koishi-plugin-imx 2.1.1 → 2.2.1

package/lib/constants/index.d.ts

@@ -11,6 +11,10 @@ export declare function isBot(username: string): boolean;
  * 用户代理字符串
  */
 export declare const userAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36";
+/**
+ * MX Space API 专用用户代理（常见浏览器 UA）
+ */
+export declare const mxSpaceUserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36";
 /**
  * 开发环境检测
  */

package/lib/constants/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.isDev = exports.userAgent = exports.botList = void 0;
+exports.isDev = exports.mxSpaceUserAgent = exports.userAgent = exports.botList = void 0;
 exports.isBot = isBot;
 /**
  * 常见的机器人账号列表
@@ -42,6 +42,10 @@ function isBot(username) {
  * 用户代理字符串
  */
 exports.userAgent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36';
+/**
+ * MX Space API 专用用户代理（常见浏览器 UA）
+ */
+exports.mxSpaceUserAgent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36';
 /**
  * 开发环境检测
  */

package/lib/debug/webhook-debug.d.ts

@@ -0,0 +1,8 @@
+import { Context, Schema } from 'koishi';
+export declare const name = "webhook-debug";
+export declare const inject: string[];
+export interface Config {
+    path?: string;
+}
+export declare const Config: Schema<Config>;
+export declare function apply(ctx: Context, config: Config): void;

package/lib/debug/webhook-debug.js

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Config = exports.inject = exports.name = void 0;
+exports.apply = apply;
+const koishi_1 = require("koishi");
+exports.name = 'webhook-debug';
+exports.inject = ['server'];
+exports.Config = koishi_1.Schema.object({
+    path: koishi_1.Schema.string().description('调试 Webhook 路径').default('/debug/webhook'),
+});
+function apply(ctx, config) {
+    const logger = ctx.logger('webhook-debug');
+    if (!ctx.server) {
+        logger.error('server 插件未启用');
+        return;
+    }
+    const webhookPath = config.path || '/debug/webhook';
+    // 创建一个简单的调试 webhook 处理器
+    ctx.server.post(webhookPath, async (koaCtx) => {
+        logger.info('=== Webhook Debug Info ===');
+        logger.info('Method:', koaCtx.method);
+        logger.info('URL:', koaCtx.url);
+        logger.info('Headers:', JSON.stringify(koaCtx.headers, null, 2));
+        logger.info('Raw Body:', koaCtx.request.rawBody);
+        logger.info('Parsed Body:', JSON.stringify(koaCtx.request.body, null, 2));
+        logger.info('Body Type:', typeof koaCtx.request.body);
+        logger.info('Content-Type:', koaCtx.headers['content-type']);
+        logger.info('Content-Length:', koaCtx.headers['content-length']);
+        logger.info('========================');
+        // 检查各种可能的问题
+        const diagnostics = {
+            hasBody: !!koaCtx.request.body,
+            bodyType: typeof koaCtx.request.body,
+            isObject: typeof koaCtx.request.body === 'object',
+            hasType: !!(koaCtx.request.body && koaCtx.request.body.type),
+            hasData: !!(koaCtx.request.body && koaCtx.request.body.data),
+            contentType: koaCtx.headers['content-type'],
+            bodyKeys: koaCtx.request.body ? Object.keys(koaCtx.request.body) : [],
+        };
+        logger.info('Diagnostics:', JSON.stringify(diagnostics, null, 2));
+        koaCtx.status = 200;
+        koaCtx.body = {
+            message: 'Debug webhook received',
+            diagnostics,
+            receivedData: koaCtx.request.body
+        };
+    });
+    // 也处理 GET 请求用于简单测试
+    ctx.server.get(webhookPath, async (koaCtx) => {
+        koaCtx.status = 200;
+        koaCtx.body = {
+            message: 'Webhook debug endpoint is working',
+            method: 'GET',
+            timestamp: new Date().toISOString()
+        };
+    });
+    logger.info(`调试 Webhook 已启动，路径: ${webhookPath}`);
+    logger.info(`测试 GET: curl ${ctx.server.config.selfUrl || 'http://localhost:5140'}${webhookPath}`);
+    logger.info(`测试 POST: curl -X POST -H "Content-Type: application/json" -d '{"test": "data"}' ${ctx.server.config.selfUrl || 'http://localhost:5140'}${webhookPath}`);
+}

package/lib/modules/mx-space.d.ts

@@ -8,6 +8,7 @@ export interface Config {
         secret?: string;
         path?: string;
         watchChannels?: string[];
+        requireSignature?: boolean;
     };
     greeting?: {
         enabled?: boolean;

package/lib/modules/mx-space.js

@@ -1,4 +1,37 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -25,6 +58,7 @@ exports.Config = koishi_1.Schema.object({
         secret: koishi_1.Schema.string().description('MX Space Webhook Secret').role('secret'),
         path: koishi_1.Schema.string().description('Webhook 路径').default('/mx-space/webhook'),
         watchChannels: koishi_1.Schema.array(koishi_1.Schema.string()).description('监听的频道ID列表').default([]),
+        requireSignature: koishi_1.Schema.boolean().description('是否要求签名验证（禁用可允许健康检查等请求）').default(true),
     }).description('Webhook 配置'),
     greeting: koishi_1.Schema.object({
         enabled: koishi_1.Schema.boolean().description('启用问候功能').default(true),
@@ -57,7 +91,7 @@ function apply(ctx, config) {
         memoChatId: null,
     };
     // 设置 Webhook 处理器
-    if (config.webhook?.secret && ctx.server) {
+    if (config.webhook && ctx.server) {
         setupWebhook(ctx, config, logger);
     }
     // 设置问候功能
@@ -79,28 +113,98 @@ function apply(ctx, config) {
     logger.info('MX Space 模块已启动');
 }
 function setupWebhook(ctx, config, logger) {
-    if (!config.webhook?.secret || !ctx.server)
+    if (!ctx.server) {
+        logger.warn('Server 插件未启用，无法设置 webhook');
         return;
-    const webhookPath = config.webhook.path || '/mx-space/webhook';
+    }
+    const webhookPath = config.webhook?.path || '/mx-space/webhook';
     ctx.server.post(webhookPath, async (koaCtx) => {
         try {
+            logger.debug('收到 webhook 请求:', {
+                method: koaCtx.method,
+                url: koaCtx.url,
+                headers: koaCtx.headers,
+                body: koaCtx.request.body
+            });
             const body = koaCtx.request.body;
-            const signature = koaCtx.request.headers['x-hub-signature-256'];
-            // 简单的签名验证（生产环境应该使用更安全的验证方式）
+            const signature = koaCtx.request.headers['x-hub-signature-256'] ||
+                koaCtx.request.headers['x-webhook-signature256'];
+            // 检查请求体是否存在
+            if (!body) {
+                logger.warn('Webhook 请求体为空');
+                koaCtx.status = 400;
+                koaCtx.body = { error: 'Request body is empty' };
+                return;
+            }
+            // 检查webhook事件类型
+            const eventType = koaCtx.request.headers['x-webhook-event'];
+            // 健康检查等系统事件允许无签名通过
+            const isSystemEvent = ['health_check', 'ping'].includes(eventType);
+            // 检查是否需要签名验证
+            const requireSignature = config.webhook?.requireSignature !== false; // 默认为true
+            // 验证签名（系统事件可以跳过）
+            if (requireSignature && config.webhook?.secret && !isSystemEvent) {
+                if (!signature) {
+                    logger.warn(`事件 ${eventType} 缺少签名头，但配置要求签名验证`);
+                    koaCtx.status = 401;
+                    koaCtx.body = { error: 'Missing signature' };
+                    return;
+                }
+                const crypto = await Promise.resolve().then(() => __importStar(require('crypto')));
+                const payload = JSON.stringify(body);
+                const hmac = crypto.createHmac('sha256', config.webhook.secret);
+                hmac.update(payload);
+                const expectedSignature = 'sha256=' + hmac.digest('hex');
+                logger.debug('签名验证:', {
+                    event: eventType,
+                    received: signature,
+                    expected: expectedSignature
+                });
+                if (signature !== expectedSignature) {
+                    logger.warn(`事件 ${eventType} 签名验证失败`);
+                    koaCtx.status = 401;
+                    koaCtx.body = { error: 'Invalid signature' };
+                    return;
+                }
+            }
+            else if (!requireSignature) {
+                logger.debug('签名验证已禁用，跳过签名检查');
+            }
+            else if (isSystemEvent) {
+                logger.debug(`系统事件 ${eventType} 跳过签名验证`);
+            }
+            // 检查标准请求体格式
             if (!body.type || !body.data) {
+                // 如果是健康检查但没有标准格式，也允许通过
+                if (eventType === 'health_check' || Object.keys(body).length === 0) {
+                    logger.info('处理健康检查或空载荷请求');
+                    koaCtx.status = 200;
+                    koaCtx.body = { message: 'Health check successful' };
+                    return;
+                }
+                logger.warn('Webhook 请求体格式错误:', body);
                 koaCtx.status = 400;
+                koaCtx.body = {
+                    error: 'Invalid webhook payload',
+                    details: 'Missing required fields: type or data',
+                    received: body
+                };
                 return;
             }
+            logger.info(`处理 MX Space 事件: ${body.type}`);
             // 处理事件
             await (0, mx_event_handler_1.handleMxSpaceEvent)(ctx, config, body.type, body.data, logger);
             koaCtx.status = 200;
+            koaCtx.body = { message: 'Webhook processed successfully' };
         }
         catch (error) {
             logger.error('处理 MX Space webhook 失败:', error);
             koaCtx.status = 500;
+            koaCtx.body = { error: 'Internal server error', details: error.message };
         }
     });
-    logger.info(`MX Space Webhook 已启动，监听路径: ${webhookPath}`);
+    const signatureStatus = config.webhook?.requireSignature !== false ? '已启用' : '已禁用';
+    logger.info(`MX Space Webhook 已启动，监听路径: ${webhookPath}，签名验证: ${signatureStatus}`);
 }
 function setupWelcomeNewMember(ctx, config, logger) {
     if (!config.welcomeNewMember?.channels?.length)

package/lib/utils/helper.js

@@ -1,10 +1,14 @@
 "use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.escapeMarkdown = escapeMarkdown;
 exports.randomColor = randomColor;
 exports.truncateText = truncateText;
 exports.stripHtml = stripHtml;
 exports.getUserIdentifier = getUserIdentifier;
+const sanitize_html_1 = __importDefault(require("sanitize-html"));
 /**
  * 转义 Markdown 特殊字符
  */
@@ -31,7 +35,8 @@ function truncateText(text, maxLength = 200) {
  * 清理 HTML 标签
  */
 function stripHtml(html) {
-    return html.replace(/<[^>]*>/g, '');
+    // Remove all HTML tags and attributes using sanitize-html
+    return (0, sanitize_html_1.default)(html, { allowedTags: [], allowedAttributes: {} });
 }
 /**
  * 获取用户标识符

package/lib/utils/mx-api.js

@@ -4,6 +4,7 @@ exports.getApiClient = getApiClient;
 exports.getMxSpaceAggregateData = getMxSpaceAggregateData;
 const api_client_1 = require("@mx-space/api-client");
 const axios_1 = require("@mx-space/api-client/dist/adaptors/axios");
+const constants_1 = require("../constants");
 let apiClientInstance;
 function getApiClient(ctx, config) {
     if (apiClientInstance) {
@@ -17,6 +18,7 @@ function getApiClient(ctx, config) {
         req.headers = {
             ...req.headers,
             authorization: config.token,
+            'user-agent': constants_1.mxSpaceUserAgent,
             'x-request-id': Math.random().toString(36).slice(2),
         };
         return req;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "koishi-plugin-imx",
   "description": "Mix-Space Bot for Koishi - 集成多种功能的聊天机器人插件",
-  "version": "2.1.1",
+  "version": "2.2.1",
   "main": "lib/index.js",
   "typings": "lib/index.d.ts",
   "files": [
@@ -32,7 +32,7 @@
   "koishi": {
     "description": {
       "en": "A versatile chatbot plugin for Koishi, integrating multiple functionalities including Bilibili and GitHub.",
-      "zh": "一个多功能的聊天机器人插件，集成了 Bilibili 和 GitHub 等多种功能。"
+      "zh": "一个多功能的聊天机器人插件，集成了 Mix-Space信息推送、Bilibili、 GitHub 等多种功能。"
     },
     "service": {
       "required": [
@@ -54,6 +54,7 @@
     "marked": "^5.1.2",
     "randomcolor": "^0.6.2",
     "remove-markdown": "^0.5.5",
+    "sanitize-html": "^2.17.0",
     "socket.io-client": "^4.8.1",
     "zod": "^3.25.76"
   },
@@ -62,6 +63,7 @@
     "@types/node": "^22.16.5",
     "@types/randomcolor": "^0.5.9",
     "@types/remove-markdown": "^0.3.4",
+    "@types/sanitize-html": "^2.16.0",
     "koishi": "^4.18.8",
     "typescript": "^5.8.3"
   },