fix(config): decrypt and encrypt Feishu channel secrets

2026-03-05 11:20:51 -05:00 · 2026-03-05 11:20:51 -05:00 · a2aed39019
commit a2aed39019
parent 6e8d41e042
1 changed files with 72 additions and 0 deletions
--- a/src/config/schema.rs
+++ b/src/config/schema.rs
@ -7201,6 +7201,23 @@ fn decrypt_channel_secrets(
            "config.channels_config.lark.verification_token",
        )?;
    }
+    if let Some(ref mut feishu) = channels.feishu {
+        decrypt_secret(
+            store,
+            &mut feishu.app_secret,
+            "config.channels_config.feishu.app_secret",
+        )?;
+        decrypt_optional_secret(
+            store,
+            &mut feishu.encrypt_key,
+            "config.channels_config.feishu.encrypt_key",
+        )?;
+        decrypt_optional_secret(
+            store,
+            &mut feishu.verification_token,
+            "config.channels_config.feishu.verification_token",
+        )?;
+    }
    if let Some(ref mut dingtalk) = channels.dingtalk {
        decrypt_secret(
            store,
@ -7406,6 +7423,23 @@ fn encrypt_channel_secrets(
            "config.channels_config.lark.verification_token",
        )?;
    }
+    if let Some(ref mut feishu) = channels.feishu {
+        encrypt_secret(
+            store,
+            &mut feishu.app_secret,
+            "config.channels_config.feishu.app_secret",
+        )?;
+        encrypt_optional_secret(
+            store,
+            &mut feishu.encrypt_key,
+            "config.channels_config.feishu.encrypt_key",
+        )?;
+        encrypt_optional_secret(
+            store,
+            &mut feishu.verification_token,
+            "config.channels_config.feishu.verification_token",
+        )?;
+    }
    if let Some(ref mut dingtalk) = channels.dingtalk {
        encrypt_secret(
            store,
@ -10959,6 +10993,18 @@ denied_tools = ["shell"]
            group_reply: None,
            base_url: None,
        });
+        config.channels_config.feishu = Some(FeishuConfig {
+            app_id: "cli_test_feishu".into(),
+            app_secret: "feishu-app-secret".into(),
+            encrypt_key: Some("feishu-encrypt-key".into()),
+            verification_token: Some("feishu-verify-token".into()),
+            allowed_users: vec!["user-1".into()],
+            group_reply: None,
+            receive_mode: LarkReceiveMode::Websocket,
+            port: None,
+            draft_update_interval_ms: 3000,
+            max_draft_edits: 20,
+        });

        config.agents.insert(
            "worker".into(),
@ -11108,6 +11154,32 @@ denied_tools = ["shell"]
            "telegram-credential"
        );

+        let feishu = stored.channels_config.feishu.as_ref().unwrap();
+        assert!(crate::security::SecretStore::is_encrypted(
+            &feishu.app_secret
+        ));
+        assert!(feishu
+            .encrypt_key
+            .as_deref()
+            .is_some_and(crate::security::SecretStore::is_encrypted));
+        assert!(feishu
+            .verification_token
+            .as_deref()
+            .is_some_and(crate::security::SecretStore::is_encrypted));
+
+        let mut decrypted_channels = stored.channels_config.clone();
+        decrypt_channel_secrets(&store, &mut decrypted_channels).unwrap();
+        let decrypted_feishu = decrypted_channels.feishu.as_ref().unwrap();
+        assert_eq!(decrypted_feishu.app_secret, "feishu-app-secret");
+        assert_eq!(
+            decrypted_feishu.encrypt_key.as_deref(),
+            Some("feishu-encrypt-key")
+        );
+        assert_eq!(
+            decrypted_feishu.verification_token.as_deref(),
+            Some("feishu-verify-token")
+        );
+
        let _ = fs::remove_dir_all(&dir).await;
    }