adp-openclaw 0.0.33 → 0.0.35

package/index.ts

@@ -49,7 +49,6 @@ export {
   adpUploadFilesWithConfig,
   getStorageCredential,
   uploadFileToCos,
-  getSignedDownloadUrl,
   resolveClientToken,
   // Class
   AdpUploader,
@@ -101,7 +100,8 @@ const plugin = {
         "If you can see this tool description, you are connected to the ADP server. " +
         "Use this tool to send 1-10 local files of any type (including images and documents) to the user. " +
         "A successful call means the files were uploaded and download URLs are returned. " +
-        "Include these URLs in your response so the user can access the files. " +
+        "IMPORTANT: You MUST include the download URLs in your response to the user, " +
+        "and remind the user that the download links are valid for 24 hours. " +
         "Parameters must be local filesystem paths only.",
       parameters: ADP_UPLOAD_TOOL_SCHEMA,
       async execute(toolCallId: string, params: unknown) {
@@ -199,7 +199,7 @@ const plugin = {
         
         content.push({
           type: "text",
-          text: `Files uploaded successfully:\n${urlSummary}`,
+          text: `Files uploaded successfully:\n${urlSummary}\n\n⚠️ Note: Please include these download links in your response to the user and remind them that the links are valid for 24 hours.`,
         });
 
         return {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "adp-openclaw",
-  "version": "0.0.33",
+  "version": "0.0.35",
   "description": "ADP-OpenClaw demo channel plugin (Go WebSocket backend)",
   "type": "module",
   "dependencies": {

package/src/adp-upload-tool.ts

@@ -2,9 +2,9 @@
  * ADP Upload Tool
  * 
  * 功能：
- * 1. 通过固定接口获取腾讯云COS临时密钥
- * 2. 使用密钥上传文件到COS
- * 3. 返回文件下载的签名链接
+ * 1. 通过固定接口获取预签名的上传URL和下载URL
+ * 2. 使用预签名URL直接PUT上传文件到COS
+ * 3. 返回文件下载链接
  * 
  * 注意：机器人 token 从 adp-openclaw 插件配置的 clientToken 读取
  */
@@ -12,7 +12,6 @@
 import { constants } from "node:fs";
 import { access, readFile, stat } from "node:fs/promises";
 import { basename, extname } from "node:path";
-import * as crypto from "node:crypto";
 import type { AdpOpenclawChannelConfig } from "./channel.js";
 
 // ==================== 类型定义 ====================
@@ -32,14 +31,14 @@ export interface Credentials {
 
 /** 存储凭证响应 */
 export interface DescribeRemoteBotStorageCredentialRsp {
-  credentials: Credentials;  // 密钥信息
+  credentials: Credentials;  // 密钥信息（兼容旧字段，新逻辑不使用）
   expired_time: number;      // 失效时间
   start_time: number;        // 起始时间
   bucket: string;            // 对象存储 桶
   region: string;            // 对象存储 可用区
   file_path: string;         // 文件目录
-  upload_url: string;        // 上传url
-  file_url: string;          // 下载url
+  upload_url: string;        // 预签名上传URL（需要decodeURIComponent）
+  file_url: string;          // 预签名下载URL（需要decodeURIComponent）
 }
 
 /** 上传结果 */
@@ -65,9 +64,6 @@ const CREDENTIAL_API_URL = "http://101.32.33.231:9876/describeRemoteBotStorageCr
 /** 请求超时时间 (毫秒) */
 const REQUEST_TIMEOUT_MS = 30000;
 
-/** COS 签名有效期 (秒) */
-const SIGN_EXPIRE_SECONDS = 3600;
-
 // ==================== 工具函数 ====================
 
 /**
@@ -158,81 +154,6 @@ async function validateLocalFile(filePath: string): Promise<FileMetadata> {
   };
 }
 
-// ==================== COS 签名工具 ====================
-
-/**
- * 生成 COS 签名
- * 参考：https://cloud.tencent.com/document/product/436/7778
- */
-function generateCosSignature(
-  secretId: string,
-  secretKey: string,
-  method: string,
-  pathname: string,
-  headers: Record<string, string> = {},
-  params: Record<string, string> = {},
-  expireSeconds: number = SIGN_EXPIRE_SECONDS
-): string {
-  const now = Math.floor(Date.now() / 1000);
-  const keyTime = `${now};${now + expireSeconds}`;
-
-  // 1. 生成 SignKey
-  const signKey = crypto
-    .createHmac("sha1", secretKey)
-    .update(keyTime)
-    .digest("hex");
-
-  // 2. 生成 UrlParamList 和 HttpParameters
-  const sortedParams = Object.keys(params)
-    .sort()
-    .map((k) => `${encodeURIComponent(k.toLowerCase())}=${encodeURIComponent(params[k])}`)
-    .join("&");
-  const urlParamList = Object.keys(params)
-    .sort()
-    .map((k) => encodeURIComponent(k.toLowerCase()))
-    .join(";");
-
-  // 3. 生成 HeaderList 和 HttpHeaders
-  const sortedHeaders = Object.keys(headers)
-    .sort()
-    .map((k) => `${encodeURIComponent(k.toLowerCase())}=${encodeURIComponent(headers[k])}`)
-    .join("&");
-  const headerList = Object.keys(headers)
-    .sort()
-    .map((k) => encodeURIComponent(k.toLowerCase()))
-    .join(";");
-
-  // 4. 生成 HttpString
-  const httpString = [
-    method.toLowerCase(),
-    pathname,
-    sortedParams,
-    sortedHeaders,
-    "",
-  ].join("\n");
-
-  // 5. 生成 StringToSign
-  const httpStringHash = crypto.createHash("sha1").update(httpString).digest("hex");
-  const stringToSign = ["sha1", keyTime, httpStringHash, ""].join("\n");
-
-  // 6. 生成 Signature
-  const signature = crypto
-    .createHmac("sha1", signKey)
-    .update(stringToSign)
-    .digest("hex");
-
-  // 7. 生成最终签名
-  return [
-    `q-sign-algorithm=sha1`,
-    `q-ak=${secretId}`,
-    `q-sign-time=${keyTime}`,
-    `q-key-time=${keyTime}`,
-    `q-header-list=${headerList}`,
-    `q-url-param-list=${urlParamList}`,
-    `q-signature=${signature}`,
-  ].join("&");
-}
-
 // ==================== 核心功能 ====================
 
 /**
@@ -265,20 +186,20 @@ export async function getStorageCredential(
 
   const result = await response.json();
   
-  // 检查响应数据的完整性
-  if (!result.credentials?.tmp_secret_id || !result.credentials?.tmp_secret_key) {
-    throw new Error("获取存储凭证失败: 返回的凭证信息不完整");
-  }
-
-  if (!result.bucket || !result.region) {
-    throw new Error("获取存储凭证失败: 缺少bucket或region信息");
+  // 检查响应数据的完整性 - 现在主要检查 upload_url 和 file_url
+  if (!result.upload_url || !result.file_url) {
+    throw new Error("获取存储凭证失败: 缺少upload_url或file_url信息");
   }
 
   return result as DescribeRemoteBotStorageCredentialRsp;
 }
 
 /**
- * 上传文件到COS
+ * 上传文件到COS（使用预签名URL直接PUT上传）
+ * 
+ * @param filePath - 本地文件路径
+ * @param credential - 存储凭证（包含预签名的 upload_url 和 file_url）
+ * @returns 文件下载URL
  */
 export async function uploadFileToCos(
   filePath: string,
@@ -290,54 +211,18 @@ export async function uploadFileToCos(
   // 2. 读取文件内容
   const fileContent = await readFile(filePath);
 
-  // 3. 构建COS上传URL
-  const { bucket, region, file_path, credentials } = credential;
-  
-  // 判断 file_path 是目录路径还是完整文件路径
-  // - 如果以 "/" 结尾，是目录路径，需要拼接文件名
-  // - 如果不以 "/" 结尾，已经是完整文件路径（服务端生成的唯一路径）
-  // 同时确保 cosKey 不以 "/" 开头（COS key 不应该以 / 开头）
-  let cosKey: string;
-  if (file_path.endsWith("/")) {
-    // 目录路径，拼接文件名
-    cosKey = `${file_path}${fileMetadata.fileName}`;
-  } else {
-    // 完整文件路径，直接使用
-    cosKey = file_path;
-  }
-  // 移除开头的斜杠（COS key 不应该以 / 开头）
-  if (cosKey.startsWith("/")) {
-    cosKey = cosKey.slice(1);
-  }
-  
-  const host = `${bucket}.cos.${region}.myqcloud.com`;
-  const uploadUrl = `https://${host}/${cosKey}`;
-
-  // 4. 生成上传签名
-  const headers: Record<string, string> = {
-    "Content-Type": fileMetadata.contentType,
-    "Content-Length": String(fileContent.length),
-    Host: host,
-  };
+  // 3. 解码预签名的上传URL和下载URL
+  const uploadUrl = decodeURIComponent(credential.upload_url);
+  const fileUrl = decodeURIComponent(credential.file_url);
 
-  const signature = generateCosSignature(
-    credentials.tmp_secret_id,
-    credentials.tmp_secret_key,
-    "PUT",
-    `/${cosKey}`,
-    { host: host },
-    {}
-  );
-
-  // 5. 执行上传
+  // 4. 执行上传（直接PUT到预签名URL，不需要额外签名）
   const response = await fetchWithTimeout(
     uploadUrl,
     {
       method: "PUT",
       headers: {
-        ...headers,
-        Authorization: signature,
-        "x-cos-security-token": credentials.token,
+        "Content-Type": fileMetadata.contentType,
+        "Content-Length": String(fileContent.length),
       },
       body: fileContent,
     },
@@ -349,35 +234,8 @@ export async function uploadFileToCos(
     throw new Error(`上传文件失败: ${response.status} ${errorText}`);
   }
 
-  return cosKey;
-}
-
-/**
- * 获取文件下载签名链接
- */
-export function getSignedDownloadUrl(
-  cosKey: string,
-  credential: DescribeRemoteBotStorageCredentialRsp,
-  expireSeconds: number = SIGN_EXPIRE_SECONDS
-): string {
-  const { bucket, region, credentials } = credential;
-  const host = `${bucket}.cos.${region}.myqcloud.com`;
-
-  // 生成下载签名
-  const signature = generateCosSignature(
-    credentials.tmp_secret_id,
-    credentials.tmp_secret_key,
-    "GET",
-    `/${cosKey}`,
-    { host: host },
-    {},
-    expireSeconds
-  );
-
-  // 构建签名URL
-  const signedUrl = `https://${host}/${cosKey}?${signature}&x-cos-security-token=${encodeURIComponent(credentials.token)}`;
-
-  return signedUrl;
+  // 5. 返回下载URL
+  return fileUrl;
 }
 
 // ==================== 从配置读取 Token 的辅助函数 ====================
@@ -403,7 +261,7 @@ export function resolveClientToken(channelCfg?: AdpOpenclawChannelConfig): strin
  * @param filePath - 要上传的本地文件路径
  * @param botToken - 机器人 token
  * @param fileType - 文件类型（可选）
- * @returns 上传结果，包含下载签名链接或错误信息
+ * @returns 上传结果，包含下载链接或错误信息
  */
 export async function adpUploadFile(
   filePath: string,
@@ -411,18 +269,15 @@ export async function adpUploadFile(
   fileType?: string
 ): Promise<UploadResult> {
   try {
-    // 1. 获取临时密钥
+    // 1. 获取预签名URL
     const credential = await getStorageCredential(botToken, fileType);
 
-    // 2. 上传文件到 COS
-    const cosKey = await uploadFileToCos(filePath, credential);
-
-    // 3. 获取签名下载链接
-    const signedUrl = getSignedDownloadUrl(cosKey, credential);
+    // 2. 上传文件到 COS（返回下载URL）
+    const fileUrl = await uploadFileToCos(filePath, credential);
 
     return {
       ok: true,
-      fileUrl: signedUrl,
+      fileUrl: fileUrl,
     };
   } catch (error) {
     return {
@@ -460,6 +315,8 @@ export async function adpUploadFileWithConfig(
 /**
  * 批量上传文件（使用显式传入的 token）
  * 
+ * 注意：每个文件需要独立获取预签名URL，因为服务端为每个文件生成唯一路径
+ * 
  * @param filePaths - 要上传的本地文件路径列表
  * @param botToken - 机器人 token
  * @param fileType - 文件类型（可选）
@@ -470,36 +327,10 @@ export async function adpUploadFiles(
   botToken: string,
   fileType?: string
 ): Promise<UploadResult[]> {
-  // 获取一次临时密钥，用于所有文件上传
-  let credential: DescribeRemoteBotStorageCredentialRsp;
-  
-  try {
-    credential = await getStorageCredential(botToken, fileType);
-  } catch (error) {
-    // 如果获取密钥失败，返回所有文件都失败
-    const errorMsg = error instanceof Error ? error.message : "获取临时密钥失败";
-    return filePaths.map(() => ({
-      ok: false,
-      error: errorMsg,
-    }));
-  }
-
-  // 并发上传所有文件
+  // 逐个上传文件（每个文件需要独立的预签名URL）
   const results = await Promise.all(
     filePaths.map(async (filePath): Promise<UploadResult> => {
-      try {
-        const cosKey = await uploadFileToCos(filePath, credential);
-        const signedUrl = getSignedDownloadUrl(cosKey, credential);
-        return {
-          ok: true,
-          fileUrl: signedUrl,
-        };
-      } catch (error) {
-        return {
-          ok: false,
-          error: error instanceof Error ? error.message : "上传失败",
-        };
-      }
+      return adpUploadFile(filePath, botToken, fileType);
     })
   );
 
@@ -812,6 +643,8 @@ export interface AdpUploadOptions {
 
 /**
  * 上传文件到 ADP 存储（返回兼容 kimi 格式的结果）
+ * 
+ * 注意：每个文件需要独立获取预签名URL，因为服务端为每个文件生成唯一路径
  */
 export const uploadFilesToAdpEndpoint = async (
   paths: string[],
@@ -826,23 +659,6 @@ export const uploadFilesToAdpEndpoint = async (
     };
   }
 
-  // 获取临时密钥
-  let credential: DescribeRemoteBotStorageCredentialRsp;
-  try {
-    credential = await getStorageCredential(botToken, fileType);
-  } catch (error) {
-    return {
-      ok: false,
-      error: {
-        ...INVALID_PARAMS,
-        data: {
-          field: "credential",
-          reason: error instanceof Error ? error.message : "failed to get storage credential",
-        },
-      },
-    };
-  }
-
   // 验证所有本地文件
   const validationResults = await runWithConcurrency(
     paths,
@@ -870,19 +686,21 @@ export const uploadFilesToAdpEndpoint = async (
     (r) => (r as ValidationSuccess<FileMetadata>).value
   );
 
-  // 并发上传所有文件
+  // 并发上传所有文件（每个文件独立获取预签名URL）
   try {
     const uploadResults = await runWithConcurrency(
       fileMetadatas,
       maxConcurrency,
       async (metadata, _index): Promise<UploadedFileInfo> => {
-        const cosKey = await uploadFileToCos(metadata.path, credential);
-        const signedUrl = getSignedDownloadUrl(cosKey, credential);
+        // 为每个文件获取预签名URL
+        const credential = await getStorageCredential(botToken, fileType);
+        // 上传文件并获取下载URL
+        const downloadUrl = await uploadFileToCos(metadata.path, credential);
         return {
-          uri: `adp-file://${cosKey}`,
+          uri: downloadUrl,
           name: metadata.fileName,
           mimeType: metadata.contentType,
-          downloadUrl: signedUrl,
+          downloadUrl: downloadUrl,
         };
       }
     );