mirror of
https://github.com/moltbot/moltbot.git
synced 2026-04-20 21:23:23 +00:00
fix(feishu): read webhook bodies through pre-auth guard
This commit is contained in:
@@ -1,9 +1,7 @@
|
||||
export type { RuntimeEnv } from "../runtime-api.js";
|
||||
export { safeEqualSecret } from "openclaw/plugin-sdk/browser-security-runtime";
|
||||
export { applyBasicWebhookRequestGuards } from "openclaw/plugin-sdk/webhook-ingress";
|
||||
export {
|
||||
applyBasicWebhookRequestGuards,
|
||||
isRequestBodyLimitError,
|
||||
readRequestBodyWithLimit,
|
||||
requestBodyErrorToText,
|
||||
} from "openclaw/plugin-sdk/webhook-ingress";
|
||||
export { installRequestBodyLimitGuard } from "openclaw/plugin-sdk/webhook-request-guards";
|
||||
installRequestBodyLimitGuard,
|
||||
readWebhookBodyOrReject,
|
||||
} from "openclaw/plugin-sdk/webhook-request-guards";
|
||||
|
||||
@@ -4,11 +4,9 @@ import * as Lark from "@larksuiteoapi/node-sdk";
|
||||
import { createFeishuWSClient } from "./client.js";
|
||||
import {
|
||||
applyBasicWebhookRequestGuards,
|
||||
isRequestBodyLimitError,
|
||||
type RuntimeEnv,
|
||||
installRequestBodyLimitGuard,
|
||||
readRequestBodyWithLimit,
|
||||
requestBodyErrorToText,
|
||||
readWebhookBodyOrReject,
|
||||
safeEqualSecret,
|
||||
} from "./monitor-transport-runtime-api.js";
|
||||
import {
|
||||
@@ -190,13 +188,20 @@ export async function monitorWebhook({
|
||||
|
||||
void (async () => {
|
||||
try {
|
||||
const rawBody = await readRequestBodyWithLimit(req, {
|
||||
const body = await readWebhookBodyOrReject({
|
||||
req,
|
||||
res,
|
||||
maxBytes: FEISHU_WEBHOOK_MAX_BODY_BYTES,
|
||||
timeoutMs: FEISHU_WEBHOOK_BODY_TIMEOUT_MS,
|
||||
profile: "pre-auth",
|
||||
});
|
||||
if (guard.isTripped() || res.writableEnded) {
|
||||
if (!body.ok || res.writableEnded) {
|
||||
return;
|
||||
}
|
||||
if (guard.isTripped()) {
|
||||
return;
|
||||
}
|
||||
const rawBody = body.value;
|
||||
|
||||
// Reject invalid signatures before any JSON parsing to keep the auth boundary strict.
|
||||
if (
|
||||
@@ -235,17 +240,9 @@ export async function monitorWebhook({
|
||||
res.end(JSON.stringify(value));
|
||||
}
|
||||
} catch (err) {
|
||||
if (isRequestBodyLimitError(err)) {
|
||||
if (!res.headersSent) {
|
||||
respondText(res, err.statusCode, requestBodyErrorToText(err.code));
|
||||
}
|
||||
return;
|
||||
}
|
||||
if (!guard.isTripped()) {
|
||||
error(`feishu[${accountId}]: webhook handler error: ${String(err)}`);
|
||||
if (!res.headersSent) {
|
||||
respondText(res, 500, "Internal Server Error");
|
||||
}
|
||||
error(`feishu[${accountId}]: webhook handler error: ${String(err)}`);
|
||||
if (!res.headersSent) {
|
||||
respondText(res, 500, "Internal Server Error");
|
||||
}
|
||||
} finally {
|
||||
guard.dispose();
|
||||
|
||||
Reference in New Issue
Block a user