Hugging Face's logo

Spaces:
Asem123
/
XY
Paused

App Files Community
XY / image_proxy.py
asemxin
fix: add catch-all proxy route for /callback/*
d08373b
raw
history blame contribute delete
7.54 kB
 #!/usr/bin/env python3
"""
飞书图片代理服务器 (image_proxy.py) v3
作为 HTTP 代理运行,修复 feishu-openclaw 插件的图片认证问题。
问题: feishu-openclaw 插件把 tenant_access_token 放在 URL query 参数中,
但飞书 API 要求放在 Authorization header 里,导致图片下载 400 错误。
方案: 本地代理服务监听 8765 端口,接收插件的图片请求,把 token 从 query 参数
移到 Authorization header 中再转发给飞书 API。
"""
import os, sys, json, requests, time, threading
from flask import Flask, request, Response, make_response
FEISHU_BASE = "https://open.feishu.cn/open-apis"
PORT = int(os.environ.get("IMAGE_PROXY_PORT", "8765"))
app = Flask(__name__)
def log(msg):
ts = time.strftime("%H:%M:%S")
print(f"[image_proxy {ts}] {msg}", flush=True)
# ============ HTTP 代理模式 ============
@app.route('/open-apis/im/v1/images/<image_key>', methods=['GET'])
def proxy_image(image_key):
"""代理图片请求,修复认证方式"""
# 从 query 参数获取 token
token = request.args.get('tenant_access_token', '')
if not token:
# 也尝试从 Authorization header 获取
auth_header = request.headers.get('Authorization', '')
if auth_header.startswith('Bearer '):
token = auth_header[7:]
if not token:
log(f"❌ 无 token: {image_key}")
return make_response("Missing token", 401)
log(f"📥 代理图片请求: {image_key[:30]}...")
# 用正确的 Authorization header 转发给飞书
headers = {"Authorization": f"Bearer {token}"}
try:
resp = requests.get(
f"{FEISHU_BASE}/im/v1/images/{image_key}",
headers=headers,
timeout=30,
stream=True
)
if resp.status_code == 200:
content_type = resp.headers.get('Content-Type', 'image/jpeg')
log(f"✅ 图片获取成功: {image_key[:30]}... ({len(resp.content)} bytes)")
return Response(
resp.content,
status=200,
content_type=content_type,
headers={
'Content-Length': str(len(resp.content)),
'Cache-Control': 'max-age=3600'
}
)
else:
log(f"❌ 飞书返回 {resp.status_code}: {resp.text[:200]}")
return make_response(resp.text, resp.status_code)
except Exception as e:
log(f"❌ 请求失败: {e}")
return make_response(str(e), 502)
@app.route('/open-apis/<path:path>', methods=['GET', 'POST', 'PUT', 'DELETE', 'PATCH'])
def proxy_open_apis(path):
"""代理 /open-apis/* 请求(透传,修复 token)"""
return _proxy_to_feishu(f"/open-apis/{path}")
@app.route('/<path:path>', methods=['GET', 'POST', 'PUT', 'DELETE', 'PATCH'])
def proxy_catch_all(path):
"""catch-all: 透传所有其他请求(如 /callback/ws/endpoint)"""
return _proxy_to_feishu(f"/{path}")
def _proxy_to_feishu(path):
"""通用代理:转发请求到 open.feishu.cn"""
token = request.args.get('tenant_access_token', '')
headers = {k: v for k, v in request.headers if k.lower() not in ('host', 'content-length')}
if token and 'Authorization' not in headers:
headers['Authorization'] = f'Bearer {token}'
url = f"https://open.feishu.cn{path}"
params = {k: v for k, v in request.args.items() if k != 'tenant_access_token'}
try:
resp = requests.request(
method=request.method,
url=url,
headers=headers,
params=params,
data=request.get_data(),
timeout=30
)
# 透传所有响应 headers
excluded_headers = {'content-encoding', 'content-length', 'transfer-encoding', 'connection'}
response_headers = {k: v for k, v in resp.headers.items() if k.lower() not in excluded_headers}
return Response(resp.content, status=resp.status_code,
headers=response_headers,
content_type=resp.headers.get('Content-Type', 'application/json'))
except Exception as e:
log(f"❌ 代理失败 {path}: {e}")
return make_response(str(e), 502)
@app.route('/health')
def health():
return "ok"
# ============ CLI 模式(保持向后兼容)============
def get_tenant_token():
app_id = os.environ.get("FEISHU_APP_ID")
app_secret = os.environ.get("FEISHU_APP_SECRET")
if not app_id or not app_secret:
print("ERROR: FEISHU_APP_ID / FEISHU_APP_SECRET 未设置", file=sys.stderr)
sys.exit(1)
resp = requests.post(f"{FEISHU_BASE}/auth/v3/tenant_access_token/internal",
json={"app_id": app_id, "app_secret": app_secret})
data = resp.json()
if data.get("code") != 0:
print(f"ERROR: 获取 token 失败: {data}", file=sys.stderr)
sys.exit(1)
return data["tenant_access_token"]
def download_image(image_key, token):
resp = requests.get(f"{FEISHU_BASE}/im/v1/images/{image_key}",
headers={"Authorization": f"Bearer {token}"}, stream=True)
if resp.status_code != 200:
print(f"ERROR: 下载图片失败 (HTTP {resp.status_code}): {resp.text[:200]}", file=sys.stderr)
return None
return resp.content
def upload_image(image_data):
for name, fn in [("catbox", upload_to_catbox), ("0x0", upload_to_0x0), ("tmpfiles", upload_to_tmpfiles)]:
url = fn(image_data)
if url:
return url
return None
def upload_to_catbox(data):
try:
resp = requests.post("https://catbox.moe/user/api.php",
data={"reqtype": "fileupload"},
files={"filedata": ("img.jpg", data, "image/jpeg")}, timeout=30)
if resp.status_code == 200 and resp.text.startswith("http"):
return resp.text.strip()
except: pass
return None
def upload_to_0x0(data):
try:
resp = requests.post("https://0x0.st",
files={"file": ("img.jpg", data, "image/jpeg")}, timeout=30)
if resp.status_code == 200 and resp.text.startswith("http"):
return resp.text.strip()
except: pass
return None
def upload_to_tmpfiles(data):
try:
resp = requests.post("https://tmpfiles.org/api/v1/upload",
files={"file": ("img.jpg", data, "image/jpeg")}, timeout=30)
if resp.status_code == 200:
url = resp.json().get("data", {}).get("url", "")
if url:
return url.replace("tmpfiles.org/", "tmpfiles.org/dl/")
except: pass
return None
if __name__ == "__main__":
if len(sys.argv) >= 2 and sys.argv[1] == "--server":
# HTTP 代理服务器模式
log(f"🚀 图片代理服务器启动 (端口 {PORT})")
app.run(host="127.0.0.1", port=PORT, threaded=True)
elif len(sys.argv) >= 2 and sys.argv[1].startswith("img_"):
# CLI 模式:直接下载指定图片
token = get_tenant_token()
image_key = sys.argv[1]
data = download_image(image_key, token)
if data:
url = upload_image(data)
if url:
print(url)
else:
path = f"/tmp/{image_key}.jpg"
with open(path, "wb") as f:
f.write(data)
print(path)
else:
print("用法:")
print(" python3 image_proxy.py --server # 启动代理服务器")
print(" python3 image_proxy.py <image_key> # 直接下载图片")