(hertzbeat) branch master updated: [feature] support the security settings for robot signatures in DingTalk (#3841)

duansg Sun, 02 Nov 2025 19:43:19 -0800

This is an automated email from the ASF dual-hosted git repository.

duansg pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hertzbeat.git



The following commit(s) were added to refs/heads/master by this push:
     new 3a378f8710 [feature] support the security settings for robot 
signatures in DingTalk (#3841)
3a378f8710 is described below

commit 3a378f871009ad56fcf24926a2b460bafa0f612a
Author: DeleiGuo <[email protected]>
AuthorDate: Mon Nov 3 11:43:08 2025 +0800

    [feature] support the security settings for robot signatures in DingTalk 
(#3841)
    
    Co-authored-by: shown <[email protected]>
---
 .../impl/DingTalkRobotAlertNotifyHandlerImpl.java  | 22 ++++++++++++++++++++--
 .../alert-notice-receiver.component.html           |  8 ++++++++
 web-app/src/assets/i18n/en-US.json                 |  1 +
 web-app/src/assets/i18n/ja-JP.json                 |  1 +
 web-app/src/assets/i18n/pt-BR.json                 |  1 +
 web-app/src/assets/i18n/zh-CN.json                 |  1 +
 web-app/src/assets/i18n/zh-TW.json                 |  1 +
 7 files changed, 33 insertions(+), 2 deletions(-)

diff --git 
a/hertzbeat-alerter/src/main/java/org/apache/hertzbeat/alert/notice/impl/DingTalkRobotAlertNotifyHandlerImpl.java
 
b/hertzbeat-alerter/src/main/java/org/apache/hertzbeat/alert/notice/impl/DingTalkRobotAlertNotifyHandlerImpl.java
index 35bca56034..b4e4b26630 100644
--- 
a/hertzbeat-alerter/src/main/java/org/apache/hertzbeat/alert/notice/impl/DingTalkRobotAlertNotifyHandlerImpl.java
+++ 
b/hertzbeat-alerter/src/main/java/org/apache/hertzbeat/alert/notice/impl/DingTalkRobotAlertNotifyHandlerImpl.java
@@ -18,12 +18,17 @@
 package org.apache.hertzbeat.alert.notice.impl;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
 import java.util.List;
+
 import lombok.Data;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.hertzbeat.alert.notice.AlertNoticeException;
+import org.apache.hertzbeat.alert.util.CryptoUtils;
 import org.apache.hertzbeat.common.entity.alerter.GroupAlert;
 import org.apache.hertzbeat.common.entity.alerter.NoticeReceiver;
 import org.apache.hertzbeat.common.entity.alerter.NoticeTemplate;
@@ -54,7 +59,13 @@ final class DingTalkRobotAlertNotifyHandlerImpl extends 
AbstractAlertNotifyHandl
             HttpHeaders headers = new HttpHeaders();
             headers.setContentType(MediaType.APPLICATION_JSON);
             HttpEntity<DingTalkWebHookDto> httpEntity = new 
HttpEntity<>(dingTalkWebHookDto, headers);
-            String webHookUrl = alerterProperties.getDingTalkWebhookUrl() + 
receiver.getAccessToken();
+            StringBuilder webHookUrlBuilder = new StringBuilder()
+                    .append(alerterProperties.getDingTalkWebhookUrl())
+                    .append(receiver.getAccessToken());
+            if (StringUtils.isNotBlank(receiver.getAppSecret())) {
+                webHookUrlBuilder.append(signSecret(receiver.getAppSecret()));
+            }
+            String webHookUrl = webHookUrlBuilder.toString();
             ResponseEntity<CommonRobotNotifyResp> responseEntity = 
restTemplate.postForEntity(webHookUrl,
                     httpEntity, CommonRobotNotifyResp.class);
             if (responseEntity.getStatusCode() == HttpStatus.OK) {
@@ -102,6 +113,13 @@ final class DingTalkRobotAlertNotifyHandlerImpl extends 
AbstractAlertNotifyHandl
         return dingTalkWebHookDto;
     }
 
+    private String signSecret(String secret) throws Exception {
+        Long timestamp = System.currentTimeMillis();
+        String sign = URLEncoder.encode(CryptoUtils.hmacSha256Base64(secret, 
timestamp + "\n" + secret),
+                StandardCharsets.UTF_8);
+        return String.format("&timestamp=%s&sign=%s", timestamp, sign);
+    }
+
     @Override
     public byte type() {
         return 5;
@@ -109,6 +127,7 @@ final class DingTalkRobotAlertNotifyHandlerImpl extends 
AbstractAlertNotifyHandl
 
     /**
      * DingTalk robot request body
+     *
      * @version 1.0
      */
     @Data
@@ -187,5 +206,4 @@ final class DingTalkRobotAlertNotifyHandlerImpl extends 
AbstractAlertNotifyHandl
     }
 
 
-
 }
diff --git 
a/web-app/src/app/routes/alert/alert-notice/alert-notice-receiver/alert-notice-receiver.component.html
 
b/web-app/src/app/routes/alert/alert-notice/alert-notice-receiver/alert-notice-receiver.component.html
index 908d4db97c..ab245b5f1e 100644
--- 
a/web-app/src/app/routes/alert/alert-notice/alert-notice-receiver/alert-notice-receiver.component.html
+++ 
b/web-app/src/app/routes/alert/alert-notice/alert-notice-receiver/alert-notice-receiver.component.html
@@ -295,6 +295,14 @@
           />
         </nz-form-control>
       </nz-form-item>
+      <nz-form-item *ngIf="receiver.type === 5">
+        <nz-form-label [nzSpan]="7" nzFor="appSecret">
+          {{ 'alert.notice.type.ding-secret' | i18n }}
+        </nz-form-label>
+        <nz-form-control [nzErrorTip]="'validation.required' | i18n" 
[nzSpan]="12">
+          <input [(ngModel)]="receiver.appSecret" name="appSecret" nz-input 
type="text" />
+        </nz-form-control>
+      </nz-form-item>
       <nz-form-item *ngIf="receiver.type === 5">
         <nz-form-label [nzSpan]="7" nzFor="phone">{{ 'alert.notice.type.phone' 
| i18n }}</nz-form-label>
         <nz-form-control [nzErrorTip]="'validation.phone.invalid' | i18n" 
[nzSpan]="12">
diff --git a/web-app/src/assets/i18n/en-US.json 
b/web-app/src/assets/i18n/en-US.json
index 369bda2050..0948405e12 100644
--- a/web-app/src/assets/i18n/en-US.json
+++ b/web-app/src/assets/i18n/en-US.json
@@ -196,6 +196,7 @@
   "alert.notice.type.WeComApp-userId": "User ID(separated by | symbol)",
   "alert.notice.type.access-token": "Robot ACCESS_TOKEN",
   "alert.notice.type.ding": "DingDing Robot",
+  "alert.notice.type.ding-secret": "Robot Secret",
   "alert.notice.type.discord": "Discord Bot",
   "alert.notice.type.discord-bot-token": "Discord Bot Token",
   "alert.notice.type.discord-channel-id": "Discord Channel ID",
diff --git a/web-app/src/assets/i18n/ja-JP.json 
b/web-app/src/assets/i18n/ja-JP.json
index ad5f394da5..485d539291 100644
--- a/web-app/src/assets/i18n/ja-JP.json
+++ b/web-app/src/assets/i18n/ja-JP.json
@@ -196,6 +196,7 @@
   "alert.notice.type.WeComApp-userId": "ユーザーID（|記号で区切る）",
   "alert.notice.type.access-token": "ロボットACCESS_TOKEN",
   "alert.notice.type.ding": "DingDing ロボット",
+  "alert.notice.type.ding-secret": "DingTalkロボット秘密鍵",
   "alert.notice.type.discord": "Discord ボット",
   "alert.notice.type.discord-bot-token": "Discord ボットトークン",
   "alert.notice.type.discord-channel-id": "Discord チャンネルID",
diff --git a/web-app/src/assets/i18n/pt-BR.json 
b/web-app/src/assets/i18n/pt-BR.json
index d813e1b0b0..f84f582eda 100644
--- a/web-app/src/assets/i18n/pt-BR.json
+++ b/web-app/src/assets/i18n/pt-BR.json
@@ -172,6 +172,7 @@
   "alert.notice.type.WeCom-robot-key": "Chave do Robô WeCom",
   "alert.notice.type.access-token": "Token de Acesso do Robô",
   "alert.notice.type.ding": "Robô DingDing",
+  "alert.notice.type.ding-secret": "Chave Secreta do Robô DingDing",
   "alert.notice.type.fei-shu": "Robô FeiShu",
   "alert.notice.type.fei-shu-key": "Chave do Robô FeiShu",
   "alert.notice.type.telegram-bot": "Bot do Telegram",
diff --git a/web-app/src/assets/i18n/zh-CN.json 
b/web-app/src/assets/i18n/zh-CN.json
index 6934139a2c..a1378f0b62 100644
--- a/web-app/src/assets/i18n/zh-CN.json
+++ b/web-app/src/assets/i18n/zh-CN.json
@@ -196,6 +196,7 @@
   "alert.notice.type.WeComApp-userId": "用户id(多个使用|符号分隔)",
   "alert.notice.type.access-token": "机器人ACCESS_TOKEN",
   "alert.notice.type.ding": "钉钉机器人",
+  "alert.notice.type.ding-secret": "钉钉机器人密钥",
   "alert.notice.type.discord": "Discord机器人",
   "alert.notice.type.discord-bot-token": "Discord Bot Token",
   "alert.notice.type.discord-channel-id": "Discord频道ID",
diff --git a/web-app/src/assets/i18n/zh-TW.json 
b/web-app/src/assets/i18n/zh-TW.json
index 3159a7b107..1dad50dc10 100644
--- a/web-app/src/assets/i18n/zh-TW.json
+++ b/web-app/src/assets/i18n/zh-TW.json
@@ -195,6 +195,7 @@
   "alert.notice.type.WeComApp-userId": "使用者id（多個使用|符號分隔）",
   "alert.notice.type.access-token": "機器人ACCESS_TOKEN",
   "alert.notice.type.ding": "釘釘機器人",
+  "alert.notice.type.ding-secret": "釘釘機器人密鑰",
   "alert.notice.type.discord": "Discord機器人",
   "alert.notice.type.discord-bot-token": "Discord Bot Token",
   "alert.notice.type.discord-channel-id": "Discord頻道ID",


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

(hertzbeat) branch master updated: [feature] support the security settings for robot signatures in DingTalk (#3841)

Reply via email to