Support local IM channel connections

2026-06-11 09:55:59 +00:00 · 2026-06-10 21:59:33 +08:00
parent 9effa7be6d
commit 92c185b90d
16 changed files with 381 additions and 53 deletions
@@ -53,7 +53,7 @@ class ChannelConnectionRepository:
        self,
        session_factory: async_sessionmaker[AsyncSession],
        *,
-        cipher: ChannelCredentialCipher,
+        cipher: ChannelCredentialCipher | None = None,
    ) -> None:
        self.session_factory = session_factory
        self._cipher = cipher
@@ -77,6 +77,13 @@ class ChannelConnectionRepository:
            return value
        return value.replace(tzinfo=UTC)

+    def _encrypt_optional_secret(self, value: str | None) -> str | None:
+        if value is None:
+            return None
+        if self._cipher is None:
+            raise RuntimeError("channel connection encryption key is required")
+        return self._cipher.encrypt_text(value)
+
    @staticmethod
    def _connection_to_dict(row: ChannelConnectionRow) -> dict[str, Any]:
        data = row.to_dict()
@@ -166,6 +173,8 @@ class ChannelConnectionRepository:
        refresh_expires_at: datetime | None = None,
        extra: dict[str, Any] | None = None,
    ) -> None:
+        if self._cipher is None:
+            raise RuntimeError("channel connection encryption key is required")
        async with self.session_factory() as session:
            row = await session.get(ChannelCredentialRow, connection_id)
            if row is None:
@@ -181,6 +190,8 @@ class ChannelConnectionRepository:
            await session.commit()

    async def get_credentials(self, connection_id: str) -> dict[str, Any] | None:
+        if self._cipher is None:
+            return None
        async with self.session_factory() as session:
            row = await session.get(ChannelCredentialRow, connection_id)
            if row is None:
@@ -217,7 +228,7 @@ class ChannelConnectionRepository:
            state_hash=self.hash_state(state),
            owner_user_id=owner_user_id,
            provider=provider,
-            code_verifier_encrypted=self._cipher.encrypt_text(code_verifier),
+            code_verifier_encrypted=self._encrypt_optional_secret(code_verifier),
            nonce_hash=nonce_hash,
            redirect_after=redirect_after,
            requested_scopes_json=list(requested_scopes or []),