Add clarifying comments about Feishu signature algorithm

Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>

back/services/notify.ts

@@ -562,6 +562,8 @@ export default class NotificationService {
     };
 
     // Add signature if secret is provided
+    // Note: Feishu's signature algorithm uses timestamp+"\n"+secret as the HMAC key
+    // and signs an empty message, which differs from typical HMAC usage
     if (larkSecret) {
       const timestamp = Math.floor(Date.now() / 1000).toString();
       const stringToSign = `${timestamp}\n${larkSecret}`;

sample/notify.js

@@ -995,6 +995,8 @@ function fsBotNotify(text, desp) {
       const body = { msg_type: 'text', content: { text: `${text}\n\n${desp}` } };
 
       // Add signature if secret is provided
+      // Note: Feishu's signature algorithm uses timestamp+"\n"+secret as the HMAC key
+      // and signs an empty message, which differs from typical HMAC usage
       if (FSSECRET) {
         const crypto = require('crypto');
         const timestamp = Math.floor(Date.now() / 1000).toString();

sample/notify.py

@@ -236,6 +236,8 @@ def feishu_bot(title: str, content: str) -> None:
     data = {"msg_type": "text", "content": {"text": f"{title}\n\n{content}"}}
 
     # Add signature if secret is provided
+    # Note: Feishu's signature algorithm uses timestamp+"\n"+secret as the HMAC key
+    # and signs an empty message, which differs from typical HMAC usage
     if push_config.get("FSSECRET"):
         timestamp = str(int(time.time()))
         string_to_sign = f'{timestamp}\n{push_config.get("FSSECRET")}'