@yanhaidao/wecom 2.2.7 → 2.3.2

package/src/monitor.webhook.test.ts

@@ -5,21 +5,26 @@ import { describe, expect, it } from "vitest";
 
 import type { OpenClawConfig } from "openclaw/plugin-sdk";
 
-import type { ResolvedWecomAccount } from "./types.js";
+import type { ResolvedWecomAccount } from "./types/index.js";
 import { computeWecomMsgSignature, decryptWecomEncrypted, encryptWecomPlaintext } from "./crypto.js";
-import { handleWecomWebhookRequest, registerWecomWebhookTarget } from "./monitor.js";
+import { handleWecomWebhookRequest, registerAgentWebhookTarget, registerWecomWebhookTarget } from "./monitor.js";
 
 function createMockRequest(params: {
   method: "GET" | "POST";
   url: string;
   body?: unknown;
+  rawBody?: string;
 }): IncomingMessage {
   const socket = new Socket();
   const req = new IncomingMessage(socket);
   req.method = params.method;
   req.url = params.url;
   if (params.method === "POST") {
-    req.push(JSON.stringify(params.body ?? {}));
+    if (typeof params.rawBody === "string") {
+      req.push(params.rawBody);
+    } else {
+      req.push(JSON.stringify(params.body ?? {}));
+    }
   }
   req.push(null);
   return req;
@@ -227,6 +232,61 @@ describe("handleWecomWebhookRequest", () => {
     }
   });
 
+  it("skips bot callbacks with missing sender and returns empty ack", async () => {
+    const account: ResolvedWecomAccount = {
+      accountId: "default",
+      name: "Test",
+      enabled: true,
+      configured: true,
+      token,
+      encodingAESKey,
+      receiveId: "",
+      config: { webhookPath: "/hook", token, encodingAESKey },
+    };
+
+    const unregister = registerWecomWebhookTarget({
+      account,
+      config: {} as OpenClawConfig,
+      runtime: {},
+      core: {} as any,
+      path: "/hook",
+    });
+
+    try {
+      const timestamp = "1700000001";
+      const nonce = "nonce-missing-sender";
+      const plain = JSON.stringify({
+        msgid: "MSGID-MISSING-SENDER",
+        aibotid: "AIBOTID",
+        chattype: "single",
+        msgtype: "text",
+        text: { content: "hello" },
+      });
+      const encrypt = encryptWecomPlaintext({ encodingAESKey, receiveId: "", plaintext: plain });
+      const msg_signature = computeWecomMsgSignature({ token, timestamp, nonce, encrypt });
+
+      const req = createMockRequest({
+        method: "POST",
+        url: `/hook?msg_signature=${encodeURIComponent(msg_signature)}&timestamp=${encodeURIComponent(timestamp)}&nonce=${encodeURIComponent(nonce)}`,
+        body: { encrypt },
+      });
+      const res = createMockResponse();
+      const handled = await handleWecomWebhookRequest(req, res);
+      expect(handled).toBe(true);
+      expect(res._getStatusCode()).toBe(200);
+
+      const json = JSON.parse(res._getData()) as any;
+      const replyPlain = decryptWecomEncrypted({
+        encodingAESKey,
+        receiveId: "",
+        encrypt: json.encrypt,
+      });
+      expect(JSON.parse(replyPlain)).toEqual({});
+    } finally {
+      unregister();
+    }
+  });
+
   it("returns a queued stream for 2, and an ack stream for merged follow-ups", async () => {
     const token = "TOKEN";
     const encodingAESKey = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG";
@@ -308,4 +368,229 @@ describe("handleWecomWebhookRequest", () => {
       unregister();
     }
   });
+
+  it("routes matrix bot callback by explicit account path", async () => {
+    const token = "MATRIX-TOKEN";
+    const encodingAESKey = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG";
+
+    const unregisterA = registerWecomWebhookTarget({
+      account: {
+        accountId: "acct-a",
+        enabled: true,
+        configured: true,
+        token,
+        encodingAESKey,
+        receiveId: "",
+        config: {
+          token,
+          encodingAESKey,
+          streamPlaceholderContent: "A处理中",
+        } as any,
+      } as any,
+      config: { channels: { wecom: { accounts: {} } } } as OpenClawConfig,
+      runtime: {},
+      core: {} as any,
+      path: "/wecom/bot/acct-a",
+    });
+    const unregisterB = registerWecomWebhookTarget({
+      account: {
+        accountId: "acct-b",
+        enabled: true,
+        configured: true,
+        token,
+        encodingAESKey,
+        receiveId: "",
+        config: {
+          token,
+          encodingAESKey,
+          streamPlaceholderContent: "B处理中",
+        } as any,
+      } as any,
+      config: { channels: { wecom: { accounts: {} } } } as OpenClawConfig,
+      runtime: {},
+      core: {} as any,
+      path: "/wecom/bot/acct-b",
+    });
+
+    try {
+      const timestamp = "1700000999";
+      const nonce = "nonce-matrix";
+      const plain = JSON.stringify({
+        msgid: "MATRIX-MSG-1",
+        aibotid: "BOT_B",
+        chattype: "single",
+        from: { userid: "USERID_B" },
+        response_url: "RESPONSEURL",
+        msgtype: "text",
+        text: { content: "hello matrix" },
+      });
+      const encrypt = encryptWecomPlaintext({ encodingAESKey, receiveId: "", plaintext: plain });
+      const msg_signature = computeWecomMsgSignature({ token, timestamp, nonce, encrypt });
+      const req = createMockRequest({
+        method: "POST",
+        url: `/wecom/bot/acct-b?msg_signature=${encodeURIComponent(msg_signature)}&timestamp=${encodeURIComponent(timestamp)}&nonce=${encodeURIComponent(nonce)}`,
+        body: { encrypt },
+      });
+      const res = createMockResponse();
+      const handled = await handleWecomWebhookRequest(req, res);
+      expect(handled).toBe(true);
+      expect(res._getStatusCode()).toBe(200);
+
+      const json = JSON.parse(res._getData()) as any;
+      const replyPlain = decryptWecomEncrypted({
+        encodingAESKey,
+        receiveId: "",
+        encrypt: json.encrypt,
+      });
+      const reply = JSON.parse(replyPlain) as any;
+      expect(reply.stream?.content).toBe("B处理中");
+    } finally {
+      unregisterA();
+      unregisterB();
+    }
+  });
+
+  it("does not reject when aibotid mismatches configured value", async () => {
+    const token = "MATRIX-TOKEN-2";
+    const encodingAESKey = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG";
+    const unregister = registerWecomWebhookTarget({
+      account: {
+        accountId: "acct-a",
+        enabled: true,
+        configured: true,
+        token,
+        encodingAESKey,
+        receiveId: "",
+        config: {
+          token,
+          encodingAESKey,
+          aibotid: "BOT_ONLY",
+        } as any,
+      } as any,
+      config: { channels: { wecom: { accounts: {} } } } as OpenClawConfig,
+      runtime: {},
+      core: {} as any,
+      path: "/hook-matrix-mismatch",
+    });
+
+    try {
+      const timestamp = "1700001001";
+      const nonce = "nonce-matrix-mismatch";
+      const plain = JSON.stringify({
+        msgid: "MATRIX-MSG-2",
+        aibotid: "BOT_OTHER",
+        chattype: "single",
+        from: { userid: "USERID_X" },
+        response_url: "RESPONSEURL",
+        msgtype: "text",
+        text: { content: "hello mismatch" },
+      });
+      const encrypt = encryptWecomPlaintext({ encodingAESKey, receiveId: "", plaintext: plain });
+      const msg_signature = computeWecomMsgSignature({ token, timestamp, nonce, encrypt });
+      const req = createMockRequest({
+        method: "POST",
+        url: `/hook-matrix-mismatch?msg_signature=${encodeURIComponent(msg_signature)}&timestamp=${encodeURIComponent(timestamp)}&nonce=${encodeURIComponent(nonce)}`,
+        body: { encrypt },
+      });
+      const res = createMockResponse();
+      const handled = await handleWecomWebhookRequest(req, res);
+      expect(handled).toBe(true);
+      expect(res._getStatusCode()).toBe(200);
+    } finally {
+      unregister();
+    }
+  });
+
+  it("rejects legacy bot path when matrix explicit routes are registered", async () => {
+    const token = "MATRIX-TOKEN-3";
+    const encodingAESKey = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG";
+    const unregister = registerWecomWebhookTarget({
+      account: {
+        accountId: "acct-a",
+        enabled: true,
+        configured: true,
+        token,
+        encodingAESKey,
+        receiveId: "",
+        config: { token, encodingAESKey } as any,
+      } as any,
+      config: { channels: { wecom: { accounts: { "acct-a": { bot: {} } } } } } as OpenClawConfig,
+      runtime: {},
+      core: {} as any,
+      path: "/wecom/bot/acct-a",
+    });
+    try {
+      const req = createMockRequest({
+        method: "GET",
+        url: "/wecom/bot?timestamp=t&nonce=n&msg_signature=s&echostr=e",
+      });
+      const res = createMockResponse();
+      const handled = await handleWecomWebhookRequest(req, res);
+      expect(handled).toBe(true);
+      expect(res._getStatusCode()).toBe(401);
+      expect(JSON.parse(res._getData())).toMatchObject({
+        error: "wecom_matrix_path_required",
+      });
+    } finally {
+      unregister();
+    }
+  });
+
+  it("returns account conflict for agent GET verification when multiple accounts share token", async () => {
+    const token = "AGENT-TOKEN";
+    const timestamp = "1700002001";
+    const nonce = "nonce-agent";
+    const echostr = "ECHOSTR";
+    const signature = computeWecomMsgSignature({ token, timestamp, nonce, encrypt: echostr });
+
+    const unregisterA = registerAgentWebhookTarget({
+      agent: {
+        accountId: "agent-a",
+        enabled: true,
+        configured: true,
+        corpId: "corp-a",
+        corpSecret: "secret-a",
+        agentId: 1001,
+        token,
+        encodingAESKey: "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG",
+        config: {} as any,
+      },
+      config: { channels: { wecom: { accounts: {} } } } as OpenClawConfig,
+      runtime: {},
+      path: "/wecom/agent",
+    } as any);
+    const unregisterB = registerAgentWebhookTarget({
+      agent: {
+        accountId: "agent-b",
+        enabled: true,
+        configured: true,
+        corpId: "corp-b",
+        corpSecret: "secret-b",
+        agentId: 1002,
+        token,
+        encodingAESKey: "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG",
+        config: {} as any,
+      },
+      config: { channels: { wecom: { accounts: {} } } } as OpenClawConfig,
+      runtime: {},
+      path: "/wecom/agent",
+    } as any);
+
+    try {
+      const req = createMockRequest({
+        method: "GET",
+        url: `/wecom/agent?msg_signature=${encodeURIComponent(signature)}&timestamp=${encodeURIComponent(timestamp)}&nonce=${encodeURIComponent(nonce)}&echostr=${encodeURIComponent(echostr)}`,
+      });
+      const res = createMockResponse();
+      const handled = await handleWecomWebhookRequest(req, res);
+      expect(handled).toBe(true);
+      expect(res._getStatusCode()).toBe(401);
+      expect(JSON.parse(res._getData())).toMatchObject({
+        error: "wecom_account_conflict",
+      });
+    } finally {
+      unregisterA();
+      unregisterB();
+    }
+  });
 });

package/src/outbound.test.ts

@@ -19,6 +19,38 @@ describe("wecomOutbound", () => {
     ).rejects.toThrow(/Agent mode/i);
   });
 
+  it("throws explicit error when outbound accountId does not exist", async () => {
+    const { wecomOutbound } = await import("./outbound.js");
+    const cfg = {
+      channels: {
+        wecom: {
+          enabled: true,
+          defaultAccount: "acct-a",
+          accounts: {
+            "acct-a": {
+              enabled: true,
+              agent: {
+                corpId: "corp-a",
+                corpSecret: "secret-a",
+                agentId: 10001,
+                token: "token-a",
+                encodingAESKey: "aes-a",
+              },
+            },
+          },
+        },
+      },
+    };
+    await expect(
+      wecomOutbound.sendText({
+        cfg,
+        accountId: "acct-missing",
+        to: "user:zhangsan",
+        text: "hello",
+      } as any),
+    ).rejects.toThrow(/account "acct-missing" not found/i);
+  });
+
   it("routes sendText to agent chatId/userid", async () => {
     const { wecomOutbound } = await import("./outbound.js");
     const api = await import("./agent/api-client.js");
@@ -140,4 +172,102 @@ describe("wecomOutbound", () => {
 
     now.mockRestore();
   });
+
+  it("uses account-scoped agent config in matrix mode", async () => {
+    const { wecomOutbound } = await import("./outbound.js");
+    const api = await import("./agent/api-client.js");
+    (api.sendText as any).mockResolvedValue(undefined);
+    (api.sendText as any).mockClear();
+
+    const cfg = {
+      channels: {
+        wecom: {
+          enabled: true,
+          defaultAccount: "acct-a",
+          accounts: {
+            "acct-a": {
+              enabled: true,
+              agent: {
+                corpId: "corp-a",
+                corpSecret: "secret-a",
+                agentId: 10001,
+                token: "token-a",
+                encodingAESKey: "aes-a",
+              },
+            },
+            "acct-b": {
+              enabled: true,
+              agent: {
+                corpId: "corp-b",
+                corpSecret: "secret-b",
+                agentId: 10002,
+                token: "token-b",
+                encodingAESKey: "aes-b",
+              },
+            },
+          },
+        },
+      },
+    };
+
+    await wecomOutbound.sendText({
+      cfg,
+      accountId: "acct-b",
+      to: "user:lisi",
+      text: "hello b",
+    } as any);
+    expect(api.sendText).toHaveBeenCalledWith(
+      expect.objectContaining({
+        toUser: "lisi",
+        agent: expect.objectContaining({
+          accountId: "acct-b",
+          agentId: 10002,
+          corpId: "corp-b",
+        }),
+      }),
+    );
+  });
+
+  it("rejects outbound when target account has matrix conflict", async () => {
+    const { wecomOutbound } = await import("./outbound.js");
+    const cfg = {
+      channels: {
+        wecom: {
+          enabled: true,
+          defaultAccount: "acct-a",
+          accounts: {
+            "acct-a": {
+              enabled: true,
+              agent: {
+                corpId: "corp-shared",
+                corpSecret: "secret-a",
+                agentId: 10001,
+                token: "token-a",
+                encodingAESKey: "aes-a",
+              },
+            },
+            "acct-b": {
+              enabled: true,
+              agent: {
+                corpId: "corp-shared",
+                corpSecret: "secret-b",
+                agentId: 10001,
+                token: "token-b",
+                encodingAESKey: "aes-b",
+              },
+            },
+          },
+        },
+      },
+    };
+
+    await expect(
+      wecomOutbound.sendText({
+        cfg,
+        accountId: "acct-b",
+        to: "user:lisi",
+        text: "hello",
+      } as any),
+    ).rejects.toThrow(/duplicate wecom agent identity/i);
+  });
 });

package/src/outbound.ts

@@ -1,20 +1,49 @@
 import type { ChannelOutboundAdapter, ChannelOutboundContext } from "openclaw/plugin-sdk";
 
 import { sendText as sendAgentText, sendMedia as sendAgentMedia, uploadMedia } from "./agent/api-client.js";
-import { resolveWecomAccounts } from "./config/index.js";
+import { resolveWecomAccount, resolveWecomAccountConflict, resolveWecomAccounts } from "./config/index.js";
 import { getWecomRuntime } from "./runtime.js";
 
 import { resolveWecomTarget } from "./target.js";
 
-function resolveAgentConfigOrThrow(cfg: ChannelOutboundContext["cfg"]) {
-  const account = resolveWecomAccounts(cfg).agent;
+function resolveAgentConfigOrThrow(params: {
+  cfg: ChannelOutboundContext["cfg"];
+  accountId?: string | null;
+}) {
+  const resolvedAccounts = resolveWecomAccounts(params.cfg);
+  const conflictAccountId = params.accountId?.trim() || resolvedAccounts.defaultAccountId;
+  const conflict = resolveWecomAccountConflict({
+    cfg: params.cfg,
+    accountId: conflictAccountId,
+  });
+  if (conflict) {
+    throw new Error(conflict.message);
+  }
+
+  const requestedAccountId = params.accountId?.trim();
+  if (requestedAccountId) {
+    if (!resolvedAccounts.accounts[requestedAccountId]) {
+      throw new Error(
+        `WeCom outbound account "${requestedAccountId}" not found. Configure channels.wecom.accounts.${requestedAccountId} or use an existing accountId.`,
+      );
+    }
+  }
+  const account = resolveWecomAccount({
+    cfg: params.cfg,
+    accountId: params.accountId,
+  }).agent;
   if (!account?.configured) {
     throw new Error(
-      "WeCom outbound requires Agent mode. Configure channels.wecom.agent (corpId/corpSecret/agentId/token/encodingAESKey).",
+      `WeCom outbound requires Agent mode for account=${params.accountId ?? "default"}. Configure channels.wecom.accounts.<accountId>.agent (or legacy channels.wecom.agent).`,
+    );
+  }
+  if (typeof account.agentId !== "number" || !Number.isFinite(account.agentId)) {
+    throw new Error(
+      `WeCom outbound requires channels.wecom.accounts.<accountId>.agent.agentId (or legacy channels.wecom.agent.agentId) for account=${params.accountId ?? account.accountId}.`,
     );
   }
   // 注意：不要在日志里输出 corpSecret 等敏感信息
-  console.log(`[wecom-outbound] Using agent config: corpId=${account.corpId}, agentId=${account.agentId}`);
+  console.log(`[wecom-outbound] Using agent config: accountId=${account.accountId}, corpId=${account.corpId}, agentId=${account.agentId}`);
   return account;
 }
 
@@ -29,10 +58,10 @@ export const wecomOutbound: ChannelOutboundAdapter = {
       return [text];
     }
   },
-  sendText: async ({ cfg, to, text }: ChannelOutboundContext) => {
+  sendText: async ({ cfg, to, text, accountId }: ChannelOutboundContext) => {
     // signal removed - not supported in current SDK
 
-    const agent = resolveAgentConfigOrThrow(cfg);
+    const agent = resolveAgentConfigOrThrow({ cfg, accountId });
     const target = resolveWecomTarget(to);
     if (!target) {
       throw new Error("WeCom outbound requires a target (userid, partyid, tagid or chatid).");
@@ -98,10 +127,10 @@ export const wecomOutbound: ChannelOutboundAdapter = {
       timestamp: Date.now(),
     };
   },
-  sendMedia: async ({ cfg, to, text, mediaUrl }: ChannelOutboundContext) => {
+  sendMedia: async ({ cfg, to, text, mediaUrl, accountId }: ChannelOutboundContext) => {
     // signal removed - not supported in current SDK
 
-    const agent = resolveAgentConfigOrThrow(cfg);
+    const agent = resolveAgentConfigOrThrow({ cfg, accountId });
     const target = resolveWecomTarget(to);
     if (!target) {
       throw new Error("WeCom outbound requires a target (userid, partyid, tagid or chatid).");
@@ -149,6 +178,12 @@ export const wecomOutbound: ChannelOutboundAdapter = {
         amr: "audio/amr", mp4: "video/mp4", pdf: "application/pdf", doc: "application/msword",
         docx: "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
         xls: "application/vnd.ms-excel", xlsx: "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+        ppt: "application/vnd.ms-powerpoint", pptx: "application/vnd.openxmlformats-officedocument.presentationml.presentation",
+        txt: "text/plain", csv: "text/csv", tsv: "text/tab-separated-values", md: "text/markdown", json: "application/json",
+        xml: "application/xml", yaml: "application/yaml", yml: "application/yaml",
+        zip: "application/zip", rar: "application/vnd.rar", "7z": "application/x-7z-compressed",
+        tar: "application/x-tar", gz: "application/gzip", tgz: "application/gzip",
+        rtf: "application/rtf", odt: "application/vnd.oasis.opendocument.text",
       };
       contentType = mimeTypes[ext] || "application/octet-stream";
       console.log(`[wecom-outbound] Reading local file: ${mediaUrl}, ext=${ext}, contentType=${contentType}`);

package/src/shared/command-auth.ts

@@ -1,6 +1,8 @@
 import type { OpenClawConfig, PluginRuntime } from "openclaw/plugin-sdk";
 
-import type { WecomAccountConfig } from "../types.js";
+import type { WecomAgentConfig, WecomBotConfig } from "../types/index.js";
+
+type WecomCommandAuthAccountConfig = Pick<WecomBotConfig, "dm"> | Pick<WecomAgentConfig, "dm">;
 
 function normalizeWecomAllowFromEntry(raw: string): string {
   return raw
@@ -22,7 +24,7 @@ function isWecomSenderAllowed(senderUserId: string, allowFrom: string[]): boolea
 export async function resolveWecomCommandAuthorization(params: {
   core: PluginRuntime;
   cfg: OpenClawConfig;
-  accountConfig: WecomAccountConfig;
+  accountConfig: WecomCommandAuthAccountConfig;
   rawBody: string;
   senderUserId: string;
 }): Promise<{

package/src/shared/xml-parser.test.ts

@@ -1,6 +1,6 @@
 import { describe, expect, test } from "vitest";
 
-import { extractContent, extractMediaId, extractMsgId } from "./xml-parser.js";
+import { extractContent, extractFromUser, extractMediaId, extractMsgId, parseXml } from "./xml-parser.js";
 
 describe("wecom xml-parser", () => {
   test("extractContent is robust to non-string Content", () => {
@@ -27,4 +27,24 @@ describe("wecom xml-parser", () => {
     const msg: any = { MsgId: 123456789 };
     expect(extractMsgId(msg)).toBe("123456789");
   });
+
+  test("parseXml preserves leading zero userid in FromUserName", () => {
+    const xml = `
+      <xml>
+        <FromUserName><![CDATA[0254571]]></FromUserName>
+      </xml>
+    `;
+    const msg = parseXml(xml);
+    expect(extractFromUser(msg)).toBe("0254571");
+  });
+
+  test("parseXml preserves 64-bit MsgId as string", () => {
+    const xml = `
+      <xml>
+        <MsgId>1234567890123456</MsgId>
+      </xml>
+    `;
+    const msg = parseXml(xml);
+    expect(extractMsgId(msg)).toBe("1234567890123456");
+  });
 });

package/src/shared/xml-parser.ts

@@ -10,6 +10,8 @@ const xmlParser = new XMLParser({
     ignoreAttributes: false,
     trimValues: true,
     processEntities: false,
+    parseTagValue: false,
+    parseAttributeValue: false,
 });
 
 /**
@@ -72,6 +74,22 @@ export function extractChatId(msg: WecomAgentInboundMessage): string | undefined
     return msg.ChatId ? String(msg.ChatId) : undefined;
 }
 
+/**
+ * 从 XML 中提取 AgentID（兼容 AgentID/agentid 等大小写）
+ */
+export function extractAgentId(msg: WecomAgentInboundMessage): string | number | undefined {
+    const raw =
+        (msg as any).AgentID ??
+        (msg as any).AgentId ??
+        (msg as any).agentid ??
+        (msg as any).agentId;
+    if (raw == null) return undefined;
+    if (typeof raw === "string") return raw.trim() || undefined;
+    if (typeof raw === "number") return raw;
+    const asString = String(raw).trim();
+    return asString || undefined;
+}
+
 /**
  * 从 XML 中提取消息内容
  */