feat: enhance Dingtalk adapter with active push message and image, video, audio message type #4986
+525
−193
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dosubot
bot
added
the
size:L
|
Related Documentation Checked 1 published document(s) in 1 knowledge base(s). No updates required. How did I do? Any feedback? |
Soulter
changed the title
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Hey - 我发现了 2 个安全问题和 1 个其他问题,并留下了一些整体性的反馈:
安全问题:
总体评论:
send_message.md中的部分 JSON/代码示例看起来被截断或语法无效(例如缺少右花括号、字段在结构中途被切断);建议修复这些示例,使其可以直接复制粘贴并运行。- 示例负载和 curl 命令中包含具体的 ID/token 以及看起来很真实的标识符;请将它们替换为明显虚构的占位符,以避免造成混淆并防止潜在的敏感数据泄露。
给 AI Agent 的提示
Please address the comments from this code review:
## Overall Comments
- Several of the JSON/code examples in `send_message.md` appear truncated or syntactically invalid (e.g., missing closing braces and fields cut off mid-structure); it would be good to fix these so they can be copy-pasted and executed directly.
- The example payloads and curl commands include concrete IDs/tokens and realistic-looking identifiers; please replace these with clearly fake placeholders to avoid confusion and any potential leakage of sensitive data.
## Individual Comments
### Comment 1
<location> `astrbot/core/platform/sources/dingtalk/send_message.md:7` </location>
<code_context>
+
+
+
+## Friendmessage
+
+需要 access token
</code_context>
<issue_to_address>
**suggestion (typo):** 小节标题“Friendmessage”可能是大小写不一致的拼写问题。
如果不是特定术语,建议统一为更清晰的形式,比如“FriendMessage”,或改成与“groupmessage”风格一致,方便识别和搜索。
```suggestion
## FriendMessage
```
</issue_to_address>
### Comment 2
<location> `astrbot/core/platform/sources/dingtalk/send_message.md:14` </location>
<code_context>
f32aaf78350a3160b4e69ed3e3053c36
</code_context>
<issue_to_address>
**security (generic-api-key):** 检测到一个通用 API Key,可能会暴露对多种服务和敏感操作的访问权限。
*来源:gitleaks*
</issue_to_address>
### Comment 3
<location> `astrbot/core/platform/sources/dingtalk/send_message.md:24` </location>
<code_context>
f32aaf78350a3160b4e69ed3e3053c36
</code_context>
<issue_to_address>
**security (generic-api-key):** 检测到一个通用 API Key,可能会暴露对多种服务和敏感操作的访问权限。
*来源:gitleaks*
</issue_to_address>帮我变得更有用!请在每条评论上点 👍 或 👎,我会根据这些反馈改进后续的代码审查。
Original comment in English
Hey - I've found 2 security issues, 1 other issue, and left some high level feedback:
Security issues:
- Detected a Generic API Key, potentially exposing access to various services and sensitive operations. (link)
- Detected a Generic API Key, potentially exposing access to various services and sensitive operations. (link)
General comments:
- Several of the JSON/code examples in
send_message.mdappear truncated or syntactically invalid (e.g., missing closing braces and fields cut off mid-structure); it would be good to fix these so they can be copy-pasted and executed directly. - The example payloads and curl commands include concrete IDs/tokens and realistic-looking identifiers; please replace these with clearly fake placeholders to avoid confusion and any potential leakage of sensitive data.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- Several of the JSON/code examples in `send_message.md` appear truncated or syntactically invalid (e.g., missing closing braces and fields cut off mid-structure); it would be good to fix these so they can be copy-pasted and executed directly.
- The example payloads and curl commands include concrete IDs/tokens and realistic-looking identifiers; please replace these with clearly fake placeholders to avoid confusion and any potential leakage of sensitive data.
## Individual Comments
### Comment 1
<location> `astrbot/core/platform/sources/dingtalk/send_message.md:7` </location>
<code_context>
+
+
+
+## Friendmessage
+
+需要 access token
</code_context>
<issue_to_address>
**suggestion (typo):** 小节标题“Friendmessage”可能是大小写不一致的拼写问题。
如果不是特定术语,建议统一为更清晰的形式,比如“FriendMessage”,或改成与“groupmessage”风格一致,方便识别和搜索。
```suggestion
## FriendMessage
```
</issue_to_address>
### Comment 2
<location> `astrbot/core/platform/sources/dingtalk/send_message.md:14` </location>
<code_context>
f32aaf78350a3160b4e69ed3e3053c36
</code_context>
<issue_to_address>
**security (generic-api-key):** Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
*Source: gitleaks*
</issue_to_address>
### Comment 3
<location> `astrbot/core/platform/sources/dingtalk/send_message.md:24` </location>
<code_context>
f32aaf78350a3160b4e69ed3e3053c36
</code_context>
<issue_to_address>
**security (generic-api-key):** Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
*Source: gitleaks*
</issue_to_address>Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
…deo, audio message type
Soulter
force-pushed
the
feat/dingtalk-active-send
branch
from
d297155 to
fe49b25
Compare
dosubot
bot
added
size:XL
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
dingtalk supports active message
Modifications / 改动点
Screenshots or Test Results / 运行截图或测试结果
Checklist / 检查清单
requirements.txt和pyproject.toml文件相应位置。/ I have ensured that no new dependencies are introduced, OR if new dependencies are introduced, they have been added to the appropriate locations inrequirements.txtandpyproject.toml.Summary by Sourcery
记录钉钉适配器在发送主动消息和处理媒体(包括访问令牌使用和媒体上传)方面的能力。
文档内容:
media_id的文档。Original summary in English
Summary by Sourcery
Document Dingtalk adapter capabilities for sending active messages and handling media, including access token usage and media upload.
Documentation: