OpenClaw 企业微信集成方案
集成方式概览
企业微信机器人集成(推荐)
WEBHOOK_URL = "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=YOUR_KEY"
# OpenClaw 告警推送配置
alert_config = {
"type": "wechat_work",
"webhook": WEBHOOK_URL,
"msg_type": "markdown", # text/markdown/image/file
"mentioned_list": ["@all"] # 提醒成员
}企业微信应用集成
# 创建企业微信应用获取凭证 corp_id: "wwxxxxxx" agent_id: 1000002 secret: "your_app_secret" # 功能支持: # - 消息推送 # - 用户同步 # - 审批流程集成 # - 应用内交互
详细实现步骤
步骤1:准备工作
- 注册企业微信:https://work.weixin.qq.com
- 创建应用/机器人:
- 机器人:群聊 → 添加机器人 → 获取Webhook
- 应用:管理后台 → 应用管理 → 创建应用
步骤2:OpenClaw配置
方案A:使用企业微信机器人(简单)
# alert_handlers/wechat_work.py
import requests
import json
from openclaw.core.alert import AlertHandler
class WeChatWorkRobotHandler(AlertHandler):
def __init__(self, webhook_url):
self.webhook = webhook_url
def send_alert(self, alert_data):
"""发送告警消息"""
message = self._format_message(alert_data)
headers = {'Content-Type': 'application/json'}
response = requests.post(
self.webhook,
data=json.dumps(message),
headers=headers
)
return response.status_code == 200
def _format_message(self, alert_data):
"""格式化消息"""
return {
"msgtype": "markdown",
"markdown": {
"content": f"""**OpenClaw告警通知**
> **告警级别**: {alert_data['level']}
> **告警名称**: {alert_data['name']}
> **告警详情**: {alert_data['message']}
> **发生时间**: {alert_data['timestamp']}
> **相关链接**: [查看详情]({alert_data['link']})
"""
},
"mentioned_list": ["@all"]
}
方案B:企业微信应用集成(功能更全)
# 获取access_token
import requests
class WeChatWorkApp:
def __init__(self, corp_id, agent_id, secret):
self.corp_id = corp_id
self.agent_id = agent_id
self.secret = secret
self.access_token = None
self.token_expire = 0
def get_token(self):
"""获取access_token"""
url = f"https://qyapi.weixin.qq.com/cgi-bin/gettoken"
params = {
"corpid": self.corp_id,
"corpsecret": self.secret
}
response = requests.get(url, params=params)
result = response.json()
self.access_token = result['access_token']
return self.access_token
def send_message(self, user_list, content):
"""发送应用消息"""
url = f"https://qyapi.weixin.qq.com/cgi-bin/message/send"
params = {"access_token": self.get_token()}
data = {
"touser": "|".join(user_list),
"msgtype": "textcard",
"agentid": self.agent_id,
"textcard": {
"title": "OpenClaw安全告警",
"description": content,
"url": "https://your-openclaw-domain.com",
"btntxt": "查看详情"
}
}
response = requests.post(url, params=params, json=data)
return response.json()
步骤3:配置OpenClaw告警规则
# config/alerts.yaml
alert_providers:
wechat_work:
enabled: true
type: "wechat_work"
# 机器人方式
robot:
webhook: "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxx"
msg_type: "markdown"
# 应用方式
app:
corp_id: "wwxxxxxx"
agent_id: 1000002
secret: "xxx"
users: ["user1", "user2"] # 接收人员
alert_rules:
- name: "高危漏洞告警"
conditions:
- severity: "CRITICAL"
actions:
- type: "wechat_work"
provider: "wechat_work"
template: "security_alert"
- name: "系统异常告警"
conditions:
- type: "system_error"
actions:
- type: "wechat_work"
provider: "wechat_work"
mentioned_users: ["@all"]
步骤4:消息模板配置
# templates/wechat_work/security_alert.md
{% if alert.level == "CRITICAL" %}🚨 **紧急告警** 🚨{% endif %}
{% if alert.level == "HIGH" %}⚠️ **高危告警** ⚠️{% endif %}
**{{ alert.title }}**
> **来源**: {{ alert.source }}
> **时间**: {{ alert.timestamp | datetime_format }}
> **详情**: {{ alert.description }}
> **建议措施**: {{ alert.recommendation }}
[查看完整报告]({{ alert.detail_url }})
高级功能实现
交互式消息
class InteractiveHandler:
def send_interactive_card(self):
"""发送交互式卡片"""
message = {
"msgtype": "interactive",
"interactive": {
"card": {
"header": {
"title": "OpenClaw告警确认",
"subtitle": "请确认处理情况"
},
"elements": [
{
"tag": "button",
"text": "已处理",
"type": "primary",
"click": {
"actions": [
{
"type": "open_url",
"url": "https://your-domain.com/confirm?alert_id=123"
}
]
}
}
]
}
}
}
部门/用户同步
def sync_wechat_users():
"""同步企业微信用户到OpenClaw"""
url = "https://qyapi.weixin.qq.com/cgi-bin/user/simplelist"
params = {
"access_token": access_token,
"department_id": 1,
"fetch_child": 1
}
# 获取用户列表并同步到OpenClaw用户系统
审批流程集成
def create_approval(template_id, applicant_userid, details):
"""创建审批申请"""
url = "https://qyapi.weixin.qq.com/cgi-bin/oa/applyevent"
data = {
"creator_userid": applicant_userid,
"template_id": template_id,
"use_template_approver": 1,
"apply_data": {
"contents": details
}
}
配置示例文件
# docker-compose.yml 配置
version: '3'
services:
openclaw:
environment:
# 企业微信配置
WECHAT_WORK_ENABLED: "true"
WECHAT_WORK_CORP_ID: "${CORP_ID}"
WECHAT_WORK_AGENT_ID: "${AGENT_ID}"
WECHAT_WORK_SECRET: "${SECRET}"
WECHAT_WORK_ROBOT_WEBHOOK: "${WEBHOOK_URL}"
# 告警模板
ALERT_TEMPLATE_PATH: "/app/templates/wechat_work"
安全建议
-
Webhook安全:
# 验证签名 import hmac import hashlib import base64 def verify_signature(timestamp, nonce, signature, secret): msg = f"{timestamp}\n{nonce}\n" hmac_code = hmac.new(secret.encode(), msg.encode(), digestmod=hashlib.sha256).digest() return signature == base64.b64encode(hmac_code).decode() -
Token管理:
- 使用环境变量存储敏感信息
- 定期轮换应用Secret
- 实现Token自动刷新机制
故障排查
-
常见问题:
- 403错误:检查应用权限
- 400错误:验证消息格式
- 令牌过期:实现自动刷新
-
调试工具:
# 测试Webhook curl -X POST "WEBHOOK_URL" \ -H "Content-Type: application/json" \ -d '{"msgtype":"text","text":{"content":"测试消息"}}'
最佳实践
- 消息分级:不同级别告警使用不同@策略
- 频率限制:避免消息轰炸,实现消息聚合
- 多租户支持:为不同团队配置不同的接收群组
- 消息确认:添加处理确认机制
这个集成方案可以让OpenClaw的告警和通知直接推送到企业微信,方便团队实时响应安全事件,根据实际需求选择机器人方式(简单)或应用方式(功能全面)。
版权声明:除非特别标注,否则均为本站原创文章,转载时请以链接形式注明文章出处。
