Merge branch 'openimsdk:main' into main

.env

@@ -8,12 +8,12 @@ PROMETHEUS_IMAGE=prom/prometheus:v2.45.6
 ALERTMANAGER_IMAGE=prom/alertmanager:v0.27.0
 GRAFANA_IMAGE=grafana/grafana:11.0.1
 
-OPENIM_WEB_FRONT_IMAGE=openim/openim-web-front:release-v3.8.0
-OPENIM_ADMIN_FRONT_IMAGE=openim/openim-admin-front:release-v1.8.0
+OPENIM_WEB_FRONT_IMAGE=openim/openim-web-front:release-v3.8.1
+OPENIM_ADMIN_FRONT_IMAGE=openim/openim-admin-front:release-v1.8.2
 
 #FRONT_IMAGE: use aliyun images
-#OPENIM_WEB_FRONT_IMAGE=registry.cn-hangzhou.aliyuncs.com/openimsdk/openim-web-front:release-v3.5.1
-#OPENIM_ADMIN_FRONT_IMAGE=registry.cn-hangzhou.aliyuncs.com/openimsdk/openim-admin-front:release-v1.7
+#OPENIM_WEB_FRONT_IMAGE=registry.cn-hangzhou.aliyuncs.com/openimsdk/openim-web-front:release-v3.8.1
+#OPENIM_ADMIN_FRONT_IMAGE=registry.cn-hangzhou.aliyuncs.com/openimsdk/openim-admin-front:release-v1.8.2
 
 DATA_DIR=./
 

.github/workflows/publish-docker-image.yml

@@ -4,6 +4,8 @@ on:
   push:
     branches:
       - release-*
+    # tags:
+    #   - 'v*'
 
   release:
     types: [published]
@@ -15,11 +17,8 @@ on:
         required: true
         default: "v3.8.0"
 
-# env:
-#   GO_VERSION: "1.21"
-
 jobs:
-  publish-docker-images:
+  build-and-test:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -28,16 +27,22 @@ jobs:
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
-        
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Build and push Docker image
+      - name: Build Docker image
+        id: build
         uses: docker/build-push-action@v5
         with:
           context: ./main-repo
           load: true
           tags: "openim/openim-server:local"
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Save Docker image to file
+        run: docker save -o image.tar openim/openim-server:local
 
       - name: Checkout compose repository
         uses: actions/checkout@v4
@@ -63,38 +68,39 @@ jobs:
           docker compose up -d
           sleep 60
 
-      - name: Check openim-server health
-        run: |
-          timeout=300
-          interval=30
-          elapsed=0
-          while [[ $elapsed -le $timeout ]]; do
-            if ! docker exec openim-server mage check; then
-              echo "openim-server is not ready, waiting..."
-              sleep $interval
-              elapsed=$(($elapsed + $interval))
-            else
-              echo "Health check successful"
-              exit 0
-            fi
-          done
-          echo "Health check failed after 5 minutes"
-          exit 1
+      # - name: Check openim-server health
+      #   run: |
+      #     timeout=300
+      #     interval=30
+      #     elapsed=0
+      #     while [[ $elapsed -le $timeout ]]; do
+      #       if ! docker exec openim-server mage check; then
+      #         echo "openim-server is not ready, waiting..."
+      #         sleep $interval
+      #         elapsed=$(($elapsed + $interval))
+      #       else
+      #         echo "Health check successful"
+      #         exit 0
+      #       fi
+      #     done
+      #     echo "Health check failed after 5 minutes"
+      #     exit 1
 
-      - name: Check openim-chat health
-        if: success()
-        run: |
-          if ! docker exec openim-chat mage check; then
-              echo "openim-chat check failed"
-              exit 1
-            else
-              echo "Health check successful"
-              exit 0
-            fi
+      # - name: Check openim-chat health
+      #   if: success()
+      #   run: |
+      #     if ! docker exec openim-chat mage check; then
+      #         echo "openim-chat check failed"
+      #         exit 1
+      #       else
+      #         echo "Health check successful"
+      #         exit 0
+      #       fi
 
+      - name: Load Docker image from file
+        run: docker load -i image.tar
 
-      - name: Extract metadata for Docker #  (tags, labels) 
-        if: success()
+      - name: Extract metadata for Docker (tags, labels)
         id: meta
         uses: docker/metadata-action@v5.5.1
         with:
@@ -102,18 +108,17 @@ jobs:
             openim/openim-server
             ghcr.io/openimsdk/openim-server
             registry.cn-hangzhou.aliyuncs.com/openimsdk/openim-server
-
-          # generate Docker tags based on the following events/attributes
           tags: |
             type=ref,event=tag
             type=schedule
             type=ref,event=branch
-            type=ref,event=pr
             type=semver,pattern={{version}}
             type=semver,pattern=v{{version}}
             type=semver,pattern={{major}}.{{minor}}
             type=semver,pattern={{major}}
+            type=semver,pattern=release-{{raw}}
             type=sha
+            type=raw,value=${{ github.event.inputs.tag }}
 
       - name: Log in to Docker Hub
         uses: docker/login-action@v2
@@ -135,7 +140,7 @@ jobs:
           username: ${{ secrets.ALIREGISTRY_USERNAME }}
           password: ${{ secrets.ALIREGISTRY_TOKEN }}
 
-      - name: Build and push Docker images
+      - name: Push Docker images
         uses: docker/build-push-action@v5
         with:
           context: ./main-repo

Dockerfile

@@ -1,5 +1,5 @@
 # Use Go 1.21 Alpine as the base image for building the application
-FROM golang:1.21-alpine as builder
+FROM golang:1.21-alpine AS builder
 
 # Define the base directory for the application as an environment variable
 ENV SERVER_DIR=/openim-server

config/webhooks.yml

@@ -1,8 +1,18 @@
-url: webhook://127.0.0.1:10008/callbackExample
+url: http://127.0.0.1:10006/callbackExample
 beforeSendSingleMsg:
   enable: false
   timeout: 5
   failedContinue: true
+  # Only the contentType in allowedTypes will send the callback.
+  # Supports two formats: a single type or a range. The range is defined by the lower and upper bounds connected with a hyphen ("-").
+  # e.g. allowedTypes: [1, 100, 200-500, 600-700] means that only contentType within the range
+  # {1, 100} ∪ [200, 500] ∪ [600, 700] will be allowed through the filter.
+  # If not set, all contentType messages will through this filter.
+  allowedTypes: []
+  # Only the contentType not in deniedTypes will send the callback.
+  # Supports two formats, same as allowedTypes.
+  # If not set, all contentType messages will through this filter.
+  deniedTypes: []
 beforeUpdateUserInfoEx:
   enable:  false
   timeout: 5
@@ -16,17 +26,29 @@ afterSendSingleMsg:
   # Only the senID/recvID specified in attentionIds will send the callback
   # if not set, all user messages will be callback
   attentionIds: []
+  # See beforeSendSingleMsg comment.
+  allowedTypes: []
+  deniedTypes: []
 beforeSendGroupMsg:
   enable: false
   timeout: 5
   failedContinue: true
+  # See beforeSendSingleMsg comment.
+  allowedTypes: []
+  deniedTypes: []
 beforeMsgModify:
   enable: false
   timeout: 5
   failedContinue: true
+  # See beforeSendSingleMsg comment.
+  allowedTypes: []
+  deniedTypes: []
 afterSendGroupMsg:
   enable: false
   timeout: 5
+  # See beforeSendSingleMsg comment.
+  allowedTypes: []
+  deniedTypes: []
 afterUserOnline:
   enable: false
   timeout: 5

go.mod

@@ -13,7 +13,7 @@ require (
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/openimsdk/protocol v0.0.72
-	github.com/openimsdk/tools v0.0.50-alpha.15
+	github.com/openimsdk/tools v0.0.50-alpha.16
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/prometheus/client_golang v1.18.0
 	github.com/stretchr/testify v1.9.0

go.sum

@@ -321,8 +321,8 @@ github.com/openimsdk/gomake v0.0.14-alpha.5 h1:VY9c5x515lTfmdhhPjMvR3BBRrRquAUCF
 github.com/openimsdk/gomake v0.0.14-alpha.5/go.mod h1:PndCozNc2IsQIciyn9mvEblYWZwJmAI+06z94EY+csI=
 github.com/openimsdk/protocol v0.0.72 h1:K+vslwaR7lDXyBzb07UuEQITaqsgighz7NyXVIWsu6A=
 github.com/openimsdk/protocol v0.0.72/go.mod h1:OZQA9FR55lseYoN2Ql1XAHYKHJGu7OMNkUbuekrKCM8=
-github.com/openimsdk/tools v0.0.50-alpha.15 h1:HV9aKZ4vvCZCGG4wFDsgUONkkdJeCcrFNn3BT52nUVQ=
-github.com/openimsdk/tools v0.0.50-alpha.15/go.mod h1:h1cYmfyaVtgFbKmb1Cfsl8XwUOMTt8ubVUQrdGtsUh4=
+github.com/openimsdk/tools v0.0.50-alpha.16 h1:bC1AQvJMuOHtZm8LZRvN8L5mH1Ws2VYdL+TLTs1iGSc=
+github.com/openimsdk/tools v0.0.50-alpha.16/go.mod h1:h1cYmfyaVtgFbKmb1Cfsl8XwUOMTt8ubVUQrdGtsUh4=
 github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
 github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
 github.com/pierrec/lz4/v4 v4.1.21 h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ=

internal/rpc/group/group.go

@@ -1764,6 +1764,7 @@ func (g *groupServer) GetSpecifiedUserGroupRequestInfo(ctx context.Context, req
 		}
 
 		adminIDs = append(adminIDs, owners[0].UserID)
+		adminIDs = append(adminIDs, g.config.Share.IMAdminUserID...)
 
 		if !datautil.Contain(req.UserID, adminIDs...) {
 			return nil, errs.ErrNoPermission.WrapMsg("opUser no permission")

internal/rpc/msg/callback.go

@@ -67,6 +67,9 @@ func (m *msgServer) webhookBeforeSendSingleMsg(ctx context.Context, before *conf
 		if msg.MsgData.ContentType == constant.Typing {
 			return nil
 		}
+		if !filterBeforeMsg(msg, before) {
+			return nil
+		}
 		cbReq := &cbapi.CallbackBeforeSendSingleMsgReq{
 			CommonCallbackReq: toCommonCallback(ctx, msg, cbapi.CallbackBeforeSendSingleMsgCommand),
 			RecvID:            msg.MsgData.RecvID,
@@ -84,9 +87,7 @@ func (m *msgServer) webhookAfterSendSingleMsg(ctx context.Context, after *config
 	if msg.MsgData.ContentType == constant.Typing {
 		return
 	}
-	// According to the attentionIds configuration, only some users are sent
-	attentionIds := after.AttentionIds
-	if attentionIds != nil && !datautil.Contain(msg.MsgData.RecvID, attentionIds...) && !datautil.Contain(msg.MsgData.SendID, attentionIds...) {
+	if !filterAfterMsg(msg, after) {
 		return
 	}
 	cbReq := &cbapi.CallbackAfterSendSingleMsgReq{
@@ -98,6 +99,9 @@ func (m *msgServer) webhookAfterSendSingleMsg(ctx context.Context, after *config
 
 func (m *msgServer) webhookBeforeSendGroupMsg(ctx context.Context, before *config.BeforeConfig, msg *pbchat.SendMsgReq) error {
 	return webhook.WithCondition(ctx, before, func(ctx context.Context) error {
+		if !filterBeforeMsg(msg, before) {
+			return nil
+		}
 		if msg.MsgData.ContentType == constant.Typing {
 			return nil
 		}
@@ -117,6 +121,9 @@ func (m *msgServer) webhookAfterSendGroupMsg(ctx context.Context, after *config.
 	if msg.MsgData.ContentType == constant.Typing {
 		return
 	}
+	if !filterAfterMsg(msg, after) {
+		return
+	}
 	cbReq := &cbapi.CallbackAfterSendGroupMsgReq{
 		CommonCallbackReq: toCommonCallback(ctx, msg, cbapi.CallbackAfterSendGroupMsgCommand),
 		GroupID:           msg.MsgData.GroupID,
@@ -129,6 +136,9 @@ func (m *msgServer) webhookBeforeMsgModify(ctx context.Context, before *config.B
 		if msg.MsgData.ContentType != constant.Text {
 			return nil
 		}
+		if !filterBeforeMsg(msg, before) {
+			return nil
+		}
 		cbReq := &cbapi.CallbackMsgModifyCommandReq{
 			CommonCallbackReq: toCommonCallback(ctx, msg, cbapi.CallbackBeforeMsgModifyCommand),
 		}

internal/rpc/msg/filter.go

@@ -0,0 +1,67 @@
+package msg
+
+import (
+	"github.com/openimsdk/open-im-server/v3/pkg/common/config"
+	pbchat "github.com/openimsdk/protocol/msg"
+	"github.com/openimsdk/tools/utils/datautil"
+	"strconv"
+	"strings"
+)
+
+const (
+	separator = "-"
+)
+
+func filterAfterMsg(msg *pbchat.SendMsgReq, after *config.AfterConfig) bool {
+	return filterMsg(msg, after.AttentionIds, after.AllowedTypes, after.DeniedTypes)
+}
+
+func filterBeforeMsg(msg *pbchat.SendMsgReq, before *config.BeforeConfig) bool {
+	return filterMsg(msg, nil, before.AllowedTypes, before.DeniedTypes)
+}
+
+func filterMsg(msg *pbchat.SendMsgReq, attentionIds, allowedTypes, deniedTypes []string) bool {
+	// According to the attentionIds configuration, only some users are sent
+	if len(attentionIds) != 0 && !datautil.Contains([]string{msg.MsgData.SendID, msg.MsgData.RecvID}, attentionIds...) {
+		return false
+	}
+	if len(allowedTypes) != 0 && !isInInterval(msg.MsgData.ContentType, allowedTypes) {
+		return false
+	}
+	if len(deniedTypes) != 0 && isInInterval(msg.MsgData.ContentType, deniedTypes) {
+		return false
+	}
+	return true
+}
+
+func isInInterval(contentType int32, interval []string) bool {
+	for _, v := range interval {
+		if strings.Contains(v, separator) {
+			// is interval
+			bounds := strings.Split(v, separator)
+			if len(bounds) != 2 {
+				continue
+			}
+			bottom, err := strconv.Atoi(bounds[0])
+			if err != nil {
+				continue
+			}
+			top, err := strconv.Atoi(bounds[1])
+			if err != nil {
+				continue
+			}
+			if datautil.BetweenEq(int(contentType), bottom, top) {
+				return true
+			}
+		} else {
+			iv, err := strconv.Atoi(v)
+			if err != nil {
+				continue
+			}
+			if int(contentType) == iv {
+				return true
+			}
+		}
+	}
+	return false
+}

pkg/common/config/config.go

@@ -345,15 +345,19 @@ type Redis struct {
 }
 
 type BeforeConfig struct {
-	Enable         bool `mapstructure:"enable"`
-	Timeout        int  `mapstructure:"timeout"`
-	FailedContinue bool `mapstructure:"failedContinue"`
+	Enable         bool     `mapstructure:"enable"`
+	Timeout        int      `mapstructure:"timeout"`
+	FailedContinue bool     `mapstructure:"failedContinue"`
+	AllowedTypes   []string `mapstructure:"allowedTypes"`
+	DeniedTypes    []string `mapstructure:"deniedTypes"`
 }
 
 type AfterConfig struct {
 	Enable       bool     `mapstructure:"enable"`
 	Timeout      int      `mapstructure:"timeout"`
 	AttentionIds []string `mapstructure:"attentionIds"`
+	AllowedTypes []string `mapstructure:"allowedTypes"`
+	DeniedTypes  []string `mapstructure:"deniedTypes"`
 }
 
 type Share struct {

pkg/common/storage/controller/auth.go

@@ -16,6 +16,7 @@ package controller
 
 import (
 	"context"
+	"github.com/openimsdk/tools/log"
 
 	"github.com/golang-jwt/jwt/v4"
 	"github.com/openimsdk/open-im-server/v3/pkg/authverify"
@@ -77,12 +78,23 @@ func (a *authDatabase) CreateToken(ctx context.Context, userID string, platformI
 			return "", err
 		}
 	}
+
+	const adminTokenMaxNum = 30
+	if platformID == constant.AdminPlatformID {
+		if len(kickedTokenKey) > adminTokenMaxNum {
+			kickedTokenKey = kickedTokenKey[:len(kickedTokenKey)-adminTokenMaxNum]
+		} else {
+			kickedTokenKey = nil
+		}
+	}
+
 	if len(kickedTokenKey) != 0 {
 		for _, k := range kickedTokenKey {
 			err := a.cache.SetTokenFlagEx(ctx, userID, platformID, k, constant.KickedToken)
 			if err != nil {
 				return "", err
 			}
+			log.ZDebug(ctx, "kicked token in create token", "token", k)
 		}
 	}
 

version/version

@@ -1 +1 @@
-3.8.0
+3.8.1