#!/usr/bin/env python3 """ Nextcloud Talk Claude Bot Receives webhooks from Nextcloud Talk and responds using Claude CLI. """ import asyncio import hashlib import hmac import json import logging import os import re import secrets from datetime import datetime from typing import Optional import httpx from fastapi import FastAPI, Request, HTTPException, Header from fastapi.responses import JSONResponse # Configuration from environment NEXTCLOUD_URL = os.environ.get("NEXTCLOUD_URL", "").rstrip("/") CLAUDE_PATH = os.environ.get("CLAUDE_PATH", "claude") ALLOWED_USERS = [u.strip() for u in os.environ.get("ALLOWED_USERS", "").split(",") if u.strip()] TIMEOUT = int(os.environ.get("TIMEOUT", "120")) SYSTEM_PROMPT = os.environ.get("SYSTEM_PROMPT", "") # Bot secret from systemd credential def get_bot_secret() -> str: cred_path = os.environ.get("CREDENTIALS_DIRECTORY", "") if cred_path: secret_file = os.path.join(cred_path, "bot-secret") if os.path.exists(secret_file): with open(secret_file) as f: return f.read().strip() # Fallback for development return os.environ.get("BOT_SECRET", "") BOT_SECRET = get_bot_secret() # Logging logging.basicConfig( level=logging.INFO, format="%(asctime)s [%(levelname)s] %(message)s" ) log = logging.getLogger(__name__) app = FastAPI(title="Nextcloud Claude Bot") # Number of recent messages to fetch for context CONTEXT_MESSAGES = int(os.environ.get("CONTEXT_MESSAGES", "6")) def generate_bot_auth_headers(body: str = "") -> dict: """Generate authentication headers for bot requests to Nextcloud.""" random = secrets.token_hex(32) digest = hmac.new( BOT_SECRET.encode(), (random + body).encode(), hashlib.sha256 ).hexdigest() return { "X-Nextcloud-Talk-Bot-Random": random, "X-Nextcloud-Talk-Bot-Signature": digest, "OCS-APIRequest": "true", } async def fetch_chat_history(conversation_token: str, limit: int = CONTEXT_MESSAGES) -> list[dict]: """Fetch recent messages from Nextcloud Talk conversation.""" if not NEXTCLOUD_URL: log.warning("NEXTCLOUD_URL not configured, cannot fetch history") return [] url = f"{NEXTCLOUD_URL}/ocs/v2.php/apps/spreed/api/v1/chat/{conversation_token}" params = { "limit": limit, "lookIntoFuture": 0, } headers = generate_bot_auth_headers() headers["Accept"] = "application/json" async with httpx.AsyncClient() as client: try: resp = await client.get(url, params=params, headers=headers) if resp.status_code == 200: data = resp.json() messages = data.get("ocs", {}).get("data", []) # Messages come newest first, reverse for chronological order return list(reversed(messages)) else: log.warning(f"Failed to fetch chat history: {resp.status_code} {resp.text[:200]}") return [] except Exception as e: log.exception("Error fetching chat history") return [] def verify_signature(body: bytes, signature: str, random: Optional[str] = None) -> bool: """Verify Nextcloud webhook signature.""" if not BOT_SECRET: log.warning("No bot secret configured, skipping signature verification") return True # Nextcloud sends: sha256= if signature.startswith("sha256="): signature = signature[7:] # Try different signature computation methods # Method 1: Just body expected1 = hmac.new(BOT_SECRET.encode(), body, hashlib.sha256).hexdigest() # Method 2: random + body (if random header present) if random: expected2 = hmac.new(BOT_SECRET.encode(), (random.encode() + body), hashlib.sha256).hexdigest() else: expected2 = None if hmac.compare_digest(expected1, signature): return True if expected2 and hmac.compare_digest(expected2, signature): return True return False async def build_prompt(conversation_token: str, current_message: str, current_user: str) -> str: """Build prompt with conversation history from Nextcloud.""" parts = [] if SYSTEM_PROMPT: parts.append(f"System: {SYSTEM_PROMPT}\n") # Fetch recent history from Nextcloud history = await fetch_chat_history(conversation_token) # Add recent history (excluding the current message which triggered this) for msg in history: actor_type = msg.get("actorType", "") actor_id = msg.get("actorId", "") message_text = msg.get("message", "") msg_type = msg.get("messageType", "") # Skip system messages if msg_type == "system": continue # Determine if this is a user or the bot if actor_type == "bots": parts.append(f"Assistant: {message_text}") elif actor_type == "users": parts.append(f"User ({actor_id}): {message_text}") # Add current message parts.append(f"User ({current_user}): {current_message}") return "\n\n".join(parts) async def call_claude(prompt: str) -> str: """Call Claude CLI and return response.""" cmd = [CLAUDE_PATH, "--print"] log.info(f"Calling Claude: {' '.join(cmd)}") try: proc = await asyncio.create_subprocess_exec( *cmd, stdin=asyncio.subprocess.PIPE, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE, ) stdout, stderr = await asyncio.wait_for( proc.communicate(prompt.encode()), timeout=TIMEOUT ) if proc.returncode != 0: log.error(f"Claude CLI error: {stderr.decode()}") return f"❌ Fehler beim Aufruf von Claude: {stderr.decode()[:200]}" return stdout.decode().strip() except asyncio.TimeoutError: log.error(f"Claude CLI timeout after {TIMEOUT}s") return f"⏱️ Timeout: Claude hat nicht innerhalb von {TIMEOUT}s geantwortet." except Exception as e: log.exception("Error calling Claude") return f"❌ Fehler: {str(e)}" async def send_reply(conversation_token: str, message: str, reply_to: int = None): """Send reply back to Nextcloud Talk.""" if not NEXTCLOUD_URL: log.error("NEXTCLOUD_URL not configured") return url = f"{NEXTCLOUD_URL}/ocs/v2.php/apps/spreed/api/v1/bot/{conversation_token}/message" # Bot authentication - signature is over the message being sent headers = generate_bot_auth_headers(message) headers["Content-Type"] = "application/json" payload = { "message": message, "referenceId": hashlib.sha256(f"{conversation_token}-{datetime.now().isoformat()}".encode()).hexdigest()[:32], } if reply_to: payload["replyTo"] = reply_to async with httpx.AsyncClient() as client: try: resp = await client.post(url, json=payload, headers=headers) if resp.status_code not in (200, 201): log.error(f"Failed to send reply: {resp.status_code} {resp.text}") else: log.info(f"Reply sent to conversation {conversation_token}") except Exception as e: log.exception("Error sending reply to Nextcloud") @app.post("/webhook") async def handle_webhook( request: Request, x_nextcloud_talk_signature: Optional[str] = Header(None, alias="X-Nextcloud-Talk-Signature"), x_nextcloud_talk_random: Optional[str] = Header(None, alias="X-Nextcloud-Talk-Random"), ): """Handle incoming webhook from Nextcloud Talk.""" body = await request.body() # Verify signature if x_nextcloud_talk_signature and not verify_signature(body, x_nextcloud_talk_signature, x_nextcloud_talk_random): log.warning("Invalid webhook signature") raise HTTPException(status_code=401, detail="Invalid signature") try: data = json.loads(body) except json.JSONDecodeError: raise HTTPException(status_code=400, detail="Invalid JSON") log.info(f"Received webhook: {json.dumps(data, indent=2)[:500]}") # Extract message info - Nextcloud Talk Bot webhook format actor = data.get("actor", {}) actor_type = actor.get("type", "") actor_id_full = actor.get("id", "") # e.g., "users/harald" # Extract username from "users/username" format if "/" in actor_id_full: actor_id = actor_id_full.split("/", 1)[1] else: actor_id = actor_id_full # Message is in object.content as JSON string obj = data.get("object", {}) message_id = obj.get("id") content_str = obj.get("content", "{}") try: content = json.loads(content_str) message_text = content.get("message", "") except json.JSONDecodeError: message_text = content_str # Conversation info is in target target = data.get("target", {}) conversation_token = target.get("id", "") # Only respond to user/person messages if actor_type not in ("users", "Person"): log.info(f"Ignoring non-user actor: {actor_type}") return JSONResponse({"status": "ignored", "reason": "not a user message"}) # For now, treat all conversations the same (respond to mentions) is_direct_message = False # We can't easily determine this from the webhook # Check for bot mention in message (Nextcloud uses @"Bot Name" format) bot_mentioned = False clean_message = message_text # Look for mention patterns: @Claude or @"Claude" mention_patterns = [ r'@"?Claude"?\s*', r'@"?claude"?\s*', ] for pattern in mention_patterns: if re.search(pattern, message_text, re.IGNORECASE): bot_mentioned = True clean_message = re.sub(pattern, '', message_text, flags=re.IGNORECASE).strip() break # In group chats, only respond if mentioned if not is_direct_message and not bot_mentioned: log.info(f"Ignoring message in group chat without mention") return JSONResponse({"status": "ignored", "reason": "not mentioned in group chat"}) # Use clean message (without mention) for processing if bot_mentioned: message_text = clean_message # Check allowed users if ALLOWED_USERS and actor_id not in ALLOWED_USERS: log.warning(f"User {actor_id} not in allowed list") await send_reply( conversation_token, "🚫 Du bist nicht berechtigt, diesen Bot zu nutzen.", reply_to=message_id ) return JSONResponse({"status": "rejected", "reason": "user not allowed"}) if not message_text.strip(): return JSONResponse({"status": "ignored", "reason": "empty message"}) log.info(f"Processing message from {actor_id}: {message_text[:100]}") if message_text.strip().lower() in ("/help", "/hilfe"): help_text = """🤖 **Claude Bot Hilfe** Schreib mir einfach eine Nachricht und ich antworte dir. **Nutzung:** • In Direktnachrichten: Einfach schreiben • In Gruppenchats: @Claude gefolgt von deiner Frage **Befehle:** • `/help` oder `/hilfe` – Diese Hilfe anzeigen Der Bot nutzt die letzten Nachrichten aus dem Chat als Kontext.""" await send_reply(conversation_token, help_text, reply_to=message_id) return JSONResponse({"status": "ok", "action": "help"}) # Build prompt with chat history and call Claude prompt = await build_prompt(conversation_token, message_text, actor_id) response = await call_claude(prompt) # Send response await send_reply(conversation_token, response, reply_to=message_id) return JSONResponse({"status": "ok"}) @app.get("/health") async def health(): """Health check endpoint.""" return { "status": "ok", "nextcloud_url": NEXTCLOUD_URL, "claude_path": CLAUDE_PATH, "allowed_users": ALLOWED_USERS if ALLOWED_USERS else "all", "context_messages": CONTEXT_MESSAGES, } if __name__ == "__main__": import uvicorn uvicorn.run(app, host="127.0.0.1", port=8085)