2026-01-23 16:45:37 -06:00
|
|
|
import { GoogleAuth, OAuth2Client } from "google-auth-library";
|
|
|
|
|
import type { ResolvedGoogleChatAccount } from "./accounts.js";
|
|
|
|
|
|
|
|
|
|
const CHAT_SCOPE = "https://www.googleapis.com/auth/chat.bot";
|
|
|
|
|
const CHAT_ISSUER = "chat@system.gserviceaccount.com";
|
2026-01-24 01:12:48 +00:00
|
|
|
// Google Workspace Add-ons use a different service account pattern
|
|
|
|
|
const ADDON_ISSUER_PATTERN = /^service-\d+@gcp-sa-gsuiteaddons\.iam\.gserviceaccount\.com$/;
|
2026-01-23 16:45:37 -06:00
|
|
|
const CHAT_CERTS_URL =
|
|
|
|
|
"https://www.googleapis.com/service_accounts/v1/metadata/x509/chat@system.gserviceaccount.com";
|
|
|
|
|
|
fix: comprehensive BlueBubbles and channel cleanup (#11093)
* feat(bluebubbles): auto-strip markdown from outbound messages (#7402)
* fix(security): add timeout to webhook body reading (#6762)
Adds 30-second timeout to readBody() in voice-call, bluebubbles, and nostr
webhook handlers. Prevents Slow-Loris DoS (CWE-400, CVSS 7.5).
Merged with existing maxBytes protection in voice-call.
* fix(security): unify Error objects and lint fixes in webhook timeouts (#6762)
* fix: prevent plugins from auto-enabling without user consent (#3961)
Changes default plugin enabled state from true to false in enablePluginEntry().
Preserves existing enabled:true values. Fixes #3932.
* fix: apply hierarchical mediaMaxMb config to all channels (#8749)
Generalizes resolveAttachmentMaxBytes() to use account → channel → global
config resolution for all channels, not just BlueBubbles. Fixes #7847.
* fix(bluebubbles): sanitize attachment filenames against header injection (#10333)
Strip ", \r, \n, and \\ from filenames after path.basename() to prevent
multipart Content-Disposition header injection (CWE-93, CVSS 5.4).
Also adds sanitization to setGroupIconBlueBubbles which had zero filename
sanitization.
* fix(lint): exclude extensions/ from Oxlint preflight check (#9313)
Extensions use PluginRuntime|null patterns that trigger
no-redundant-type-constituents because PluginRuntime resolves to any.
Excluding extensions/ from Oxlint unblocks user upgrades.
Re-applies the approach from closed PR #10087.
* fix(bluebubbles): add tempGuid to createNewChatWithMessage payload (#7745)
Non-Private-API mode (AppleScript) requires tempGuid in send payloads.
The main sendMessageBlueBubbles already had it, but createNewChatWithMessage
was missing it, causing 400 errors for new chat creation without Private API.
* fix: send stop-typing signal when run ends with NO_REPLY (#8785)
Adds onCleanup callback to the typing controller that fires when the
controller is cleaned up while typing was active (e.g., after NO_REPLY).
Channels using createTypingCallbacks automatically get stop-typing on
cleanup. This prevents the typing indicator from lingering in group chats
when the agent decides not to reply.
* fix(telegram): deduplicate skill commands in multi-agent setup (#5717)
Two fixes:
1. Skip duplicate workspace dirs when listing skill commands across agents.
Multiple agents sharing the same workspace would produce duplicate commands
with _2, _3 suffixes.
2. Clear stale commands via deleteMyCommands before registering new ones.
Commands from deleted skills now get cleaned up on restart.
* fix: add size limits to unbounded in-memory caches (#4948)
Adds max-size caps with oldest-entry eviction to prevent OOM in
long-running deployments:
- BlueBubbles serverInfoCache: 64 entries (already has TTL)
- Google Chat authCache: 32 entries
- Matrix directRoomCache: 1024 entries
- Discord presenceCache: 5000 entries per account
* fix: address review concerns (#11093)
- Chain deleteMyCommands → setMyCommands to prevent race condition (#5717)
- Rename enablePluginEntry to registerPluginEntry (now sets enabled: false)
- Add Slow-Loris timeout test for readJsonBody (#6023)
2026-02-07 05:00:55 -08:00
|
|
|
// Size-capped to prevent unbounded growth in long-running deployments (#4948)
|
|
|
|
|
const MAX_AUTH_CACHE_SIZE = 32;
|
2026-01-23 16:45:37 -06:00
|
|
|
const authCache = new Map<string, { key: string; auth: GoogleAuth }>();
|
|
|
|
|
const verifyClient = new OAuth2Client();
|
|
|
|
|
|
|
|
|
|
let cachedCerts: { fetchedAt: number; certs: Record<string, string> } | null = null;
|
|
|
|
|
|
|
|
|
|
function buildAuthKey(account: ResolvedGoogleChatAccount): string {
|
2026-01-31 22:13:48 +09:00
|
|
|
if (account.credentialsFile) {
|
|
|
|
|
return `file:${account.credentialsFile}`;
|
|
|
|
|
}
|
|
|
|
|
if (account.credentials) {
|
|
|
|
|
return `inline:${JSON.stringify(account.credentials)}`;
|
|
|
|
|
}
|
2026-01-23 16:45:37 -06:00
|
|
|
return "none";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function getAuthInstance(account: ResolvedGoogleChatAccount): GoogleAuth {
|
|
|
|
|
const key = buildAuthKey(account);
|
|
|
|
|
const cached = authCache.get(account.accountId);
|
2026-01-31 22:13:48 +09:00
|
|
|
if (cached && cached.key === key) {
|
|
|
|
|
return cached.auth;
|
|
|
|
|
}
|
2026-01-23 16:45:37 -06:00
|
|
|
|
fix: comprehensive BlueBubbles and channel cleanup (#11093)
* feat(bluebubbles): auto-strip markdown from outbound messages (#7402)
* fix(security): add timeout to webhook body reading (#6762)
Adds 30-second timeout to readBody() in voice-call, bluebubbles, and nostr
webhook handlers. Prevents Slow-Loris DoS (CWE-400, CVSS 7.5).
Merged with existing maxBytes protection in voice-call.
* fix(security): unify Error objects and lint fixes in webhook timeouts (#6762)
* fix: prevent plugins from auto-enabling without user consent (#3961)
Changes default plugin enabled state from true to false in enablePluginEntry().
Preserves existing enabled:true values. Fixes #3932.
* fix: apply hierarchical mediaMaxMb config to all channels (#8749)
Generalizes resolveAttachmentMaxBytes() to use account → channel → global
config resolution for all channels, not just BlueBubbles. Fixes #7847.
* fix(bluebubbles): sanitize attachment filenames against header injection (#10333)
Strip ", \r, \n, and \\ from filenames after path.basename() to prevent
multipart Content-Disposition header injection (CWE-93, CVSS 5.4).
Also adds sanitization to setGroupIconBlueBubbles which had zero filename
sanitization.
* fix(lint): exclude extensions/ from Oxlint preflight check (#9313)
Extensions use PluginRuntime|null patterns that trigger
no-redundant-type-constituents because PluginRuntime resolves to any.
Excluding extensions/ from Oxlint unblocks user upgrades.
Re-applies the approach from closed PR #10087.
* fix(bluebubbles): add tempGuid to createNewChatWithMessage payload (#7745)
Non-Private-API mode (AppleScript) requires tempGuid in send payloads.
The main sendMessageBlueBubbles already had it, but createNewChatWithMessage
was missing it, causing 400 errors for new chat creation without Private API.
* fix: send stop-typing signal when run ends with NO_REPLY (#8785)
Adds onCleanup callback to the typing controller that fires when the
controller is cleaned up while typing was active (e.g., after NO_REPLY).
Channels using createTypingCallbacks automatically get stop-typing on
cleanup. This prevents the typing indicator from lingering in group chats
when the agent decides not to reply.
* fix(telegram): deduplicate skill commands in multi-agent setup (#5717)
Two fixes:
1. Skip duplicate workspace dirs when listing skill commands across agents.
Multiple agents sharing the same workspace would produce duplicate commands
with _2, _3 suffixes.
2. Clear stale commands via deleteMyCommands before registering new ones.
Commands from deleted skills now get cleaned up on restart.
* fix: add size limits to unbounded in-memory caches (#4948)
Adds max-size caps with oldest-entry eviction to prevent OOM in
long-running deployments:
- BlueBubbles serverInfoCache: 64 entries (already has TTL)
- Google Chat authCache: 32 entries
- Matrix directRoomCache: 1024 entries
- Discord presenceCache: 5000 entries per account
* fix: address review concerns (#11093)
- Chain deleteMyCommands → setMyCommands to prevent race condition (#5717)
- Rename enablePluginEntry to registerPluginEntry (now sets enabled: false)
- Add Slow-Loris timeout test for readJsonBody (#6023)
2026-02-07 05:00:55 -08:00
|
|
|
const evictOldest = () => {
|
|
|
|
|
if (authCache.size > MAX_AUTH_CACHE_SIZE) {
|
|
|
|
|
const oldest = authCache.keys().next().value;
|
|
|
|
|
if (oldest !== undefined) {
|
|
|
|
|
authCache.delete(oldest);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2026-01-23 16:45:37 -06:00
|
|
|
if (account.credentialsFile) {
|
|
|
|
|
const auth = new GoogleAuth({ keyFile: account.credentialsFile, scopes: [CHAT_SCOPE] });
|
|
|
|
|
authCache.set(account.accountId, { key, auth });
|
fix: comprehensive BlueBubbles and channel cleanup (#11093)
* feat(bluebubbles): auto-strip markdown from outbound messages (#7402)
* fix(security): add timeout to webhook body reading (#6762)
Adds 30-second timeout to readBody() in voice-call, bluebubbles, and nostr
webhook handlers. Prevents Slow-Loris DoS (CWE-400, CVSS 7.5).
Merged with existing maxBytes protection in voice-call.
* fix(security): unify Error objects and lint fixes in webhook timeouts (#6762)
* fix: prevent plugins from auto-enabling without user consent (#3961)
Changes default plugin enabled state from true to false in enablePluginEntry().
Preserves existing enabled:true values. Fixes #3932.
* fix: apply hierarchical mediaMaxMb config to all channels (#8749)
Generalizes resolveAttachmentMaxBytes() to use account → channel → global
config resolution for all channels, not just BlueBubbles. Fixes #7847.
* fix(bluebubbles): sanitize attachment filenames against header injection (#10333)
Strip ", \r, \n, and \\ from filenames after path.basename() to prevent
multipart Content-Disposition header injection (CWE-93, CVSS 5.4).
Also adds sanitization to setGroupIconBlueBubbles which had zero filename
sanitization.
* fix(lint): exclude extensions/ from Oxlint preflight check (#9313)
Extensions use PluginRuntime|null patterns that trigger
no-redundant-type-constituents because PluginRuntime resolves to any.
Excluding extensions/ from Oxlint unblocks user upgrades.
Re-applies the approach from closed PR #10087.
* fix(bluebubbles): add tempGuid to createNewChatWithMessage payload (#7745)
Non-Private-API mode (AppleScript) requires tempGuid in send payloads.
The main sendMessageBlueBubbles already had it, but createNewChatWithMessage
was missing it, causing 400 errors for new chat creation without Private API.
* fix: send stop-typing signal when run ends with NO_REPLY (#8785)
Adds onCleanup callback to the typing controller that fires when the
controller is cleaned up while typing was active (e.g., after NO_REPLY).
Channels using createTypingCallbacks automatically get stop-typing on
cleanup. This prevents the typing indicator from lingering in group chats
when the agent decides not to reply.
* fix(telegram): deduplicate skill commands in multi-agent setup (#5717)
Two fixes:
1. Skip duplicate workspace dirs when listing skill commands across agents.
Multiple agents sharing the same workspace would produce duplicate commands
with _2, _3 suffixes.
2. Clear stale commands via deleteMyCommands before registering new ones.
Commands from deleted skills now get cleaned up on restart.
* fix: add size limits to unbounded in-memory caches (#4948)
Adds max-size caps with oldest-entry eviction to prevent OOM in
long-running deployments:
- BlueBubbles serverInfoCache: 64 entries (already has TTL)
- Google Chat authCache: 32 entries
- Matrix directRoomCache: 1024 entries
- Discord presenceCache: 5000 entries per account
* fix: address review concerns (#11093)
- Chain deleteMyCommands → setMyCommands to prevent race condition (#5717)
- Rename enablePluginEntry to registerPluginEntry (now sets enabled: false)
- Add Slow-Loris timeout test for readJsonBody (#6023)
2026-02-07 05:00:55 -08:00
|
|
|
evictOldest();
|
2026-01-23 16:45:37 -06:00
|
|
|
return auth;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (account.credentials) {
|
|
|
|
|
const auth = new GoogleAuth({ credentials: account.credentials, scopes: [CHAT_SCOPE] });
|
|
|
|
|
authCache.set(account.accountId, { key, auth });
|
fix: comprehensive BlueBubbles and channel cleanup (#11093)
* feat(bluebubbles): auto-strip markdown from outbound messages (#7402)
* fix(security): add timeout to webhook body reading (#6762)
Adds 30-second timeout to readBody() in voice-call, bluebubbles, and nostr
webhook handlers. Prevents Slow-Loris DoS (CWE-400, CVSS 7.5).
Merged with existing maxBytes protection in voice-call.
* fix(security): unify Error objects and lint fixes in webhook timeouts (#6762)
* fix: prevent plugins from auto-enabling without user consent (#3961)
Changes default plugin enabled state from true to false in enablePluginEntry().
Preserves existing enabled:true values. Fixes #3932.
* fix: apply hierarchical mediaMaxMb config to all channels (#8749)
Generalizes resolveAttachmentMaxBytes() to use account → channel → global
config resolution for all channels, not just BlueBubbles. Fixes #7847.
* fix(bluebubbles): sanitize attachment filenames against header injection (#10333)
Strip ", \r, \n, and \\ from filenames after path.basename() to prevent
multipart Content-Disposition header injection (CWE-93, CVSS 5.4).
Also adds sanitization to setGroupIconBlueBubbles which had zero filename
sanitization.
* fix(lint): exclude extensions/ from Oxlint preflight check (#9313)
Extensions use PluginRuntime|null patterns that trigger
no-redundant-type-constituents because PluginRuntime resolves to any.
Excluding extensions/ from Oxlint unblocks user upgrades.
Re-applies the approach from closed PR #10087.
* fix(bluebubbles): add tempGuid to createNewChatWithMessage payload (#7745)
Non-Private-API mode (AppleScript) requires tempGuid in send payloads.
The main sendMessageBlueBubbles already had it, but createNewChatWithMessage
was missing it, causing 400 errors for new chat creation without Private API.
* fix: send stop-typing signal when run ends with NO_REPLY (#8785)
Adds onCleanup callback to the typing controller that fires when the
controller is cleaned up while typing was active (e.g., after NO_REPLY).
Channels using createTypingCallbacks automatically get stop-typing on
cleanup. This prevents the typing indicator from lingering in group chats
when the agent decides not to reply.
* fix(telegram): deduplicate skill commands in multi-agent setup (#5717)
Two fixes:
1. Skip duplicate workspace dirs when listing skill commands across agents.
Multiple agents sharing the same workspace would produce duplicate commands
with _2, _3 suffixes.
2. Clear stale commands via deleteMyCommands before registering new ones.
Commands from deleted skills now get cleaned up on restart.
* fix: add size limits to unbounded in-memory caches (#4948)
Adds max-size caps with oldest-entry eviction to prevent OOM in
long-running deployments:
- BlueBubbles serverInfoCache: 64 entries (already has TTL)
- Google Chat authCache: 32 entries
- Matrix directRoomCache: 1024 entries
- Discord presenceCache: 5000 entries per account
* fix: address review concerns (#11093)
- Chain deleteMyCommands → setMyCommands to prevent race condition (#5717)
- Rename enablePluginEntry to registerPluginEntry (now sets enabled: false)
- Add Slow-Loris timeout test for readJsonBody (#6023)
2026-02-07 05:00:55 -08:00
|
|
|
evictOldest();
|
2026-01-23 16:45:37 -06:00
|
|
|
return auth;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const auth = new GoogleAuth({ scopes: [CHAT_SCOPE] });
|
|
|
|
|
authCache.set(account.accountId, { key, auth });
|
fix: comprehensive BlueBubbles and channel cleanup (#11093)
* feat(bluebubbles): auto-strip markdown from outbound messages (#7402)
* fix(security): add timeout to webhook body reading (#6762)
Adds 30-second timeout to readBody() in voice-call, bluebubbles, and nostr
webhook handlers. Prevents Slow-Loris DoS (CWE-400, CVSS 7.5).
Merged with existing maxBytes protection in voice-call.
* fix(security): unify Error objects and lint fixes in webhook timeouts (#6762)
* fix: prevent plugins from auto-enabling without user consent (#3961)
Changes default plugin enabled state from true to false in enablePluginEntry().
Preserves existing enabled:true values. Fixes #3932.
* fix: apply hierarchical mediaMaxMb config to all channels (#8749)
Generalizes resolveAttachmentMaxBytes() to use account → channel → global
config resolution for all channels, not just BlueBubbles. Fixes #7847.
* fix(bluebubbles): sanitize attachment filenames against header injection (#10333)
Strip ", \r, \n, and \\ from filenames after path.basename() to prevent
multipart Content-Disposition header injection (CWE-93, CVSS 5.4).
Also adds sanitization to setGroupIconBlueBubbles which had zero filename
sanitization.
* fix(lint): exclude extensions/ from Oxlint preflight check (#9313)
Extensions use PluginRuntime|null patterns that trigger
no-redundant-type-constituents because PluginRuntime resolves to any.
Excluding extensions/ from Oxlint unblocks user upgrades.
Re-applies the approach from closed PR #10087.
* fix(bluebubbles): add tempGuid to createNewChatWithMessage payload (#7745)
Non-Private-API mode (AppleScript) requires tempGuid in send payloads.
The main sendMessageBlueBubbles already had it, but createNewChatWithMessage
was missing it, causing 400 errors for new chat creation without Private API.
* fix: send stop-typing signal when run ends with NO_REPLY (#8785)
Adds onCleanup callback to the typing controller that fires when the
controller is cleaned up while typing was active (e.g., after NO_REPLY).
Channels using createTypingCallbacks automatically get stop-typing on
cleanup. This prevents the typing indicator from lingering in group chats
when the agent decides not to reply.
* fix(telegram): deduplicate skill commands in multi-agent setup (#5717)
Two fixes:
1. Skip duplicate workspace dirs when listing skill commands across agents.
Multiple agents sharing the same workspace would produce duplicate commands
with _2, _3 suffixes.
2. Clear stale commands via deleteMyCommands before registering new ones.
Commands from deleted skills now get cleaned up on restart.
* fix: add size limits to unbounded in-memory caches (#4948)
Adds max-size caps with oldest-entry eviction to prevent OOM in
long-running deployments:
- BlueBubbles serverInfoCache: 64 entries (already has TTL)
- Google Chat authCache: 32 entries
- Matrix directRoomCache: 1024 entries
- Discord presenceCache: 5000 entries per account
* fix: address review concerns (#11093)
- Chain deleteMyCommands → setMyCommands to prevent race condition (#5717)
- Rename enablePluginEntry to registerPluginEntry (now sets enabled: false)
- Add Slow-Loris timeout test for readJsonBody (#6023)
2026-02-07 05:00:55 -08:00
|
|
|
evictOldest();
|
2026-01-23 16:45:37 -06:00
|
|
|
return auth;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export async function getGoogleChatAccessToken(
|
|
|
|
|
account: ResolvedGoogleChatAccount,
|
|
|
|
|
): Promise<string> {
|
|
|
|
|
const auth = getAuthInstance(account);
|
|
|
|
|
const client = await auth.getClient();
|
|
|
|
|
const access = await client.getAccessToken();
|
|
|
|
|
const token = typeof access === "string" ? access : access?.token;
|
|
|
|
|
if (!token) {
|
|
|
|
|
throw new Error("Missing Google Chat access token");
|
|
|
|
|
}
|
|
|
|
|
return token;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async function fetchChatCerts(): Promise<Record<string, string>> {
|
|
|
|
|
const now = Date.now();
|
|
|
|
|
if (cachedCerts && now - cachedCerts.fetchedAt < 10 * 60 * 1000) {
|
|
|
|
|
return cachedCerts.certs;
|
|
|
|
|
}
|
|
|
|
|
const res = await fetch(CHAT_CERTS_URL);
|
|
|
|
|
if (!res.ok) {
|
|
|
|
|
throw new Error(`Failed to fetch Chat certs (${res.status})`);
|
|
|
|
|
}
|
|
|
|
|
const certs = (await res.json()) as Record<string, string>;
|
|
|
|
|
cachedCerts = { fetchedAt: now, certs };
|
|
|
|
|
return certs;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export type GoogleChatAudienceType = "app-url" | "project-number";
|
|
|
|
|
|
|
|
|
|
export async function verifyGoogleChatRequest(params: {
|
|
|
|
|
bearer?: string | null;
|
|
|
|
|
audienceType?: GoogleChatAudienceType | null;
|
|
|
|
|
audience?: string | null;
|
|
|
|
|
}): Promise<{ ok: boolean; reason?: string }> {
|
|
|
|
|
const bearer = params.bearer?.trim();
|
2026-01-31 22:13:48 +09:00
|
|
|
if (!bearer) {
|
|
|
|
|
return { ok: false, reason: "missing token" };
|
|
|
|
|
}
|
2026-01-23 16:45:37 -06:00
|
|
|
const audience = params.audience?.trim();
|
2026-01-31 22:13:48 +09:00
|
|
|
if (!audience) {
|
|
|
|
|
return { ok: false, reason: "missing audience" };
|
|
|
|
|
}
|
2026-01-23 16:45:37 -06:00
|
|
|
const audienceType = params.audienceType ?? null;
|
|
|
|
|
|
|
|
|
|
if (audienceType === "app-url") {
|
|
|
|
|
try {
|
|
|
|
|
const ticket = await verifyClient.verifyIdToken({
|
|
|
|
|
idToken: bearer,
|
|
|
|
|
audience,
|
|
|
|
|
});
|
|
|
|
|
const payload = ticket.getPayload();
|
2026-01-24 01:12:48 +00:00
|
|
|
const email = payload?.email ?? "";
|
2026-01-31 21:13:13 +09:00
|
|
|
const ok =
|
|
|
|
|
payload?.email_verified && (email === CHAT_ISSUER || ADDON_ISSUER_PATTERN.test(email));
|
2026-01-24 01:12:48 +00:00
|
|
|
return ok ? { ok: true } : { ok: false, reason: `invalid issuer: ${email}` };
|
2026-01-23 16:45:37 -06:00
|
|
|
} catch (err) {
|
|
|
|
|
return { ok: false, reason: err instanceof Error ? err.message : "invalid token" };
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (audienceType === "project-number") {
|
|
|
|
|
try {
|
|
|
|
|
const certs = await fetchChatCerts();
|
|
|
|
|
await verifyClient.verifySignedJwtWithCertsAsync(bearer, certs, audience, [CHAT_ISSUER]);
|
|
|
|
|
return { ok: true };
|
|
|
|
|
} catch (err) {
|
|
|
|
|
return { ok: false, reason: err instanceof Error ? err.message : "invalid token" };
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return { ok: false, reason: "unsupported audience type" };
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export const GOOGLE_CHAT_SCOPE = CHAT_SCOPE;
|