fix(feishu): read webhook bodies through pre-auth guard

2026-04-20 21:23:23 +00:00 · 2026-04-09 10:18:02 +01:00
parent fa2fab7060
commit 8be3a4466c
2 changed files with 17 additions and 22 deletions
--- a/extensions/feishu/src/monitor-transport-runtime-api.ts
+++ b/extensions/feishu/src/monitor-transport-runtime-api.ts
@@ -1,9 +1,7 @@
 export type { RuntimeEnv } from "../runtime-api.js";
 export { safeEqualSecret } from "openclaw/plugin-sdk/browser-security-runtime";
+export { applyBasicWebhookRequestGuards } from "openclaw/plugin-sdk/webhook-ingress";
 export {
-  applyBasicWebhookRequestGuards,
-  isRequestBodyLimitError,
-  readRequestBodyWithLimit,
-  requestBodyErrorToText,
-} from "openclaw/plugin-sdk/webhook-ingress";
-export { installRequestBodyLimitGuard } from "openclaw/plugin-sdk/webhook-request-guards";
+  installRequestBodyLimitGuard,
+  readWebhookBodyOrReject,
+} from "openclaw/plugin-sdk/webhook-request-guards";
--- a/extensions/feishu/src/monitor.transport.ts
+++ b/extensions/feishu/src/monitor.transport.ts
@@ -4,11 +4,9 @@ import * as Lark from "@larksuiteoapi/node-sdk";
 import { createFeishuWSClient } from "./client.js";
 import {
  applyBasicWebhookRequestGuards,
-  isRequestBodyLimitError,
  type RuntimeEnv,
  installRequestBodyLimitGuard,
-  readRequestBodyWithLimit,
-  requestBodyErrorToText,
+  readWebhookBodyOrReject,
  safeEqualSecret,
 } from "./monitor-transport-runtime-api.js";
 import {
@@ -190,13 +188,20 @@ export async function monitorWebhook({

    void (async () => {
      try {
-        const rawBody = await readRequestBodyWithLimit(req, {
+        const body = await readWebhookBodyOrReject({
+          req,
+          res,
          maxBytes: FEISHU_WEBHOOK_MAX_BODY_BYTES,
          timeoutMs: FEISHU_WEBHOOK_BODY_TIMEOUT_MS,
+          profile: "pre-auth",
        });
-        if (guard.isTripped() || res.writableEnded) {
+        if (!body.ok || res.writableEnded) {
          return;
        }
+        if (guard.isTripped()) {
+          return;
+        }
+        const rawBody = body.value;

        // Reject invalid signatures before any JSON parsing to keep the auth boundary strict.
        if (
@@ -235,17 +240,9 @@ export async function monitorWebhook({
          res.end(JSON.stringify(value));
        }
      } catch (err) {
-        if (isRequestBodyLimitError(err)) {
-          if (!res.headersSent) {
-            respondText(res, err.statusCode, requestBodyErrorToText(err.code));
-          }
-          return;
-        }
-        if (!guard.isTripped()) {
-          error(`feishu[${accountId}]: webhook handler error: ${String(err)}`);
-          if (!res.headersSent) {
-            respondText(res, 500, "Internal Server Error");
-          }
+        error(`feishu[${accountId}]: webhook handler error: ${String(err)}`);
+        if (!res.headersSent) {
+          respondText(res, 500, "Internal Server Error");
        }
      } finally {
        guard.dispose();