Update SendMsg.ts

manifest.json

@@ -4,7 +4,7 @@
   "name": "NapCatQQ",
   "slug": "NapCat.Framework",
   "description": "高性能的 OneBot 11 协议实现",
-  "version": "4.7.31",
+  "version": "4.7.33",
   "icon": "./logo.png",
   "authors": [
     {

napcat.webui/package.json

@@ -55,6 +55,7 @@
     "ahooks": "^3.8.4",
     "axios": "^1.7.9",
     "clsx": "^2.1.1",
+    "crypto-js": "^4.2.0",
     "echarts": "^5.5.1",
     "event-source-polyfill": "^1.0.31",
     "framer-motion": "^12.0.6",
@@ -88,6 +89,7 @@
     "@eslint/js": "^9.19.0",
     "@react-types/shared": "^3.26.0",
     "@trivago/prettier-plugin-sort-imports": "^5.2.2",
+    "@types/crypto-js": "^4.2.2",
     "@types/event-source-polyfill": "^1.0.5",
     "@types/fabric": "^5.3.9",
     "@types/node": "^22.12.0",

napcat.webui/src/controllers/webui_manager.ts

@@ -3,7 +3,7 @@ import { EventSourcePolyfill } from 'event-source-polyfill'
 import { LogLevel } from '@/const/enum'
 
 import { serverRequest } from '@/utils/request'
-
+import CryptoJS from "crypto-js";
 export interface Log {
   level: LogLevel
   message: string
@@ -17,9 +17,10 @@ export default class WebUIManager {
   }
 
   public static async loginWithToken(token: string) {
+    const sha256 = CryptoJS.SHA256(token + '.napcat').toString();
     const { data } = await serverRequest.post<ServerResponse<AuthResponse>>(
       '/auth/login',
-      { token }
+      { hash: sha256 }
     )
     return data.data.Credential
   }

napcat.webui/src/pages/web_login.tsx

@@ -47,6 +47,22 @@ export default function WebLoginPage() {
     }
   }
 
+  // 处理全局键盘事件
+  const handleKeyDown = (e: KeyboardEvent) => {
+    if (e.key === 'Enter' && !isLoading) {
+      onSubmit()
+    }
+  }
+
+  useEffect(() => {
+    document.addEventListener('keydown', handleKeyDown)
+
+    // 清理函数
+    return () => {
+      document.removeEventListener('keydown', handleKeyDown)
+    }
+  }, [tokenValue, isLoading]) // 依赖项包含用于登录的状态
+
   useEffect(() => {
     if (token) {
       onSubmit()

package.json

@@ -2,7 +2,7 @@
   "name": "napcat",
   "private": true,
   "type": "module",
-  "version": "4.7.31",
+  "version": "4.7.33",
   "scripts": {
     "build:universal": "npm run build:webui && vite build --mode universal || exit 1",
     "build:framework": "npm run build:webui && vite build --mode framework || exit 1",

src/common/version.ts

@@ -1 +1 @@
-export const napCatVersion = '4.7.31';
+export const napCatVersion = '4.7.33';

src/framework/napcat.ts

@@ -38,13 +38,15 @@ export async function NCoreInitFramework(
     const logger = new LogWrapper(pathWrapper.logsPath);
     const basicInfoWrapper = new QQBasicInfoWrapper({ logger });
     const wrapper = loadQQWrapper(basicInfoWrapper.getFullQQVesion());
-    downloadFFmpegIfNotExists(logger).then(({ path, reset }) => {
-        if (reset && path) {
-            FFmpegService.setFfmpegPath(path,logger);
-        }
-    }).catch(e => {
-        logger.logError('[Ffmpeg] Error:', e);
-    });
+    if (!process.env['NAPCAT_DISABLE_FFMPEG_DOWNLOAD']) {
+        downloadFFmpegIfNotExists(logger).then(({ path, reset }) => {
+            if (reset && path) {
+                FFmpegService.setFfmpegPath(path, logger);
+            }
+        }).catch(e => {
+            logger.logError('[Ffmpeg] Error:', e);
+        });
+    }
     //直到登录成功后，执行下一步
     const selfInfo = await new Promise<SelfInfo>((resolveSelfInfo) => {
         const loginListener = new NodeIKernelLoginListener();

src/onebot/action/msg/SendMsg.ts

@@ -1,6 +1,7 @@
 import {
     OB11MessageData,
     OB11MessageDataType,
+    OB11MessageForward,
     OB11MessageMixType,
     OB11MessageNode,
     OB11PostContext,
@@ -12,7 +13,7 @@ import { MessageUnique } from '@/common/message-unique';
 import { ChatType, ElementType, NapCatCore, Peer, RawMessage, SendArkElement, SendMessageElement } from '@/core';
 import { OneBotAction } from '@/onebot/action/OneBotAction';
 import { ForwardMsgBuilder } from '@/common/forward-msg-builder';
-import { stringifyWithBigInt } from '@/common/helper';
+import { isNumeric, stringifyWithBigInt } from '@/common/helper';
 import { PacketMsg } from '@/core/packet/message/message';
 import { rawMsgWithSendMsg } from '@/core/packet/message/converter';
 
@@ -38,7 +39,7 @@ export function normalize(message: OB11MessageMixType, autoEscape = false): OB11
 
 export async function createContext(core: NapCatCore, payload: OB11PostContext | undefined, contextMode: ContextMode = ContextMode.Normal): Promise<Peer> {
     if (!payload) {
-        throw new Error('请指定 group_id 或 user_id');
+        throw new Error('请传递请求内容');
     }
     if ((contextMode === ContextMode.Group || contextMode === ContextMode.Normal) && payload.group_id) {
         return {
@@ -48,7 +49,16 @@ export async function createContext(core: NapCatCore, payload: OB11PostContext |
     }
     if ((contextMode === ContextMode.Private || contextMode === ContextMode.Normal) && payload.user_id) {
         const Uid = await core.apis.UserApi.getUidByUinV2(payload.user_id.toString());
-        if (!Uid) throw new Error('无法获取用户信息');
+        if (!Uid) {
+            if (payload.group_id) {
+                return {
+                    chatType: ChatType.KCHATTYPEGROUP,
+                    peerUid: payload.group_id.toString(),
+                    guildId: ''
+                }
+            }
+            throw new Error('无法获取用户信息');
+        }
         const isBuddy = await core.apis.FriendApi.isBuddy(Uid);
         if (!isBuddy) {
             const ret = await core.apis.MsgApi.getTempChatInfo(ChatType.KCHATTYPETEMPC2CFROMGROUP, Uid);
@@ -78,7 +88,13 @@ export async function createContext(core: NapCatCore, payload: OB11PostContext |
             guildId: '',
         };
     }
-    throw new Error('请指定 group_id 或 user_id');
+    if (contextMode === ContextMode.Private && payload.group_id) {
+        throw new Error('当前私聊发送,请指定 user_id 而不是 group_id');
+    }
+    if (contextMode === ContextMode.Group && payload.user_id) {
+        throw new Error('当前群聊发送,请指定 group_id 而不是 user_id');
+    }
+    throw new Error('请指定正确的 group_id 或 user_id');
 }
 
 function getSpecialMsgNum(payload: OB11PostSendMsg, msgType: OB11MessageDataType): number {
@@ -137,21 +153,25 @@ export class SendMsgBase extends OneBotAction<OB11PostSendMsg, ReturnDataType> {
             } else if (returnMsgAndResId.res_id && !returnMsgAndResId.message) {
                 throw Error(`发送转发消息（res_id：${returnMsgAndResId.res_id} 失败`);
             }
-        } else {
-            // if (getSpecialMsgNum(payload, OB11MessageDataType.music)) {
-            //   const music: OB11MessageCustomMusic = messages[0] as OB11MessageCustomMusic;
-            //   if (music) {
-            //   }
-            // }
+        } else if (await this.getIsFowardOneMsg(messages)) {
+            let onebot_inner_forward = await this.getIsFowardOneMsg(messages);
+            if (!onebot_inner_forward) throw Error('转发消息失败，未找到消息');
+            const real_msgid = MessageUnique.getMsgIdAndPeerByShortId(+onebot_inner_forward.data.id)?.MsgId || onebot_inner_forward.data.id;
+            await this.core.apis.MsgApi.forwardMsg(peer,
+                peer,
+                [real_msgid]
+            );
+            // 暂时没办法筛选的委屈办法
+            return { message_id: +onebot_inner_forward.data.id };
         }
-        // log("send msg:", peer, sendElements)
-
         const { sendElements, deleteAfterSentFiles } = await this.obContext.apis.MsgApi
             .createSendElements(messages, peer);
         const returnMsg = await this.obContext.apis.MsgApi.sendMsgWithOb11UniqueId(peer, sendElements, deleteAfterSentFiles);
         return { message_id: returnMsg.id! };
     }
-
+    private async getIsFowardOneMsg(message: OB11MessageData[]): Promise<OB11MessageForward | undefined> {
+        return message.find(msg => msg.type === OB11MessageDataType.forward && isNumeric(msg.data.id)) as OB11MessageForward | undefined;
+    }
     private async uploadForwardedNodesPacket(msgPeer: Peer, messageNodes: OB11MessageNode[], source?: string, news?: {
         text: string
     }[], summary?: string, prompt?: string, parentMeta?: {

src/onebot/api/msg.ts

@@ -1105,6 +1105,8 @@ export class OneBotMsgApi {
                 return 'kick';
             case 3:
                 return 'kick_me';
+            case 129:
+                return 'disband';
             default:
                 return 'kick';
         }

src/onebot/event/notice/OB11GroupDecreaseEvent.ts

@@ -1,7 +1,7 @@
 import { OB11GroupNoticeEvent } from './OB11GroupNoticeEvent';
 import { NapCatCore } from '@/core';
 
-export type GroupDecreaseSubType = 'leave' | 'kick' | 'kick_me';
+export type GroupDecreaseSubType = 'leave' | 'kick' | 'kick_me' | 'disband';
 
 export class OB11GroupDecreaseEvent extends OB11GroupNoticeEvent {
     notice_type = 'group_decrease';
@@ -11,7 +11,7 @@ export class OB11GroupDecreaseEvent extends OB11GroupNoticeEvent {
     constructor(core: NapCatCore, groupId: number, userId: number, operatorId: number, subType: GroupDecreaseSubType = 'leave') {
         super(core, groupId, userId);
         this.group_id = groupId;
-        this.operator_id = operatorId; 
+        this.operator_id = operatorId;
         this.user_id = userId;
         this.sub_type = subType;
     }

src/shell/base.ts

@@ -314,13 +314,15 @@ export async function NCoreInitShell() {
     const logger = new LogWrapper(pathWrapper.logsPath);
     handleUncaughtExceptions(logger);
     await connectToNamedPipe(logger).catch(e => logger.logError('命名管道连接失败', e));
-    downloadFFmpegIfNotExists(logger).then(({ path, reset }) => {
-        if (reset && path) {
-            FFmpegService.setFfmpegPath(path, logger);
-        }
-    }).catch(e => {
-        logger.logError('[Ffmpeg] Error:', e);
-    });
+    if (!process.env['NAPCAT_DISABLE_FFMPEG_DOWNLOAD']) {
+        downloadFFmpegIfNotExists(logger).then(({ path, reset }) => {
+            if (reset && path) {
+                FFmpegService.setFfmpegPath(path, logger);
+            }
+        }).catch(e => {
+            logger.logError('[Ffmpeg] Error:', e);
+        });
+    }
     const basicInfoWrapper = new QQBasicInfoWrapper({ logger });
     const wrapper = loadQQWrapper(basicInfoWrapper.getFullQQVesion());
 

src/webui/index.ts

@@ -4,6 +4,7 @@
 
 import express from 'express';
 import { createServer } from 'http';
+import { createServer as createHttpsServer } from 'https';
 import { LogWrapper } from '@/common/log';
 import { NapCatPathWrapper } from '@/common/path';
 import { WebUiConfigWrapper } from '@webapi/helper/config';
@@ -13,11 +14,10 @@ import { createUrl } from '@webapi/utils/url';
 import { sendError } from '@webapi/utils/response';
 import { join } from 'node:path';
 import { terminalManager } from '@webapi/terminal/terminal_manager';
-import multer from 'multer'; // 新增：引入multer用于错误捕获
+import multer from 'multer'; // 引入multer用于错误捕获
 
 // 实例化Express
 const app = express();
-const server = createServer(app);
 /**
  * 初始化并启动WebUI服务。
  * 该函数配置了Express服务器以支持JSON解析和静态文件服务，并监听6099端口。
@@ -29,6 +29,7 @@ export let webUiPathWrapper: NapCatPathWrapper;
 const MAX_PORT_TRY = 100;
 import * as net from 'node:net';
 import { WebUiDataRuntime } from './src/helper/Data';
+import { existsSync, readFileSync } from 'node:fs';
 export let webUiRuntimePort = 6099;
 export async function InitPort(parsedConfig: WebUiConfigType): Promise<[string, number, string]> {
     try {
@@ -40,7 +41,23 @@ export async function InitPort(parsedConfig: WebUiConfigType): Promise<[string,
         return ['', 0, ''];
     }
 }
+async function checkCertificates(logger: LogWrapper): Promise<{ key: string, cert: string } | null> {
+    try {
+        const certPath = join(webUiPathWrapper.configPath, 'cert.pem');
+        const keyPath = join(webUiPathWrapper.configPath, 'key.pem');
 
+        if (existsSync(certPath) && existsSync(keyPath)) {
+            const cert = readFileSync(certPath, 'utf8');
+            const key = readFileSync(keyPath, 'utf8');
+            logger.log('[NapCat] [WebUi] 找到SSL证书，将启用HTTPS模式');
+            return { cert, key };
+        }
+        return null;
+    } catch (error) {
+        logger.log('[NapCat] [WebUi] 检查SSL证书时出错: ' + error);
+        return null;
+    }
+}
 export async function InitWebUi(logger: LogWrapper, pathWrapper: NapCatPathWrapper) {
     webUiPathWrapper = pathWrapper;
     WebUiConfig = new WebUiConfigWrapper();
@@ -107,6 +124,9 @@ export async function InitWebUi(logger: LogWrapper, pathWrapper: NapCatPathWrapp
     // 挂载静态路由（前端），路径为 /webui
     app.use('/webui', express.static(pathWrapper.staticPath));
     // 初始化WebSocket服务器
+    const sslCerts = await checkCertificates(logger);
+    const isHttps = !!sslCerts;
+    let server = isHttps && sslCerts ? createHttpsServer(sslCerts, app) : createServer(app);
     server.on('upgrade', (request, socket, head) => {
         terminalManager.initialize(request, socket, head, logger);
     });

src/webui/src/api/Auth.ts

@@ -20,25 +20,26 @@ export const CheckDefaultTokenHandler: RequestHandler = async (_, res) => {
 export const LoginHandler: RequestHandler = async (req, res) => {
     // 获取WebUI配置
     const WebUiConfigData = await WebUiConfig.GetWebUIConfig();
-    // 获取请求体中的token
-    const { token } = req.body;
+    // 获取请求体中的hash
+    const { hash } = req.body;
     // 获取客户端IP
     const clientIP = req.ip || req.socket.remoteAddress || '';
 
     // 如果token为空，返回错误信息
-    if (isEmpty(token)) {
+    if (isEmpty(hash)) {
         return sendError(res, 'token is empty');
     }
     // 检查登录频率
     if (!WebUiDataRuntime.checkLoginRate(clientIP, WebUiConfigData.loginRate)) {
         return sendError(res, 'login rate limit');
     }
-    //验证config.token是否等于token
-    if (WebUiConfigData.token !== token) {
+    //验证config.token hash是否等于token hash
+    if (!AuthHelper.comparePasswordHash(WebUiConfigData.token, hash)) {
         return sendError(res, 'token is invalid');
     }
+
     // 签发凭证
-    const signCredential = Buffer.from(JSON.stringify(AuthHelper.signCredential(WebUiConfigData.token))).toString(
+    const signCredential = Buffer.from(JSON.stringify(AuthHelper.signCredential(hash))).toString(
         'base64'
     );
     // 返回成功信息

src/webui/src/helper/SignToken.ts

@@ -5,13 +5,13 @@ export class AuthHelper {
 
     /**
      * 签名凭证方法。
-     * @param token 待签名的凭证字符串。
+     * @param hash 待签名的凭证字符串。
      * @returns 签名后的凭证对象。
      */
-    public static signCredential(token: string): WebUiCredentialJson {
+    public static signCredential(hash: string): WebUiCredentialJson {
         const innerJson: WebUiCredentialInnerJson = {
             CreatedTime: Date.now(),
-            TokenEncoded: token,
+            HashEncoded: hash,
         };
         const jsonString = JSON.stringify(innerJson);
         const hmac = crypto.createHmac('sha256', AuthHelper.secretKey).update(jsonString, 'utf8').digest('hex');
@@ -57,8 +57,7 @@ export class AuthHelper {
         const currentTime = Date.now() / 1000;
         const createdTime = credentialJson.Data.CreatedTime;
         const timeDifference = currentTime - createdTime;
-
-        return timeDifference <= 3600 && credentialJson.Data.TokenEncoded === token;
+        return timeDifference <= 3600 && credentialJson.Data.HashEncoded === AuthHelper.generatePasswordHash(token);
     }
 
     /**
@@ -85,4 +84,23 @@ export class AuthHelper {
 
         return store.exists(`revoked:${hmac}`) > 0;
     }
+
+    /**
+     * 生成密码Hash
+     * @param password 密码
+     * @returns 生成的Hash值
+     */
+    public static generatePasswordHash(password: string): string {
+        return crypto.createHash('sha256').update(password + '.napcat').digest().toString('hex')
+    }
+
+    /**
+     * 对比密码和Hash值
+     * @param password 密码
+     * @param hash Hash值
+     * @returns 布尔值，表示密码是否匹配Hash值
+     */
+    public static comparePasswordHash(password: string, hash: string): boolean {
+        return this.generatePasswordHash(password) === hash;
+    }
 }

src/webui/src/middleware/auth.ts

@@ -21,17 +21,18 @@ export async function auth(req: Request, res: Response, next: NextFunction) {
             return sendError(res, 'Unauthorized');
         }
         // 获取token
-        const token = authorization[1];
+        const hash = authorization[1];
+        if(!hash) return sendError(res, 'Unauthorized');
         // 解析token
         let Credential: WebUiCredentialJson;
         try {
-            Credential = JSON.parse(Buffer.from(token, 'base64').toString('utf-8'));
+            Credential = JSON.parse(Buffer.from(hash, 'base64').toString('utf-8'));
         } catch (e) {
             return sendError(res, 'Unauthorized');
         }
         // 获取配置
         const config = await WebUiConfig.GetWebUIConfig();
-        // 验证凭证在1小时内有效且token与原始token相同
+        // 验证凭证在1小时内有效
         const credentialJson = AuthHelper.validateCredentialWithinOneHour(config.token, Credential);
         if (credentialJson) {
             // 通过验证

src/webui/src/types/sign_token.d.ts

@@ -1,6 +1,6 @@
 interface WebUiCredentialInnerJson {
     CreatedTime: number;
-    TokenEncoded: string;
+    HashEncoded: string;
 }
 
 interface WebUiCredentialJson {