qq combined forward: mine whitelist

- qq -> discord: ???

Author: wyf9

docs/drivers/discord.md

@@ -118,3 +118,4 @@ If the file is absent or an emoji is not found, the token falls back to the Unic
 
 - Bot messages are automatically ignored (webhook echoes are not re-bridged).
 - Files are downloaded and re-uploaded via multipart form. If a file exceeds `max_file_size`, its URL is appended to the message text.
+- For NapCat/QQ sources, an explicit `@self_id` mention is also converted into a Discord mention of the target bot account when bot identity is available.

docs/drivers/napcat.md

@@ -84,8 +84,12 @@ Incoming messages are parsed from OneBot 11 segment arrays:
 
 For merged-forward images, clicking the image now opens the bridge-rendered resource (`/asset/...`) in `url` mode, instead of jumping to the original QQ CDN URL. In `base64` mode, the page opens the image via a temporary blob URL without adding a duplicate base64 `href` payload.
 
+For security hardening, merged-forward image embedding now only allows a safe MIME allowlist (JPEG/PNG/GIF/WebP/BMP/AVIF). Unsafe types (for example `text/html` or `image/svg+xml`) are blocked from inline rendering and shown as a placeholder link.
+
 When merged-forward sender UID reliability cannot be confidently verified (including single-sender batches), NextBridge marks that sender as `UID 不可信` in the rendered header.
 
+Even when UID is marked unreliable, the rendered header still displays the QQ number (with the `UID 不可信` tag) for manual verification.
+
 ::: info Merged-forward access control
 Merged-forward links are plain paths and each page has its own TTL. When the timer runs out, the page stays on screen and switches to an expired state. If persistent storage is enabled, the page can still be opened again after a restart.
 :::

docs/zh/drivers/discord.md

@@ -118,3 +118,4 @@ Discord 驱动器通过 Discord 网关（Bot Token）接收消息，并支持通
 
 - Bot 发送的消息不会被再次桥接（Webhook 回显不会触发事件）。
 - 文件会被下载后通过 multipart 表单重新上传。若文件超过 `max_file_size`，其 URL 将以文字形式附加到消息中。
+- 对于 NapCat/QQ 来源，若源消息显式 `@self_id`，在可获取目标 Bot 身份时也会转换为 Discord 端对目标 Bot 账号的 mention。

docs/zh/drivers/napcat.md

@@ -83,8 +83,11 @@ NextBridge 目前只桥接**群消息**，不转发私聊消息。
 
 合并转发中的图片点击行为已调整：`url` 模式下点击图片会打开桥接服务提供的缓存资源地址（`/asset/...`），不再跳转到 QQ 原始 CDN 链接；`base64` 模式下会通过临时 blob URL 打开图片，避免额外复制一份 base64 到 `href`。
 
+出于安全考虑，合并转发图片仅允许安全 MIME 白名单（如 JPEG/PNG/GIF/WebP/BMP/AVIF）内嵌渲染；不安全类型（如 `text/html`、`image/svg+xml`）会被阻止内嵌，仅保留外链占位提示。
+
 当合并转发中的发送者 UID 无法被可靠校验（包括仅有单一发送者 UID 的场景）时，NextBridge 会在渲染头部为该发送者添加 `UID 不可信` 标记。
 
+即使 UID 被标记为不可信，渲染头部仍会展示 QQ 号（并附带 `UID 不可信` 标记），用于人工核对。
 ::: info 合并转发页面访问控制
 合并转发链接为普通路径，并且页面有独立有效期。页面到期后不会立刻跳走，而是会在原页动态切换成“已销毁”。如果启用了持久化存储，页面内容还可以在重启后继续访问。
 :::

drivers/discord.py

@@ -395,7 +395,24 @@ async def send(
             text = f"{prefix}\n{text}" if text else prefix
 
         # Handle mentions: replace @Name with <@id>
-        mentions = kwargs.get("mentions", [])
+        mentions = list(kwargs.get("mentions", []))
+
+        # Fallback conversion for source "@self_id" mentions.
+        # Bridge passes source mention display names, and we map them to the
+        # current Discord bot account mention when available.
+        source_self_mention_names = kwargs.get("source_self_mention_names", [])
+        if source_self_mention_names and self._client and self._client.user:
+            bot_id = str(self._client.user.id)
+            existing_names = {
+                str(m.get("name", "")).strip() for m in mentions if isinstance(m, dict)
+            }
+            for raw_name in source_self_mention_names:
+                name = str(raw_name).strip()
+                if not name or name in existing_names:
+                    continue
+                mentions.append({"id": bot_id, "name": name})
+                existing_names.add(name)
+
         for m in mentions:
             text = text.replace(f"@{m['name']}", f"<@{m['id']}>")
 

drivers/napcat.py

@@ -537,6 +537,7 @@ async def _on_group_message(self, event: dict):
             message_id=str(event.get("message_id", "")),
             reply_parent=reply_id,
             mentions=mentions,
+            source_self_id=self_id,
             source_mentioned_self=source_mentioned_self,
             time=datetime.datetime.fromtimestamp(time).isoformat() if time else None,
             source_proxy=self._media_proxy,
@@ -764,6 +765,19 @@ def _render_forward_face_segment_html(self, seg_data: dict) -> str:
             f"alt='{html.escape(alt_text)}' title='cqface:{html.escape(face_id)}'/>"
         )
 
+    @staticmethod
+    def _is_safe_forward_image_mime(mime: str) -> bool:
+        normalized = (mime or "").split(";", 1)[0].strip().lower()
+        # Block script-capable or non-image payloads from being embedded/served.
+        return normalized in {
+            "image/jpeg",
+            "image/png",
+            "image/gif",
+            "image/webp",
+            "image/bmp",
+            "image/avif",
+        }
+
     @staticmethod
     def _segment_url(seg_data: dict) -> str:
         url = (
@@ -887,9 +901,21 @@ async def _render_forward_image_asset_html(
             )
 
         data, mime = result
+        normalized_mime = (mime or "").split(";", 1)[0].strip().lower()
+        if not self._is_safe_forward_image_mime(normalized_mime):
+            safe_url = html.escape(url)
+            return (
+                f"<a href='{safe_url}' target='_blank' rel='noopener noreferrer'>"
+                "<div class='fwd-image-placeholder'>"
+                "图片 MIME 类型不安全，已阻止内嵌预览"
+                "</div>"
+                f"</a>"
+            )
 
         if self.config.forward_render_image_method == "base64":
-            data_url = f"data:{mime};base64,{base64.b64encode(data).decode('ascii')}"
+            data_url = (
+                f"data:{normalized_mime};base64,{base64.b64encode(data).decode('ascii')}"
+            )
             safe_data_url = html.escape(data_url)
             return (
                 f"<img class='fwd-image fwd-image-open' src='{safe_data_url}' "
@@ -908,7 +934,7 @@ async def _render_forward_image_asset_html(
             asset_id=asset_id,
             page_id=page_id,
             instance_id=self.instance_id,
-            mime=mime,
+            mime=normalized_mime,
             data=data,
             created_at=int(_utc_now().timestamp()),
             expires_at=expires_at,
@@ -1398,7 +1424,7 @@ async def _render_forward_nodes_html(
                 richheader = self._apply_forward_msg_format_header(
                     msg_format=msg_format,
                     nickname=nickname,
-                    user_id=user_id if user_id_reliable else "",
+                    user_id=user_id,
                     msg_text=msg_text,
                 )
 
@@ -1415,6 +1441,12 @@ async def _render_forward_nodes_html(
                 str(richheader.get("content", "")).strip() if richheader else ""
             )
             if user_id and not user_id_reliable and richheader:
+                if user_id not in header_content_raw:
+                    header_content_raw = (
+                        f"QQ: {user_id} · {header_content_raw}"
+                        if header_content_raw
+                        else f"QQ: {user_id}"
+                    )
                 header_content_raw = (
                     f"{header_content_raw} · UID 不可信"
                     if header_content_raw

services/bridge.py

@@ -506,14 +506,28 @@ async def _dispatch(
 
             # Resolve target mentions
             target_mentions = []
+            source_self_mention_names: list[str] = []
+            source_self_id = str(getattr(msg, "source_self_id", "") or "")
             for m in msg.mentions:
                 target_uid = msg_db().get_bound_user_id(
                     msg.instance_id, m["id"], target_id
                 )
                 if target_uid:
                     target_mentions.append({"id": target_uid, "name": m["name"]})
+                    continue
+
+                # Fallback: source @self_id (bot) mention can be converted by
+                # target drivers that know their own bot account id.
+                m_id = str(m.get("id", "") or "")
+                m_name = str(m.get("name", "") or "").strip()
+                if source_self_id and m_id == source_self_id and m_name:
+                    source_self_mention_names.append(m_name)
             if target_mentions:
                 extra_out["mentions"] = target_mentions
+            if source_self_mention_names:
+                extra_out["source_self_mention_names"] = list(
+                    dict.fromkeys(source_self_mention_names)
+                )
 
             try:
                 new_msg_id = await sender(
@@ -599,14 +613,28 @@ async def _dispatch_connect(
 
             # Resolve target mentions
             target_mentions = []
+            source_self_mention_names: list[str] = []
+            source_self_id = str(getattr(msg, "source_self_id", "") or "")
             for m in msg.mentions:
                 target_uid = msg_db().get_bound_user_id(
                     msg.instance_id, m["id"], target_id
                 )
                 if target_uid:
                     target_mentions.append({"id": target_uid, "name": m["name"]})
+                    continue
+
+                # Fallback: source @self_id (bot) mention can be converted by
+                # target drivers that know their own bot account id.
+                m_id = str(m.get("id", "") or "")
+                m_name = str(m.get("name", "") or "").strip()
+                if source_self_id and m_id == source_self_id and m_name:
+                    source_self_mention_names.append(m_name)
             if target_mentions:
                 extra_out["mentions"] = target_mentions
+            if source_self_mention_names:
+                extra_out["source_self_mention_names"] = list(
+                    dict.fromkeys(source_self_mention_names)
+                )
 
             try:
                 new_msg_id = await sender(

services/message.py

@@ -29,6 +29,7 @@ class NormalizedMessage:
     mentions: list[dict] = field(
         default_factory=list
     )  # list of {"id": str, "name": str}
+    source_self_id: str = ""  # source platform bot account id (if available)
     source_mentioned_self: bool | None = (
         None  # whether source message explicitly @mentioned the source bot account
     )