From a4574f72a3b328666782c1d143134e79f75c1f0b Mon Sep 17 00:00:00 2001 From: Alix-007 Date: Sun, 29 Mar 2026 22:19:13 +0800 Subject: [PATCH] fix(web/config): persist Discord token updates from channel settings (#2024) * fix: save Discord token updates from channel settings - preserve secret fields from PUT/PATCH /api/config payloads via setters - include _token edit fields in channel save payload construction - add regression test for Discord token patch flow (issue #2005) * fix: resolve shadow lint warnings in config secret mapping * fix(web/api): adapt config secret patch path after #2068 --------- Co-authored-by: Alix-007 <267018309+Alix-007@users.noreply.github.com> --- web/backend/api/config.go | 150 ++++++++++++++++++ web/backend/api/config_test.go | 36 +++++ .../channels/channel-config-page.tsx | 25 +-- 3 files changed, 200 insertions(+), 11 deletions(-) diff --git a/web/backend/api/config.go b/web/backend/api/config.go index 0add7594d..06391b8fc 100644 --- a/web/backend/api/config.go +++ b/web/backend/api/config.go @@ -52,6 +52,11 @@ func (h *Handler) handleUpdateConfig(w http.ResponseWriter, r *http.Request) { http.Error(w, fmt.Sprintf("Invalid JSON: %v", err), http.StatusBadRequest) return } + var raw map[string]any + if err = json.Unmarshal(body, &raw); err != nil { + http.Error(w, fmt.Sprintf("Invalid JSON: %v", err), http.StatusBadRequest) + return + } if execAllowRemoteOmitted(body) { cfg.Tools.Exec.AllowRemote = config.DefaultConfig().Tools.Exec.AllowRemote } @@ -63,6 +68,7 @@ func (h *Handler) handleUpdateConfig(w http.ResponseWriter, r *http.Request) { http.Error(w, fmt.Sprintf("Failed to apply security config: %v", err), http.StatusInternalServerError) return } + applyConfigSecretsFromMap(&cfg, raw) if errs := validateConfig(&cfg); len(errs) > 0 { w.Header().Set("Content-Type", "application/json") @@ -159,6 +165,7 @@ func (h *Handler) handlePatchConfig(w http.ResponseWriter, r *http.Request) { http.Error(w, fmt.Sprintf("Failed to apply security config: %v", err), http.StatusInternalServerError) return } + applyConfigSecretsFromMap(&newCfg, base) if errs := validateConfig(&newCfg); len(errs) > 0 { w.Header().Set("Content-Type", "application/json") @@ -325,3 +332,146 @@ func mergeMap(dst, src map[string]any) { } } } + +func asMapField(value map[string]any, key string) (map[string]any, bool) { + raw, exists := value[key] + if !exists { + return nil, false + } + m, isMap := raw.(map[string]any) + return m, isMap +} + +func getSecretString(m map[string]any, key string) (string, bool) { + if raw, exists := m[key]; exists { + s, isString := raw.(string) + if isString { + return s, true + } + } + if raw, exists := m["_"+key]; exists { + s, isString := raw.(string) + if isString { + return s, true + } + } + return "", false +} + +func applyConfigSecretsFromMap(cfg *config.Config, raw map[string]any) { + channels, hasChannels := asMapField(raw, "channels") + if hasChannels { + if telegram, hasTelegram := asMapField(channels, "telegram"); hasTelegram { + if token, hasToken := getSecretString(telegram, "token"); hasToken { + cfg.Channels.Telegram.SetToken(token) + } + } + if feishu, hasFeishu := asMapField(channels, "feishu"); hasFeishu { + if appSecret, hasAppSecret := getSecretString(feishu, "app_secret"); hasAppSecret { + cfg.Channels.Feishu.AppSecret.Set(appSecret) + } + if encryptKey, hasEncryptKey := getSecretString(feishu, "encrypt_key"); hasEncryptKey { + cfg.Channels.Feishu.EncryptKey.Set(encryptKey) + } + if verificationToken, hasVerificationToken := getSecretString( + feishu, + "verification_token", + ); hasVerificationToken { + cfg.Channels.Feishu.VerificationToken.Set(verificationToken) + } + } + if discord, hasDiscord := asMapField(channels, "discord"); hasDiscord { + if token, hasToken := getSecretString(discord, "token"); hasToken { + cfg.Channels.Discord.Token.Set(token) + } + } + if weixin, hasWeixin := asMapField(channels, "weixin"); hasWeixin { + if token, hasToken := getSecretString(weixin, "token"); hasToken { + cfg.Channels.Weixin.SetToken(token) + } + } + if qq, hasQQ := asMapField(channels, "qq"); hasQQ { + if appSecret, hasAppSecret := getSecretString(qq, "app_secret"); hasAppSecret { + cfg.Channels.QQ.AppSecret.Set(appSecret) + } + } + if dingtalk, hasDingTalk := asMapField(channels, "dingtalk"); hasDingTalk { + if clientSecret, hasClientSecret := getSecretString(dingtalk, "client_secret"); hasClientSecret { + cfg.Channels.DingTalk.ClientSecret.Set(clientSecret) + } + } + if slack, hasSlack := asMapField(channels, "slack"); hasSlack { + if botToken, hasBotToken := getSecretString(slack, "bot_token"); hasBotToken { + cfg.Channels.Slack.BotToken.Set(botToken) + } + if appToken, hasAppToken := getSecretString(slack, "app_token"); hasAppToken { + cfg.Channels.Slack.AppToken.Set(appToken) + } + } + if matrix, hasMatrix := asMapField(channels, "matrix"); hasMatrix { + if accessToken, hasAccessToken := getSecretString(matrix, "access_token"); hasAccessToken { + cfg.Channels.Matrix.AccessToken.Set(accessToken) + } + } + if line, hasLine := asMapField(channels, "line"); hasLine { + if channelSecret, hasChannelSecret := getSecretString(line, "channel_secret"); hasChannelSecret { + cfg.Channels.LINE.ChannelSecret.Set(channelSecret) + } + if channelAccessToken, hasChannelAccessToken := getSecretString( + line, + "channel_access_token", + ); hasChannelAccessToken { + cfg.Channels.LINE.ChannelAccessToken.Set(channelAccessToken) + } + } + if onebot, hasOneBot := asMapField(channels, "onebot"); hasOneBot { + if accessToken, hasAccessToken := getSecretString(onebot, "access_token"); hasAccessToken { + cfg.Channels.OneBot.AccessToken.Set(accessToken) + } + } + if wecom, hasWeCom := asMapField(channels, "wecom"); hasWeCom { + if secret, hasSecret := getSecretString(wecom, "secret"); hasSecret { + cfg.Channels.WeCom.SetSecret(secret) + } + } + if pico, hasPico := asMapField(channels, "pico"); hasPico { + if token, hasToken := getSecretString(pico, "token"); hasToken { + cfg.Channels.Pico.SetToken(token) + } + } + if irc, hasIRC := asMapField(channels, "irc"); hasIRC { + if password, hasPassword := getSecretString(irc, "password"); hasPassword { + cfg.Channels.IRC.Password.Set(password) + } + if nickservPassword, hasNickservPassword := getSecretString(irc, "nickserv_password"); hasNickservPassword { + cfg.Channels.IRC.NickServPassword.Set(nickservPassword) + } + if saslPassword, hasSASLPassword := getSecretString(irc, "sasl_password"); hasSASLPassword { + cfg.Channels.IRC.SASLPassword.Set(saslPassword) + } + } + } + + tools, hasTools := asMapField(raw, "tools") + if !hasTools { + return + } + skills, hasSkills := asMapField(tools, "skills") + if !hasSkills { + return + } + if github, hasGithub := asMapField(skills, "github"); hasGithub { + if token, hasToken := getSecretString(github, "token"); hasToken { + cfg.Tools.Skills.Github.Token.Set(token) + } + } + registries, hasRegistries := asMapField(skills, "registries") + if !hasRegistries { + return + } + if clawHub, hasClawHub := asMapField(registries, "clawhub"); hasClawHub { + if authToken, hasAuthToken := getSecretString(clawHub, "auth_token"); hasAuthToken { + cfg.Tools.Skills.Registries.ClawHub.AuthToken.Set(authToken) + } + } +} diff --git a/web/backend/api/config_test.go b/web/backend/api/config_test.go index 644284849..d3e25a7f9 100644 --- a/web/backend/api/config_test.go +++ b/web/backend/api/config_test.go @@ -251,6 +251,42 @@ func TestHandlePatchConfig_SucceedsWhenPicoTokenInSecurityOnly(t *testing.T) { } } +func TestHandlePatchConfig_SavesDiscordTokenFromPayload(t *testing.T) { + configPath, cleanup := setupOAuthTestEnv(t) + defer cleanup() + + h := NewHandler(configPath) + mux := http.NewServeMux() + h.RegisterRoutes(mux) + + req := httptest.NewRequest(http.MethodPatch, "/api/config", bytes.NewBufferString(`{ + "channels": { + "discord": { + "enabled": true, + "token": "discord-test-token" + } + } + }`)) + req.Header.Set("Content-Type", "application/json") + + rec := httptest.NewRecorder() + mux.ServeHTTP(rec, req) + if rec.Code != http.StatusOK { + t.Fatalf("PATCH /api/config status = %d, want %d, body=%s", rec.Code, http.StatusOK, rec.Body.String()) + } + + cfg, err := config.LoadConfig(configPath) + if err != nil { + t.Fatalf("LoadConfig() error = %v", err) + } + if !cfg.Channels.Discord.Enabled { + t.Fatal("discord should be enabled after PATCH") + } + if got := cfg.Channels.Discord.Token.String(); got != "discord-test-token" { + t.Fatalf("discord token = %q, want %q", got, "discord-test-token") + } +} + func TestHandlePatchConfig_AllowsInvalidDenyRegexPatternsWhenDenyPatternsDisabled(t *testing.T) { configPath, cleanup := setupOAuthTestEnv(t) defer cleanup() diff --git a/web/frontend/src/components/channels/channel-config-page.tsx b/web/frontend/src/components/channels/channel-config-page.tsx index 6af821ac9..3890924e0 100644 --- a/web/frontend/src/components/channels/channel-config-page.tsx +++ b/web/frontend/src/components/channels/channel-config-page.tsx @@ -62,10 +62,8 @@ function asBool(value: unknown): boolean { function buildEditConfig(config: ChannelConfig): ChannelConfig { const edit: ChannelConfig = { ...config } - for (const secretKey of Object.keys(SECRET_FIELD_MAP)) { - if (secretKey in config) { - edit[SECRET_FIELD_MAP[secretKey]] = "" - } + for (const editKey of Object.values(SECRET_FIELD_MAP)) { + edit[editKey] = "" } return edit } @@ -94,17 +92,22 @@ function buildSavePayload( for (const [key, value] of Object.entries(editConfig)) { if (key.startsWith("_")) continue if (key === "enabled") continue - - if (key in SECRET_FIELD_MAP) { - const editKey = SECRET_FIELD_MAP[key] - const incoming = asString(editConfig[editKey]) - payload[key] = incoming !== "" ? incoming : value - continue - } + if (key in SECRET_FIELD_MAP) continue payload[key] = value } + for (const [secretKey, editKey] of Object.entries(SECRET_FIELD_MAP)) { + const incoming = asString(editConfig[editKey]) + if (incoming !== "") { + payload[secretKey] = incoming + continue + } + if (secretKey in editConfig) { + payload[secretKey] = editConfig[secretKey] + } + } + if (channel.name === "whatsapp_native") { payload.use_native = true }