fix(msteams): fix inline pasted image downloads (PR #10902 rebase)

jlian · jlian · commit b3be68a65bd6 · 2026-03-18T17:49:55.000-07:00
diff --git a/extensions/msteams/src/attachments.test.ts b/extensions/msteams/src/attachments.test.ts
@@ -212,6 +212,9 @@ const createMediaEntriesWithType = (contentType: string, ...paths: string[]) =>
   paths.map((path) => ({ path, contentType }));
 const createHostedContentsWithType = (contentType: string, ...ids: string[]) =>
   ids.map((id) => ({ id, contentType, contentBytes: PNG_BASE64 }));
+/** Like createHostedContentsWithType but with contentBytes: null to exercise the $value fetch path. */
+const createHostedContentsNullBytes = (contentType: string, ...ids: string[]) =>
+  ids.map((id) => ({ id, contentType, contentBytes: null }));
 const createImageMediaEntries = (...paths: string[]) =>
   createMediaEntriesWithType(CONTENT_TYPE_IMAGE_PNG, ...paths);
 const createHostedImageContents = (...ids: string[]) =>
@@ -848,6 +851,20 @@ describe("msteams attachments", () => {
       expectAttachmentMediaLength(media, 0);
       expect(fetchMock).toHaveBeenCalledTimes(1);
     });
+
+    it("appends /views/original to Bot Framework attachment URLs", async () => {
+      const bfUrl = "https://smba.trafficmanager.net/amer/72f988bf/v3/attachments/0-wus-d11-abc";
+      const media = await downloadAttachmentsWithFetch(
+        createContentUrlAttachments("image/*", bfUrl),
+        fetchRemoteMediaMock,
+        { allowHosts: ["smba.trafficmanager.net"], resolveFn: publicResolveFn },
+      );
+
+      expect(fetchRemoteMediaMock).toHaveBeenCalledWith(
+        expect.objectContaining({ url: `${bfUrl}/views/original` }),
+      );
+      expectAttachmentMediaLength(media, 1);
+    });
   });
 
   describe("buildMSTeamsGraphMessageUrls", () => {
@@ -927,6 +944,41 @@ describe("msteams attachments", () => {
       expect(calledUrls.some((url) => url.startsWith(GRAPH_SHARES_URL_PREFIX))).toBe(true);
       expect(calledUrls).not.toContain(escapedUrl);
     });
+
+    it("skips hosted content when $value fetch fails", async () => {
+      const tokenProvider = createTokenProvider();
+      const graphFetchMock = vi.fn(async (url: string) => {
+        if (url.endsWith("/hostedContents")) {
+          // contentBytes: null forces the $value fetch path
+          return createGraphCollectionResponse(
+            createHostedContentsNullBytes(CONTENT_TYPE_IMAGE_PNG, "1"),
+          );
+        }
+        if (url.includes("/hostedContents/1/$value")) {
+          return createNotFoundResponse();
+        }
+        if (url.endsWith("/attachments")) {
+          return createGraphCollectionResponse([]);
+        }
+        return createNotFoundResponse();
+      }) as unknown as FetchFn;
+
+      const { media } = await downloadGraphMediaWithMockOptions(
+        {},
+        {
+          fetchFn: graphFetchMock,
+          tokenProvider,
+        },
+      );
+
+      expectAttachmentMediaLength(media.media, 0);
+      expect(saveMediaBufferMock).not.toHaveBeenCalled();
+      // Verify the $value fetch was actually attempted with the correct URL.
+      expect(graphFetchMock).toHaveBeenCalledWith(
+        expect.stringContaining("/hostedContents/1/$value"),
+        expect.anything(),
+      );
+    });
   });
 
   describe("buildMSTeamsMediaPayload", () => {
diff --git a/extensions/msteams/src/attachments.ts b/extensions/msteams/src/attachments.ts
@@ -3,7 +3,11 @@ export {
   /** @deprecated Use `downloadMSTeamsAttachments` instead. */
   downloadMSTeamsImageAttachments,
 } from "./attachments/download.js";
-export { buildMSTeamsGraphMessageUrls, downloadMSTeamsGraphMedia } from "./attachments/graph.js";
+export {
+  buildMSTeamsGraphMessageUrls,
+  downloadGraphHostedContent,
+  downloadMSTeamsGraphMedia,
+} from "./attachments/graph.js";
 export {
   buildMSTeamsAttachmentPlaceholder,
   summarizeMSTeamsHtmlAttachments,
diff --git a/extensions/msteams/src/attachments/download.ts b/extensions/msteams/src/attachments/download.ts
@@ -26,6 +26,24 @@ type DownloadCandidate = {
   placeholder: string;
 };
 
+/** Detect Bot Framework /v3/attachments/{id} URLs that need /views/original. */
+const BF_ATTACHMENT_RE = /\/v3\/attachments\/[^/]+\/?$/i;
+function isBotFrameworkAttachmentUrl(url: string): boolean {
+  try {
+    return BF_ATTACHMENT_RE.test(new URL(url).pathname);
+  } catch {
+    return false;
+  }
+}
+
+/** Rewrite Bot Framework attachment URLs to append /views/original, preserving query strings. */
+function rewriteBotFrameworkUrl(url: string): string {
+  if (!isBotFrameworkAttachmentUrl(url)) return url;
+  const parsed = new URL(url);
+  parsed.pathname = parsed.pathname.replace(/\/+$/, "") + "/views/original";
+  return parsed.toString();
+}
+
 function resolveDownloadCandidate(att: MSTeamsAttachmentLike): DownloadCandidate | null {
   const contentType = normalizeContentType(att.contentType);
   const name = typeof att.name === "string" ? att.name.trim() : "";
@@ -62,8 +80,13 @@ function resolveDownloadCandidate(att: MSTeamsAttachmentLike): DownloadCandidate
     return null;
   }
 
+  // Bot Framework attachment URLs (…/v3/attachments/{id}) return JSON metadata;
+  // append /views/original to retrieve the actual binary content.
+  // Preserve any query string (e.g. signed URLs with ?sig=...).
+  let url = rewriteBotFrameworkUrl(contentUrl);
+
   return {
-    url: contentUrl,
+    url,
     fileHint: name || undefined,
     contentTypeHint: contentType,
     placeholder: inferPlaceholder({ contentType, fileName: name }),
@@ -194,8 +217,10 @@ export async function downloadMSTeamsAttachments(params: {
         continue;
       }
       seenUrls.add(inline.url);
+      // Apply Bot Framework URL rewrite to inline <img src> URLs too.
+      const rewrittenUrl = rewriteBotFrameworkUrl(inline.url);
       candidates.push({
-        url: inline.url,
+        url: rewrittenUrl,
         fileHint: inline.fileHint,
         contentTypeHint: inline.contentType,
         placeholder: inline.placeholder,
diff --git a/extensions/msteams/src/attachments/graph.ts b/extensions/msteams/src/attachments/graph.ts
@@ -173,7 +173,7 @@ function normalizeGraphAttachment(att: GraphAttachment): MSTeamsAttachmentLike {
  * Download all hosted content from a Teams message (images, documents, etc.).
  * Renamed from downloadGraphHostedImages to support all file types.
  */
-async function downloadGraphHostedContent(params: {
+export async function downloadGraphHostedContent(params: {
   accessToken: string;
   messageUrl: string;
   maxBytes: number;
@@ -191,24 +191,83 @@ async function downloadGraphHostedContent(params: {
     return { media: [], status: hosted.status, count: 0 };
   }
 
+  const fetchFn = params.fetchFn ?? fetch;
   const out: MSTeamsInboundMedia[] = [];
   for (const item of hosted.items) {
+    let buffer: Buffer | undefined;
+    let headerMime: string | undefined;
+
+    // Fast path: use contentBytes when the collection response includes them.
     const contentBytes = typeof item.contentBytes === "string" ? item.contentBytes : "";
-    if (!contentBytes) {
-      continue;
+    if (contentBytes) {
+      try {
+        buffer = Buffer.from(contentBytes, "base64");
+      } catch {
+        // Fall through to $value fetch.
+      }
     }
-    let buffer: Buffer;
-    try {
-      buffer = Buffer.from(contentBytes, "base64");
-    } catch {
+
+    // Graph collection responses typically return contentBytes as null.
+    // Fetch the raw binary from the individual $value endpoint instead.
+    if (!buffer && item.id) {
+      try {
+        const valueUrl = `${params.messageUrl}/hostedContents/${encodeURIComponent(item.id)}/$value`;
+        const { response: valRes, release } = await fetchWithSsrFGuard({
+          url: valueUrl,
+          fetchImpl: fetchFn,
+          init: { headers: { Authorization: `Bearer ${params.accessToken}` } },
+          policy: params.ssrfPolicy,
+        });
+        try {
+          if (valRes.ok) {
+            const contentLength = Number(valRes.headers.get("content-length") ?? "0");
+            if (contentLength > params.maxBytes) {
+              // Skip oversized content without buffering.
+            } else if (valRes.body) {
+              // Stream with bounded read to avoid buffering oversized payloads
+              // when content-length is missing or misreported.
+              const chunks: Uint8Array[] = [];
+              let totalBytes = 0;
+              let oversized = false;
+              const reader = valRes.body.getReader();
+              try {
+                for (;;) {
+                  const { done, value } = await reader.read();
+                  if (done) break;
+                  totalBytes += value.byteLength;
+                  if (totalBytes > params.maxBytes) {
+                    oversized = true;
+                    await reader.cancel();
+                    break;
+                  }
+                  chunks.push(value);
+                }
+              } finally {
+                reader.releaseLock();
+              }
+              if (!oversized && chunks.length > 0) {
+                buffer = Buffer.concat(chunks);
+                headerMime = valRes.headers.get("content-type") ?? undefined;
+              }
+            }
+          }
+        } finally {
+          await release();
+        }
+      } catch {
+        // Network/fetch failure — skip this item.
+      }
+    }
+
+    if (!buffer) {
       continue;
     }
     if (buffer.byteLength > params.maxBytes) {
       continue;
     }
     const mime = await getMSTeamsRuntime().media.detectMime({
       buffer,
-      headerMime: item.contentType ?? undefined,
+      headerMime: headerMime ?? item.contentType ?? undefined,
     });
     // Download any file type, not just images
     try {
diff --git a/extensions/msteams/src/attachments/shared.ts b/extensions/msteams/src/attachments/shared.ts
@@ -49,7 +49,7 @@ export const DEFAULT_MEDIA_HOST_ALLOWLIST = [
   "asm.skype.com",
   "ams.skype.com",
   "media.ams.skype.com",
-  // Bot Framework attachment URLs
+  // Bot Framework attachment URLs — regional variants (smba, smba.eu, smba.ap, etc.)
   "trafficmanager.net",
   "blob.core.windows.net",
   "azureedge.net",
@@ -59,6 +59,10 @@ export const DEFAULT_MEDIA_HOST_ALLOWLIST = [
 export const DEFAULT_MEDIA_AUTH_HOST_ALLOWLIST = [
   "api.botframework.com",
   "botframework.com",
+  // Bot Framework attachment service URLs — regional variants
+  "smba.trafficmanager.net",
+  "smba.eu.trafficmanager.net",
+  "smba.ap.trafficmanager.net",
   "graph.microsoft.com",
   "graph.microsoft.us",
   "graph.microsoft.de",
diff --git a/extensions/msteams/src/monitor-handler/inbound-media.ts b/extensions/msteams/src/monitor-handler/inbound-media.ts
