feishu_file_fetch

Quick start

Create or update the reference implementation at scripts/feishu_file_fetch.py. It should:

1. Accept JSON input: { message_id, file_key, type="file", outdir="/root/clawd/uploads", max_bytes=104857600 }
2. Output JSON: { ok, path, filename, bytes, sha256, error? }
3. Use FEISHU_APP_ID / FEISHU_APP_SECRET to fetch and cache tenant_access_token (refresh 2 minutes before expiry).
4. Download via GET https://open.feishu.cn/open-apis/im/v1/messages/{message_id}/resources/{file_key}?type={type} with Authorization: Bearer <token>.
5. Stream to outdir/yyyyMMdd/, parse filename from Content-Disposition, fallback to file_key.bin.
6. Compute sha256 while streaming; enforce max_bytes strictly (terminate and delete temp file if exceeded).
7. Prevent path traversal by ensuring final path stays within outdir.
8. Never log tokens or secrets.

Runtime notes

• Use only stdlib to avoid dependency installs.
• If Content-Length exceeds max_bytes, fail early.
• Use a temp file in the target directory and os.replace on success.

Example usage

echo '{"message_id":"om_xxx","file_key":"file_xxx"}' | python scripts/feishu_file_fetch.py

Additional resources

• For API details and error handling notes, see reference.md