npm - koishi-plugin-github-webhook-pusher - Versions diffs - 0.0.7 → 0.0.9 - Mend

koishi-plugin-github-webhook-pusher 0.0.7 → 0.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/lib/commands/index.js +12 -0
package/lib/commands/subscription.js +214 -0
package/lib/commands/trust.js +119 -0
package/lib/commands/utils.js +182 -0
package/lib/config.d.ts +4 -2
package/lib/config.js +31 -0
package/lib/database.js +39 -0
package/lib/index.js +80 -0
package/lib/message.js +250 -0
package/lib/parser.js +304 -0
package/lib/pusher.js +128 -0
package/lib/repository/delivery.js +63 -0
package/lib/repository/index.js +22 -0
package/lib/repository/subscription.js +187 -0
package/lib/repository/trust.js +133 -0
package/lib/signature.js +38 -0
package/lib/types.js +40 -0
package/lib/webhook.js +188 -0
package/package.json +1 -1
package/readme.md +5 -1

package/lib/webhook.js ADDED Viewed

@@ -0,0 +1,188 @@
+"use strict";
+/**
+ * Webhook 处理器
+ * 需求: 1.1-1.6, 2.6, 9.1-9.6
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerWebhook = registerWebhook;
+const koishi_1 = require("koishi");
+const signature_1 = require("./signature");
+const parser_1 = require("./parser");
+const pusher_1 = require("./pusher");
+const repository_1 = require("./repository");
+const logger = new koishi_1.Logger('github-webhook');
+/**
+ * 注册 Webhook 处理器
+ * 需求 1.1: 在配置的路径上监听 HTTP POST 请求
+ * @param ctx Koishi 上下文
+ * @param config 插件配置
+ */
+function registerWebhook(ctx, config) {
+    const path = config.path || '/github/webhook';
+    logger.info(`注册 Webhook 处理器: ${path}`);
+    // 使用 ctx.server.post 注册 HTTP POST 路由
+    ctx.server.post(path, async (koaCtx) => {
+        const startTime = Date.now();
+        try {
+            // 获取请求信息
+            const signature = koaCtx.get('X-Hub-Signature-256');
+            const eventName = koaCtx.get('X-GitHub-Event');
+            const deliveryId = koaCtx.get('X-GitHub-Delivery');
+            // 获取原始请求体
+            const rawBody = await getRawBody(koaCtx);
+            // 需求 9.1: 记录请求来源、事件类型
+            if (config.debug) {
+                logger.debug(`收到 Webhook 请求: event=${eventName}, delivery=${deliveryId}`);
+            }
+            // 需求 1.2, 1.3, 1.4: 签名验证
+            if (config.secret) {
+                if (!signature) {
+                    // 需求 1.4: 缺少签名头
+                    logger.warn('请求缺少 X-Hub-Signature-256 头');
+                    koaCtx.status = 401;
+                    koaCtx.body = { error: 'Missing signature' };
+                    return;
+                }
+                let payloadForVerify = rawBody;
+                if (!payloadForVerify) {
+                    const requestBody = koaCtx.request?.body;
+                    if (requestBody) {
+                        // fallback: body parser 已消费流，无法获得 raw body
+                        payloadForVerify = JSON.stringify(requestBody);
+                        logger.warn('未获取到原始请求体，已使用解析后的 body 进行验签（可能导致验签失败）');
+                    }
+                    else {
+                        logger.warn('无法获取请求体，无法进行签名验证');
+                        koaCtx.status = 400;
+                        koaCtx.body = { error: 'Missing request body' };
+                        return;
+                    }
+                }
+                if (!(0, signature_1.verifySignature)(payloadForVerify, signature, config.secret)) {
+                    // 需求 1.3, 9.2: 签名验证失败
+                    logger.warn('签名验证失败');
+                    koaCtx.status = 401;
+                    koaCtx.body = {
+                        error: 'Invalid signature. Ensure Content-Type is application/json, and the signed payload matches the raw request body. 签名无效：请确认 Content-Type 为 application/json，且签名内容与实际请求体完全一致。'
+                    };
+                    return;
+                }
+            }
+            // 需求 1.5: 签名验证成功，继续处理
+            // 解析 JSON 负载
+            let payload;
+            if (rawBody) {
+                try {
+                    payload = JSON.parse(rawBody);
+                }
+                catch (e) {
+                    logger.warn('无法解析 JSON 负载');
+                    koaCtx.status = 400;
+                    koaCtx.body = { error: 'Invalid JSON payload' };
+                    return;
+                }
+            }
+            else {
+                const requestBody = koaCtx.request?.body;
+                if (requestBody) {
+                    payload = requestBody;
+                }
+                else {
+                    logger.warn('请求体为空或无法读取');
+                    koaCtx.status = 400;
+                    koaCtx.body = { error: 'Missing request body' };
+                    return;
+                }
+            }
+            // 获取仓库名
+            const repo = payload.repository?.full_name;
+            if (!repo) {
+                logger.warn('负载中缺少仓库信息');
+                koaCtx.status = 400;
+                koaCtx.body = { error: 'Missing repository information' };
+                return;
+            }
+            // 需求 9.1: 记录仓库名
+            logger.info(`收到 Webhook: [${repo}] ${eventName} (${deliveryId})`);
+            // 需求 1.6: 去重检查
+            if (deliveryId) {
+                const isDuplicate = await (0, repository_1.isDelivered)(ctx, deliveryId);
+                if (isDuplicate) {
+                    logger.info(`跳过重复请求: ${deliveryId}`);
+                    koaCtx.status = 200;
+                    koaCtx.body = { status: 'duplicate' };
+                    return;
+                }
+            }
+            // 需求 2.6: 信任仓库验证
+            if (!config.allowUntrusted) {
+                const trusted = await (0, repository_1.isTrusted)(ctx, repo);
+                if (!trusted) {
+                    // 需求 9.3: 记录非信任仓库事件
+                    logger.info(`忽略非信任仓库事件: ${repo}`);
+                    koaCtx.status = 200;
+                    koaCtx.body = { status: 'ignored', reason: 'untrusted' };
+                    return;
+                }
+            }
+            // 解析事件
+            const event = (0, parser_1.parseEvent)(eventName, payload);
+            if (!event) {
+                logger.info(`不支持的事件类型: ${eventName}`);
+                koaCtx.status = 200;
+                koaCtx.body = { status: 'ignored', reason: 'unsupported' };
+                return;
+            }
+            // 需求 1.6: 记录投递（在处理前记录，防止重复处理）
+            if (deliveryId) {
+                await (0, repository_1.recordDelivery)(ctx, deliveryId, repo, eventName);
+            }
+            // 推送消息
+            const result = await (0, pusher_1.pushEvent)(ctx, event, config.concurrency);
+            // 需求 9.4: 记录推送结果
+            const elapsed = Date.now() - startTime;
+            logger.info(`处理完成: 推送 ${result.pushed} 成功, ${result.failed} 失败 (${elapsed}ms)`);
+            // 需求 1.5: 返回成功响应
+            koaCtx.status = 200;
+            koaCtx.body = { status: 'ok', pushed: result.pushed };
+        }
+        catch (error) {
+            // 需求 9.5: 记录错误
+            const errorMessage = error instanceof Error ? error.message : String(error);
+            logger.error(`处理 Webhook 时发生错误: ${errorMessage}`);
+            if (config.debug && error instanceof Error) {
+                logger.error(error.stack || '');
+            }
+            koaCtx.status = 500;
+            koaCtx.body = { status: 'error', error: 'Internal server error' };
+        }
+    });
+}
+/**
+ * 获取原始请求体
+ * @param koaCtx Koa 上下文
+ * @returns 原始请求体字符串
+ */
+async function getRawBody(koaCtx) {
+    const rawBody = koaCtx.request?.rawBody;
+    if (typeof rawBody === 'string') {
+        return rawBody;
+    }
+    if (Buffer.isBuffer(rawBody)) {
+        return rawBody.toString('utf8');
+    }
+    if (!koaCtx.req?.readable) {
+        return null;
+    }
+    // 否则从流中读取
+    return new Promise((resolve, reject) => {
+        let data = '';
+        koaCtx.req.on('data', (chunk) => {
+            data += chunk.toString();
+        });
+        koaCtx.req.on('end', () => {
+            resolve(data);
+        });
+        koaCtx.req.on('error', reject);
+    });
+}

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "koishi-plugin-github-webhook-pusher",
   "description": "GitHub Webhook 事件推送插件",
-  "version": "0.0.7",
+  "version": "0.0.9",
   "contributors": [
     "ClozyA <aoxuan233@gmail.com>"
   ],

package/readme.md CHANGED Viewed

@@ -31,11 +31,12 @@ npm install koishi-plugin-github-webhook-pusher
 |--------|------|--------|------|
 | `path` | string | `/github/webhook` | Webhook 接收路径 |
 | `secret` | string | (必填) | GitHub Webhook Secret，用于签名验证 |
-| `baseUrl` | string | - | 显示用基础 URL |
 | `defaultEvents` | string[] | `['issues', 'release', 'push']` | 新订阅的默认事件类型 |
 | `debug` | boolean | `false` | 启用调试模式，输出详细日志 |
 | `allowUntrusted` | boolean | `false` | 是否允许处理非信任仓库的事件 |
 | `concurrency` | number | `5` | 消息推送并发数 |
+| `deliveryRetentionDays` | number | `30` | 投递记录保留天数（<=0 表示不清理） |
+| `deliveryCleanupIntervalHours` | number | `24` | 投递记录清理间隔（小时） |
 ### 配置示例
@@ -51,6 +52,8 @@ plugins:
     debug: false
     allowUntrusted: false
     concurrency: 5
+    deliveryRetentionDays: 30
+    deliveryCleanupIntervalHours: 24
 ```
 ## GitHub Webhook 设置指南
@@ -178,6 +181,7 @@ https://github.com/owner/repo/releases/tag/v1.0.0
 **A:** 签名验证失败。请检查：
 1. GitHub Webhook 设置中的 Secret 与插件配置的 `secret` 是否一致
 2. Content type 是否设置为 `application/json`
+3. 如果服务器未保留 raw body，插件会使用解析后的 body 回退验签，可能导致签名不一致；建议配置保留原始请求体
 ### Q: 收不到 Webhook 事件？