xiaozuoassistant 0.2.48 → 0.2.50

package/dist/server/index.js

@@ -509,8 +509,44 @@ app.get('/api/plugins', (req, res) => {
 });
 // 存储 OAuth 状态以防止 CSRF 攻击
 const oauthStates = new Map();
-// 模拟的 Token 存储 (实际应存入 SQLite 或加密文件)
+// 模拟的 Token 存储 (持久化到文件)
+const tokensFilePath = path.join(process.cwd(), 'data', 'oauth-tokens.json');
 const oauthTokens = new Map();
+// 初始化时加载 Token
+try {
+    if (fs.existsSync(tokensFilePath)) {
+        const data = JSON.parse(fs.readFileSync(tokensFilePath, 'utf8'));
+        for (const key of Object.keys(data)) {
+            oauthTokens.set(key, data[key]);
+        }
+    }
+}
+catch (e) {
+    console.warn('[OAuth] Failed to load tokens:', e);
+}
+function saveTokens() {
+    try {
+        const dir = path.dirname(tokensFilePath);
+        if (!fs.existsSync(dir))
+            fs.mkdirSync(dir, { recursive: true });
+        const data = Object.fromEntries(oauthTokens);
+        fs.writeFileSync(tokensFilePath, JSON.stringify(data, null, 2));
+    }
+    catch (e) {
+        console.error('[OAuth] Failed to save tokens:', e);
+    }
+}
+// 暴露一个简单的内部 API 供插件获取 Token
+app.get('/internal/api/auth/tokens/:provider', (req, res) => {
+    // 这个接口仅供本地/内部调用
+    const token = oauthTokens.get(req.params.provider);
+    if (token) {
+        res.json(token);
+    }
+    else {
+        res.status(404).json({ error: 'Token not found' });
+    }
+});
 // Mock OAuth 授权接口
 app.get('/api/auth/:provider/authorize', (req, res) => {
     const provider = req.params.provider;
@@ -583,7 +619,8 @@ app.get('/api/auth/:provider/callback', async (req, res) => {
                 headers: { 'Authorization': `Bearer ${appAccessToken}` }
             });
             tokenData = userTokenRes.data.data;
-            oauthTokens.set('lark', tokenData); // 实际应持久化
+            oauthTokens.set('lark', tokenData);
+            saveTokens();
         }
         else if (provider === 'wps') {
             const appId = process.env.WPS_APP_ID || '';
@@ -599,7 +636,8 @@ app.get('/api/auth/:provider/callback', async (req, res) => {
                 code: code
             });
             tokenData = tokenRes.data;
-            oauthTokens.set('wps', tokenData); // 实际应持久化
+            oauthTokens.set('wps', tokenData);
+            saveTokens();
         }
         console.log(`[OAuth] Successfully authenticated with ${provider}`);
         // 更新内存中的插件状态为已启用

package/dist/server/plugins/lark-skills/src/lark-doc.js

@@ -1,5 +1,59 @@
 import { BaseSkill } from '../../../skills/base-skill.js';
 import * as lark from '@larksuiteoapi/node-sdk';
+import fs from 'fs';
+import path from 'path';
+// 获取可能通过网页授权获取到的 user_access_token
+function getUserAccessToken() {
+    try {
+        const tokensFilePath = path.join(process.cwd(), 'data', 'oauth-tokens.json');
+        if (fs.existsSync(tokensFilePath)) {
+            const data = JSON.parse(fs.readFileSync(tokensFilePath, 'utf8'));
+            if (data.lark && data.lark.access_token) {
+                return data.lark.access_token;
+            }
+        }
+    }
+    catch (e) {
+        // Ignore errors
+    }
+    return undefined;
+}
+// Helper function to resolve document token, especially handling /wiki/ URLs
+async function resolveDocumentToken(client, urlOrToken) {
+    let token = urlOrToken;
+    let isWiki = false;
+    if (urlOrToken.includes('/docx/')) {
+        token = urlOrToken.split('/docx/')[1].split(/[?#]/)[0];
+        return { token, type: 'docx' };
+    }
+    else if (urlOrToken.includes('/doc/')) {
+        token = urlOrToken.split('/doc/')[1].split(/[?#]/)[0];
+        return { token, type: 'doc' };
+    }
+    else if (urlOrToken.includes('/wiki/')) {
+        token = urlOrToken.split('/wiki/')[1].split(/[?#]/)[0];
+        isWiki = true;
+    }
+    else if (urlOrToken.startsWith('wikcn')) {
+        isWiki = true;
+    }
+    const userToken = getUserAccessToken();
+    const options = userToken ? lark.withUserAccessToken(userToken) : undefined;
+    if (isWiki) {
+        const res = await client.wiki.space.getNode({
+            params: { token }
+        }, options);
+        if (res.code !== 0) {
+            throw new Error(`Failed to resolve wiki token. Code: ${res.code}, Msg: ${res.msg}`);
+        }
+        return {
+            token: res.data?.node?.obj_token || token,
+            type: res.data?.node?.obj_type || 'docx'
+        };
+    }
+    // Fallback assuming it's a docx token if not wiki
+    return { token, type: 'docx' };
+}
 export class ReadLarkDocSkill extends BaseSkill {
     constructor() {
         super(...arguments);
@@ -26,18 +80,6 @@ export class ReadLarkDocSkill extends BaseSkill {
     }
     async execute(args, ctx) {
         try {
-            // Extract document token from URL
-            // Typical Lark doc URL formats:
-            // https://domain.feishu.cn/docx/TOKEN
-            // https://domain.feishu.cn/wiki/WIKITOKEN
-            let documentToken = args.document_url;
-            // Basic extraction logic
-            if (args.document_url.includes('/docx/')) {
-                documentToken = args.document_url.split('/docx/')[1].split(/[?#]/)[0];
-            }
-            else if (args.document_url.includes('/doc/')) {
-                documentToken = args.document_url.split('/doc/')[1].split(/[?#]/)[0];
-            }
             // Fetch config to get app_id and app_secret if not provided
             const configLoader = require('../../../config/loader.js').config;
             let appId = args.app_id;
@@ -67,13 +109,20 @@ export class ReadLarkDocSkill extends BaseSkill {
                 appId: appId,
                 appSecret: appSecret,
             });
+            // Extract and resolve document token from URL
+            const { token: documentToken, type: objType } = await resolveDocumentToken(client, args.document_url);
+            if (objType !== 'docx' && objType !== 'doc') {
+                return { error: `Unsupported document type: ${objType}. Only docx and doc are supported for reading raw text content.` };
+            }
             // We use the drive/v1/export API or docx/v1/documents API to read content
             // Let's try the newer DOCX API first to get raw content
+            const userToken = getUserAccessToken();
+            const options = userToken ? lark.withUserAccessToken(userToken) : undefined;
             const res = await client.docx.document.rawContent({
                 path: {
                     document_id: documentToken,
                 },
-            });
+            }, options);
             if (res.code !== 0) {
                 return { error: `Failed to read Lark document. Code: ${res.code}, Msg: ${res.msg}. Make sure the App has the "docs:doc:readonly" permission and has been added as a collaborator to the document.` };
             }
@@ -140,12 +189,14 @@ export class CreateLarkDocSkill extends BaseSkill {
                 }
             }
             const client = new lark.Client({ appId: appId, appSecret: appSecret });
+            const userToken = getUserAccessToken();
+            const options = userToken ? lark.withUserAccessToken(userToken) : undefined;
             const res = await client.docx.document.create({
                 data: {
                     title: args.title,
                     folder_token: args.folder_token || ''
                 }
-            });
+            }, options);
             if (res.code !== 0) {
                 return { error: `Failed to create document. Code: ${res.code}, Msg: ${res.msg}` };
             }
@@ -185,13 +236,6 @@ export class AppendLarkDocSkill extends BaseSkill {
     }
     async execute(args, ctx) {
         try {
-            let documentToken = args.document_url;
-            if (args.document_url.includes('/docx/')) {
-                documentToken = args.document_url.split('/docx/')[1].split(/[?#]/)[0];
-            }
-            else if (args.document_url.includes('/doc/')) {
-                documentToken = args.document_url.split('/doc/')[1].split(/[?#]/)[0];
-            }
             const configLoader = require('../../../config/loader.js').config;
             let appId = args.app_id;
             let appSecret = args.app_secret;
@@ -215,6 +259,10 @@ export class AppendLarkDocSkill extends BaseSkill {
                 }
             }
             const client = new lark.Client({ appId: appId, appSecret: appSecret });
+            const { token: documentToken, type: objType } = await resolveDocumentToken(client, args.document_url);
+            if (objType !== 'docx') {
+                return { error: `Unsupported document type: ${objType}. Append operation currently only supports docx documents.` };
+            }
             // Create blocks from content
             const lines = args.content.split('\n').filter(l => l.trim() !== '');
             const children = lines.map(line => ({
@@ -229,6 +277,8 @@ export class AppendLarkDocSkill extends BaseSkill {
             }));
             if (children.length === 0)
                 return { success: true, message: 'Nothing to append' };
+            const userToken = getUserAccessToken();
+            const options = userToken ? lark.withUserAccessToken(userToken) : undefined;
             const res = await client.docx.documentBlockChildren.create({
                 path: {
                     document_id: documentToken,
@@ -238,7 +288,7 @@ export class AppendLarkDocSkill extends BaseSkill {
                     children: children,
                     index: -1
                 }
-            });
+            }, options);
             if (res.code !== 0) {
                 return { error: `Failed to append to document. Code: ${res.code}, Msg: ${res.msg}` };
             }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "xiaozuoassistant",
-  "version": "0.2.48",
+  "version": "0.2.50",
   "description": "A local-first personal AI assistant with multi-channel support and enhanced memory.",
   "author": "mantle.lau",
   "license": "MIT",