* feat(secrets): expand secret target coverage and gateway tooling * docs(secrets): align gateway and CLI secret docs * chore(protocol): regenerate swift gateway models for secrets methods * fix(config): restore talk apiKey fallback and stabilize runner test * ci(windows): reduce test worker count for shard stability * ci(windows): raise node heap for test shard stability * test(feishu): make proxy env precedence assertion windows-safe * fix(gateway): resolve auth password SecretInput refs for clients * fix(gateway): resolve remote SecretInput credentials for clients * fix(secrets): skip inactive refs in command snapshot assignments * fix(secrets): scope gateway.remote refs to effective auth surfaces * fix(secrets): ignore memory defaults when enabled agents disable search * fix(secrets): honor Google Chat serviceAccountRef inheritance * fix(secrets): address tsgo errors in command and gateway collectors * fix(secrets): avoid auth-store load in providers-only configure * fix(gateway): defer local password ref resolution by precedence * fix(secrets): gate telegram webhook secret refs by webhook mode * fix(secrets): gate slack signing secret refs to http mode * fix(secrets): skip telegram botToken refs when tokenFile is set * fix(secrets): gate discord pluralkit refs by enabled flag * fix(secrets): gate discord voice tts refs by voice enabled * test(secrets): make runtime fixture modes explicit * fix(cli): resolve local qr password secret refs * fix(cli): fail when gateway leaves command refs unresolved * fix(gateway): fail when local password SecretRef is unresolved * fix(gateway): fail when required remote SecretRefs are unresolved * fix(gateway): resolve local password refs only when password can win * fix(cli): skip local password SecretRef resolution on qr token override * test(gateway): cast SecretRef fixtures to OpenClawConfig * test(secrets): activate mode-gated targets in runtime coverage fixture * fix(cron): support SecretInput webhook tokens safely * fix(bluebubbles): support SecretInput passwords across config paths * fix(msteams): make appPassword SecretInput-safe in onboarding/token paths * fix(bluebubbles): align SecretInput schema helper typing * fix(cli): clarify secrets.resolve version-skew errors * refactor(secrets): return structured inactive paths from secrets.resolve * refactor(gateway): type onboarding secret writes as SecretInput * chore(protocol): regenerate swift models for secrets.resolve * feat(secrets): expand extension credential secretref support * fix(secrets): gate web-search refs by active provider * fix(onboarding): detect SecretRef credentials in extension status * fix(onboarding): allow keeping existing ref in secret prompt * fix(onboarding): resolve gateway password SecretRefs for probe and tui * fix(onboarding): honor secret-input-mode for local gateway auth * fix(acp): resolve gateway SecretInput credentials * fix(secrets): gate gateway.remote refs to remote surfaces * test(secrets): cover pattern matching and inactive array refs * docs(secrets): clarify secrets.resolve and remote active surfaces * fix(bluebubbles): keep existing SecretRef during onboarding * fix(tests): resolve CI type errors in new SecretRef coverage * fix(extensions): replace raw fetch with SSRF-guarded fetch * test(secrets): mark gateway remote targets active in runtime coverage * test(infra): normalize home-prefix expectation across platforms * fix(cli): only resolve local qr password refs in password mode * test(cli): cover local qr token mode with unresolved password ref * docs(cli): clarify local qr password ref resolution behavior * refactor(extensions): reuse sdk SecretInput helpers * fix(wizard): resolve onboarding env-template secrets before plaintext * fix(cli): surface secrets.resolve diagnostics in memory and qr * test(secrets): repair post-rebase runtime and fixtures * fix(gateway): skip remote password ref resolution when token wins * fix(secrets): treat tailscale remote gateway refs as active * fix(gateway): allow remote password fallback when token ref is unresolved * fix(gateway): ignore stale local password refs for none and trusted-proxy * fix(gateway): skip remote secret ref resolution on local call paths * test(cli): cover qr remote tailscale secret ref resolution * fix(secrets): align gateway password active-surface with auth inference * fix(cli): resolve inferred local gateway password refs in qr * fix(gateway): prefer resolvable remote password over token ref pre-resolution * test(gateway): cover none and trusted-proxy stale password refs * docs(secrets): sync qr and gateway active-surface behavior * fix: restore stability blockers from pre-release audit * Secrets: fix collector/runtime precedence contradictions * docs: align secrets and web credential docs * fix(rebase): resolve integration regressions after main rebase * fix(node-host): resolve gateway secret refs for auth * fix(secrets): harden secretinput runtime readers * gateway: skip inactive auth secretref resolution * cli: avoid gateway preflight for inactive secret refs * extensions: allow unresolved refs in onboarding status * tests: fix qr-cli module mock hoist ordering * Security: align audit checks with SecretInput resolution * Gateway: resolve local-mode remote fallback secret refs * Node host: avoid resolving inactive password secret refs * Secrets runtime: mark Slack appToken inactive for HTTP mode * secrets: keep inactive gateway remote refs non-blocking * cli: include agent memory secret targets in runtime resolution * docs(secrets): sync docs with active-surface and web search behavior * fix(secrets): keep telegram top-level token refs active for blank account tokens * fix(daemon): resolve gateway password secret refs for probe auth * fix(secrets): skip IRC NickServ ref resolution when NickServ is disabled * fix(secrets): align token inheritance and exec timeout defaults * docs(secrets): clarify active-surface notes in cli docs * cli: require secrets.resolve gateway capability * gateway: log auth secret surface diagnostics * secrets: remove dead provider resolver module * fix(secrets): restore gateway auth precedence and fallback resolution * fix(tests): align plugin runtime mock typings --------- Co-authored-by: Peter Steinberger <steipete@gmail.com>
424 lines
12 KiB
TypeScript
424 lines
12 KiB
TypeScript
import type {
|
|
ChannelOnboardingAdapter,
|
|
ChannelOnboardingDmPolicy,
|
|
OpenClawConfig,
|
|
SecretInput,
|
|
WizardPrompter,
|
|
} from "openclaw/plugin-sdk";
|
|
import {
|
|
addWildcardAllowFrom,
|
|
DEFAULT_ACCOUNT_ID,
|
|
hasConfiguredSecretInput,
|
|
mergeAllowFromEntries,
|
|
normalizeAccountId,
|
|
promptAccountId,
|
|
promptSingleChannelSecretInput,
|
|
} from "openclaw/plugin-sdk";
|
|
import { listZaloAccountIds, resolveDefaultZaloAccountId, resolveZaloAccount } from "./accounts.js";
|
|
|
|
const channel = "zalo" as const;
|
|
|
|
type UpdateMode = "polling" | "webhook";
|
|
|
|
function setZaloDmPolicy(
|
|
cfg: OpenClawConfig,
|
|
dmPolicy: "pairing" | "allowlist" | "open" | "disabled",
|
|
) {
|
|
const allowFrom =
|
|
dmPolicy === "open" ? addWildcardAllowFrom(cfg.channels?.zalo?.allowFrom) : undefined;
|
|
return {
|
|
...cfg,
|
|
channels: {
|
|
...cfg.channels,
|
|
zalo: {
|
|
...cfg.channels?.zalo,
|
|
dmPolicy,
|
|
...(allowFrom ? { allowFrom } : {}),
|
|
},
|
|
},
|
|
} as OpenClawConfig;
|
|
}
|
|
|
|
function setZaloUpdateMode(
|
|
cfg: OpenClawConfig,
|
|
accountId: string,
|
|
mode: UpdateMode,
|
|
webhookUrl?: string,
|
|
webhookSecret?: SecretInput,
|
|
webhookPath?: string,
|
|
): OpenClawConfig {
|
|
const isDefault = accountId === DEFAULT_ACCOUNT_ID;
|
|
if (mode === "polling") {
|
|
if (isDefault) {
|
|
const {
|
|
webhookUrl: _url,
|
|
webhookSecret: _secret,
|
|
webhookPath: _path,
|
|
...rest
|
|
} = cfg.channels?.zalo ?? {};
|
|
return {
|
|
...cfg,
|
|
channels: {
|
|
...cfg.channels,
|
|
zalo: rest,
|
|
},
|
|
} as OpenClawConfig;
|
|
}
|
|
const accounts = { ...cfg.channels?.zalo?.accounts } as Record<string, Record<string, unknown>>;
|
|
const existing = accounts[accountId] ?? {};
|
|
const { webhookUrl: _url, webhookSecret: _secret, webhookPath: _path, ...rest } = existing;
|
|
accounts[accountId] = rest;
|
|
return {
|
|
...cfg,
|
|
channels: {
|
|
...cfg.channels,
|
|
zalo: {
|
|
...cfg.channels?.zalo,
|
|
accounts,
|
|
},
|
|
},
|
|
} as OpenClawConfig;
|
|
}
|
|
|
|
if (isDefault) {
|
|
return {
|
|
...cfg,
|
|
channels: {
|
|
...cfg.channels,
|
|
zalo: {
|
|
...cfg.channels?.zalo,
|
|
webhookUrl,
|
|
webhookSecret,
|
|
webhookPath,
|
|
},
|
|
},
|
|
} as OpenClawConfig;
|
|
}
|
|
|
|
const accounts = { ...cfg.channels?.zalo?.accounts } as Record<string, Record<string, unknown>>;
|
|
accounts[accountId] = {
|
|
...accounts[accountId],
|
|
webhookUrl,
|
|
webhookSecret,
|
|
webhookPath,
|
|
};
|
|
return {
|
|
...cfg,
|
|
channels: {
|
|
...cfg.channels,
|
|
zalo: {
|
|
...cfg.channels?.zalo,
|
|
accounts,
|
|
},
|
|
},
|
|
} as OpenClawConfig;
|
|
}
|
|
|
|
async function noteZaloTokenHelp(prompter: WizardPrompter): Promise<void> {
|
|
await prompter.note(
|
|
[
|
|
"1) Open Zalo Bot Platform: https://bot.zaloplatforms.com",
|
|
"2) Create a bot and get the token",
|
|
"3) Token looks like 12345689:abc-xyz",
|
|
"Tip: you can also set ZALO_BOT_TOKEN in your env.",
|
|
"Docs: https://docs.openclaw.ai/channels/zalo",
|
|
].join("\n"),
|
|
"Zalo bot token",
|
|
);
|
|
}
|
|
|
|
async function promptZaloAllowFrom(params: {
|
|
cfg: OpenClawConfig;
|
|
prompter: WizardPrompter;
|
|
accountId: string;
|
|
}): Promise<OpenClawConfig> {
|
|
const { cfg, prompter, accountId } = params;
|
|
const resolved = resolveZaloAccount({ cfg, accountId });
|
|
const existingAllowFrom = resolved.config.allowFrom ?? [];
|
|
const entry = await prompter.text({
|
|
message: "Zalo allowFrom (user id)",
|
|
placeholder: "123456789",
|
|
initialValue: existingAllowFrom[0] ? String(existingAllowFrom[0]) : undefined,
|
|
validate: (value) => {
|
|
const raw = String(value ?? "").trim();
|
|
if (!raw) {
|
|
return "Required";
|
|
}
|
|
if (!/^\d+$/.test(raw)) {
|
|
return "Use a numeric Zalo user id";
|
|
}
|
|
return undefined;
|
|
},
|
|
});
|
|
const normalized = String(entry).trim();
|
|
const unique = mergeAllowFromEntries(existingAllowFrom, [normalized]);
|
|
|
|
if (accountId === DEFAULT_ACCOUNT_ID) {
|
|
return {
|
|
...cfg,
|
|
channels: {
|
|
...cfg.channels,
|
|
zalo: {
|
|
...cfg.channels?.zalo,
|
|
enabled: true,
|
|
dmPolicy: "allowlist",
|
|
allowFrom: unique,
|
|
},
|
|
},
|
|
} as OpenClawConfig;
|
|
}
|
|
|
|
return {
|
|
...cfg,
|
|
channels: {
|
|
...cfg.channels,
|
|
zalo: {
|
|
...cfg.channels?.zalo,
|
|
enabled: true,
|
|
accounts: {
|
|
...cfg.channels?.zalo?.accounts,
|
|
[accountId]: {
|
|
...cfg.channels?.zalo?.accounts?.[accountId],
|
|
enabled: cfg.channels?.zalo?.accounts?.[accountId]?.enabled ?? true,
|
|
dmPolicy: "allowlist",
|
|
allowFrom: unique,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
} as OpenClawConfig;
|
|
}
|
|
|
|
const dmPolicy: ChannelOnboardingDmPolicy = {
|
|
label: "Zalo",
|
|
channel,
|
|
policyKey: "channels.zalo.dmPolicy",
|
|
allowFromKey: "channels.zalo.allowFrom",
|
|
getCurrent: (cfg) => (cfg.channels?.zalo?.dmPolicy ?? "pairing") as "pairing",
|
|
setPolicy: (cfg, policy) => setZaloDmPolicy(cfg, policy),
|
|
promptAllowFrom: async ({ cfg, prompter, accountId }) => {
|
|
const id =
|
|
accountId && normalizeAccountId(accountId)
|
|
? (normalizeAccountId(accountId) ?? DEFAULT_ACCOUNT_ID)
|
|
: resolveDefaultZaloAccountId(cfg);
|
|
return promptZaloAllowFrom({
|
|
cfg: cfg,
|
|
prompter,
|
|
accountId: id,
|
|
});
|
|
},
|
|
};
|
|
|
|
export const zaloOnboardingAdapter: ChannelOnboardingAdapter = {
|
|
channel,
|
|
dmPolicy,
|
|
getStatus: async ({ cfg }) => {
|
|
const configured = listZaloAccountIds(cfg).some((accountId) => {
|
|
const account = resolveZaloAccount({
|
|
cfg: cfg,
|
|
accountId,
|
|
allowUnresolvedSecretRef: true,
|
|
});
|
|
return (
|
|
Boolean(account.token) ||
|
|
hasConfiguredSecretInput(account.config.botToken) ||
|
|
Boolean(account.config.tokenFile?.trim())
|
|
);
|
|
});
|
|
return {
|
|
channel,
|
|
configured,
|
|
statusLines: [`Zalo: ${configured ? "configured" : "needs token"}`],
|
|
selectionHint: configured ? "recommended · configured" : "recommended · newcomer-friendly",
|
|
quickstartScore: configured ? 1 : 10,
|
|
};
|
|
},
|
|
configure: async ({
|
|
cfg,
|
|
prompter,
|
|
accountOverrides,
|
|
shouldPromptAccountIds,
|
|
forceAllowFrom,
|
|
}) => {
|
|
const zaloOverride = accountOverrides.zalo?.trim();
|
|
const defaultZaloAccountId = resolveDefaultZaloAccountId(cfg);
|
|
let zaloAccountId = zaloOverride ? normalizeAccountId(zaloOverride) : defaultZaloAccountId;
|
|
if (shouldPromptAccountIds && !zaloOverride) {
|
|
zaloAccountId = await promptAccountId({
|
|
cfg: cfg,
|
|
prompter,
|
|
label: "Zalo",
|
|
currentId: zaloAccountId,
|
|
listAccountIds: listZaloAccountIds,
|
|
defaultAccountId: defaultZaloAccountId,
|
|
});
|
|
}
|
|
|
|
let next = cfg;
|
|
const resolvedAccount = resolveZaloAccount({
|
|
cfg: next,
|
|
accountId: zaloAccountId,
|
|
allowUnresolvedSecretRef: true,
|
|
});
|
|
const accountConfigured = Boolean(resolvedAccount.token);
|
|
const allowEnv = zaloAccountId === DEFAULT_ACCOUNT_ID;
|
|
const canUseEnv = allowEnv && Boolean(process.env.ZALO_BOT_TOKEN?.trim());
|
|
const hasConfigToken = Boolean(
|
|
hasConfiguredSecretInput(resolvedAccount.config.botToken) || resolvedAccount.config.tokenFile,
|
|
);
|
|
|
|
let token: SecretInput | null = null;
|
|
if (!accountConfigured) {
|
|
await noteZaloTokenHelp(prompter);
|
|
}
|
|
const tokenResult = await promptSingleChannelSecretInput({
|
|
cfg: next,
|
|
prompter,
|
|
providerHint: "zalo",
|
|
credentialLabel: "bot token",
|
|
accountConfigured,
|
|
canUseEnv: canUseEnv && !hasConfigToken,
|
|
hasConfigToken,
|
|
envPrompt: "ZALO_BOT_TOKEN detected. Use env var?",
|
|
keepPrompt: "Zalo token already configured. Keep it?",
|
|
inputPrompt: "Enter Zalo bot token",
|
|
preferredEnvVar: "ZALO_BOT_TOKEN",
|
|
});
|
|
if (tokenResult.action === "set") {
|
|
token = tokenResult.value;
|
|
}
|
|
if (tokenResult.action === "use-env" && zaloAccountId === DEFAULT_ACCOUNT_ID) {
|
|
next = {
|
|
...next,
|
|
channels: {
|
|
...next.channels,
|
|
zalo: {
|
|
...next.channels?.zalo,
|
|
enabled: true,
|
|
},
|
|
},
|
|
} as OpenClawConfig;
|
|
}
|
|
|
|
if (token) {
|
|
if (zaloAccountId === DEFAULT_ACCOUNT_ID) {
|
|
next = {
|
|
...next,
|
|
channels: {
|
|
...next.channels,
|
|
zalo: {
|
|
...next.channels?.zalo,
|
|
enabled: true,
|
|
botToken: token,
|
|
},
|
|
},
|
|
} as OpenClawConfig;
|
|
} else {
|
|
next = {
|
|
...next,
|
|
channels: {
|
|
...next.channels,
|
|
zalo: {
|
|
...next.channels?.zalo,
|
|
enabled: true,
|
|
accounts: {
|
|
...next.channels?.zalo?.accounts,
|
|
[zaloAccountId]: {
|
|
...next.channels?.zalo?.accounts?.[zaloAccountId],
|
|
enabled: true,
|
|
botToken: token,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
} as OpenClawConfig;
|
|
}
|
|
}
|
|
|
|
const wantsWebhook = await prompter.confirm({
|
|
message: "Use webhook mode for Zalo?",
|
|
initialValue: Boolean(resolvedAccount.config.webhookUrl),
|
|
});
|
|
if (wantsWebhook) {
|
|
const webhookUrl = String(
|
|
await prompter.text({
|
|
message: "Webhook URL (https://...) ",
|
|
initialValue: resolvedAccount.config.webhookUrl,
|
|
validate: (value) =>
|
|
value?.trim()?.startsWith("https://") ? undefined : "HTTPS URL required",
|
|
}),
|
|
).trim();
|
|
const defaultPath = (() => {
|
|
try {
|
|
return new URL(webhookUrl).pathname || "/zalo-webhook";
|
|
} catch {
|
|
return "/zalo-webhook";
|
|
}
|
|
})();
|
|
let webhookSecretResult = await promptSingleChannelSecretInput({
|
|
cfg: next,
|
|
prompter,
|
|
providerHint: "zalo-webhook",
|
|
credentialLabel: "webhook secret",
|
|
accountConfigured: hasConfiguredSecretInput(resolvedAccount.config.webhookSecret),
|
|
canUseEnv: false,
|
|
hasConfigToken: hasConfiguredSecretInput(resolvedAccount.config.webhookSecret),
|
|
envPrompt: "",
|
|
keepPrompt: "Zalo webhook secret already configured. Keep it?",
|
|
inputPrompt: "Webhook secret (8-256 chars)",
|
|
preferredEnvVar: "ZALO_WEBHOOK_SECRET",
|
|
});
|
|
while (
|
|
webhookSecretResult.action === "set" &&
|
|
typeof webhookSecretResult.value === "string" &&
|
|
(webhookSecretResult.value.length < 8 || webhookSecretResult.value.length > 256)
|
|
) {
|
|
await prompter.note("Webhook secret must be between 8 and 256 characters.", "Zalo webhook");
|
|
webhookSecretResult = await promptSingleChannelSecretInput({
|
|
cfg: next,
|
|
prompter,
|
|
providerHint: "zalo-webhook",
|
|
credentialLabel: "webhook secret",
|
|
accountConfigured: false,
|
|
canUseEnv: false,
|
|
hasConfigToken: false,
|
|
envPrompt: "",
|
|
keepPrompt: "Zalo webhook secret already configured. Keep it?",
|
|
inputPrompt: "Webhook secret (8-256 chars)",
|
|
preferredEnvVar: "ZALO_WEBHOOK_SECRET",
|
|
});
|
|
}
|
|
const webhookSecret =
|
|
webhookSecretResult.action === "set"
|
|
? webhookSecretResult.value
|
|
: resolvedAccount.config.webhookSecret;
|
|
const webhookPath = String(
|
|
await prompter.text({
|
|
message: "Webhook path (optional)",
|
|
initialValue: resolvedAccount.config.webhookPath ?? defaultPath,
|
|
}),
|
|
).trim();
|
|
next = setZaloUpdateMode(
|
|
next,
|
|
zaloAccountId,
|
|
"webhook",
|
|
webhookUrl,
|
|
webhookSecret,
|
|
webhookPath || undefined,
|
|
);
|
|
} else {
|
|
next = setZaloUpdateMode(next, zaloAccountId, "polling");
|
|
}
|
|
|
|
if (forceAllowFrom) {
|
|
next = await promptZaloAllowFrom({
|
|
cfg: next,
|
|
prompter,
|
|
accountId: zaloAccountId,
|
|
});
|
|
}
|
|
|
|
return { cfg: next, accountId: zaloAccountId };
|
|
},
|
|
};
|