feat: image proxy server + plugin JS patch for auth fix

entrypoint.sh

@@ -253,6 +253,29 @@ for fpath in glob.glob(os.path.join(agent_dir, "*")):
 
 PYEOF
 
+# ============================================
+# 启动图片代理服务器（后台，端口 8765）
+# 修复 feishu-openclaw 插件把 token 放在 URL query 参数的 bug
+# ============================================
+echo "🔧 启动飞书图片代理服务器..."
+python3 /app/image_proxy.py --server &
+IMAGE_PROXY_PID=$!
+echo "   Image Proxy PID: $IMAGE_PROXY_PID"
+sleep 1
+
+# ============================================
+# Patch feishu-openclaw 插件：图片请求改走本地代理
+# ============================================
+PLUGIN_JS="$HOME/.openclaw/extensions/feishu-openclaw/dist/index.openclaw.js"
+if [ -f "$PLUGIN_JS" ]; then
+    echo "🔧 Patch 飞书插件图片 URL..."
+    # 替换飞书 API base URL 为本地代理（只针对图片请求）
+    sed -i 's|https://open.feishu.cn/open-apis|http://127.0.0.1:8765/open-apis|g' "$PLUGIN_JS"
+    echo "   ✅ 插件已 patch，图片请求将走本地代理"
+else
+    echo "   ⚠️ 插件 JS 不存在: $PLUGIN_JS"
+fi
+
 # ============================================
 # 启动 OpenClaw Gateway（后台）
 # ============================================
@@ -278,3 +301,4 @@ echo "   Image Daemon PID: $IMAGE_DAEMON_PID"
 echo "📊 启动状态监控网页 (端口 7860)..."
 exec python3 /app/status_page.py
 
+

image_proxy.py

@@ -1,14 +1,106 @@
 #!/usr/bin/env python3
 """
-飞书图片代理 v2
-用法:
-  python3 image_proxy.py <image_key>          # 直接用 image_key 下载
-  python3 image_proxy.py --chat <chat_id>     # 自动查找该聊天中最近的图片
-  python3 image_proxy.py --recent             # 查找所有聊天中最近收到的图片
+飞书图片代理服务器 (image_proxy.py) v3
+作为 HTTP 代理运行，修复 feishu-openclaw 插件的图片认证问题。
+
+问题: feishu-openclaw 插件把 tenant_access_token 放在 URL query 参数中，
+      但飞书 API 要求放在 Authorization header 里，导致图片下载 400 错误。
+方案: 本地代理服务监听 8765 端口，接收插件的图片请求，把 token 从 query 参数
+      移到 Authorization header 中再转发给飞书 API。
 """
-import os, sys, json, requests, time
+import os, sys, json, requests, time, threading
+from flask import Flask, request, Response, make_response
 
 FEISHU_BASE = "https://open.feishu.cn/open-apis"
+PORT = int(os.environ.get("IMAGE_PROXY_PORT", "8765"))
+
+app = Flask(__name__)
+
+def log(msg):
+    ts = time.strftime("%H:%M:%S")
+    print(f"[image_proxy {ts}] {msg}", flush=True)
+
+# ============ HTTP 代理模式 ============
+
+@app.route('/open-apis/im/v1/images/<image_key>', methods=['GET'])
+def proxy_image(image_key):
+    """代理图片请求，修复认证方式"""
+    # 从 query 参数获取 token
+    token = request.args.get('tenant_access_token', '')
+    if not token:
+        # 也尝试从 Authorization header 获取
+        auth_header = request.headers.get('Authorization', '')
+        if auth_header.startswith('Bearer '):
+            token = auth_header[7:]
+
+    if not token:
+        log(f"❌ 无 token: {image_key}")
+        return make_response("Missing token", 401)
+
+    log(f"📥 代理图片请求: {image_key[:30]}...")
+
+    # 用正确的 Authorization header 转发给飞书
+    headers = {"Authorization": f"Bearer {token}"}
+    try:
+        resp = requests.get(
+            f"{FEISHU_BASE}/im/v1/images/{image_key}",
+            headers=headers,
+            timeout=30,
+            stream=True
+        )
+
+        if resp.status_code == 200:
+            content_type = resp.headers.get('Content-Type', 'image/jpeg')
+            log(f"✅ 图片获取成功: {image_key[:30]}... ({len(resp.content)} bytes)")
+            return Response(
+                resp.content,
+                status=200,
+                content_type=content_type,
+                headers={
+                    'Content-Length': str(len(resp.content)),
+                    'Cache-Control': 'max-age=3600'
+                }
+            )
+        else:
+            log(f"❌ 飞书返回 {resp.status_code}: {resp.text[:200]}")
+            return make_response(resp.text, resp.status_code)
+
+    except Exception as e:
+        log(f"❌ 请求失败: {e}")
+        return make_response(str(e), 502)
+
+@app.route('/open-apis/<path:path>', methods=['GET', 'POST', 'PUT', 'DELETE'])
+def proxy_other(path):
+    """代理其他飞书 API 请求（透传）"""
+    token = request.args.get('tenant_access_token', '')
+    headers = dict(request.headers)
+    headers.pop('Host', None)
+
+    if token and 'Authorization' not in headers:
+        headers['Authorization'] = f'Bearer {token}'
+
+    url = f"{FEISHU_BASE}/{path}"
+    params = {k: v for k, v in request.args.items() if k != 'tenant_access_token'}
+
+    try:
+        resp = requests.request(
+            method=request.method,
+            url=url,
+            headers=headers,
+            params=params,
+            data=request.get_data(),
+            timeout=30
+        )
+        return Response(resp.content, status=resp.status_code,
+                       content_type=resp.headers.get('Content-Type', 'application/json'))
+    except Exception as e:
+        return make_response(str(e), 502)
+
+@app.route('/health')
+def health():
+    return "ok"
+
+# ============ CLI 模式（保持向后兼容）============
 
 def get_tenant_token():
     app_id = os.environ.get("FEISHU_APP_ID")
@@ -24,55 +116,6 @@ def get_tenant_token():
         sys.exit(1)
     return data["tenant_access_token"]
 
-def find_image_keys_in_chat(token, chat_id, limit=20):
-    """从指定聊天中查找最近的图片消息"""
-    headers = {"Authorization": f"Bearer {token}"}
-    resp = requests.get(f"{FEISHU_BASE}/im/v1/messages",
-        headers=headers,
-        params={"container_id_type": "chat", "container_id": chat_id,
-                "sort_type": "ByCreateTimeDesc", "page_size": limit})
-    data = resp.json()
-    if data.get("code") != 0:
-        print(f"ERROR: 获取消息列表失败: {data}", file=sys.stderr)
-        return []
-    
-    image_keys = []
-    for item in data.get("data", {}).get("items", []):
-        msg_type = item.get("msg_type", "")
-        body = item.get("body", {}).get("content", "{}")
-        try:
-            content = json.loads(body) if isinstance(body, str) else body
-        except:
-            continue
-        
-        if msg_type == "image":
-            key = content.get("image_key", "")
-            if key:
-                image_keys.append(key)
-        elif msg_type == "post":  # rich text can contain images
-            # Parse post format for image keys
-            for lang_content in (content.get("zh_cn", content.get("en_us", content)) if isinstance(content, dict) else []):
-                if isinstance(lang_content, dict):
-                    for row in lang_content.get("content", []):
-                        if isinstance(row, list):
-                            for elem in row:
-                                if isinstance(elem, dict) and elem.get("tag") == "img":
-                                    key = elem.get("image_key", "")
-                                    if key:
-                                        image_keys.append(key)
-    return image_keys
-
-def find_recent_chats(token):
-    """获取 bot 最近的聊天列表"""
-    headers = {"Authorization": f"Bearer {token}"}
-    resp = requests.get(f"{FEISHU_BASE}/im/v1/chats",
-        headers=headers, params={"page_size": 10, "sort_type": "ByCreateTimeDesc"})
-    data = resp.json()
-    if data.get("code") != 0:
-        print(f"ERROR: 获取聊天列表失败: {data}", file=sys.stderr)
-        return []
-    return [item.get("chat_id") for item in data.get("data", {}).get("items", [])]
-
 def download_image(image_key, token):
     resp = requests.get(f"{FEISHU_BASE}/im/v1/images/{image_key}",
         headers={"Authorization": f"Bearer {token}"}, stream=True)
@@ -81,99 +124,63 @@ def download_image(image_key, token):
         return None
     return resp.content
 
-def upload_to_catbox(image_data):
+def upload_image(image_data):
+    for name, fn in [("catbox", upload_to_catbox), ("0x0", upload_to_0x0), ("tmpfiles", upload_to_tmpfiles)]:
+        url = fn(image_data)
+        if url:
+            return url
+    return None
+
+def upload_to_catbox(data):
     try:
         resp = requests.post("https://catbox.moe/user/api.php",
             data={"reqtype": "fileupload"},
-            files={"filedata": ("image.jpg", image_data, "image/jpeg")},
-            timeout=30)
+            files={"filedata": ("img.jpg", data, "image/jpeg")}, timeout=30)
         if resp.status_code == 200 and resp.text.startswith("http"):
             return resp.text.strip()
-    except Exception as e:
-        print(f"⚠️ catbox 失败: {e}", file=sys.stderr)
+    except: pass
     return None
 
-def upload_to_0x0(image_data):
+def upload_to_0x0(data):
     try:
         resp = requests.post("https://0x0.st",
-            files={"file": ("image.jpg", image_data, "image/jpeg")}, timeout=30)
+            files={"file": ("img.jpg", data, "image/jpeg")}, timeout=30)
         if resp.status_code == 200 and resp.text.startswith("http"):
             return resp.text.strip()
-    except Exception as e:
-        print(f"⚠️ 0x0 失败: {e}", file=sys.stderr)
+    except: pass
     return None
 
-def upload_to_tmpfiles(image_data):
+def upload_to_tmpfiles(data):
     try:
         resp = requests.post("https://tmpfiles.org/api/v1/upload",
-            files={"file": ("image.jpg", image_data, "image/jpeg")}, timeout=30)
+            files={"file": ("img.jpg", data, "image/jpeg")}, timeout=30)
         if resp.status_code == 200:
             url = resp.json().get("data", {}).get("url", "")
             if url:
                 return url.replace("tmpfiles.org/", "tmpfiles.org/dl/")
-    except Exception as e:
-        print(f"⚠️ tmpfiles 失败: {e}", file=sys.stderr)
-    return None
-
-def upload_image(image_data):
-    for name, fn in [("catbox", upload_to_catbox), ("0x0", upload_to_0x0), ("tmpfiles", upload_to_tmpfiles)]:
-        print(f"📤 上传到 {name}...", file=sys.stderr)
-        url = fn(image_data)
-        if url:
-            print(f"✅ 上传成功: {url}", file=sys.stderr)
-            return url
+    except: pass
     return None
 
-def process_image_key(image_key, token):
-    print(f"📥 下载飞书图片: {image_key}", file=sys.stderr)
-    data = download_image(image_key, token)
-    if not data:
-        return None
-    print(f"📥 下载成功 ({len(data)} bytes)", file=sys.stderr)
-    url = upload_image(data)
-    if url:
-        print(url)
-        return url
-    # fallback: save locally
-    path = f"/tmp/{image_key}.jpg"
-    with open(path, "wb") as f:
-        f.write(data)
-    print(f"⚠️ 图床失败，本地保存: {path}", file=sys.stderr)
-    print(path)
-    return path
-
 if __name__ == "__main__":
-    if len(sys.argv) < 2:
-        print("用法:")
-        print("  python3 image_proxy.py <image_key>")
-        print("  python3 image_proxy.py --chat <chat_id>")
-        print("  python3 image_proxy.py --recent")
-        sys.exit(1)
-
-    token = get_tenant_token()
-
-    if sys.argv[1] == "--chat" and len(sys.argv) >= 3:
-        chat_id = sys.argv[2]
-        print(f"🔍 在聊天 {chat_id} 中查找图片...", file=sys.stderr)
-        keys = find_image_keys_in_chat(token, chat_id)
-        if not keys:
-            print("❌ 未找到图片", file=sys.stderr)
-            sys.exit(1)
-        print(f"🔍 找到 {len(keys)} 张图片，处理第一张: {keys[0]}", file=sys.stderr)
-        process_image_key(keys[0], token)
-
-    elif sys.argv[1] == "--recent":
-        print("🔍 查找最近聊天中的图片...", file=sys.stderr)
-        chats = find_recent_chats(token)
-        for chat_id in chats:
-            keys = find_image_keys_in_chat(token, chat_id, limit=5)
-            if keys:
-                print(f"🔍 在 {chat_id} 找到图片: {keys[0]}", file=sys.stderr)
-                process_image_key(keys[0], token)
-                sys.exit(0)
-        print("❌ 所有聊天中均未找到图片", file=sys.stderr)
-        sys.exit(1)
-
-    else:
+    if len(sys.argv) >= 2 and sys.argv[1] == "--server":
+        # HTTP 代理服务器模式
+        log(f"🚀 图片代理服务器启动 (端口 {PORT})")
+        app.run(host="127.0.0.1", port=PORT, threaded=True)
+    elif len(sys.argv) >= 2 and sys.argv[1].startswith("img_"):
+        # CLI 模式：直接下载指定图片
+        token = get_tenant_token()
         image_key = sys.argv[1]
-        process_image_key(image_key, token)
+        data = download_image(image_key, token)
+        if data:
+            url = upload_image(data)
+            if url:
+                print(url)
+            else:
+                path = f"/tmp/{image_key}.jpg"
+                with open(path, "wb") as f:
+                    f.write(data)
+                print(path)
+    else:
+        print("用法:")
+        print("  python3 image_proxy.py --server      # 启动代理服务器")
+        print("  python3 image_proxy.py <image_key>   # 直接下载图片")