Skip to content

feat(dingtalk): add signature support with auto-adapt for security modes#933

Open
ql-wade wants to merge 2 commits intosansan0:masterfrom
ql-wade:feature/dingtalk-signature
Open

feat(dingtalk): add signature support with auto-adapt for security modes#933
ql-wade wants to merge 2 commits intosansan0:masterfrom
ql-wade:feature/dingtalk-signature

Conversation

@ql-wade
Copy link
Copy Markdown

@ql-wade ql-wade commented Feb 20, 2026

功能

  • 支持钉钉加签验证(DINGTALK_SECRET 环境变量)
  • 自动适配安全模式:关键词/IP白名单/加签
  • 支持多账号(分号分隔)
  • 向后兼容:不配置 SECRET 时使用关键词/IP白名单模式

用法

# docker-compose.yml 或 .env
DINGTALK_WEBHOOK_URL: https://oapi.dingtalk.com/robot/send?access_token=xxx
DINGTALK_SECRET: SECxxx  # 可选,加签模式需要

多账号支持:

DINGTALK_WEBHOOK_URL=https://oapi.dingtalk.com/...;https://oapi.dingtalk.com/...
DINGTALK_SECRET=SECxxx;SECyyy

工作原理

  1. 首先尝试不加签发送(关键词/IP白名单模式)
  2. 如果返回签名错误,自动使用 DINGTALK_SECRET 加签重试
  3. 无需手动选择安全模式

测试

安全模式 结果
关键词 直接发送成功 ✅
IP白名单 直接发送成功 ✅
加签(配了SECRET) 先失败 → 自动加签重试 → 成功 ✅
加签(未配SECRET) 失败,提示配置 DINGTALK_SECRET

OpenCode added 2 commits February 20, 2026 17:45
feat(dingtalk): add signature support for IP-whitelisted environments
20cff80 
- Add DINGTALK_SECRET environment variable support
- Implement HmacSHA256 signature generation per DingTalk API spec
- Support multi-account with paired secrets (semicolon-separated)
- Backward compatible: works without secret (keyword/IP whitelist mode)

Fixes: #issue-number
feat(dingtalk): auto-adapt to security mode (keyword/IP/signature)
cda7b3b 
- First try without signature (keyword/IP whitelist mode)
- If signature error detected, auto retry with sign
- No need to manually choose security mode
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ql-wade