fix: extract Zalo attachment URLs and use backend OAuth flow

tanviet12 · claude · tanviet12 · commit 3f1452a27448 · 2026-03-25T21:13:21.000+07:00
- zalo_oa.go: extract image/file/sticker/gif attachment URLs from Zalo messages
- Channels.vue: use backend /reauth API for signed OAuth URL instead of hardcoded frontend redirect

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/backend/channels/zalo_oa.go b/backend/channels/zalo_oa.go
@@ -280,9 +280,39 @@ func (z *ZaloOAAdapter) FetchMessages(ctx context.Context, conversationID string
 				RawData:     msg,
 			}
 
-			// Check for attachments
+			// Check for attachments (image, file, sticker, gif, etc.)
 			if msgType, ok := msg["type"].(string); ok && msgType != "text" {
 				syncedMsg.ContentType = msgType
+
+				// Extract attachment URL from Zalo message
+				aURL := ""
+				aName := ""
+				if u, ok := msg["url"].(string); ok && u != "" {
+					aURL = u
+				} else if u, ok := msg["thumb"].(string); ok && u != "" {
+					aURL = u
+				}
+				// For file type: check links array
+				if links, ok := msg["links"].([]interface{}); ok && len(links) > 0 {
+					if link, ok := links[0].(map[string]interface{}); ok {
+						if u, ok := link["url"].(string); ok {
+							aURL = u
+						}
+						if n, ok := link["name"].(string); ok {
+							aName = n
+						}
+					}
+				}
+				if aURL != "" {
+					if aName == "" {
+						aName = fmt.Sprintf("%s-%s", msgType, msgID)
+					}
+					syncedMsg.Attachments = append(syncedMsg.Attachments, Attachment{
+						Type: msgType,
+						URL:  aURL,
+						Name: aName,
+					})
+				}
 			}
 
 			messages = append(messages, syncedMsg)
diff --git a/frontend/src/views/Channels.vue b/frontend/src/views/Channels.vue
@@ -247,15 +247,26 @@ async function createAndAuthZalo() {
     })
     showDialog.value = false
 
-    // Step 2: Redirect to Zalo OAuth authorize URL
+    // Step 2: Use backend reauth API to get signed OAuth URL (with HMAC state)
     const channelId = created?.id || created?.data?.id
+    if (channelId && newChannel.channel_type === 'zalo_oa') {
+      try {
+        const { data: reauthData } = await api.post(`/tenants/${tenantId.value}/channels/${channelId}/reauth`)
+        const redirectUrl = reauthData?.redirect_url
+        if (redirectUrl) {
+          window.location.href = redirectUrl
+          return
+        }
+      } catch {
+        // Fallback: redirect to channel detail
+        router.push(`/${tenantId.value}/channels/${channelId}`)
+        return
+      }
+    }
+    showSnack(t('success'), 'success')
+    channelStore.fetchChannels(tenantId.value)
     if (channelId) {
-      const callbackUrl = `${window.location.origin}/api/v1/channels/zalo/callback`
-      const authUrl = `https://oauth.zaloapp.com/v4/oa/permission?app_id=${newChannel.creds.app_id}&redirect_uri=${encodeURIComponent(callbackUrl)}&state=${tenantId.value}:${channelId}`
-      window.location.href = authUrl
-    } else {
-      showSnack(t('success'), 'success')
-      channelStore.fetchChannels(tenantId.value)
+      router.push(`/${tenantId.value}/channels/${channelId}`)
     }
 
     newChannel.name = ''
