npm - @yoooclaw/phone-notifications - Versions diffs - 1.11.10 → 1.11.13 - Mend

@yoooclaw/phone-notifications 1.11.10 → 1.11.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.cjs CHANGED Viewed

@@ -5574,7 +5574,7 @@ function readBuildInjectedVersion() {
   if (false) {
     return void 0;
   }
-  const version = "1.11.10".trim();
+  const version = "1.11.13".trim();
   return version || void 0;
 }
 function readPluginVersionFromPackageJson() {
@@ -12303,19 +12303,72 @@ var import_websocket = __toESM(require_websocket(), 1);
 var import_websocket_server = __toESM(require_websocket_server(), 1);
 var wrapper_default = import_websocket.default;
-// src/tunnel/relay-client.ts
-function previewText(text, max = 500) {
+// src/tunnel/utils.ts
+function previewText(text, max = 200) {
+  if (!text) return "";
   return text.length <= max ? text : `${text.substring(0, max)}\u2026`;
 }
-var HANDSHAKE_TIMEOUT_MS = 15e3;
-var CONNECT_WATCHDOG_MS = 2e4;
 function maskSecret(value) {
   if (!value) return "empty";
   if (value.length <= 8) {
-    return `${value.slice(0, 2)}\u2026${value.slice(-2)}`;
+    return `${value.slice(0, 2)}...${value.slice(-2)}`;
+  }
+  return `${value.slice(0, 4)}...${value.slice(-4)}`;
+}
+function redactUrlSecrets(rawUrl) {
+  try {
+    const url = new URL(rawUrl);
+    for (const key of ["apiKey", "token", "access_token"]) {
+      const value = url.searchParams.get(key);
+      if (value) {
+        url.searchParams.set(key, maskSecret(value));
+      }
+    }
+    return url.toString();
+  } catch {
+    return rawUrl.replace(
+      /([?&](?:apiKey|token|access_token)=)([^&]+)/gi,
+      (_match, prefix, value) => {
+        let decoded = value;
+        try {
+          decoded = decodeURIComponent(value);
+        } catch {
+        }
+        return `${prefix}${maskSecret(decoded)}`;
+      }
+    );
+  }
+}
+function findHeaderValue(headers, key) {
+  if (!headers) return void 0;
+  const lowerKey = key.toLowerCase();
+  for (const [headerKey, headerValue] of Object.entries(headers)) {
+    if (headerKey.toLowerCase() === lowerKey) {
+      return headerValue;
+    }
   }
-  return `${value.slice(0, 4)}\u2026${value.slice(-4)}`;
+  return void 0;
 }
+function summarizeRequestHeaders(headers) {
+  const contentType = findHeaderValue(headers, "content-type");
+  const requestId = findHeaderValue(headers, "x-request-id");
+  const parts = [];
+  if (contentType) {
+    parts.push(`contentType=${contentType}`);
+  }
+  if (requestId) {
+    parts.push(`xRequestId=${previewText(requestId, 120)}`);
+  }
+  return parts.length ? `, ${parts.join(", ")}` : "";
+}
+// src/tunnel/relay-client.ts
+function previewText2(text, max = 500) {
+  return text.length <= max ? text : `${text.substring(0, max)}\u2026`;
+}
+var HANDSHAKE_TIMEOUT_MS = 15e3;
+var CONNECT_WATCHDOG_MS = 2e4;
+var SEND_SKIPPED_LOG_INTERVAL_MS = 3e4;
 var RelayClient = class {
   constructor(opts) {
     this.opts = opts;
@@ -12329,6 +12382,8 @@ var RelayClient = class {
   aborted = false;
   lastInboundAt = 0;
   stopPromise = null;
+  skippedSendLogLastAt = null;
+  skippedSendLogSuppressed = 0;
   /** 写连接状态到磁盘 */
   writeStatus(state, lastDisconnectReason) {
     if (!this.opts.statusFilePath) return;
@@ -12432,9 +12487,7 @@ var RelayClient = class {
       );
       this.ws.send(payload);
     } else {
-      this.opts.logger.warn(
-        `Relay tunnel: \u25B6 send skipped, ws not open (readyState=${this.ws?.readyState ?? "null"}), frame type=${frame.type}`
-      );
+      this.logSendSkipped("send", `frame type=${frame.type}`);
     }
   }
   /** 原样透传文本到 Relay（用于 Gateway WS 响应直接回传） */
@@ -12445,9 +12498,7 @@ var RelayClient = class {
       );
       this.ws.send(text);
     } else {
-      this.opts.logger.warn(
-        `Relay tunnel: \u25B6 sendRaw skipped, ws not open (readyState=${this.ws?.readyState ?? "null"})`
-      );
+      this.logSendSkipped("sendRaw");
     }
   }
   /** 启动连接，带自动重连，直到 abortSignal 触发 */
@@ -12473,7 +12524,7 @@ var RelayClient = class {
     this.cleanup(true);
     const rawApiKey = this.opts.apiKey.startsWith("Bearer ") ? this.opts.apiKey.slice("Bearer ".length) : this.opts.apiKey;
     this.opts.logger.info(
-      `Relay tunnel: connecting to ${this.opts.tunnelUrl} (attempt=${this.reconnectAttempt}, heartbeat=${this.opts.heartbeatSec}s, apiKey=${maskSecret(rawApiKey)})`
+      `Relay tunnel: connecting to ${redactUrlSecrets(this.opts.tunnelUrl)} (attempt=${this.reconnectAttempt}, heartbeat=${this.opts.heartbeatSec}s, apiKey=${maskSecret(rawApiKey)})`
     );
     this.writeStatus("connecting");
     return new Promise((resolve) => {
@@ -12567,7 +12618,7 @@ var RelayClient = class {
         const reasonStr = reason.toString();
         const lastInboundAgoMs = this.lastInboundAt ? Date.now() - this.lastInboundAt : null;
         const isCurrentSocket = this.ws === ws;
-        const logMessage = `Relay tunnel: disconnected (code=${code}, reason=${previewText(reasonStr, 200)}, lastInboundAgoMs=${lastInboundAgoMs ?? "N/A"}, reconnectAttempt=${this.reconnectAttempt})`;
+        const logMessage = `Relay tunnel: disconnected (code=${code}, reason=${previewText2(reasonStr, 200)}, lastInboundAgoMs=${lastInboundAgoMs ?? "N/A"}, reconnectAttempt=${this.reconnectAttempt})`;
         if (this.aborted || !isCurrentSocket) {
           this.opts.logger.info(logMessage);
         } else {
@@ -12582,11 +12633,12 @@ var RelayClient = class {
         settle();
       });
       ws.on("error", (err2) => {
+        clearConnectWatchdog();
         this.opts.logger.error(
-          `Relay tunnel: WebSocket error: ${err2.message} (readyState=${ws.readyState}, reconnectAttempt=${this.reconnectAttempt}, url=${wsUrl.toString()})`
+          `Relay tunnel: WebSocket error: ${err2.message} (readyState=${ws.readyState}, reconnectAttempt=${this.reconnectAttempt}, url=${redactUrlSecrets(wsUrl.toString())})`
         );
         if (this.ws === ws) {
-          this.scheduleReconnect();
+          this.forceReconnectFromSocket(ws, `error: ${err2.message}`);
         }
         settle();
       });
@@ -12608,14 +12660,14 @@ var RelayClient = class {
       return;
     }
     this.opts.logger.info(
-      `Relay tunnel: \u2605 received message (${text.length} chars): ${previewText(text)}`
+      `Relay tunnel: \u2605 received message (${text.length} chars): ${previewText2(text)}`
     );
     let frame;
     try {
       frame = JSON.parse(text);
     } catch {
       this.opts.logger.warn(
-        `Relay tunnel: received invalid frame, ignoring (preview=${previewText(text, 200)})`
+        `Relay tunnel: received invalid frame, ignoring (preview=${previewText2(text, 200)})`
       );
       return;
     }
@@ -12651,7 +12703,8 @@ var RelayClient = class {
     return this.opts.heartbeatSec * 3 * 1e3;
   }
   sendHeartbeat() {
-    if (this.ws?.readyState !== wrapper_default.OPEN) {
+    const ws = this.ws;
+    if (ws?.readyState !== wrapper_default.OPEN) {
       return;
     }
     const idleMs = Date.now() - this.lastInboundAt;
@@ -12660,19 +12713,16 @@ var RelayClient = class {
       this.opts.logger.warn(
         `Relay tunnel: heartbeat timeout, no inbound activity for ${idleMs}ms (threshold=${timeoutMs}ms)`
       );
-      try {
-        this.ws.terminate();
-      } catch {
-      }
+      this.forceReconnectFromSocket(ws, `heartbeat-timeout idleMs=${idleMs}`);
       return;
     }
     this.opts.logger.info('Relay tunnel: \u2192 heartbeat "ping"');
     try {
-      this.ws.send("ping");
+      ws.send("ping");
     } catch {
     }
     try {
-      this.ws.ping();
+      ws.ping();
     } catch {
     }
   }
@@ -12700,6 +12750,34 @@ var RelayClient = class {
       this.ws = null;
     }
   }
+  forceReconnectFromSocket(ws, reason) {
+    if (this.aborted || this.ws !== ws) return;
+    this.stopHeartbeat();
+    this.ws = null;
+    this.writeStatus("disconnected", reason);
+    this.scheduleReconnect();
+    try {
+      if (ws.readyState !== wrapper_default.CLOSED) {
+        ws.terminate();
+      }
+    } catch {
+    }
+  }
+  logSendSkipped(kind, detail) {
+    const now = Date.now();
+    const shouldLog = this.skippedSendLogLastAt === null || now - this.skippedSendLogLastAt >= SEND_SKIPPED_LOG_INTERVAL_MS;
+    if (!shouldLog) {
+      this.skippedSendLogSuppressed++;
+      return;
+    }
+    const suppressedSuffix = this.skippedSendLogSuppressed > 0 ? `, suppressed=${this.skippedSendLogSuppressed}` : "";
+    const detailSuffix = detail ? `, ${detail}` : "";
+    this.opts.logger.warn(
+      `Relay tunnel: \u25B6 ${kind} skipped, ws not open (readyState=${this.ws?.readyState ?? "null"}${detailSuffix}${suppressedSuffix})`
+    );
+    this.skippedSendLogLastAt = now;
+    this.skippedSendLogSuppressed = 0;
+  }
   scheduleReconnect() {
     if (this.aborted) return;
     if (this.reconnectTimer) {
@@ -12727,36 +12805,6 @@ var RelayClient = class {
 // src/tunnel/proxy.ts
 var import_node_crypto5 = require("crypto");
-// src/tunnel/utils.ts
-function previewText2(text, max = 200) {
-  if (!text) return "";
-  return text.length <= max ? text : `${text.substring(0, max)}\u2026`;
-}
-function findHeaderValue(headers, key) {
-  if (!headers) return void 0;
-  const lowerKey = key.toLowerCase();
-  for (const [headerKey, headerValue] of Object.entries(headers)) {
-    if (headerKey.toLowerCase() === lowerKey) {
-      return headerValue;
-    }
-  }
-  return void 0;
-}
-function summarizeRequestHeaders(headers) {
-  const contentType = findHeaderValue(headers, "content-type");
-  const requestId = findHeaderValue(headers, "x-request-id");
-  const parts = [];
-  if (contentType) {
-    parts.push(`contentType=${contentType}`);
-  }
-  if (requestId) {
-    parts.push(`xRequestId=${previewText2(requestId, 120)}`);
-  }
-  return parts.length ? `, ${parts.join(", ")}` : "";
-}
-// src/tunnel/proxy.ts
 init_host();
 // src/tunnel/device-identity.ts
@@ -12985,18 +13033,17 @@ async function handleHttpRequest(opts, frame) {
   const mappedPath = mapPath(frame.path);
   const url = new URL(mappedPath, opts.gatewayBaseUrl);
   const startedAtMs = Date.now();
-  const trustedProxyHeaderLower = opts.gatewayTrustedProxyHeader?.trim().toLowerCase();
   const localHeaders = {};
   for (const [k, v] of Object.entries(frame.headers ?? {})) {
     const lower = k.toLowerCase();
-    if (lower === "authorization" || lower === "x-openclaw-password") continue;
-    if (trustedProxyHeaderLower && lower === trustedProxyHeaderLower) continue;
-    localHeaders[k] = v;
+    if (lower !== "authorization" && lower !== "x-openclaw-password") {
+      localHeaders[k] = v;
+    }
   }
   localHeaders[RELAY_INTERNAL_HTTP_HEADER] = "1";
   const authAttempts = buildLocalGatewayAuthAttempts(opts, localHeaders);
   opts.logger.info(
-    `TunnelProxy: HTTP id=${frame.id} ${frame.method} ${frame.path} \u2192 ${url.toString()}${summarizeRequestHeaders(frame.headers)}, authAttempts=${authAttempts.map((a) => a.label).join(" -> ")}, body=${previewText2(frame.body)}`
+    `TunnelProxy: HTTP id=${frame.id} ${frame.method} ${frame.path} \u2192 ${url.toString()}${summarizeRequestHeaders(frame.headers)}, authAttempts=${authAttempts.map((a) => a.label).join(" -> ")}, body=${previewText(frame.body)}`
   );
   try {
     for (let attemptIndex = 0; attemptIndex < authAttempts.length; attemptIndex++) {
@@ -13013,7 +13060,7 @@ async function handleHttpRequest(opts, frame) {
       if (res.status === 401 && hasFallback) {
         const body = await res.text();
         opts.logger.warn(
-          `TunnelProxy: HTTP id=${frame.id} local gateway auth via ${attempt.label} returned 401 after ${Date.now() - startedAtMs}ms, retrying next credential${body ? `, body=${previewText2(body)}` : ""}`
+          `TunnelProxy: HTTP id=${frame.id} local gateway auth via ${attempt.label} returned 401 after ${Date.now() - startedAtMs}ms, retrying next credential${body ? `, body=${previewText(body)}` : ""}`
         );
         continue;
       }
@@ -13054,7 +13101,7 @@ async function sendHttpResponse(opts, params) {
   }
   const body = await res.text();
   opts.logger.info(
-    `TunnelProxy: HTTP id=${frameId} response body=${previewText2(body)}`
+    `TunnelProxy: HTTP id=${frameId} response body=${previewText(body)}`
   );
   const headers = {};
   res.headers.forEach((value, key) => {
@@ -13438,16 +13485,6 @@ var TunnelProxy = class {
       `TunnelProxy: cleared stale stored device token after gateway mismatch (deviceId=${this.deviceIdentity.deviceId})`
     );
   }
-  /**
-   * 当 Gateway 处于 trusted-proxy 模式时，构造注入到本地连接的 user header。
-   * 其他模式或参数未配齐时返回 undefined，本地用户保持原握手路径不受影响。
-   */
-  buildTrustedProxyHeaders() {
-    const headerName = this.opts.gatewayTrustedProxyHeader?.trim();
-    const headerValue = this.opts.gatewayTrustedProxyUser?.trim();
-    if (!headerName || !headerValue) return void 0;
-    return { [headerName]: headerValue };
-  }
   async maybeAutoApproveGatewayPairing(frame) {
     const errorCode = typeof frame?.error?.code === "string" ? frame.error.code : void 0;
     const detailsCode = typeof frame?.error?.details?.code === "string" ? frame.error.details.code : void 0;
@@ -13618,12 +13655,10 @@ var TunnelProxy = class {
     this.gatewayWsConnecting = true;
     this.gatewayWsReady = false;
     const wsUrl = this.opts.gatewayBaseUrl.replace(/^http/, "ws");
-    const trustedProxyHeaders = this.buildTrustedProxyHeaders();
-    const trustedProxyHint = trustedProxyHeaders ? `, trustedProxyHeader=${Object.keys(trustedProxyHeaders)[0]}` : "";
     this.opts.logger.info(
-      `TunnelProxy: RPC WS connecting to gateway ${wsUrl} (pending=${this.gatewayWsPending.length}${trustedProxyHint})`
+      `TunnelProxy: RPC WS connecting to gateway ${wsUrl} (pending=${this.gatewayWsPending.length})`
     );
-    const ws = trustedProxyHeaders ? new wrapper_default(wsUrl, { headers: trustedProxyHeaders }) : new wrapper_default(wsUrl);
+    const ws = new wrapper_default(wsUrl);
     ws.on("open", () => {
       this.gatewayWs = ws;
       this.opts.logger.info(
@@ -13691,7 +13726,7 @@ var TunnelProxy = class {
           return;
         }
         this.opts.logger.error(
-          `TunnelProxy: RPC WS handshake failed (pending=${this.gatewayWsPending.length}): ${previewText2(JSON.stringify(frame.error), 500)}`
+          `TunnelProxy: RPC WS handshake failed (pending=${this.gatewayWsPending.length}): ${previewText(JSON.stringify(frame.error), 500)}`
         );
         ws.close();
         return;
@@ -13867,7 +13902,7 @@ function createTunnelService(opts) {
           JSON.stringify({
             pid: process.pid,
             startedAt: (/* @__PURE__ */ new Date()).toISOString(),
-            tunnelUrl: opts.tunnelUrl
+            tunnelUrl: redactUrlSecrets(opts.tunnelUrl)
           }) + "\n"
         );
         lockFilePath = filePath;
@@ -13933,7 +13968,7 @@ function createTunnelService(opts) {
       const { logger } = opts;
       const baseStateDir = (0, import_node_path24.join)(ctx.stateDir, "plugins", "phone-notifications");
       logger.info(
-        `Relay tunnel: starting (pid=${process.pid}, url=${opts.tunnelUrl}, heartbeat=${opts.heartbeatSec ?? DEFAULT_HEARTBEAT_SEC}s, backoff=${opts.reconnectBackoffMs ?? DEFAULT_RECONNECT_BACKOFF_MS}ms, gateway=${opts.gatewayBaseUrl}, hasGatewayToken=${!!opts.gatewayToken}, hasGatewayPwd=${!!opts.gatewayPassword})`
+        `Relay tunnel: starting (pid=${process.pid}, url=${redactUrlSecrets(opts.tunnelUrl)}, heartbeat=${opts.heartbeatSec ?? DEFAULT_HEARTBEAT_SEC}s, backoff=${opts.reconnectBackoffMs ?? DEFAULT_RECONNECT_BACKOFF_MS}ms, gateway=${opts.gatewayBaseUrl}, hasGatewayToken=${!!opts.gatewayToken}, hasGatewayPwd=${!!opts.gatewayPassword})`
       );
       const statusFilePath = (0, import_node_path24.join)(baseStateDir, "tunnel-status.json");
       const lockPath = (0, import_node_path24.join)(baseStateDir, "relay-tunnel.lock");
@@ -13956,8 +13991,6 @@ function createTunnelService(opts) {
           gatewayAuthMode: opts.gatewayAuthMode,
           gatewayToken: opts.gatewayToken,
           gatewayPassword: opts.gatewayPassword,
-          gatewayTrustedProxyHeader: opts.gatewayTrustedProxyHeader,
-          gatewayTrustedProxyUser: opts.gatewayTrustedProxyUser,
           client,
           logger
         });
@@ -14070,14 +14103,9 @@ function readHostGatewayConfig(params) {
   }
   return configData;
 }
-var DEFAULT_TRUSTED_PROXY_HEADER = "x-forwarded-user";
-var DEFAULT_TRUSTED_PROXY_USER = "openclaw";
 function resolveLocalGatewayAuth(params) {
   const envGatewayToken = trimToUndefined2(process.env.OPENCLAW_GATEWAY_TOKEN) ?? trimToUndefined2(process.env.QCLAW_GATEWAY_TOKEN);
   const envGatewayPassword = trimToUndefined2(process.env.OPENCLAW_GATEWAY_PASSWORD) ?? trimToUndefined2(process.env.QCLAW_GATEWAY_PASSWORD);
-  const envTrustedProxyUser = trimToUndefined2(
-    process.env.OPENCLAW_GATEWAY_TRUSTED_PROXY_USER
-  );
   const configData = readHostGatewayConfig(params);
   let configGatewayAuthMode;
   const rawGatewayAuthMode = trimToUndefined2(configData?.gateway?.auth?.mode);
@@ -14086,18 +14114,10 @@ function resolveLocalGatewayAuth(params) {
   }
   const configGatewayToken = trimToUndefined2(configData?.gateway?.auth?.token);
   const configGatewayPassword = trimToUndefined2(configData?.gateway?.auth?.password);
-  let gatewayTrustedProxyHeader;
-  let gatewayTrustedProxyUser;
-  if (rawGatewayAuthMode === "trusted-proxy") {
-    gatewayTrustedProxyHeader = trimToUndefined2(configData?.gateway?.auth?.trustedProxy?.userHeader) ?? DEFAULT_TRUSTED_PROXY_HEADER;
-    gatewayTrustedProxyUser = envTrustedProxyUser ?? DEFAULT_TRUSTED_PROXY_USER;
-  }
   return {
     gatewayAuthMode: configGatewayAuthMode,
     gatewayToken: envGatewayToken ?? configGatewayToken,
-    gatewayPassword: envGatewayPassword ?? configGatewayPassword,
-    gatewayTrustedProxyHeader,
-    gatewayTrustedProxyUser
+    gatewayPassword: envGatewayPassword ?? configGatewayPassword
   };
 }
 function resolveExclusiveTunnelHint(params) {
@@ -14146,21 +14166,10 @@ function registerRelayTunnelLifecycle(deps) {
     return null;
   }
   const gatewayPort = process.env.OPENCLAW_GATEWAY_PORT ?? process.env.QCLAW_GATEWAY_PORT ?? "18789";
-  const {
-    gatewayAuthMode,
-    gatewayToken,
-    gatewayPassword,
-    gatewayTrustedProxyHeader,
-    gatewayTrustedProxyUser
-  } = resolveLocalGatewayAuth({
+  const { gatewayAuthMode, gatewayToken, gatewayPassword } = resolveLocalGatewayAuth({
     stateDir: openclawDir,
     logger
   });
-  if (gatewayTrustedProxyHeader && gatewayTrustedProxyUser) {
-    logger.info(
-      `Relay tunnel: gateway in trusted-proxy mode, will inject ${gatewayTrustedProxyHeader} header on local connections`
-    );
-  }
   const tunnelService = createTunnelService({
     tunnelUrl,
     heartbeatSec: config.relay?.heartbeatSec,
@@ -14169,8 +14178,6 @@ function registerRelayTunnelLifecycle(deps) {
     gatewayAuthMode,
     gatewayToken,
     gatewayPassword,
-    gatewayTrustedProxyHeader,
-    gatewayTrustedProxyUser,
     logger
   });
   api.registerService(tunnelService);