let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(googlechat): support Google Workspace Add-on event format

Browse Source
This commit is contained in:
iHildy
2026-01-24 01:12:48 +00:00
committed by Peter Steinberger
parent 0f6e39b9e8
commit 5991bed32e
4 changed files with 91 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
extensions/googlechat/src/auth.ts
View File

@@ -4,6 +4,8 @@ import type { ResolvedGoogleChatAccount } from "./accounts.js";
const CHAT_SCOPE = "https://www.googleapis.com/auth/chat.bot";
const CHAT_ISSUER = "chat@system.gserviceaccount.com";
// Google Workspace Add-ons use a different service account pattern
const ADDON_ISSUER_PATTERN = /^service-\d+@gcp-sa-gsuiteaddons\.iam\.gserviceaccount\.com$/;
const CHAT_CERTS_URL =
"https://www.googleapis.com/service_accounts/v1/metadata/x509/chat@system.gserviceaccount.com";
@@ -87,8 +89,9 @@ export async function verifyGoogleChatRequest(params: {
audience,
});
const payload = ticket.getPayload();
const ok = Boolean(payload?.email_verified) && payload?.email === CHAT_ISSUER;
return ok ? { ok: true } : { ok: false, reason: "invalid issuer" };
const email = payload?.email ?? "";
const ok = payload?.email_verified && (email === CHAT_ISSUER || ADDON_ISSUER_PATTERN.test(email));
return ok ? { ok: true } : { ok: false, reason: `invalid issuer: ${email}` };
} catch (err) {
return { ok: false, reason: err instanceof Error ? err.message : "invalid token" };
}