romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge 86e474cb0d into da71eaebd2

Browse Source
This commit is contained in:
wangai-studio 2026-01-30 20:13:03 +08:00 committed by GitHub
commit f19cff069a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
extensions/nextcloud-talk/src/send.ts
View File

@ -89,8 +89,12 @@ export async function sendMessageNextcloudTalk(
} }
const bodyStr = JSON.stringify(body); const bodyStr = JSON.stringify(body);
// Nextcloud Talk verifies signature against the extracted message text,
// not the full JSON body. See ChecksumVerificationService.php:
// hash_hmac('sha256', $random . $data, $secret)
// where $data is the "message" parameter, not the raw request body.
const { random, signature } = generateNextcloudTalkSignature({ const { random, signature } = generateNextcloudTalkSignature({
body: bodyStr, body: message,
secret, secret,
}); });
@ -179,8 +183,9 @@ export async function sendReactionNextcloudTalk(
const normalizedToken = normalizeRoomToken(roomToken); const normalizedToken = normalizeRoomToken(roomToken);
const body = JSON.stringify({ reaction }); const body = JSON.stringify({ reaction });
// Sign only the reaction string, not the full JSON body
const { random, signature } = generateNextcloudTalkSignature({ const { random, signature } = generateNextcloudTalkSignature({
body, body: reaction,
secret, secret,
}); });