feishu-mcp 0.1.5 → 0.1.7

package/dist/services/feishuApiService.js

@@ -5,7 +5,8 @@ import { CacheManager } from '../utils/cache.js';
 import { ParamUtils } from '../utils/paramUtils.js';
 import { BlockFactory, BlockType } from './blockFactory.js';
 import { AuthUtils, TokenCacheManager } from '../utils/auth/index.js';
-import { AuthRequiredError } from '../utils/error.js';
+import { AuthService } from './feishuAuthService.js';
+import { ScopeInsufficientError } from '../utils/error.js';
 import axios from 'axios';
 import FormData from 'form-data';
 import fs from 'fs';
@@ -38,9 +39,16 @@ export class FeishuApiService extends BaseApiService {
             writable: true,
             value: void 0
         });
+        Object.defineProperty(this, "authService", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: void 0
+        });
         this.cacheManager = CacheManager.getInstance();
         this.blockFactory = BlockFactory.getInstance();
         this.config = Config.getInstance();
+        this.authService = new AuthService();
     }
     /**
      * 获取飞书API服务实例
@@ -77,13 +85,229 @@ export class FeishuApiService extends BaseApiService {
         // 生成客户端缓存键
         const clientKey = AuthUtils.generateClientKey(userKey);
         Logger.debug(`[FeishuApiService] 获取访问令牌，userKey: ${userKey}, clientKey: ${clientKey}, authType: ${authType}`);
+        // 在使用token之前先校验scope（使用appId+appSecret获取临时tenant token来调用scope接口）
+        await this.validateScopeWithVersion(appId, appSecret, authType);
+        // 校验通过后，获取实际的token
         if (authType === 'tenant') {
             // 租户模式：获取租户访问令牌
-            return this.getTenantAccessToken(appId, appSecret, clientKey);
+            return await this.getTenantAccessToken(appId, appSecret, clientKey);
         }
         else {
             // 用户模式：获取用户访问令牌
-            return this.getUserAccessToken(appId, appSecret, clientKey, userKey);
+            return await this.authService.getUserAccessToken(clientKey, appId, appSecret);
+        }
+    }
+    /**
+     * 获取应用权限范围
+     * @param accessToken 访问令牌
+     * @param authType 认证类型（tenant或user）
+     * @returns 应用权限范围列表
+     */
+    async getApplicationScopes(accessToken, authType) {
+        try {
+            const endpoint = '/application/v6/scopes';
+            const headers = {
+                'Authorization': `Bearer ${accessToken}`,
+                'Content-Type': 'application/json'
+            };
+            Logger.debug('请求应用权限范围:', endpoint);
+            const response = await axios.get(`${this.getBaseUrl()}${endpoint}`, { headers });
+            const data = response.data;
+            if (data.code !== 0) {
+                throw new Error(`获取应用权限范围失败：${data.msg || '未知错误'} (错误码: ${data.code})`);
+            }
+            // 提取权限列表
+            // API返回格式: { "data": { "scopes": [{ "grant_status": 1, "scope_name": "...", "scope_type": "tenant"|"user" }] } }
+            const scopes = [];
+            if (data.data && Array.isArray(data.data.scopes)) {
+                // 根据authType过滤，只取已授权的scope（grant_status === 1）
+                for (const scopeItem of data.data.scopes) {
+                    if (scopeItem.grant_status === 1 && scopeItem.scope_type === authType && scopeItem.scope_name) {
+                        scopes.push(scopeItem.scope_name);
+                    }
+                }
+            }
+            Logger.debug(`获取应用权限范围成功，共 ${scopes.length} 个${authType}权限`);
+            return scopes;
+        }
+        catch (error) {
+            Logger.error('获取应用权限范围失败:', error);
+            throw new Error('获取应用权限范围失败: ' + (error instanceof Error ? error.message : String(error)));
+        }
+    }
+    /**
+     * 校验scope权限是否充足
+     * @param requiredScopes 所需的权限列表
+     * @param actualScopes 实际的权限列表
+     * @returns 是否权限充足，以及缺失的权限列表
+     */
+    validateScopes(requiredScopes, actualScopes) {
+        const actualScopesSet = new Set(actualScopes);
+        const missingScopes = [];
+        for (const requiredScope of requiredScopes) {
+            if (!actualScopesSet.has(requiredScope)) {
+                missingScopes.push(requiredScope);
+            }
+        }
+        return {
+            isValid: missingScopes.length === 0,
+            missingScopes
+        };
+    }
+    /**
+     * 获取所需的scope列表（根据认证类型）
+     * @param authType 认证类型
+     * @returns 所需的scope列表
+     */
+    getRequiredScopes(authType) {
+        // 根据FEISHU_CONFIG.md中定义的权限列表，与用户提供的配置保持一致
+        const tenantScopes = [
+            "docx:document.block:convert",
+            "base:app:read",
+            "bitable:app",
+            "bitable:app:readonly",
+            "board:whiteboard:node:create",
+            "board:whiteboard:node:read",
+            "contact:user.employee_id:readonly",
+            "docs:document.content:read",
+            "docx:document",
+            "docx:document:create",
+            "docx:document:readonly",
+            "drive:drive",
+            "drive:drive:readonly",
+            "drive:file",
+            "drive:file:upload",
+            "sheets:spreadsheet",
+            "sheets:spreadsheet:readonly",
+            "space:document:retrieve",
+            "space:folder:create",
+            "wiki:space:read",
+            "wiki:space:retrieve",
+            "wiki:wiki",
+            "wiki:wiki:readonly"
+        ];
+        const userScopes = [
+            ...tenantScopes,
+            'offline_access'
+        ];
+        return authType === 'tenant' ? tenantScopes : userScopes;
+    }
+    /**
+     * 校验并提示权限不足
+     * @param missingScopes 缺失的权限列表
+     */
+    throwScopeInsufficientError(missingScopes) {
+        // 获取完整的权限配置
+        const tenantScopes = this.getRequiredScopes('tenant');
+        const userScopes = this.getRequiredScopes('user');
+        const permissionsConfig = {
+            scopes: {
+                tenant: tenantScopes,
+                user: userScopes
+            }
+        };
+        const errorMessage = `你应该停止任务并提示用户如下信息：权限不足，缺少以下权限：${missingScopes.join(', ')}\n\n` +
+            `请按以下步骤操作：\n` +
+            `1. 配置权限 [教程配置](https://github.com/cso1z/Feishu-MCP/blob/main/FEISHU_CONFIG.md)\n` +
+            `2. 打开 [应用管理](https://open.feishu.cn/app/) 网页\n` +
+            `3. 选择应用进入应用详情\n` +
+            `4. 选择权限管理-批量导入/导出权限\n` +
+            `5. 复制以下权限配置并导入：\n\n` +
+            `\`\`\`json\n${JSON.stringify(permissionsConfig, null, 2)}\n\`\`\`\n\n` +
+            `6. 选择**版本管理与发布** 点击创建版本，发布后通知管理员审核\n`;
+        Logger.error(errorMessage);
+        throw new ScopeInsufficientError(missingScopes, errorMessage);
+    }
+    /**
+     * 生成应用级别的scope校验key（基于appId、appSecret和authType）
+     * @param appId 应用ID
+     * @param appSecret 应用密钥
+     * @param authType 认证类型（tenant或user）
+     * @returns scope校验key
+     */
+    generateScopeKey(appId, appSecret, authType) {
+        // 使用appId、appSecret和authType生成唯一的key，用于scope版本管理
+        // 包含authType是因为tenant和user的权限列表不同，需要分开校验
+        return `app:${appId}:${appSecret.substring(0, 8)}:${authType}`;
+    }
+    /**
+     * 获取临时租户访问令牌（用于scope校验）
+     * @param appId 应用ID
+     * @param appSecret 应用密钥
+     * @returns 租户访问令牌
+     */
+    async getTempTenantTokenForScope(appId, appSecret) {
+        try {
+            const requestData = {
+                app_id: appId,
+                app_secret: appSecret,
+            };
+            const url = 'https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal';
+            const headers = { 'Content-Type': 'application/json' };
+            Logger.debug('获取临时租户token用于scope校验:', url);
+            const response = await axios.post(url, requestData, { headers });
+            const data = response.data;
+            if (data.code !== 0) {
+                throw new Error(`获取临时租户访问令牌失败：${data.msg || '未知错误'} (错误码: ${data.code})`);
+            }
+            if (!data.tenant_access_token) {
+                throw new Error('获取临时租户访问令牌失败：响应中没有token');
+            }
+            Logger.debug('临时租户token获取成功，用于scope校验');
+            return data.tenant_access_token;
+        }
+        catch (error) {
+            Logger.error('获取临时租户访问令牌失败:', error);
+            throw new Error('获取临时租户访问令牌失败: ' + (error instanceof Error ? error.message : String(error)));
+        }
+    }
+    /**
+     * 校验scope权限（带版本管理）
+     * @param appId 应用ID
+     * @param appSecret 应用密钥
+     * @param authType 认证类型
+     */
+    async validateScopeWithVersion(appId, appSecret, authType) {
+        const tokenCacheManager = TokenCacheManager.getInstance();
+        // 生成应用级别的scope校验key（包含authType，因为tenant和user权限不同）
+        const scopeKey = this.generateScopeKey(appId, appSecret, authType);
+        const scopeVersion = '1.0.0'; // 当前scope版本号，可以根据需要更新
+        // 检查是否需要校验
+        if (!tokenCacheManager.shouldValidateScope(scopeKey, scopeVersion)) {
+            Logger.debug(`Scope版本已校验过，跳过校验: ${scopeKey}`);
+            return;
+        }
+        Logger.info(`开始校验scope权限，版本: ${scopeVersion}, scopeKey: ${scopeKey}`);
+        try {
+            // 使用appId和appSecret获取临时tenant token来调用scope接口
+            const tempTenantToken = await this.getTempTenantTokenForScope(appId, appSecret);
+            // 获取实际权限范围（使用tenant token，但根据authType过滤scope_type）
+            const actualScopes = await this.getApplicationScopes(tempTenantToken, authType);
+            // 获取当前版本所需的scope列表
+            const requiredScopes = this.getRequiredScopes(authType);
+            // 校验权限
+            const validationResult = this.validateScopes(requiredScopes, actualScopes);
+            if (!validationResult.isValid) {
+                // 权限不足，抛出错误
+                this.throwScopeInsufficientError(validationResult.missingScopes);
+            }
+            // 权限充足，保存版本信息
+            const scopeVersionInfo = {
+                scopeVersion,
+                scopeList: requiredScopes,
+                validatedAt: Math.floor(Date.now() / 1000),
+                validatedVersion: scopeVersion
+            };
+            tokenCacheManager.saveScopeVersionInfo(scopeKey, scopeVersionInfo);
+            Logger.info(`Scope权限校验成功，版本: ${scopeVersion}`);
+        }
+        catch (error) {
+            // 如果是权限不足错误，需要重新抛出，中断流程
+            if (error instanceof ScopeInsufficientError) {
+                throw error;
+            }
+            // 如果获取权限范围失败（网络错误、API调用失败等），记录警告但不阻止token使用
+            Logger.warn(`Scope权限校验失败，但继续使用token: ${error instanceof Error ? error.message : String(error)}`);
         }
     }
     /**
@@ -135,88 +359,6 @@ export class FeishuApiService extends BaseApiService {
             throw new Error('获取租户访问令牌失败: ' + (error instanceof Error ? error.message : String(error)));
         }
     }
-    /**
-     * 获取用户访问令牌
-     * @param appId 应用ID
-     * @param appSecret 应用密钥
-     * @param clientKey 客户端缓存键
-     * @param userKey 用户标识
-     * @returns 用户访问令牌
-     */
-    async getUserAccessToken(appId, appSecret, clientKey, _userKey) {
-        const tokenCacheManager = TokenCacheManager.getInstance();
-        // 检查用户token状态
-        const tokenStatus = tokenCacheManager.checkUserTokenStatus(clientKey);
-        Logger.debug(`用户token状态:`, tokenStatus);
-        if (tokenStatus.isValid && !tokenStatus.shouldRefresh) {
-            // token有效且不需要刷新，直接返回
-            const cachedToken = tokenCacheManager.getUserToken(clientKey);
-            if (cachedToken) {
-                Logger.debug('使用缓存的用户访问令牌');
-                return cachedToken;
-            }
-        }
-        if (tokenStatus.canRefresh && (tokenStatus.isExpired || tokenStatus.shouldRefresh)) {
-            // 可以刷新token
-            Logger.info('尝试刷新用户访问令牌');
-            try {
-                const tokenInfo = tokenCacheManager.getUserTokenInfo(clientKey);
-                if (tokenInfo && tokenInfo.refresh_token) {
-                    const refreshedToken = await this.refreshUserToken(tokenInfo.refresh_token, clientKey, appId, appSecret);
-                    if (refreshedToken && refreshedToken.access_token) {
-                        Logger.info('用户访问令牌刷新成功');
-                        return refreshedToken.access_token;
-                    }
-                }
-            }
-            catch (error) {
-                Logger.warn('刷新用户访问令牌失败:', error);
-                // 刷新失败，清除缓存，需要重新授权
-                tokenCacheManager.removeUserToken(clientKey);
-            }
-        }
-        // 没有有效的token或刷新失败，需要用户授权
-        Logger.warn('没有有效的用户token，需要用户授权');
-        throw new AuthRequiredError('user', '需要用户授权');
-    }
-    /**
-     * 刷新用户访问令牌
-     * @param refreshToken 刷新令牌
-     * @param clientKey 客户端缓存键
-     * @param appId 应用ID
-     * @param appSecret 应用密钥
-     * @returns 刷新后的token信息
-     */
-    async refreshUserToken(refreshToken, clientKey, appId, appSecret) {
-        const tokenCacheManager = TokenCacheManager.getInstance();
-        const body = {
-            grant_type: 'refresh_token',
-            client_id: appId,
-            client_secret: appSecret,
-            refresh_token: refreshToken
-        };
-        Logger.debug('刷新用户访问令牌请求:', body);
-        const response = await axios.post('https://open.feishu.cn/open-apis/authen/v2/oauth/token', body, {
-            headers: { 'Content-Type': 'application/json' }
-        });
-        const data = response.data;
-        if (data && data.access_token && data.expires_in) {
-            // 计算过期时间戳
-            data.expires_at = Math.floor(Date.now() / 1000) + data.expires_in;
-            if (data.refresh_token_expires_in) {
-                data.refresh_token_expires_at = Math.floor(Date.now() / 1000) + data.refresh_token_expires_in;
-            }
-            // 缓存新的token信息
-            const refreshTtl = data.refresh_token_expires_in || 3600 * 24 * 365; // 默认1年
-            tokenCacheManager.cacheUserToken(clientKey, data, refreshTtl);
-            Logger.info('用户访问令牌刷新并缓存成功');
-            return data;
-        }
-        else {
-            Logger.warn('刷新用户访问令牌失败:', data);
-            throw new Error('刷新用户访问令牌失败');
-        }
-    }
     /**
      * 创建飞书文档
      * @param title 文档标题
@@ -820,6 +962,21 @@ export class FeishuApiService extends BaseApiService {
                         };
                     }
                     break;
+                case BlockType.WHITEBOARD:
+                    if ('whiteboard' in options && options.whiteboard) {
+                        const whiteboardOptions = options.whiteboard;
+                        blockConfig.options = {
+                            align: (whiteboardOptions.align === 1 || whiteboardOptions.align === 2 || whiteboardOptions.align === 3)
+                                ? whiteboardOptions.align : 1
+                        };
+                    }
+                    else {
+                        // 默认画板块选项
+                        blockConfig.options = {
+                            align: 1
+                        };
+                    }
+                    break;
                 default:
                     Logger.warn(`未知的块类型: ${blockType}，尝试作为标准类型处理`);
                     if ('text' in options) {
@@ -890,6 +1047,14 @@ export class FeishuApiService extends BaseApiService {
                             code: mermaidConfig.code,
                         };
                     }
+                    else if ("whiteboard" in options) {
+                        blockConfig.type = BlockType.WHITEBOARD;
+                        const whiteboardConfig = options.whiteboard;
+                        blockConfig.options = {
+                            align: (whiteboardConfig.align === 1 || whiteboardConfig.align === 2 || whiteboardConfig.align === 3)
+                                ? whiteboardConfig.align : 1
+                        };
+                    }
                     break;
             }
             // 记录调试信息
@@ -1237,6 +1402,36 @@ export class FeishuApiService extends BaseApiService {
             return Buffer.from([]); // 永远不会执行到这里
         }
     }
+    /**
+     * 在画板中创建图表节点（支持 PlantUML 和 Mermaid）
+     * @param whiteboardId 画板ID（token）
+     * @param code 图表代码（PlantUML 或 Mermaid）
+     * @param syntaxType 语法类型：1=PlantUML, 2=Mermaid
+     * @returns 创建结果
+     */
+    async createDiagramNode(whiteboardId, code, syntaxType) {
+        try {
+            const normalizedWhiteboardId = ParamUtils.processWhiteboardId(whiteboardId);
+            const endpoint = `/board/v1/whiteboards/${normalizedWhiteboardId}/nodes/plantuml`;
+            const syntaxTypeName = syntaxType === 1 ? 'PlantUML' : 'Mermaid';
+            Logger.info(`开始在画板中创建 ${syntaxTypeName} 节点，画板ID: ${normalizedWhiteboardId}`);
+            Logger.debug(`${syntaxTypeName} 代码: ${code.substring(0, 200)}...`);
+            const payload = {
+                plant_uml_code: code,
+                style_type: 1, // 画板样式（默认为2 经典样式） 示例值：1 可选值有： 1：画板样式（解析之后为多个画板节点，粘贴到画板中，不可对语法进行二次编辑） 2：经典样式（解析之后为一张图片，粘贴到画板中，可对语法进行二次编辑）（只有PlantUml语法支持经典样式
+                syntax_type: syntaxType
+            };
+            Logger.debug(`请求载荷: ${JSON.stringify(payload, null, 2)}`);
+            const response = await this.post(endpoint, payload);
+            Logger.info(`${syntaxTypeName} 节点创建成功`);
+            return response;
+        }
+        catch (error) {
+            const syntaxTypeName = syntaxType === 1 ? 'PlantUML' : 'Mermaid';
+            Logger.error(`创建 ${syntaxTypeName} 节点失败，画板ID: ${whiteboardId}`, error);
+            this.handleApiError(error, `创建 ${syntaxTypeName} 节点失败`);
+        }
+    }
     /**
      * 从路径或URL获取图片的Base64编码
      * @param imagePathOrUrl 图片路径或URL

package/dist/services/feishuAuthService.js

@@ -1,6 +1,8 @@
 import axios from 'axios';
 import { Config } from '../utils/config.js';
 import { Logger } from '../utils/logger.js';
+import { TokenCacheManager } from '../utils/auth/tokenCacheManager.js';
+import { AuthRequiredError } from '../utils/error.js';
 export class AuthService {
     constructor() {
         Object.defineProperty(this, "config", {
@@ -45,4 +47,109 @@ export class AuthService {
         Logger.debug('[AuthService] getUserTokenByCode response', data);
         return data;
     }
+    /**
+     * 刷新用户访问令牌
+     * 从缓存中获取token信息并刷新，如果缓存中没有必要信息则使用传入的备用参数
+     * @param clientKey 客户端缓存键
+     * @param appId 应用ID（可选，如果tokenInfo中没有则使用此参数）
+     * @param appSecret 应用密钥（可选，如果tokenInfo中没有则使用此参数）
+     * @returns 刷新后的token信息
+     * @throws 如果无法获取必要的刷新信息则抛出错误
+     */
+    async refreshUserToken(clientKey, appId, appSecret) {
+        const tokenCacheManager = TokenCacheManager.getInstance();
+        // 从缓存中获取token信息
+        const tokenInfo = tokenCacheManager.getUserTokenInfo(clientKey);
+        if (!tokenInfo) {
+            throw new Error(`无法获取token信息: ${clientKey}`);
+        }
+        // 获取刷新所需的必要信息
+        const actualRefreshToken = tokenInfo.refresh_token;
+        const actualAppId = tokenInfo.client_id || appId;
+        const actualAppSecret = tokenInfo.client_secret || appSecret;
+        // 验证必要参数
+        if (!actualRefreshToken) {
+            throw new Error('无法获取refresh_token，无法刷新用户访问令牌');
+        }
+        if (!actualAppId || !actualAppSecret) {
+            throw new Error('无法获取client_id或client_secret，无法刷新用户访问令牌');
+        }
+        const body = {
+            grant_type: 'refresh_token',
+            client_id: actualAppId,
+            client_secret: actualAppSecret,
+            refresh_token: actualRefreshToken
+        };
+        Logger.debug('[AuthService] 刷新用户访问令牌请求:', {
+            clientKey,
+            client_id: actualAppId,
+            has_refresh_token: !!actualRefreshToken
+        });
+        const response = await axios.post('https://open.feishu.cn/open-apis/authen/v2/oauth/token', body, {
+            headers: { 'Content-Type': 'application/json' }
+        });
+        const data = response.data;
+        if (data && data.access_token && data.expires_in) {
+            // 计算过期时间戳
+            data.expires_at = Math.floor(Date.now() / 1000) + data.expires_in;
+            if (data.refresh_token_expires_in) {
+                data.refresh_token_expires_at = Math.floor(Date.now() / 1000) + data.refresh_token_expires_in;
+            }
+            // 保留client_id和client_secret（优先使用tokenInfo中的，如果没有则使用实际使用的参数）
+            data.client_id = actualAppId;
+            data.client_secret = actualAppSecret;
+            // 缓存新的token信息
+            const refreshTtl = data.refresh_token_expires_in || 3600 * 24 * 365; // 默认1年
+            tokenCacheManager.cacheUserToken(clientKey, data, refreshTtl);
+            Logger.info(`[AuthService] 用户访问令牌刷新并缓存成功: ${clientKey}`);
+            return data;
+        }
+        else {
+            Logger.warn('[AuthService] 刷新用户访问令牌失败:', data);
+            throw new Error('刷新用户访问令牌失败');
+        }
+    }
+    /**
+     * 获取用户访问令牌
+     * 检查token状态，如果有效则返回缓存的token，如果过期则尝试刷新
+     * @param clientKey 客户端缓存键
+     * @param appId 应用ID（可选，如果tokenInfo中没有则使用此参数）
+     * @param appSecret 应用密钥（可选，如果tokenInfo中没有则使用此参数）
+     * @returns 用户访问令牌
+     * @throws 如果无法获取有效的token则抛出AuthRequiredError
+     */
+    async getUserAccessToken(clientKey, appId, appSecret) {
+        const tokenCacheManager = TokenCacheManager.getInstance();
+        // 检查用户token状态
+        const tokenStatus = tokenCacheManager.checkUserTokenStatus(clientKey);
+        Logger.debug(`[AuthService] 用户token状态:`, tokenStatus);
+        if (tokenStatus.isValid && !tokenStatus.shouldRefresh) {
+            // token有效且不需要刷新，直接返回
+            const cachedToken = tokenCacheManager.getUserToken(clientKey);
+            if (cachedToken) {
+                Logger.debug('[AuthService] 使用缓存的用户访问令牌');
+                return cachedToken;
+            }
+        }
+        if (tokenStatus.canRefresh && (tokenStatus.isExpired || tokenStatus.shouldRefresh)) {
+            // 可以刷新token
+            Logger.info('[AuthService] 尝试刷新用户访问令牌');
+            try {
+                // 使用统一的刷新方法，它会自动从缓存中获取必要信息
+                const refreshedToken = await this.refreshUserToken(clientKey, appId, appSecret);
+                if (refreshedToken && refreshedToken.access_token) {
+                    Logger.info('[AuthService] 用户访问令牌刷新成功');
+                    return refreshedToken.access_token;
+                }
+            }
+            catch (error) {
+                Logger.warn('[AuthService] 刷新用户访问令牌失败:', error);
+                // 刷新失败，清除缓存，需要重新授权
+                tokenCacheManager.removeUserToken(clientKey);
+            }
+        }
+        // 没有有效的token或刷新失败，需要用户授权
+        Logger.warn('[AuthService] 没有有效的用户token，需要用户授权');
+        throw new AuthRequiredError('user', '需要用户授权');
+    }
 }

package/dist/types/feishuSchema.js

@@ -103,9 +103,10 @@ export const ListBlockSchema = z.object({
     align: AlignSchemaWithValidation,
 });
 // 块类型枚举 - 用于批量创建块工具
-export const BlockTypeEnum = z.string().describe("Block type (required). Supports: 'text', 'code', 'heading', 'list', 'image','mermaid',as well as 'heading1' through 'heading9'. " +
+export const BlockTypeEnum = z.string().describe("Block type (required). Supports: 'text', 'code', 'heading', 'list', 'image','mermaid','whiteboard',as well as 'heading1' through 'heading9'. " +
     "For headings, we recommend using 'heading' with level property, but 'heading1'-'heading9' are also supported. " +
     "For images, use 'image' to create empty image blocks that can be filled later. " +
+    "For whiteboards, use 'whiteboard' to create empty whiteboard blocks that return a token for filling content. " +
     "For text blocks, you can include both regular text and equation elements in the same block.");
 // 图片宽度参数定义
 export const ImageWidthSchema = z.number().optional().describe('Image width in pixels (optional). If not provided, the original image width will be used.');
@@ -124,6 +125,12 @@ export const MermaidCodeSchema = z.string().describe('Mermaid code (required). T
 export const MermaidBlockSchema = z.object({
     code: MermaidCodeSchema,
 });
+// 画板对齐方式参数定义
+export const WhiteboardAlignSchema = z.number().optional().default(2).describe('Whiteboard alignment: 1 for left, 2 for center (default), 3 for right.');
+// 画板块内容定义 - 用于批量创建块工具
+export const WhiteboardBlockSchema = z.object({
+    align: WhiteboardAlignSchema,
+});
 // 块配置定义 - 用于批量创建块工具
 export const BlockConfigSchema = z.object({
     blockType: BlockTypeEnum,
@@ -134,6 +141,7 @@ export const BlockConfigSchema = z.object({
         z.object({ list: ListBlockSchema }).describe("List block options. Used when blockType is 'list'."),
         z.object({ image: ImageBlockSchema }).describe("Image block options. Used when blockType is 'image'. Creates empty image blocks."),
         z.object({ mermaid: MermaidBlockSchema }).describe("Mermaid block options.  Used when blockType is 'mermaid'."),
+        z.object({ whiteboard: WhiteboardBlockSchema }).describe("Whiteboard block options. Used when blockType is 'whiteboard'. Creates empty whiteboard blocks that return a token for filling content."),
         z.record(z.any()).describe("Fallback for any other block options")
     ]).describe('Options for the specific block type. Provide the corresponding options object based on blockType.'),
 });
@@ -196,5 +204,26 @@ export const ImagesArraySchema = z.array(z.object({
 export const WhiteboardIdSchema = z.string().describe('Whiteboard ID (required). This is the token value from the board.token field when getting document blocks.\n' +
     'When you find a block with block_type: 43, the whiteboard ID is located in board.token field.\n' +
     'Example: "EPJKwvY5ghe3pVbKj9RcT2msnBX"');
+// 画板代码参数定义（支持 PlantUML 和 Mermaid）
+export const WhiteboardCodeSchema = z.string().describe('Diagram code (required). The complete diagram code to create in the whiteboard.\n' +
+    'Supports both PlantUML and Mermaid formats.\n' +
+    'PlantUML example: "@startuml\nAlice -> Bob: Hello\n@enduml"\n' +
+    'Mermaid example: "graph TD\nA[Start] --> B[End]"');
+// 语法类型参数定义
+export const SyntaxTypeSchema = z.number().describe('Syntax type (required). Specifies the diagram syntax format.\n' +
+    '1: PlantUML syntax\n' +
+    '2: Mermaid syntax');
+// 画板内容配置定义（包含画板ID和内容配置）
+export const WhiteboardContentSchema = z.object({
+    whiteboardId: WhiteboardIdSchema,
+    code: WhiteboardCodeSchema,
+    syntax_type: SyntaxTypeSchema,
+}).describe('Whiteboard content configuration. Contains the whiteboard ID, diagram code and syntax type.\n' +
+    'whiteboardId: The token value from board.token field when creating whiteboard block (required)\n' +
+    'code: The diagram code (PlantUML or Mermaid format) (required)\n' +
+    'syntax_type: 1 for PlantUML, 2 for Mermaid (required)');
+// 批量填充画板数组定义
+export const WhiteboardFillArraySchema = z.array(WhiteboardContentSchema).describe('Array of whiteboard fill items (required). Each item must include whiteboardId, code and syntax_type.\n' +
+    'Example: [{whiteboardId:"token1", code:"@startuml...", syntax_type:1}, {whiteboardId:"token2", code:"graph TD...", syntax_type:2}]');
 // 文档标题参数定义
 export const DocumentTitleSchema = z.string().describe('Document title (required). This will be displayed in the Feishu document list and document header.');

package/dist/utils/auth/index.js

@@ -2,3 +2,4 @@ export { UserContextManager, getBaseUrl } from './userContextManager.js';
 export { UserAuthManager } from './userAuthManager.js';
 export { TokenCacheManager } from './tokenCacheManager.js';
 export { AuthUtils } from './authUtils.js';
+export { TokenRefreshManager } from './tokenRefreshManager.js';