mirror of
https://github.com/larksuite/cli.git
synced 2026-07-05 15:47:54 +08:00
End-to-end RFC 3798 Message Disposition Notification support, covering
both sides of the receipt flow — requesting a receipt when composing, and
responding to one (send or decline) when reading.
Request side (compose)
- New --request-receipt flag on +send / +reply / +reply-all / +forward /
+draft-create / +draft-edit. When set, the outgoing EML carries a
Disposition-Notification-To header (RFC 3798) addressed to the resolved
sender. Recipient mail clients may prompt the user, auto-send a receipt,
or silently ignore — delivery is not guaranteed.
- requireSenderForRequestReceipt gates the flag against a controlled
sender address resolved BEFORE the orig.headTo fallback in +reply /
+reply-all / +forward, so the DNT cannot silently land on someone else
in CC / shared-mailbox flows.
Response side
- +send-receipt: build a system-templated reply for messages carrying the
READ_RECEIPT_REQUEST label (-607). Subject / recipient / sent / read
time layout matches the Lark client; body is non-customizable — receipt
bodies are system templates by industry convention; free-form notes
belong in +reply. Risk:"high-risk-write" + --yes required.
- +decline-receipt: clear READ_RECEIPT_REQUEST without sending anything
(mirrors the client's "不发送" / "Don't send" button). Idempotent on
re-run; Risk:"write" — no --yes needed.
Read-path hints
- +message / +messages / +thread emit a stderr hint when surfacing a
mail carrying READ_RECEIPT_REQUEST, exposing BOTH response paths
(+send-receipt --yes / +decline-receipt) so agents present a real
choice to the user instead of silently auto-sending.
Guard rails
- +send / +reply / +reply-all / +forward stay draft-by-default and
require --confirm-send to send, gated by a dynamic scope check for
mail:user_mailbox.message:send (absent from the default scope set so
draft-only flows don't need the sensitive permission).
- All header-bound user input (sender / display name / recipient /
subject) goes through CR/LF rejection plus Bidi / zero-width / line-
separator guards, mirroring emlbuilder.validateHeaderValue, to block
header injection and visual spoofing.
- Hint output strips terminal control characters (CR, LF) from any
untrusted field embedded into the user-visible suggestion.
Backend coupling
- Outgoing receipt EML carries the private header
X-Lark-Read-Receipt-Mail: 1. The data-access backend parses it into
BodyExtra.IsReadReceiptMail; DraftSend then applies READ_RECEIPT_SENT
(-608) and clears READ_RECEIPT_REQUEST (-607) from the original
message, closing the client-side banner.
- en receipts require backend TCC SubjectPrefixListForAdvancedSearch to
include "Read Receipt:" for conversation-view aggregation; zh prefix
("已读回执:") is already configured.
Docs: new reference pages for +send-receipt / +decline-receipt;
--request-receipt noted on each compose-side reference; SKILL.md
workflow (section 9) describes the full privacy-safe decision tree on
both sides.
Tests cover emlbuilder DispositionNotificationTo / IsReadReceiptMail
helpers, receiptMetaLabels (zh / en), buildReceiptSubject, text and HTML
body generators (with HTML escaping and Bidi guards), header-injection
defenses, sender-resolution gating (CC-only / shared-mailbox regression),
hint emission paths, and the full +send-receipt / +decline-receipt happy
+ idempotent paths via httpmock.
154 lines
5.5 KiB
Go
154 lines
5.5 KiB
Go
// Copyright (c) 2026 Lark Technologies Pte. Ltd.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package draft
|
|
|
|
import (
|
|
"fmt"
|
|
"net/url"
|
|
"strings"
|
|
|
|
"github.com/larksuite/cli/shortcuts/common"
|
|
)
|
|
|
|
// mailboxPath joins mailboxID and the given segments under the
|
|
// /open-apis/mail/v1/user_mailboxes/ root, URL-escaping each component.
|
|
// Empty segments are skipped.
|
|
func mailboxPath(mailboxID string, segments ...string) string {
|
|
parts := make([]string, 0, len(segments)+1)
|
|
parts = append(parts, url.PathEscape(mailboxID))
|
|
for _, seg := range segments {
|
|
if seg == "" {
|
|
continue
|
|
}
|
|
parts = append(parts, url.PathEscape(seg))
|
|
}
|
|
return "/open-apis/mail/v1/user_mailboxes/" + strings.Join(parts, "/")
|
|
}
|
|
|
|
// GetRaw fetches the raw EML of a draft via drafts.get(format=raw) and
|
|
// returns the draft ID alongside the EML. If the backend response omits
|
|
// draft_id, the input draftID is echoed back so callers always have a
|
|
// non-empty identifier to round-trip.
|
|
func GetRaw(runtime *common.RuntimeContext, mailboxID, draftID string) (DraftRaw, error) {
|
|
data, err := runtime.CallAPI("GET", mailboxPath(mailboxID, "drafts", draftID), map[string]interface{}{"format": "raw"}, nil)
|
|
if err != nil {
|
|
return DraftRaw{}, err
|
|
}
|
|
raw := extractRawEML(data)
|
|
if raw == "" {
|
|
return DraftRaw{}, fmt.Errorf("API response missing draft raw EML; the backend returned an empty raw body for this draft")
|
|
}
|
|
gotDraftID := extractDraftID(data)
|
|
if gotDraftID == "" {
|
|
gotDraftID = draftID
|
|
}
|
|
return DraftRaw{
|
|
DraftID: gotDraftID,
|
|
RawEML: raw,
|
|
}, nil
|
|
}
|
|
|
|
// CreateWithRaw creates a draft in mailboxID from a pre-built base64url-encoded
|
|
// EML payload and returns the server-assigned draft ID along with the
|
|
// optional preview reference URL. Use this when the caller has already
|
|
// assembled the EML with emlbuilder; for high-level compose paths use the
|
|
// MailDraftCreate shortcut instead.
|
|
func CreateWithRaw(runtime *common.RuntimeContext, mailboxID, rawEML string) (DraftResult, error) {
|
|
data, err := runtime.CallAPI("POST", mailboxPath(mailboxID, "drafts"), nil, map[string]interface{}{"raw": rawEML})
|
|
if err != nil {
|
|
return DraftResult{}, err
|
|
}
|
|
draftID := extractDraftID(data)
|
|
if draftID == "" {
|
|
return DraftResult{}, fmt.Errorf("API response missing draft_id")
|
|
}
|
|
return DraftResult{
|
|
DraftID: draftID,
|
|
Reference: extractReference(data),
|
|
}, nil
|
|
}
|
|
|
|
// UpdateWithRaw overwrites an existing draft's content with a pre-built
|
|
// base64url-encoded EML. Existing headers / body / attachments in the draft
|
|
// are replaced wholesale; callers that want to patch individual parts should
|
|
// use draftpkg.Apply on a parsed snapshot instead. The returned DraftResult
|
|
// carries the (possibly re-issued) draft ID and the preview reference URL
|
|
// when the backend provides one.
|
|
func UpdateWithRaw(runtime *common.RuntimeContext, mailboxID, draftID, rawEML string) (DraftResult, error) {
|
|
data, err := runtime.CallAPI("PUT", mailboxPath(mailboxID, "drafts", draftID), nil, map[string]interface{}{"raw": rawEML})
|
|
if err != nil {
|
|
return DraftResult{}, err
|
|
}
|
|
gotDraftID := extractDraftID(data)
|
|
if gotDraftID == "" {
|
|
gotDraftID = draftID
|
|
}
|
|
return DraftResult{
|
|
DraftID: gotDraftID,
|
|
Reference: extractReference(data),
|
|
}, nil
|
|
}
|
|
|
|
// Send dispatches a previously created draft. When sendTime is a non-empty
|
|
// Unix-seconds string the backend schedules delivery; otherwise delivery is
|
|
// immediate. The returned map is the raw API response body, typically
|
|
// including message_id / thread_id / recall_status.
|
|
func Send(runtime *common.RuntimeContext, mailboxID, draftID, sendTime string) (map[string]interface{}, error) {
|
|
var bodyParams map[string]interface{}
|
|
if sendTime != "" {
|
|
bodyParams = map[string]interface{}{"send_time": sendTime}
|
|
}
|
|
return runtime.CallAPI("POST", mailboxPath(mailboxID, "drafts", draftID, "send"), nil, bodyParams)
|
|
}
|
|
|
|
// extractDraftID returns the first non-empty draft identifier found in the
|
|
// API response. Looks at draft_id / id at the top level, then recurses into a
|
|
// nested "draft" object. Returns "" when no identifier is present.
|
|
func extractDraftID(data map[string]interface{}) string {
|
|
if id, ok := data["draft_id"].(string); ok && strings.TrimSpace(id) != "" {
|
|
return strings.TrimSpace(id)
|
|
}
|
|
if id, ok := data["id"].(string); ok && strings.TrimSpace(id) != "" {
|
|
return strings.TrimSpace(id)
|
|
}
|
|
if draft, ok := data["draft"].(map[string]interface{}); ok {
|
|
return extractDraftID(draft)
|
|
}
|
|
return ""
|
|
}
|
|
|
|
// extractRawEML returns the base64url-encoded raw EML from the response,
|
|
// looking at top-level "raw", a nested "message.raw", or a nested "draft"
|
|
// object. Returns "" when no EML is present.
|
|
func extractRawEML(data map[string]interface{}) string {
|
|
if raw, ok := data["raw"].(string); ok && strings.TrimSpace(raw) != "" {
|
|
return strings.TrimSpace(raw)
|
|
}
|
|
if msg, ok := data["message"].(map[string]interface{}); ok {
|
|
if raw, ok := msg["raw"].(string); ok && strings.TrimSpace(raw) != "" {
|
|
return strings.TrimSpace(raw)
|
|
}
|
|
}
|
|
if draft, ok := data["draft"].(map[string]interface{}); ok {
|
|
return extractRawEML(draft)
|
|
}
|
|
return ""
|
|
}
|
|
|
|
// extractReference returns the optional preview "reference" URL from the
|
|
// response, recursing into a nested "draft" object when present. Returns ""
|
|
// when no reference is present.
|
|
func extractReference(data map[string]interface{}) string {
|
|
if data == nil {
|
|
return ""
|
|
}
|
|
if ref, ok := data["reference"].(string); ok && strings.TrimSpace(ref) != "" {
|
|
return strings.TrimSpace(ref)
|
|
}
|
|
if draft, ok := data["draft"].(map[string]interface{}); ok {
|
|
return extractReference(draft)
|
|
}
|
|
return ""
|
|
}
|