fix(nextcloud-talk): sign message text instead of JSON body

Nextcloud Talk's ChecksumVerificationService verifies HMAC against the
extracted message/reaction text, not the full JSON body. This fixes 401
authentication errors when sending messages via the bot API.

- sendMessageNextcloudTalk: sign 'message' text only
- sendReactionNextcloudTalk: sign 'reaction' string only

extensions/nextcloud-talk/src/send.ts

@@ -89,8 +89,12 @@ export async function sendMessageNextcloudTalk(
   }
   const bodyStr = JSON.stringify(body);
 
+  // Nextcloud Talk verifies signature against the extracted message text,
+  // not the full JSON body. See ChecksumVerificationService.php:
+  //   hash_hmac('sha256', $random . $data, $secret)
+  // where $data is the "message" parameter, not the raw request body.
   const { random, signature } = generateNextcloudTalkSignature({
-    body: bodyStr,
+    body: message,
     secret,
   });
 
@@ -179,8 +183,9 @@ export async function sendReactionNextcloudTalk(
   const normalizedToken = normalizeRoomToken(roomToken);
 
   const body = JSON.stringify({ reaction });
+  // Sign only the reaction string, not the full JSON body
   const { random, signature } = generateNextcloudTalkSignature({
-    body,
+    body: reaction,
     secret,
   });