Add clarifying comments about Feishu signature algorithm

Co-authored-by: whyour <22700758+whyour@users.noreply.github.com>
2026-02-12 22:16:42 +08:00 · 2025-11-26 17:01:57 +00:00 · 2025-11-26 17:01:57 +00:00 · a3a556b625
commit a3a556b625
parent 6fd7eabcb6
3 changed files with 6 additions and 0 deletions
--- a/back/services/notify.ts
+++ b/back/services/notify.ts
@ -562,6 +562,8 @@ export default class NotificationService {
    };

    // Add signature if secret is provided
+    // Note: Feishu's signature algorithm uses timestamp+"\n"+secret as the HMAC key
+    // and signs an empty message, which differs from typical HMAC usage
    if (larkSecret) {
      const timestamp = Math.floor(Date.now() / 1000).toString();
      const stringToSign = `${timestamp}\n${larkSecret}`;
--- a/sample/notify.js
+++ b/sample/notify.js
@ -995,6 +995,8 @@ function fsBotNotify(text, desp) {
      const body = { msg_type: 'text', content: { text: `${text}\n\n${desp}` } };

      // Add signature if secret is provided
+      // Note: Feishu's signature algorithm uses timestamp+"\n"+secret as the HMAC key
+      // and signs an empty message, which differs from typical HMAC usage
      if (FSSECRET) {
        const crypto = require('crypto');
        const timestamp = Math.floor(Date.now() / 1000).toString();
--- a/sample/notify.py
+++ b/sample/notify.py
@ -236,6 +236,8 @@ def feishu_bot(title: str, content: str) -> None:
    data = {"msg_type": "text", "content": {"text": f"{title}\n\n{content}"}}

    # Add signature if secret is provided
+    # Note: Feishu's signature algorithm uses timestamp+"\n"+secret as the HMAC key
+    # and signs an empty message, which differs from typical HMAC usage
    if push_config.get("FSSECRET"):
        timestamp = str(int(time.time()))
        string_to_sign = f'{timestamp}\n{push_config.get("FSSECRET")}'