source/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-02-08 21:09:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(nextcloud-talk): sign message text instead of JSON body (#2092)

Browse Source 
Nextcloud Talk's ChecksumVerificationService verifies HMAC against the
extracted message/reaction text, not the full JSON body. This fixes 401
authentication errors when sending messages via the bot API.

- sendMessageNextcloudTalk: sign 'message' text only
- sendReactionNextcloudTalk: sign 'reaction' string only
This commit is contained in:
wangai-studio
2026-02-06 08:25:21 +08:00
committed by GitHub
parent 370bbcd89b
commit 57326f72e6
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
extensions/nextcloud-talk/src/send.ts
View File

@@ -93,8 +93,12 @@ export async function sendMessageNextcloudTalk(
}
const bodyStr = JSON.stringify(body);
// Nextcloud Talk verifies signature against the extracted message text,
// not the full JSON body. See ChecksumVerificationService.php:
// hash_hmac('sha256', $random . $data, $secret)
// where $data is the "message" parameter, not the raw request body.
const { random, signature } = generateNextcloudTalkSignature({
body: bodyStr,
body: message,
secret,
});
@@ -183,8 +187,9 @@ export async function sendReactionNextcloudTalk(
const normalizedToken = normalizeRoomToken(roomToken);
const body = JSON.stringify({ reaction });
// Sign only the reaction string, not the full JSON body
const { random, signature } = generateNextcloudTalkSignature({
body,
body: reaction,
secret,
});