goclaw

tiennm99/goclaw

Fork 0

mirror of https://github.com/tiennm99/goclaw.git synced 2026-06-10 16:10:59 +00:00

Commit Graph

Author	SHA1	Message	Date
Nam Nguyen Ngoc	b901a82551	fix(security): harden web fetch/search against prompt injection and cache poisoning (#80 ) - Scan web_fetch/web_search tool results for prompt injection patterns via inputGuard - Strip hidden HTML elements (display:none, aria-hidden, sr-only classes) during conversion - Scope web tool caches per channel to prevent cross-channel cache poisoning - Enforce domain blocklist and allowlist checks on HTTP redirect targets - Add untrusted content reminder to external content wrapper - Log redirect source URL in fetch results for transparency Co-authored-by: Nam Nguyen Ngoc <namnn.0911@gmail.com>	2026-03-07 19:31:56 +07:00
Duc Nguyen	0f5dd08f76	feat(channels): introduce Zalo Personal channel integration (#32 ) * feat(channels): implement Zalo Personal Chat (ZCA) protocol layer Implement complete Zalo Personal Chat integration including: - Message protocol layer (request/response/event types) - Connection management with auth flow - Message sending/receiving with text and media support - User/group management and sync - Telegram-style contact and conversation handling - Comprehensive unit tests with 85%+ coverage Architecture follows existing channel patterns (Telegram, Feishu) with raw API calls for session management and message delivery. Includes error handling, rate limiting awareness, and logging. * feat(channels): add Zalo Personal channel integration layer Wire protocol package to GoClaw's channel system: - channel.go: Channel struct, Start/Stop/Send, listenLoop, message handlers - auth.go: credential resolution (preloaded > file > QR), persistence - policy.go: DM/group policy, @mention gating, pairing with debounce - factory.go: managed mode factory (requires credentials, no QR) - cmd/gateway.go: register standalone + managed factory * feat(ui): add Zalo Personal channel type to web dashboard Add zalo_personal to channel type dropdown, credential fields (IMEI, cookie, userAgent), and config schema (DM/group policy, require_mention, allow_from). * feat(channels): add WebSocket QR login for Zalo Personal channel Add real-time QR code login flow for zalo_personal channel instances in managed mode. Users create an instance without credentials, then trigger QR login from the web dashboard. Backend: - New RPC method zalo.personal.qr.start with per-instance mutex - QR PNG pushed via client-scoped WS events (not broadcast) - Credentials encrypted and saved to DB on successful scan - Cache invalidation triggers automatic channel reload/start - Factory returns nil,nil for missing credentials (skip, not error) - Instance loader handles nil-channel gracefully Frontend: - ZaloPersonalQRDialog with auto-start, retry, and auto-close - QR button in channel instances table for zalo_personal type - Credential fields no longer required (auto-populated via QR) * fix(channels): skip redundant LoginWithCredentials after QR login QR flow already validates session via qrCheckSession + qrGetUserInfo. Calling LoginWithCredentials again conflicts with the active QR session state, causing "empty response" errors. Credentials are validated when the channel starts instead. Also rename log prefix from "zca" to "Zalo Personal". * fix(channels): fix Zalo Personal cookie domain for login API BuildCookieJar only set cookies for chat.zalo.me but the login API uses wpa.chat.zalo.me. Cookies weren't sent to the subdomain, causing "empty response" on channel startup. Now sets cookies for both hosts. * fix(channels): move UTF-8 check after gzip decompression in Zalo listener The UTF-8 validity check in decryptAESGCMPayload ran on raw decrypted bytes before gzip decompression, causing all encType=2 (AES-GCM+gzip) messages to fail with "decrypted payload is not valid UTF-8". Move the check to decryptEventData so it runs after all processing (decryption + decompression) is complete. * feat(channels): add QR-only onboarding and contacts picker for Zalo Personal - Remove credential text fields for zalo_personal, show QR auth info banner - Add has_credentials boolean to HTTP and WS mask functions - Implement FetchFriends/FetchGroups protocol (encrypted Zalo API) - Add zalo.personal.contacts WS RPC method with parallel fetch - Create ZaloContactsPicker component with search, selection, manual entry - Integrate picker in channel instance edit dialog for allow_from config * refactor(channels): rename zca error prefix to zalo_personal across protocol package * fix(channels): unwrap inner response envelope in Zalo contacts decryption The Zalo API returns double-wrapped responses: outer envelope contains encrypted base64 data, which when decrypted yields another Response envelope with error_code and data fields. The decryptDataField helper was returning the raw decrypted bytes without unwrapping the inner envelope, causing json unmarshal failures when parsing friends/groups. * fix(channels): pass version 0 for group details to get full data The Zalo group info endpoint uses a version-based caching mechanism. Passing the actual version from step 1 causes the server to return the group in "unchangedsGroup" with empty "gridInfoMap". By passing version 0 for all groups, we force the server to return full group info including name, avatar, and member count. * fix(ui): auto-load contacts on modal reopen to resolve display names When the edit modal is reopened with already-selected contact IDs, contacts are now auto-fetched so badges show display names instead of raw numeric IDs. * fix(channels): handle gzip-compressed response in Zalo SendMessage SendMessage used io.ReadAll + json.Unmarshal directly but the response is gzip-compressed (Accept-Encoding: gzip header). Use readJSON() which handles gzip decompression, fixing "invalid character '\x1f'" errors. * fix(channels): decrypt encrypted send response in Zalo SendMessage The Zalo send message API response is encrypted like all other endpoints. Parse outer envelope, decrypt the data field, then extract msgId from the decrypted inner response. * feat(channels): improve Zalo listener reliability and UI channel wizard - Migrate WebSocket client from gorilla to coder/websocket, eliminating unsafe/reflect hacks for RSV1 decompression and buffer inspection - Add channel-level restart with exponential backoff (2s→60s cap, max 10) so channels auto-recover instead of stopping permanently - Reset listener retry counters after 60s stable connection to prevent long-lived connections from exhausting retry budget - Add code 3000 (duplicate session) recovery with 60s initial delay - Detect silent disconnects via read deadline (2.5x ping interval) - Fix Stop() to always cancel context, preventing reconnect timer leaks - Refactor UI channel form into wizard-based flow with registry pattern - Auto-refresh channel status after create/update dialog closes * refactor(channels): move Zalo RPC methods to zalomethods package Move Zalo personal channel RPC handlers from internal/gateway/methods to internal/channels/zalo/personal/zalomethods, improving code organization and removing prefix redundancy. Rename types: ZaloPersonalQRMethods → QRMethods, ZaloPersonalContactsMethods → ContactsMethods. - Move zalo_personal_qr.go → zalomethods/qr.go - Move zalo_personal_contacts.go → zalomethods/contacts.go - Update imports in cmd/gateway.go (2 call sites) - Update internal/channels/zalo/personal imports * feat(channels): add typing indicator to Zalo Personal channel Show "typing..." in Zalo while the LLM processes messages, matching the Telegram/Discord pattern. Uses the shared typing.Controller with 4s keepalive (Zalo typing expires ~5s) and 60s TTL safety net. * feat(channels): handle image attachments in Zalo Personal channel - Add Raw field to Content struct to preserve non-string JSON payloads - Add Attachment struct with IsImage() detection (ext + Zalo CDN paths) - Add AttachmentText() for human-readable placeholders (image/file/other) - Download image attachments to temp files for agent vision pipeline - Non-image files get text placeholder only (no download) - Fix URL query param stripping in file extension detection * fix(channels): switch Zalo WS client to gorilla/websocket with cookie jar fix coder/websocket did not propagate session cookies for wss:// URLs, causing Zalo backend to reject connections with "zpw_sek not found". Switch to gorilla/websocket which handles wss→https scheme conversion natively. Add wsJar safety wrapper and fix Close() mutex consistency. Also update Makefile `up` target to use --no-cache builds. * fix(channels): inject cookies manually for Zalo WS connection Replace wsJar wrapper with direct cookie injection from chat.zalo.me base domain. Fixes host-only cookies (zpw_sek) not matching WS subdomains (ws-msg.chat.zalo.me) due to Go cookiejar limitations. fix(channels): harden Zalo Personal channel security and concurrency - Add SSRF protection to downloadFile using CheckSSRF (URL validation, private IP blocking, DNS pinning) with context and 30s timeout - Protect c.sess/c.listener with sync.RWMutex to eliminate data races during restart; add thread-safe session()/getListener() accessors - Add stopped flag + reconnTimer to Listener to prevent zombie reconnects after Stop(); timer cancelled on Stop(), checked before Start() - Fix QR flow using context.Background() detached from WS client; now derives from parent ctx so flow cancels on client disconnect - Set initial 30s read deadline for cipher key handshake to prevent indefinite blocking before ping loop starts - Use defer in WSClient.Close() to prevent connection leak on panic - Document ReadMessage ctx limitation and two-layer reconnect design * chore: remove unused gobwas/ws dependency from go.mod gobwas/ws was a leftover from the previous coder/websocket usage, no longer imported by any Go source files. * fix(channels): align Zalo Personal policy defaults across UI and backend Policy defaults were inconsistent across three layers causing group/DM allowlist enforcement to silently fail. New() applied "allowlist" default to local vars but never wrote back to config; checkGroupPolicy() then read empty string and defaulted to "open", bypassing the allowlist. UI Select components displayed schema defaults visually without persisting them to configValues, so DB config never stored the policy.	2026-03-03 14:21:07 +07:00
Viet Tran	f3f4c67b36	Initial commit: GoClaw AI agent gateway Multi-agent AI gateway with WebSocket RPC, HTTP API, and messaging channel integrations. Go port of OpenClaw with multi-tenant PostgreSQL, per-user isolation, security hardening, and production observability. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-22 14:58:07 +07:00

Author

SHA1

Message

Date

Nam Nguyen Ngoc

b901a82551

fix(security): harden web fetch/search against prompt injection and cache poisoning (#80 )

- Scan web_fetch/web_search tool results for prompt injection patterns via inputGuard
- Strip hidden HTML elements (display:none, aria-hidden, sr-only classes) during conversion
- Scope web tool caches per channel to prevent cross-channel cache poisoning
- Enforce domain blocklist and allowlist checks on HTTP redirect targets
- Add untrusted content reminder to external content wrapper
- Log redirect source URL in fetch results for transparency

Co-authored-by: Nam Nguyen Ngoc <namnn.0911@gmail.com>

2026-03-07 19:31:56 +07:00

Duc Nguyen

0f5dd08f76

feat(channels): introduce Zalo Personal channel integration (#32 )

* feat(channels): implement Zalo Personal Chat (ZCA) protocol layer

Implement complete Zalo Personal Chat integration including:
- Message protocol layer (request/response/event types)
- Connection management with auth flow
- Message sending/receiving with text and media support
- User/group management and sync
- Telegram-style contact and conversation handling
- Comprehensive unit tests with 85%+ coverage

Architecture follows existing channel patterns (Telegram, Feishu) with
raw API calls for session management and message delivery. Includes
error handling, rate limiting awareness, and logging.

* feat(channels): add Zalo Personal channel integration layer

Wire protocol package to GoClaw's channel system:
- channel.go: Channel struct, Start/Stop/Send, listenLoop, message handlers
- auth.go: credential resolution (preloaded > file > QR), persistence
- policy.go: DM/group policy, @mention gating, pairing with debounce
- factory.go: managed mode factory (requires credentials, no QR)
- cmd/gateway.go: register standalone + managed factory

* feat(ui): add Zalo Personal channel type to web dashboard

Add zalo_personal to channel type dropdown, credential fields
(IMEI, cookie, userAgent), and config schema (DM/group policy,
require_mention, allow_from).

* feat(channels): add WebSocket QR login for Zalo Personal channel

Add real-time QR code login flow for zalo_personal channel instances
in managed mode. Users create an instance without credentials, then
trigger QR login from the web dashboard.

Backend:
- New RPC method zalo.personal.qr.start with per-instance mutex
- QR PNG pushed via client-scoped WS events (not broadcast)
- Credentials encrypted and saved to DB on successful scan
- Cache invalidation triggers automatic channel reload/start
- Factory returns nil,nil for missing credentials (skip, not error)
- Instance loader handles nil-channel gracefully

Frontend:
- ZaloPersonalQRDialog with auto-start, retry, and auto-close
- QR button in channel instances table for zalo_personal type
- Credential fields no longer required (auto-populated via QR)

* fix(channels): skip redundant LoginWithCredentials after QR login

QR flow already validates session via qrCheckSession + qrGetUserInfo.
Calling LoginWithCredentials again conflicts with the active QR session
state, causing "empty response" errors. Credentials are validated when
the channel starts instead. Also rename log prefix from "zca" to
"Zalo Personal".

* fix(channels): fix Zalo Personal cookie domain for login API

BuildCookieJar only set cookies for chat.zalo.me but the login API
uses wpa.chat.zalo.me. Cookies weren't sent to the subdomain, causing
"empty response" on channel startup. Now sets cookies for both hosts.

* fix(channels): move UTF-8 check after gzip decompression in Zalo listener

The UTF-8 validity check in decryptAESGCMPayload ran on raw decrypted
bytes before gzip decompression, causing all encType=2 (AES-GCM+gzip)
messages to fail with "decrypted payload is not valid UTF-8".

Move the check to decryptEventData so it runs after all processing
(decryption + decompression) is complete.

* feat(channels): add QR-only onboarding and contacts picker for Zalo Personal

- Remove credential text fields for zalo_personal, show QR auth info banner
- Add has_credentials boolean to HTTP and WS mask functions
- Implement FetchFriends/FetchGroups protocol (encrypted Zalo API)
- Add zalo.personal.contacts WS RPC method with parallel fetch
- Create ZaloContactsPicker component with search, selection, manual entry
- Integrate picker in channel instance edit dialog for allow_from config

* refactor(channels): rename zca error prefix to zalo_personal across protocol package

* fix(channels): unwrap inner response envelope in Zalo contacts decryption

The Zalo API returns double-wrapped responses: outer envelope contains
encrypted base64 data, which when decrypted yields another Response
envelope with error_code and data fields. The decryptDataField helper
was returning the raw decrypted bytes without unwrapping the inner
envelope, causing json unmarshal failures when parsing friends/groups.

* fix(channels): pass version 0 for group details to get full data

The Zalo group info endpoint uses a version-based caching mechanism.
Passing the actual version from step 1 causes the server to return
the group in "unchangedsGroup" with empty "gridInfoMap". By passing
version 0 for all groups, we force the server to return full group
info including name, avatar, and member count.

* fix(ui): auto-load contacts on modal reopen to resolve display names

When the edit modal is reopened with already-selected contact IDs,
contacts are now auto-fetched so badges show display names instead
of raw numeric IDs.

* fix(channels): handle gzip-compressed response in Zalo SendMessage

SendMessage used io.ReadAll + json.Unmarshal directly but the response
is gzip-compressed (Accept-Encoding: gzip header). Use readJSON() which
handles gzip decompression, fixing "invalid character '\x1f'" errors.

* fix(channels): decrypt encrypted send response in Zalo SendMessage

The Zalo send message API response is encrypted like all other endpoints.
Parse outer envelope, decrypt the data field, then extract msgId from
the decrypted inner response.

* feat(channels): improve Zalo listener reliability and UI channel wizard

- Migrate WebSocket client from gorilla to coder/websocket, eliminating
  unsafe/reflect hacks for RSV1 decompression and buffer inspection
- Add channel-level restart with exponential backoff (2s→60s cap, max 10)
  so channels auto-recover instead of stopping permanently
- Reset listener retry counters after 60s stable connection to prevent
  long-lived connections from exhausting retry budget
- Add code 3000 (duplicate session) recovery with 60s initial delay
- Detect silent disconnects via read deadline (2.5x ping interval)
- Fix Stop() to always cancel context, preventing reconnect timer leaks
- Refactor UI channel form into wizard-based flow with registry pattern
- Auto-refresh channel status after create/update dialog closes

* refactor(channels): move Zalo RPC methods to zalomethods package

Move Zalo personal channel RPC handlers from internal/gateway/methods to
internal/channels/zalo/personal/zalomethods, improving code organization
and removing prefix redundancy. Rename types: ZaloPersonalQRMethods →
QRMethods, ZaloPersonalContactsMethods → ContactsMethods.

- Move zalo_personal_qr.go → zalomethods/qr.go
- Move zalo_personal_contacts.go → zalomethods/contacts.go
- Update imports in cmd/gateway.go (2 call sites)
- Update internal/channels/zalo/personal imports

* feat(channels): add typing indicator to Zalo Personal channel

Show "typing..." in Zalo while the LLM processes messages, matching
the Telegram/Discord pattern. Uses the shared typing.Controller with
4s keepalive (Zalo typing expires ~5s) and 60s TTL safety net.

* feat(channels): handle image attachments in Zalo Personal channel

- Add Raw field to Content struct to preserve non-string JSON payloads
- Add Attachment struct with IsImage() detection (ext + Zalo CDN paths)
- Add AttachmentText() for human-readable placeholders (image/file/other)
- Download image attachments to temp files for agent vision pipeline
- Non-image files get text placeholder only (no download)
- Fix URL query param stripping in file extension detection

* fix(channels): switch Zalo WS client to gorilla/websocket with cookie jar fix

coder/websocket did not propagate session cookies for wss:// URLs,
causing Zalo backend to reject connections with "zpw_sek not found".
Switch to gorilla/websocket which handles wss→https scheme conversion
natively. Add wsJar safety wrapper and fix Close() mutex consistency.

Also update Makefile `up` target to use --no-cache builds.

* fix(channels): inject cookies manually for Zalo WS connection

Replace wsJar wrapper with direct cookie injection from chat.zalo.me
base domain. Fixes host-only cookies (zpw_sek) not matching WS
subdomains (ws*-msg.chat.zalo.me) due to Go cookiejar limitations.

* fix(channels): harden Zalo Personal channel security and concurrency

- Add SSRF protection to downloadFile using CheckSSRF (URL validation,
  private IP blocking, DNS pinning) with context and 30s timeout
- Protect c.sess/c.listener with sync.RWMutex to eliminate data races
  during restart; add thread-safe session()/getListener() accessors
- Add stopped flag + reconnTimer to Listener to prevent zombie reconnects
  after Stop(); timer cancelled on Stop(), checked before Start()
- Fix QR flow using context.Background() detached from WS client; now
  derives from parent ctx so flow cancels on client disconnect
- Set initial 30s read deadline for cipher key handshake to prevent
  indefinite blocking before ping loop starts
- Use defer in WSClient.Close() to prevent connection leak on panic
- Document ReadMessage ctx limitation and two-layer reconnect design

* chore: remove unused gobwas/ws dependency from go.mod

gobwas/ws was a leftover from the previous coder/websocket usage,
no longer imported by any Go source files.

* fix(channels): align Zalo Personal policy defaults across UI and backend

Policy defaults were inconsistent across three layers causing group/DM
allowlist enforcement to silently fail. New() applied "allowlist" default
to local vars but never wrote back to config; checkGroupPolicy() then
read empty string and defaulted to "open", bypassing the allowlist.
UI Select components displayed schema defaults visually without
persisting them to configValues, so DB config never stored the policy.

2026-03-03 14:21:07 +07:00

Viet Tran

f3f4c67b36

Initial commit: GoClaw AI agent gateway

Multi-agent AI gateway with WebSocket RPC, HTTP API, and messaging channel integrations.
Go port of OpenClaw with multi-tenant PostgreSQL, per-user isolation, security hardening,
and production observability.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-22 14:58:07 +07:00

3 Commits