixMode ? `/wecom/agent/${account.accountId}` : "/wecom/agent"),
+        ? (botPaths[0] ?? WEBHOOK_PATHS.BOT_PLUGIN)
+        : (agentPaths[0] ?? WEBHOOK_PATHS.AGENT_PLUGIN),
       lastStartAt: Date.now(),
     });
 

package/src/http.ts

@@ -57,13 +57,28 @@ export async function wecomFetch(input: string | URL, init?: RequestInit, opts?:
 
   const initSignal = init?.signal ?? undefined;
   const signal = mergeAbortSignal({ signal: opts?.signal ?? initSignal, timeoutMs: opts?.timeoutMs });
+  
+  const headers = new Headers(init?.headers ?? {});
+  if (!headers.has("User-Agent")) {
+    headers.set("User-Agent", "OpenClaw/2.0 (WeCom-Agent)");
+  }
+
   const nextInit: RequestInit & { dispatcher?: Dispatcher } = {
     ...(init ?? {}),
     ...(signal ? { signal } : {}),
     ...(dispatcher ? { dispatcher } : {}),
+    headers,
   };
 
-  return undiciFetch(input, nextInit as Parameters<typeof undiciFetch>[1]) as unknown as Promise<Response>;
+  try {
+    return await undiciFetch(input, nextInit as Parameters<typeof undiciFetch>[1]) as unknown as Response;
+  } catch (err: unknown) {
+    if (err instanceof Error && err.name === "TypeError" && err.message === "fetch failed") {
+      const cause = (err as any).cause;
+      console.error(`[wecom-http] fetch failed: ${input} (proxy: ${proxyUrl || "none"})${cause ? ` - cause: ${String(cause)}` : ""}`);
+    }
+    throw err;
+  }
 }
 
 /**
@@ -99,4 +114,3 @@ export async function readResponseBodyAsBuffer(res: Response, maxBytes?: number)
 
   return Buffer.concat(chunks.map((c) => Buffer.from(c)));
 }
-

package/src/media.test.ts

@@ -1,5 +1,5 @@
 import { describe, it, expect, vi } from "vitest";
-import { decryptWecomMedia } from "./media.js";
+import { decryptWecomMedia, decryptWecomMediaWithMeta } from "./media.js";
 import { WECOM_PKCS7_BLOCK_SIZE } from "./crypto.js";
 import crypto from "node:crypto";
 
@@ -52,4 +52,31 @@ describe("decryptWecomMedia", () => {
     it("should fail if key is invalid", async () => {
         await expect(decryptWecomMedia("http://url", "invalid-key")).rejects.toThrow();
     });
+
+    it("should return source metadata when using decryptWecomMediaWithMeta", async () => {
+        const aesKeyBase64 = "jWmYm7qr5nMoCAstdRmNjt3p7vsH8HkK+qiJqQ0aaaa=";
+        const aesKey = Buffer.from(aesKeyBase64 + "=", "base64");
+        const iv = aesKey.subarray(0, 16);
+        const originalData = Buffer.from("meta test", "utf8");
+        const padded = pkcs7Pad(originalData, WECOM_PKCS7_BLOCK_SIZE);
+        const cipher = crypto.createCipheriv("aes-256-cbc", aesKey, iv);
+        cipher.setAutoPadding(false);
+        const encrypted = Buffer.concat([cipher.update(padded), cipher.final()]);
+
+        undiciFetch.mockResolvedValue(
+            new Response(encrypted, {
+                status: 200,
+                headers: {
+                    "content-type": "application/octet-stream; charset=binary",
+                    "content-disposition": "attachment; filename*=UTF-8''report%20v1.docx",
+                },
+            }),
+        );
+
+        const decrypted = await decryptWecomMediaWithMeta("http://mock.url/media?id=1", aesKeyBase64);
+        expect(decrypted.buffer.toString("utf8")).toBe("meta test");
+        expect(decrypted.sourceContentType).toBe("application/octet-stream");
+        expect(decrypted.sourceFilename).toBe("report v1.docx");
+        expect(decrypted.sourceUrl).toBe("http://mock.url/media?id=1");
+    });
 });

package/src/media.ts

@@ -2,6 +2,41 @@ import crypto from "node:crypto";
 import { decodeEncodingAESKey, pkcs7Unpad, WECOM_PKCS7_BLOCK_SIZE } from "./crypto.js";
 import { readResponseBodyAsBuffer, wecomFetch, type WecomHttpOptions } from "./http.js";
 
+export type DecryptedWecomMedia = {
+    buffer: Buffer;
+    sourceContentType?: string;
+    sourceFilename?: string;
+    sourceUrl?: string;
+};
+
+function normalizeMime(contentType?: string | null): string | undefined {
+    const raw = String(contentType ?? "").trim();
+    if (!raw) return undefined;
+    return raw.split(";")[0]?.trim().toLowerCase() || undefined;
+}
+
+function extractFilenameFromContentDisposition(disposition?: string | null): string | undefined {
+    const raw = String(disposition ?? "").trim();
+    if (!raw) return undefined;
+
+    const star = raw.match(/filename\*\s*=\s*([^;]+)/i);
+    if (star?.[1]) {
+        const v = star[1].trim().replace(/^UTF-8''/i, "").replace(/^"(.*)"$/, "$1");
+        try {
+            const decoded = decodeURIComponent(v);
+            if (decoded.trim()) return decoded.trim();
+        } catch { /* ignore */ }
+        if (v.trim()) return v.trim();
+    }
+
+    const plain = raw.match(/filename\s*=\s*([^;]+)/i);
+    if (plain?.[1]) {
+        const v = plain[1].trim().replace(/^"(.*)"$/, "$1").trim();
+        if (v) return v;
+    }
+    return undefined;
+}
+
 /**
  * **decryptWecomMedia (解密企业微信媒体文件)**
  * 
@@ -28,11 +63,29 @@ export async function decryptWecomMediaWithHttp(
     encodingAESKey: string,
     params?: { maxBytes?: number; http?: WecomHttpOptions },
 ): Promise<Buffer> {
+    const decrypted = await decryptWecomMediaWithMeta(url, encodingAESKey, params);
+    return decrypted.buffer;
+}
+
+/**
+ * **decryptWecomMediaWithMeta (解密企业微信媒体并返回源信息)**
+ * 
+ * 在返回解密结果的同时，保留下载响应中的元信息（content-type / filename / final url），
+ * 供上层更准确地推断文件后缀和 MIME。
+ */
+export async function decryptWecomMediaWithMeta(
+    url: string,
+    encodingAESKey: string,
+    params?: { maxBytes?: number; http?: WecomHttpOptions },
+): Promise<DecryptedWecomMedia> {
     // 1. Download encrypted content
     const res = await wecomFetch(url, undefined, { ...params?.http, timeoutMs: params?.http?.timeoutMs ?? 15_000 });
     if (!res.ok) {
         throw new Error(`failed to download media: ${res.status}`);
     }
+    const sourceContentType = normalizeMime(res.headers.get("content-type"));
+    const sourceFilename = extractFilenameFromContentDisposition(res.headers.get("content-disposition"));
+    const sourceUrl = res.url || url;
     const encryptedData = await readResponseBodyAsBuffer(res, params?.maxBytes);
 
     // 2. Prepare Key and IV
@@ -51,5 +104,10 @@ export async function decryptWecomMediaWithHttp(
     // Note: Unlike msg bodies, usually removing PKCS#7 padding is enough for media files.
     // The Python SDK logic: pad_len = decrypted_data[-1]; decrypted_data = decrypted_data[:-pad_len]
     // Our pkcs7Unpad function does exactly this + validation.
-    return pkcs7Unpad(decryptedPadded, WECOM_PKCS7_BLOCK_SIZE);
+    return {
+        buffer: pkcs7Unpad(decryptedPadded, WECOM_PKCS7_BLOCK_SIZE),
+        sourceContentType,
+        sourceFilename,
+        sourceUrl,
+    };
 }

package/src/monitor.active.test.ts

@@ -28,7 +28,7 @@ function createMockRequest(bodyObj: any): IncomingMessage {
     const socket = new Socket();
     const req = new IncomingMessage(socket);
     req.method = "POST";
-    req.url = "/wecom?timestamp=123&nonce=456&signature=789";
+    req.url = "/plugins/wecom/bot/default?timestamp=123&nonce=456&signature=789";
     req.push(JSON.stringify(bodyObj));
     req.push(null);
     return req;
@@ -140,7 +140,7 @@ describe("Monitor Active Features", () => {
             } as any,
             runtime: { log: () => { } },
             core: mockCore,
-            path: "/wecom"
+            path: "/plugins/wecom/bot/default"
         });
     });
 
@@ -190,14 +190,17 @@ describe("Monitor Active Features", () => {
         undiciFetch.mockResolvedValue(new Response("ok", { status: 200 }));
         await sendActiveMessage(streamId, "Active Hello");
 
-        expect(undiciFetch).toHaveBeenCalledWith(
-            "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test-key",
+        expect(undiciFetch).toHaveBeenCalled();
+        const [url, init] = undiciFetch.mock.calls.at(-1)! as [string, RequestInit];
+        expect(url).toBe("https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=test-key");
+        expect(init).toEqual(
             expect.objectContaining({
                 method: "POST",
-                headers: expect.objectContaining({ "Content-Type": "application/json" }),
                 body: JSON.stringify({ msgtype: "text", text: { content: "Active Hello" } }),
             }),
         );
+        const headers = new Headers(init.headers);
+        expect(headers.get("content-type")).toBe("application/json");
     });
 
     it("should fallback non-image media to agent DM (and push a Chinese prompt)", async () => {
@@ -237,6 +240,6 @@ describe("Monitor Active Features", () => {
         expect(undiciFetch).toHaveBeenCalled();
     });
 
-    // 注：本机路径（/Users/... 或 /tmp/...）短路发图逻辑属于运行态特性，
+    // 注：本机路径（/Users/...、/tmp/...、/root/...、/home/...）短路发图逻辑属于运行态特性，
     // 单测在 fake timers + module singleton 状态下容易引入脆弱性；这里优先覆盖更关键的兜底链路与去重逻辑。
 });

package/src/monitor.integration.test.ts

@@ -21,7 +21,7 @@ function createMockRequest(bodyObj: any, query: URLSearchParams): IncomingMessag
     const socket = new Socket();
     const req = new IncomingMessage(socket);
     req.method = "POST";
-    req.url = `/wecom?${query.toString()}`;
+    req.url = `/plugins/wecom/bot/default?${query.toString()}`;
     req.push(JSON.stringify(bodyObj));
     req.push(null);
     return req;
@@ -108,7 +108,7 @@ describe("Monitor Integration: Inbound Image", () => {
             config: {} as any,
             runtime: { log: console.log, error: console.error },
             core: mockCore as any,
-            path: "/wecom"
+            path: "/plugins/wecom/bot/default"
         });
     });
 
@@ -198,6 +198,8 @@ describe("Monitor Integration: Inbound Image", () => {
         // Expect Context Injection
         expect(ctx.MediaPath).toBe("/tmp/saved-image.jpg");
         expect(ctx.MediaType).toBe("image/jpeg");
+        expect(ctx.Surface).toBe("wecom");
+        expect(ctx.OriginatingChannel).toBe("wecom");
 
         expect(undiciFetch).toHaveBeenCalledWith(
             imageUrl,