fix: lark calendar get app access token bug (#4043)

Co-authored-by: chengcheng.frontend <chengcheng.frontend@bytedance.com>

packages/app-store/larkcalendar/api/events.ts

@@ -55,7 +55,8 @@ async function postHandler(req: NextApiRequest, res: NextApiResponse) {
 
   // used for events handler binding in lark open platform, see
   // https://open.larksuite.com/document/ukTMukTMukTM/uUTNz4SN1MjL1UzM?lang=en-US
-  if (req.body.type === "url_verification") {
+  if (req.body.type === "url_verification" && req.body.token === open_verification_token) {
+    log.debug("update token", req.body);
     return res.status(200).json({ challenge: req.body.challenge });
   }
 

packages/app-store/larkcalendar/lib/AppAccessToken.ts

@@ -32,6 +32,10 @@ function makePoolingPromise<T>(
 const appKeysSchema = z.object({
   app_id: z.string().min(1),
   app_secret: z.string().min(1),
+  app_access_token: z.string().optional(),
+  app_ticket: z.string().optional(),
+  expire_date: z.number().optional(),
+  open_verification_token: z.string().min(1),
 });
 
 const getValidAppKeys = async (): Promise<ReturnType<typeof getAppKeys>> => {