QBot/services/signature.js

const nacl = require('tweetnacl');
const { Buffer } = require('buffer');
const { BOT_SECRET } = require('../config');

function getKeyPairFromSecret(secret) {
  let seed = secret;
  while (seed.length < 32) seed += secret;
  seed = seed.slice(0, 32);
  const seedUint8 = Buffer.from(seed, 'utf-8');
  return nacl.sign.keyPair.fromSeed(seedUint8);
}

function generateCallbackSignature(event_ts, plain_token) {
  const keyPair = getKeyPairFromSecret(BOT_SECRET);
  const privateKey = keyPair.secretKey;
  const msgToSign = Buffer.concat([
    Buffer.from(String(event_ts), 'utf-8'),
    Buffer.from(plain_token, 'utf-8')
  ]);
  return Buffer.from(nacl.sign.detached(msgToSign, privateKey)).toString('hex');
}

function verifySignature(timestamp, rawBody, signature) {
  const keyPair = getKeyPairFromSecret(BOT_SECRET);
  const publicKey = keyPair.publicKey;
  const msg = Buffer.from(timestamp + rawBody.toString('utf-8'));
  return nacl.sign.detached.verify(
    msg,
    Buffer.from(signature, 'hex'),
    publicKey
  );
}

module.exports = {
  generateCallbackSignature,
  verifySignature,
};
feat: 添加 QQ 机器人 Webhook 对接示例项目 - 新增 .env 文件配置机器人密钥和应用信息 - 创建 .gitignore 文件忽略 node_modules 和 cert目录 - 添加 app.js 实现基本的 Webhook 功能和机器人事件处理 - 新增 eventHandler.js 处理机器人事件并自动回复消息 - 创建 config/index.js 加载环境变量配置 - 添加 logger.js 实现简单的日志记录功能 - 创建 .idea目录下的项目配置文件 - 新增 package.json 管理项目依赖和启动脚本 2025-07-24 04:17:57 +00:00			`const nacl = require('tweetnacl');`
			`const { Buffer } = require('buffer');`
			`const { BOT_SECRET } = require('../config');`

			`function getKeyPairFromSecret(secret) {`
			`let seed = secret;`
			`while (seed.length < 32) seed += secret;`
			`seed = seed.slice(0, 32);`
			`const seedUint8 = Buffer.from(seed, 'utf-8');`
			`return nacl.sign.keyPair.fromSeed(seedUint8);`
			`}`

			`function generateCallbackSignature(event_ts, plain_token) {`
			`const keyPair = getKeyPairFromSecret(BOT_SECRET);`
			`const privateKey = keyPair.secretKey;`
			`const msgToSign = Buffer.concat([`
			`Buffer.from(String(event_ts), 'utf-8'),`
			`Buffer.from(plain_token, 'utf-8')`
			`]);`
			`return Buffer.from(nacl.sign.detached(msgToSign, privateKey)).toString('hex');`
			`}`

			`function verifySignature(timestamp, rawBody, signature) {`
			`const keyPair = getKeyPairFromSecret(BOT_SECRET);`
			`const publicKey = keyPair.publicKey;`
			`const msg = Buffer.from(timestamp + rawBody.toString('utf-8'));`
			`return nacl.sign.detached.verify(`
			`msg,`
			`Buffer.from(signature, 'hex'),`
			`publicKey`
			`);`
			`}`

			`module.exports = {`
			`generateCallbackSignature,`
			`verifySignature,`
			`};`