aicq-chat-plugin 2.1.0

package/lib/chat.js

@@ -0,0 +1,244 @@
+/**
+ * AICQ Chat Manager — Send/receive messages, group chat, file handling
+ */
+const { encryptMessage, decryptMessage } = require('./crypto');
+const fs = require('fs');
+const path = require('path');
+const crypto = require('crypto');
+
+class ChatManager {
+  constructor(identityManager, serverClient, db, uploadsDir) {
+    this.identity = identityManager;
+    this.server = serverClient;
+    this.db = db;
+    this.uploadsDir = uploadsDir;
+    this._onNewMessage = null;
+
+    // Listen for incoming messages via WS
+    this.server.onMessage('relay', (data) => this._handleIncoming(data));
+    this.server.onMessage('message', (data) => this._handleIncoming(data));
+    this.server.onMessage('group_message', (data) => this._handleGroupIncoming(data));
+    this.server.onMessage('handshake_initiate', (data) => this._handleHandshakeRequest(data));
+    this.server.onMessage('presence', (data) => this._handlePresence(data));
+    this.server.onMessage('file_chunk', (data) => this._handleFileChunk(data));
+  }
+
+  setOnNewMessage(callback) {
+    this._onNewMessage = callback;
+  }
+
+  // ─── Send Messages ────────────────────────────────────────────────
+
+  async sendMessage(agentId, targetId, content, { type = 'text', isGroup = false, mentions = [], file_url = null, file_name = null } = {}) {
+    const identity = this.identity.loadAgent(agentId);
+
+    if (isGroup) {
+      // Group message via WebSocket
+      const sent = this.server.sendWS({
+        type: 'group_message',
+        groupId: targetId,
+        content,
+        msgType: type,
+        mentions,
+      });
+
+      // Save locally
+      const msg = this.db.saveMessage({
+        agent_id: agentId,
+        target_id: targetId,
+        from_id: agentId,
+        to_id: targetId,
+        type,
+        content,
+        file_url,
+        file_name,
+        is_group: 1,
+        mentions,
+        status: sent ? 'sent' : 'pending',
+      });
+
+      if (this._onNewMessage) this._onNewMessage(msg);
+      return msg;
+    }
+
+    // Direct message
+    // Try to encrypt if we have a session key
+    const session = this.db.loadSession(agentId, targetId);
+    let payload = content;
+    if (session && session.session_key) {
+      try {
+        payload = encryptMessage(content, session.session_key);
+      } catch (e) {
+        console.error('[Chat] Encryption failed, sending plaintext:', e.message);
+      }
+    }
+
+    // Send via WebSocket relay
+    const sent = this.server.sendWS({
+      type: 'relay',
+      targetId: targetId,
+      payload,
+    });
+
+    // Also try REST fallback
+    if (!sent) {
+      try {
+        await this.server._request('POST', '/messages/send', {
+          targetId,
+          payload,
+        });
+      } catch (e) {
+        // Queue offline
+        this.db.enqueueOffline({
+          agent_id: agentId,
+          target_id: targetId,
+          data: JSON.stringify({ type: 'relay', targetId, payload }),
+        });
+      }
+    }
+
+    // Save locally
+    const msg = this.db.saveMessage({
+      agent_id: agentId,
+      target_id: targetId,
+      from_id: agentId,
+      to_id: targetId,
+      type,
+      content,
+      file_url,
+      file_name,
+      is_group: 0,
+      mentions,
+      status: sent ? 'sent' : 'pending',
+    });
+
+    // Update session message count
+    if (session) {
+      this.db.incrementSessionMessageCount(agentId, targetId);
+    }
+
+    if (this._onNewMessage) this._onNewMessage(msg);
+    return msg;
+  }
+
+  // ─── Receive Messages ─────────────────────────────────────────────
+
+  _handleIncoming(data) {
+    const agentId = this.server.currentAgentId;
+    if (!agentId) return;
+
+    const fromId = data.fromId || data.from;
+    let content = data.payload || data.data || '';
+
+    // Try to decrypt if we have a session key
+    const session = this.db.loadSession(agentId, fromId);
+    if (session && session.session_key && typeof content === 'string') {
+      try {
+        content = decryptMessage(content, session.session_key);
+      } catch (e) {
+        // Might be plaintext, keep as is
+      }
+    }
+
+    const msg = this.db.saveMessage({
+      agent_id: agentId,
+      target_id: fromId,
+      from_id: fromId,
+      to_id: agentId,
+      type: 'text',
+      content: typeof content === 'string' ? content : JSON.stringify(content),
+      is_group: 0,
+      status: 'delivered',
+    });
+
+    if (this._onNewMessage) this._onNewMessage(msg);
+  }
+
+  _handleGroupIncoming(data) {
+    const agentId = this.server.currentAgentId;
+    if (!agentId) return;
+
+    const fromId = data.fromId;
+    const groupId = data.groupId;
+
+    // Check silent mode
+    const silent = this.db.getGroupSilentMode(agentId, groupId);
+    const mentions = data.mentions || [];
+    const isMentioned = mentions.includes(agentId) || mentions.includes('all');
+
+    const msg = this.db.saveMessage({
+      agent_id: agentId,
+      target_id: groupId,
+      from_id: fromId,
+      to_id: groupId,
+      type: data.msgType || 'text',
+      content: data.content || '',
+      is_group: 1,
+      mentions,
+      status: (silent && !isMentioned) ? 'silent' : 'delivered',
+    });
+
+    if (this._onNewMessage) this._onNewMessage(msg);
+  }
+
+  _handleHandshakeRequest(data) {
+    const agentId = this.server.currentAgentId;
+    if (!agentId) return;
+
+    this.db.savePendingRequest({
+      agent_id: agentId,
+      session_id: data.sessionId || crypto.randomUUID(),
+      requester_id: data.requesterId || data.from,
+      requester_public_key: data.requesterPublicKey || data.exchangePublicKey || '',
+    });
+  }
+
+  _handlePresence(data) {
+    const agentId = this.server.currentAgentId;
+    if (!agentId) return;
+
+    const friendId = data.nodeId;
+    const isOnline = data.online === true || data.status === 'online';
+    this.db.updateFriendOnline(agentId, friendId, isOnline);
+  }
+
+  _handleFileChunk(data) {
+    // File chunk handling — assemble in uploads dir
+    // For now, just log
+    console.log('[Chat] File chunk from', data.from);
+  }
+
+  // ─── Chat History ─────────────────────────────────────────────────
+
+  getHistory(agentId, targetId, { limit = 50, before = null } = {}) {
+    return this.db.getChatHistory(agentId, targetId, { limit, before });
+  }
+
+  deleteMessage(agentId, messageId) {
+    this.db.deleteMessage(agentId, messageId);
+  }
+
+  // ─── File Upload ──────────────────────────────────────────────────
+
+  async handleFileUpload(agentId, targetId, file, isGroup = false) {
+    const fileId = crypto.randomUUID();
+    const ext = path.extname(file.originalname || '.bin');
+    const fileName = `${fileId}${ext}`;
+    const filePath = path.join(this.uploadsDir, fileName);
+    fs.writeFileSync(filePath, file.buffer);
+
+    const isImage = /\.(jpg|jpeg|png|gif|webp|svg|bmp)$/i.test(ext);
+
+    // Send message with file reference
+    const msg = await this.sendMessage(agentId, targetId, isImage ? '[图片]' : `[文件] ${file.originalname}`, {
+      type: isImage ? 'image' : 'file',
+      isGroup,
+      file_url: `/api/files/${fileName}`,
+      file_name: file.originalname,
+    });
+
+    return msg;
+  }
+}
+
+module.exports = ChatManager;

package/lib/crypto.js

@@ -0,0 +1,156 @@
+/**
+ * AICQ Crypto Utilities
+ * NaCl-based E2EE: Ed25519 signing, X25519 key exchange, symmetric encryption
+ */
+const nacl = require('tweetnacl');
+const naclUtil = require('tweetnacl-util');
+
+// ─── Key Generation ────────────────────────────────────────────────────
+
+function generateSigningKeypair() {
+  const keyPair = nacl.sign.keyPair();
+  return {
+    publicKey: Buffer.from(keyPair.publicKey).toString('hex'),
+    secretKey: Buffer.from(keyPair.secretKey).toString('hex'),
+    publicKeyB64: Buffer.from(keyPair.publicKey).toString('base64'),
+    secretKeyB64: Buffer.from(keyPair.secretKey).toString('base64'),
+  };
+}
+
+function generateExchangeKeypair() {
+  const keyPair = nacl.box.keyPair();
+  return {
+    publicKey: Buffer.from(keyPair.publicKey).toString('hex'),
+    secretKey: Buffer.from(keyPair.secretKey).toString('hex'),
+    publicKeyB64: Buffer.from(keyPair.publicKey).toString('base64'),
+    secretKeyB64: Buffer.from(keyPair.secretKey).toString('base64'),
+  };
+}
+
+// ─── Signing ───────────────────────────────────────────────────────────
+
+function signMessage(message, secretKeyHex) {
+  const secretKey = Buffer.from(secretKeyHex, 'hex');
+  const messageBytes = naclUtil.decodeUTF8(message);
+  const signature = nacl.sign.detached(messageBytes, secretKey);
+  return Buffer.from(signature).toString('hex');
+}
+
+function verifySignature(message, signatureHex, publicKeyHex) {
+  try {
+    const publicKey = Buffer.from(publicKeyHex, 'hex');
+    const messageBytes = naclUtil.decodeUTF8(message);
+    const signature = Buffer.from(signatureHex, 'hex');
+    return nacl.sign.detached.verify(messageBytes, signature, publicKey);
+  } catch (e) {
+    return false;
+  }
+}
+
+// ─── Key Exchange & Session Key Derivation ─────────────────────────────
+
+function deriveSessionKey(ourSecretKeyHex, theirPublicKeyHex) {
+  const ourSecret = Buffer.from(ourSecretKeyHex, 'hex');
+  const theirPublic = Buffer.from(theirPublicKeyHex, 'hex');
+  const shared = nacl.box.before(theirPublic, ourSecret);
+  const hash = nacl.hash(shared);
+  return Buffer.from(hash).toString('hex');
+}
+
+// ─── Symmetric Encryption (NaCl SecretBox) ─────────────────────────────
+
+function encryptMessage(plaintext, sessionKeyB64) {
+  const key = Buffer.from(sessionKeyB64, 'base64');
+  const nonce = nacl.randomBytes(nacl.secretbox.nonceLength);
+  const messageBytes = naclUtil.decodeUTF8(plaintext);
+  const encrypted = nacl.secretbox(messageBytes, nonce, key);
+  if (!encrypted) throw new Error('Encryption failed');
+  // Combine nonce + ciphertext
+  const combined = new Uint8Array(nonce.length + encrypted.length);
+  combined.set(nonce);
+  combined.set(encrypted, nonce.length);
+  return Buffer.from(combined).toString('base64');
+}
+
+function decryptMessage(ciphertextB64, sessionKeyB64) {
+  const key = Buffer.from(sessionKeyB64, 'base64');
+  const combined = Buffer.from(ciphertextB64, 'base64');
+  const nonce = combined.slice(0, nacl.secretbox.nonceLength);
+  const ciphertext = combined.slice(nacl.secretbox.nonceLength);
+  const decrypted = nacl.secretbox.open(ciphertext, nonce, key);
+  if (!decrypted) throw new Error('Decryption failed');
+  return naclUtil.encodeUTF8(decrypted);
+}
+
+// ─── Fingerprint ───────────────────────────────────────────────────────
+
+function computeFingerprint(publicKeyHex) {
+  const publicKey = Buffer.from(publicKeyHex, 'hex');
+  const hash = nacl.hash(publicKey);
+  const hex = Buffer.from(hash).toString('hex');
+  return hex.match(/.{2}/g).join(':');
+}
+
+// ─── Password-based Encryption ─────────────────────────────────────────
+
+function encryptWithPassword(plaintext, password) {
+  const salt = nacl.randomBytes(nacl.pwhash.saltbytes);
+  const key = nacl.pwhash(plaintext.length + nacl.secretbox.overheadLength,
+    naclUtil.decodeUTF8(password), salt,
+    nacl.pwhash.opslimit.interactive,
+    nacl.pwhash.memlimit.interactive);
+  // Simplified: use secretbox with derived key
+  const nonce = nacl.randomBytes(nacl.secretbox.nonceLength);
+  const messageBytes = naclUtil.decodeUTF8(plaintext);
+  // Fallback: just use a hash-based key
+  const keyHash = nacl.hash(naclUtil.decodeUTF8(password + Buffer.from(salt).toString('base64')));
+  const encrypted = nacl.secretbox(messageBytes, nonce, keyHash.slice(0, 32));
+  if (!encrypted) throw new Error('Password encryption failed');
+  const result = new Uint8Array(salt.length + nonce.length + encrypted.length);
+  result.set(salt);
+  result.set(nonce, salt.length);
+  result.set(encrypted, salt.length + nonce.length);
+  return Buffer.from(result).toString('base64');
+}
+
+function decryptWithPassword(ciphertextB64, password) {
+  const combined = Buffer.from(ciphertextB64, 'base64');
+  const salt = combined.slice(0, nacl.pwhash.saltbytes);
+  const nonce = combined.slice(nacl.pwhash.saltbytes, nacl.pwhash.saltbytes + nacl.secretbox.nonceLength);
+  const ciphertext = combined.slice(nacl.pwhash.saltbytes + nacl.secretbox.nonceLength);
+  const keyHash = nacl.hash(naclUtil.decodeUTF8(password + Buffer.from(salt).toString('base64')));
+  const decrypted = nacl.secretbox.open(ciphertext, nonce, keyHash.slice(0, 32));
+  if (!decrypted) throw new Error('Password decryption failed');
+  return naclUtil.encodeUTF8(decrypted);
+}
+
+// ─── Convert Ed25519 to X25519 ─────────────────────────────────────────
+
+function convertEd25519ToX25519(ed25519PublicKeyB64) {
+  const edPk = Buffer.from(ed25519PublicKeyB64, 'base64');
+  // NaCl provides convert for this
+  try {
+    const xPk = nacl.sign.keyPair.fromSeed(edPk.slice(0, 32)).publicKey;
+    // This is approximate - in production use proper conversion
+    return Buffer.from(xPk).toString('base64');
+  } catch(e) {
+    // Fallback: derive from hash
+    const hash = nacl.hash(edPk);
+    return Buffer.from(hash.slice(0, 32)).toString('base64');
+  }
+}
+
+module.exports = {
+  generateSigningKeypair,
+  generateExchangeKeypair,
+  signMessage,
+  verifySignature,
+  deriveSessionKey,
+  encryptMessage,
+  decryptMessage,
+  computeFingerprint,
+  encryptWithPassword,
+  decryptWithPassword,
+  convertEd25519ToX25519,
+  randomBytes: (n) => Buffer.from(nacl.randomBytes(n)).toString('base64'),
+};