koishi-plugin-github-webhook-pusher 0.0.7 → 0.0.8

package/lib/repository/delivery.js

@@ -0,0 +1,63 @@
+"use strict";
+/**
+ * 投递记录数据访问层
+ * 需求: 1.6
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.recordDelivery = recordDelivery;
+exports.isDelivered = isDelivered;
+exports.getDelivery = getDelivery;
+exports.cleanupDeliveries = cleanupDeliveries;
+/**
+ * 记录投递
+ * 需求 1.6: 记录 Delivery ID 用于去重
+ * @param ctx Koishi 上下文
+ * @param deliveryId GitHub Delivery ID
+ * @param repo 仓库名 (owner/repo)
+ * @param event 事件类型
+ * @returns 创建的投递记录
+ */
+async function recordDelivery(ctx, deliveryId, repo, event) {
+    const now = new Date();
+    await ctx.database.create('github_deliveries', {
+        deliveryId,
+        repo,
+        event,
+        receivedAt: now,
+    });
+    const [created] = await ctx.database.get('github_deliveries', { deliveryId });
+    return created;
+}
+/**
+ * 检查是否已投递
+ * 需求 1.6: 检查 Delivery ID 是否已处理过，用于去重
+ * @param ctx Koishi 上下文
+ * @param deliveryId GitHub Delivery ID
+ * @returns 是否已投递
+ */
+async function isDelivered(ctx, deliveryId) {
+    const deliveries = await ctx.database.get('github_deliveries', { deliveryId });
+    return deliveries.length > 0;
+}
+/**
+ * 获取投递记录
+ * @param ctx Koishi 上下文
+ * @param deliveryId GitHub Delivery ID
+ * @returns 投递记录，不存在返回 null
+ */
+async function getDelivery(ctx, deliveryId) {
+    const deliveries = await ctx.database.get('github_deliveries', { deliveryId });
+    return deliveries.length > 0 ? deliveries[0] : null;
+}
+/**
+ * 清理旧的投递记录
+ * @param ctx Koishi 上下文
+ * @param beforeDate 清理此日期之前的记录
+ * @returns 清理的记录数
+ */
+async function cleanupDeliveries(ctx, beforeDate) {
+    const result = await ctx.database.remove('github_deliveries', {
+        receivedAt: { $lt: beforeDate },
+    });
+    return result.removed ?? 0;
+}

package/lib/repository/index.js

@@ -0,0 +1,22 @@
+"use strict";
+/**
+ * 数据访问层导出
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./trust"), exports);
+__exportStar(require("./subscription"), exports);
+__exportStar(require("./delivery"), exports);

package/lib/repository/subscription.js

@@ -0,0 +1,187 @@
+"use strict";
+/**
+ * 订阅数据访问层
+ * 需求: 3.1-3.7, 5.1, 5.2
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createSubscription = createSubscription;
+exports.removeSubscription = removeSubscription;
+exports.listSubscriptions = listSubscriptions;
+exports.getSubscription = getSubscription;
+exports.updateEvents = updateEvents;
+exports.queryTargets = queryTargets;
+exports.getRepoSubscriptions = getRepoSubscriptions;
+exports.enableSubscription = enableSubscription;
+exports.disableSubscription = disableSubscription;
+/**
+ * 创建订阅
+ * 需求 3.1: 为当前会话创建订阅记录
+ * @param ctx Koishi 上下文
+ * @param session 会话标识
+ * @param repo 仓库名 (owner/repo)
+ * @param defaultEvents 默认事件列表
+ * @returns 创建的订阅记录
+ */
+async function createSubscription(ctx, session, repo, defaultEvents) {
+    const now = new Date();
+    // 检查是否已存在
+    const existing = await ctx.database.get('github_subscriptions', {
+        platform: session.platform,
+        channelId: session.channelId,
+        repo,
+    });
+    if (existing.length > 0) {
+        return existing[0];
+    }
+    await ctx.database.create('github_subscriptions', {
+        platform: session.platform,
+        channelId: session.channelId,
+        guildId: session.guildId || '',
+        userId: session.userId || '',
+        repo,
+        events: defaultEvents,
+        enabled: true,
+        createdAt: now,
+        updatedAt: now,
+    });
+    const [created] = await ctx.database.get('github_subscriptions', {
+        platform: session.platform,
+        channelId: session.channelId,
+        repo,
+    });
+    return created;
+}
+/**
+ * 移除订阅
+ * 需求 3.3: 移除当前会话对该仓库的订阅
+ * @param ctx Koishi 上下文
+ * @param session 会话标识
+ * @param repo 仓库名 (owner/repo)
+ * @returns 是否成功移除
+ */
+async function removeSubscription(ctx, session, repo) {
+    const result = await ctx.database.remove('github_subscriptions', {
+        platform: session.platform,
+        channelId: session.channelId,
+        repo,
+    });
+    return (result.removed ?? 0) > 0;
+}
+/**
+ * 列出会话的所有订阅
+ * 需求 3.4: 显示当前会话的所有订阅及其事件设置
+ * @param ctx Koishi 上下文
+ * @param session 会话标识
+ * @returns 订阅列表
+ */
+async function listSubscriptions(ctx, session) {
+    return ctx.database.get('github_subscriptions', {
+        platform: session.platform,
+        channelId: session.channelId,
+    });
+}
+/**
+ * 获取单个订阅
+ * 需求 3.5: 显示该仓库订阅的事件类型列表
+ * @param ctx Koishi 上下文
+ * @param session 会话标识
+ * @param repo 仓库名 (owner/repo)
+ * @returns 订阅记录，不存在返回 null
+ */
+async function getSubscription(ctx, session, repo) {
+    const subs = await ctx.database.get('github_subscriptions', {
+        platform: session.platform,
+        channelId: session.channelId,
+        repo,
+    });
+    return subs.length > 0 ? subs[0] : null;
+}
+/**
+ * 更新订阅的事件类型
+ * 需求 3.6: 根据 +/- 前缀启用或禁用对应事件类型
+ * @param ctx Koishi 上下文
+ * @param session 会话标识
+ * @param repo 仓库名 (owner/repo)
+ * @param events 新的事件列表
+ * @returns 是否成功更新
+ */
+async function updateEvents(ctx, session, repo, events) {
+    const result = await ctx.database.set('github_subscriptions', {
+        platform: session.platform,
+        channelId: session.channelId,
+        repo,
+    }, {
+        events,
+        updatedAt: new Date(),
+    });
+    return (result.modified ?? 0) > 0;
+}
+/**
+ * 查询订阅目标
+ * 需求 5.1, 5.2: 查询所有订阅该仓库的目标会话，并根据事件类型过滤
+ * @param ctx Koishi 上下文
+ * @param repo 仓库名 (owner/repo)
+ * @param eventType 事件类型
+ * @returns 推送目标列表
+ */
+async function queryTargets(ctx, repo, eventType) {
+    // 获取所有订阅该仓库且已启用的订阅
+    const subscriptions = await ctx.database.get('github_subscriptions', {
+        repo,
+        enabled: true,
+    });
+    // 过滤出订阅了该事件类型的目标
+    return subscriptions
+        .filter(sub => sub.events.includes(eventType))
+        .map(sub => ({
+        platform: sub.platform,
+        channelId: sub.channelId,
+        guildId: sub.guildId || undefined,
+        userId: sub.userId || undefined,
+    }));
+}
+/**
+ * 获取仓库的所有订阅
+ * @param ctx Koishi 上下文
+ * @param repo 仓库名 (owner/repo)
+ * @returns 订阅列表
+ */
+async function getRepoSubscriptions(ctx, repo) {
+    return ctx.database.get('github_subscriptions', { repo });
+}
+/**
+ * 启用订阅
+ * @param ctx Koishi 上下文
+ * @param session 会话标识
+ * @param repo 仓库名 (owner/repo)
+ * @returns 是否成功启用
+ */
+async function enableSubscription(ctx, session, repo) {
+    const result = await ctx.database.set('github_subscriptions', {
+        platform: session.platform,
+        channelId: session.channelId,
+        repo,
+    }, {
+        enabled: true,
+        updatedAt: new Date(),
+    });
+    return (result.modified ?? 0) > 0;
+}
+/**
+ * 禁用订阅
+ * @param ctx Koishi 上下文
+ * @param session 会话标识
+ * @param repo 仓库名 (owner/repo)
+ * @returns 是否成功禁用
+ */
+async function disableSubscription(ctx, session, repo) {
+    const result = await ctx.database.set('github_subscriptions', {
+        platform: session.platform,
+        channelId: session.channelId,
+        repo,
+    }, {
+        enabled: false,
+        updatedAt: new Date(),
+    });
+    return (result.modified ?? 0) > 0;
+}

package/lib/repository/trust.js

@@ -0,0 +1,133 @@
+"use strict";
+/**
+ * 信任仓库数据访问层
+ * 需求: 2.1-2.7
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isValidRepoFormat = isValidRepoFormat;
+exports.addTrustedRepo = addTrustedRepo;
+exports.removeTrustedRepo = removeTrustedRepo;
+exports.listTrustedRepos = listTrustedRepos;
+exports.isTrusted = isTrusted;
+exports.isInTrustList = isInTrustList;
+exports.enableRepo = enableRepo;
+exports.disableRepo = disableRepo;
+exports.getTrustedRepo = getTrustedRepo;
+/** 仓库名格式验证正则表达式 */
+const REPO_NAME_REGEX = /^[a-zA-Z0-9_.-]+\/[a-zA-Z0-9_.-]+$/;
+/**
+ * 验证仓库名格式是否符合 owner/repo 格式
+ * @param repo 仓库名
+ * @returns 是否有效
+ */
+function isValidRepoFormat(repo) {
+    if (!repo || typeof repo !== 'string') {
+        return false;
+    }
+    return REPO_NAME_REGEX.test(repo);
+}
+/**
+ * 添加信任仓库
+ * 需求 2.1: 将仓库添加到信任列表并持久化到数据库
+ * @param ctx Koishi 上下文
+ * @param repo 仓库名 (owner/repo)
+ * @returns 添加的仓库记录，如果格式错误返回 null
+ */
+async function addTrustedRepo(ctx, repo) {
+    if (!isValidRepoFormat(repo)) {
+        return null;
+    }
+    const now = new Date();
+    // 检查是否已存在
+    const existing = await ctx.database.get('github_trusted_repos', { repo });
+    if (existing.length > 0) {
+        return existing[0];
+    }
+    await ctx.database.create('github_trusted_repos', {
+        repo,
+        enabled: true,
+        createdAt: now,
+        updatedAt: now,
+    });
+    const [created] = await ctx.database.get('github_trusted_repos', { repo });
+    return created;
+}
+/**
+ * 移除信任仓库
+ * 需求 2.2: 从信任列表中移除该仓库
+ * @param ctx Koishi 上下文
+ * @param repo 仓库名 (owner/repo)
+ * @returns 是否成功移除
+ */
+async function removeTrustedRepo(ctx, repo) {
+    const result = await ctx.database.remove('github_trusted_repos', { repo });
+    return (result.removed ?? 0) > 0;
+}
+/**
+ * 列出所有信任仓库
+ * 需求 2.3: 显示所有信任仓库及其启用状态
+ * @param ctx Koishi 上下文
+ * @returns 信任仓库列表
+ */
+async function listTrustedRepos(ctx) {
+    return ctx.database.get('github_trusted_repos', {});
+}
+/**
+ * 检查仓库是否在信任列表中且已启用
+ * 需求 2.6: 验证仓库是否可以处理事件
+ * @param ctx Koishi 上下文
+ * @param repo 仓库名 (owner/repo)
+ * @returns 是否信任且启用
+ */
+async function isTrusted(ctx, repo) {
+    const repos = await ctx.database.get('github_trusted_repos', { repo, enabled: true });
+    return repos.length > 0;
+}
+/**
+ * 检查仓库是否在信任列表中（不考虑启用状态）
+ * @param ctx Koishi 上下文
+ * @param repo 仓库名 (owner/repo)
+ * @returns 是否在信任列表中
+ */
+async function isInTrustList(ctx, repo) {
+    const repos = await ctx.database.get('github_trusted_repos', { repo });
+    return repos.length > 0;
+}
+/**
+ * 启用信任仓库
+ * 需求 2.4: 启用该仓库的事件处理
+ * @param ctx Koishi 上下文
+ * @param repo 仓库名 (owner/repo)
+ * @returns 是否成功启用
+ */
+async function enableRepo(ctx, repo) {
+    const result = await ctx.database.set('github_trusted_repos', { repo }, {
+        enabled: true,
+        updatedAt: new Date(),
+    });
+    return (result.modified ?? 0) > 0;
+}
+/**
+ * 禁用信任仓库
+ * 需求 2.5: 禁用该仓库的事件处理
+ * @param ctx Koishi 上下文
+ * @param repo 仓库名 (owner/repo)
+ * @returns 是否成功禁用
+ */
+async function disableRepo(ctx, repo) {
+    const result = await ctx.database.set('github_trusted_repos', { repo }, {
+        enabled: false,
+        updatedAt: new Date(),
+    });
+    return (result.modified ?? 0) > 0;
+}
+/**
+ * 获取单个信任仓库信息
+ * @param ctx Koishi 上下文
+ * @param repo 仓库名 (owner/repo)
+ * @returns 仓库信息，不存在返回 null
+ */
+async function getTrustedRepo(ctx, repo) {
+    const repos = await ctx.database.get('github_trusted_repos', { repo });
+    return repos.length > 0 ? repos[0] : null;
+}

package/lib/signature.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createSignature = createSignature;
+exports.verifySignature = verifySignature;
+const crypto_1 = require("crypto");
+/**
+ * 创建 GitHub Webhook 签名
+ * @param payload 原始请求体
+ * @param secret Webhook Secret
+ * @returns 签名字符串，格式为 sha256=<hex_digest>
+ */
+function createSignature(payload, secret) {
+    const hmac = (0, crypto_1.createHmac)('sha256', secret);
+    hmac.update(payload, 'utf8');
+    return `sha256=${hmac.digest('hex')}`;
+}
+/**
+ * 验证 GitHub Webhook 签名
+ * @param payload 原始请求体
+ * @param signature X-Hub-Signature-256 头的值
+ * @param secret 配置的 Webhook Secret
+ * @returns 签名是否有效
+ */
+function verifySignature(payload, signature, secret) {
+    // 检查签名格式
+    if (!signature || !signature.startsWith('sha256=')) {
+        return false;
+    }
+    const expected = createSignature(payload, secret);
+    // 使用常量时间比较防止时序攻击
+    const sigBuffer = Buffer.from(signature);
+    const expectedBuffer = Buffer.from(expected);
+    // 长度不同时也需要进行比较以保持常量时间
+    if (sigBuffer.length !== expectedBuffer.length) {
+        return false;
+    }
+    return (0, crypto_1.timingSafeEqual)(sigBuffer, expectedBuffer);
+}

package/lib/types.js

@@ -0,0 +1,40 @@
+"use strict";
+/**
+ * 事件类型和接口定义
+ * 需求: 4.1-4.7
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EVENT_DISPLAY_MAP = void 0;
+exports.getDisplayType = getDisplayType;
+exports.getEventEmoji = getEventEmoji;
+/** 事件类型到显示名称和 emoji 的映射 */
+exports.EVENT_DISPLAY_MAP = {
+    issues: { name: 'Issue', emoji: '📌' },
+    issue_comment: { name: 'Issue Comment', emoji: '💬' },
+    release: { name: 'Release', emoji: '🚀' },
+    push: { name: 'Commit', emoji: '⬆️' },
+    pull_request: { name: 'PR', emoji: '🔀' },
+    pull_request_review: { name: 'PR Review', emoji: '🧪' },
+    pull_request_review_comment: { name: 'PR Review Comment', emoji: '💬' },
+    star: { name: 'Star', emoji: '⭐' },
+    fork: { name: 'Fork', emoji: '🍴' },
+    create: { name: 'Create', emoji: '✨' },
+    delete: { name: 'Delete', emoji: '🗑️' },
+    workflow_run: { name: 'Workflow', emoji: '🧩' },
+};
+/**
+ * 获取事件类型的显示名称
+ * @param type 事件类型
+ * @returns 显示名称
+ */
+function getDisplayType(type) {
+    return exports.EVENT_DISPLAY_MAP[type].name;
+}
+/**
+ * 获取事件类型的 emoji
+ * @param type 事件类型
+ * @returns emoji 字符
+ */
+function getEventEmoji(type) {
+    return exports.EVENT_DISPLAY_MAP[type].emoji;
+}

package/lib/webhook.js

@@ -0,0 +1,153 @@
+"use strict";
+/**
+ * Webhook 处理器
+ * 需求: 1.1-1.6, 2.6, 9.1-9.6
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerWebhook = registerWebhook;
+const koishi_1 = require("koishi");
+const signature_1 = require("./signature");
+const parser_1 = require("./parser");
+const pusher_1 = require("./pusher");
+const repository_1 = require("./repository");
+const logger = new koishi_1.Logger('github-webhook');
+/**
+ * 注册 Webhook 处理器
+ * 需求 1.1: 在配置的路径上监听 HTTP POST 请求
+ * @param ctx Koishi 上下文
+ * @param config 插件配置
+ */
+function registerWebhook(ctx, config) {
+    const path = config.path || '/github/webhook';
+    logger.info(`注册 Webhook 处理器: ${path}`);
+    // 使用 ctx.server.post 注册 HTTP POST 路由
+    ctx.server.post(path, async (koaCtx) => {
+        const startTime = Date.now();
+        try {
+            // 获取请求信息
+            const signature = koaCtx.get('X-Hub-Signature-256');
+            const eventName = koaCtx.get('X-GitHub-Event');
+            const deliveryId = koaCtx.get('X-GitHub-Delivery');
+            // 获取原始请求体
+            const rawBody = await getRawBody(koaCtx);
+            // 需求 9.1: 记录请求来源、事件类型
+            if (config.debug) {
+                logger.debug(`收到 Webhook 请求: event=${eventName}, delivery=${deliveryId}`);
+            }
+            // 需求 1.2, 1.3, 1.4: 签名验证
+            if (config.secret) {
+                if (!signature) {
+                    // 需求 1.4: 缺少签名头
+                    logger.warn('请求缺少 X-Hub-Signature-256 头');
+                    koaCtx.status = 401;
+                    koaCtx.body = { error: 'Missing signature' };
+                    return;
+                }
+                if (!(0, signature_1.verifySignature)(rawBody, signature, config.secret)) {
+                    // 需求 1.3, 9.2: 签名验证失败
+                    logger.warn('签名验证失败');
+                    koaCtx.status = 401;
+                    koaCtx.body = {
+                        error: 'Invalid signature. Ensure Content-Type is application/json, and the signed payload matches the raw request body. 签名无效：请确认 Content-Type 为 application/json，且签名内容与实际请求体完全一致。'
+                    };
+                    return;
+                }
+            }
+            // 需求 1.5: 签名验证成功，继续处理
+            // 解析 JSON 负载
+            let payload;
+            try {
+                payload = JSON.parse(rawBody);
+            }
+            catch (e) {
+                logger.warn('无法解析 JSON 负载');
+                koaCtx.status = 400;
+                koaCtx.body = { error: 'Invalid JSON payload' };
+                return;
+            }
+            // 获取仓库名
+            const repo = payload.repository?.full_name;
+            if (!repo) {
+                logger.warn('负载中缺少仓库信息');
+                koaCtx.status = 400;
+                koaCtx.body = { error: 'Missing repository information' };
+                return;
+            }
+            // 需求 9.1: 记录仓库名
+            logger.info(`收到 Webhook: [${repo}] ${eventName} (${deliveryId})`);
+            // 需求 1.6: 去重检查
+            if (deliveryId) {
+                const isDuplicate = await (0, repository_1.isDelivered)(ctx, deliveryId);
+                if (isDuplicate) {
+                    logger.info(`跳过重复请求: ${deliveryId}`);
+                    koaCtx.status = 200;
+                    koaCtx.body = { status: 'duplicate' };
+                    return;
+                }
+            }
+            // 需求 2.6: 信任仓库验证
+            if (!config.allowUntrusted) {
+                const trusted = await (0, repository_1.isTrusted)(ctx, repo);
+                if (!trusted) {
+                    // 需求 9.3: 记录非信任仓库事件
+                    logger.info(`忽略非信任仓库事件: ${repo}`);
+                    koaCtx.status = 200;
+                    koaCtx.body = { status: 'ignored', reason: 'untrusted' };
+                    return;
+                }
+            }
+            // 解析事件
+            const event = (0, parser_1.parseEvent)(eventName, payload);
+            if (!event) {
+                logger.info(`不支持的事件类型: ${eventName}`);
+                koaCtx.status = 200;
+                koaCtx.body = { status: 'ignored', reason: 'unsupported' };
+                return;
+            }
+            // 需求 1.6: 记录投递（在处理前记录，防止重复处理）
+            if (deliveryId) {
+                await (0, repository_1.recordDelivery)(ctx, deliveryId, repo, eventName);
+            }
+            // 推送消息
+            const result = await (0, pusher_1.pushEvent)(ctx, event, config.concurrency);
+            // 需求 9.4: 记录推送结果
+            const elapsed = Date.now() - startTime;
+            logger.info(`处理完成: 推送 ${result.pushed} 成功, ${result.failed} 失败 (${elapsed}ms)`);
+            // 需求 1.5: 返回成功响应
+            koaCtx.status = 200;
+            koaCtx.body = { status: 'ok', pushed: result.pushed };
+        }
+        catch (error) {
+            // 需求 9.5: 记录错误
+            const errorMessage = error instanceof Error ? error.message : String(error);
+            logger.error(`处理 Webhook 时发生错误: ${errorMessage}`);
+            if (config.debug && error instanceof Error) {
+                logger.error(error.stack || '');
+            }
+            koaCtx.status = 500;
+            koaCtx.body = { status: 'error', error: 'Internal server error' };
+        }
+    });
+}
+/**
+ * 获取原始请求体
+ * @param koaCtx Koa 上下文
+ * @returns 原始请求体字符串
+ */
+async function getRawBody(koaCtx) {
+    // 如果已经有解析好的 body，尝试重新序列化
+    if (koaCtx.request.body) {
+        return JSON.stringify(koaCtx.request.body);
+    }
+    // 否则从流中读取
+    return new Promise((resolve, reject) => {
+        let data = '';
+        koaCtx.req.on('data', (chunk) => {
+            data += chunk.toString();
+        });
+        koaCtx.req.on('end', () => {
+            resolve(data);
+        });
+        koaCtx.req.on('error', reject);
+    });
+}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "koishi-plugin-github-webhook-pusher",
   "description": "GitHub Webhook 事件推送插件",
-  "version": "0.0.7",
+  "version": "0.0.8",
   "contributors": [
     "ClozyA <aoxuan233@gmail.com>"
   ],