I'm using teams bot api. We want to support images - an agent will upload images in teams bot conversation, and the image will be sent to our server and converted to base64 back to a user.
The request that my server gets:
{"text":"send file","textFormat":"plain","attachments":[{"contentType":"application/vnd.microsoft.teams.file.download.info","content":{"downloadUrl":"https:// -my.sharepoint.com/personal/ /_layouts/15/download.aspx?UniqueId=2f** b&Translate=false&tempauth= &ApiVersion=2.0","uniqueId":" ","fileType":"pdf"},"contentUrl":"https:// -my.sharepoint.com/personal/*/Documents/Microsoft Teams Chat Files/myFile.pdf","name":"myFile.pdf"},{"contentType":"text/html","content":"<p>send file</p>"}],"type":"message","timestamp":"2022-07-25T11:13:17.7731472Z"........}
This is my code:
if (message.attachments) {
const file = message.attachments.find(a => a.contentType === "application/vnd.microsoft.teams.file.download.info");
if (file) {
require('request').get({uri: file.content.downloadUrl, encoding: null}, function (err, res, body) {
if (!err && res.statusCode === 200) {
const base64Data = "data:" + res.headers["content-type"] + ";base64," + new Buffer(body).toString('base64');
} else console.log(err ? err : "statusCode: " + res.statusCode);
});
}}
But I'm getting "statusCode: 403".
From the docs it seems like the URL should work:
content.downloadUrl is a pre-authenticated link to download the file. To fetch the contents of the file, send a GET request to the URL in content.downloadUrl. The URL is only valid for a few minutes, so you must fetch the file immediately.
I found the problem.
The downloadUrl really has to be public, the problem is that our nodejs code use sanitazion on each input for security -
expressSanitized.middleware({encoder: 'XSSEncode'})
The sanitazion added "&amd;" to the downloadUrl -
https://***.sharepoint.com/personal/****/_layouts/15/download.aspx?UniqueId=5c****c344&Translate=false&tempauth=eyJ0e........AwMDAwMDAv
That's why I got 403....
I added unescape function to remove the & and now it works.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.