vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-27 18:01:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(feishu): harden webhook signature compare

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-16 22:22:15 -07:00
parent 2bbf33a9ec
commit 223ae42c79
3 changed files with 39 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
extensions/feishu/src/monitor.webhook-e2e.test.ts
View File

@@ -114,6 +114,34 @@ describe("Feishu webhook signed-request e2e", () => {
);
});
it("rejects malformed short signatures with 401", async () => {
probeFeishuMock.mockResolvedValue({ ok: true, botOpenId: "bot_open_id" });
await withRunningWebhookMonitor(
{
accountId: "short-signature",
path: "/hook-e2e-short-signature",
verificationToken: "verify_token",
encryptKey: "encrypt_key",
},
monitorFeishuProvider,
async (url) => {
const payload = { type: "url_verification", challenge: "challenge-token" };
const headers = signFeishuPayload({ encryptKey: "encrypt_key", payload });
headers["x-lark-signature"] = headers["x-lark-signature"].slice(0, 12);
const response = await fetch(url, {
method: "POST",
headers,
body: JSON.stringify(payload),
});
expect(response.status).toBe(401);
expect(await response.text()).toBe("Invalid signature");
},
);
});
it("returns 400 for invalid json before invoking the sdk", async () => {
probeFeishuMock.mockResolvedValue({ ok: true, botOpenId: "bot_open_id" });