fix: only allow HTTPS URLs to pass through directly in LINE adapter

[KBVsent]

The LINE Messaging API strictly requires all media URLs (images, audio, video, files) to use HTTPS. The previous _resolve_*_url methods in the LINE adapter treated http:// and https:// URLs equally, passing both through directly without any conversion. This caused a 400 error (Must be a valid HTTPS URL) .

Modifications / 改动点

• astrbot/core/platform/sources/line/line_event.py:
  Changed all five URL resolution methods (_resolve_image_url, _resolve_record_url, _resolve_video_url, _resolve_video_preview_url, _resolve_file_url) to only pass through https:// URLs directly. Any http:// URL now falls through to register_to_file_service().

• This is NOT a breaking change. / 这不是一个破坏性变更。

Screenshots or Test Results / 运行截图或测试结果

Before:

After:
No Error

---

Checklist / 检查清单

• 😊 如果 PR 中有新加入的功能，已经通过 Issue / 邮件等方式和作者讨论过。/ If there are new features added in the PR, I have discussed it with the authors through issues/emails, etc.
• 👀 我的更改经过了良好的测试，并已在上方提供了“验证步骤”和“运行截图”。/ My changes have been well-tested, and "Verification Steps" and "Screenshots" have been provided above.
• 🤓 我确保没有引入新依赖库，或者引入了新依赖库的同时将其添加到了 requirements.txt 和 pyproject.toml 文件相应位置。/ I have ensured that no new dependencies are introduced, OR if new dependencies are introduced, they have been added to the appropriate locations in requirements.txt and pyproject.toml.
• 😮 我的更改没有引入恶意代码。/ My changes do not introduce malicious code.

Summary by Sourcery

错误修复：

• 通过禁止直接发送纯 HTTP URL，并改为通过文件服务进行注册，防止 LINE 媒体消息因 400 错误而发送失败。

Original summary in English

Summary by Sourcery

Bug Fixes:

• Prevent LINE media messages from failing with 400 errors by disallowing plain HTTP URLs from being sent directly and registering them via the file service instead.

[sourcery-ai]

Hey - 我在这里给出了一些整体性的反馈：

• 针对仅支持 HTTPS 的检查逻辑，在多个 _resolve_*_url 方法中有重复；可以考虑抽取一个小的辅助函数（例如 _is_https_url(candidate: str) -> bool），以减少重复代码，并在未来逻辑发生变化时（比如支持更多协议或增加校验）能保持行为一致。
• 为了方便后续排查问题，当某个 http:// URL 被拒绝、并且代码回退到调用 register_to_file_service() 时，可以考虑输出一条 debug 级别的日志，这样更容易追踪那些意外出现的非 HTTPS 输入。

供 AI 代理使用的提示词

Please address the comments from this code review:

## Overall Comments
- The HTTPS-only checks are duplicated across several `_resolve_*_url` methods; consider extracting a small helper (e.g., `_is_https_url(candidate: str) -> bool`) to reduce repetition and ensure consistent behavior if the logic ever evolves (such as supporting additional schemes or validation).
- For future debugging, it may be useful to emit a debug-level log when an `http://` URL is rejected and the code falls back to `register_to_file_service()`, so unexpected non-HTTPS inputs are easier to trace.

---

Sourcery 对开源项目免费——如果你觉得我们的 Review 有帮助，欢迎分享 ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{帮我变得更有用！请在每条评论上点 👍 或 👎，我会根据你的反馈来改进之后的 Review。}

Original comment in English

Hey - I've left some high level feedback:

• The HTTPS-only checks are duplicated across several _resolve_*_url methods; consider extracting a small helper (e.g., _is_https_url(candidate: str) -> bool) to reduce repetition and ensure consistent behavior if the logic ever evolves (such as supporting additional schemes or validation).
• For future debugging, it may be useful to emit a debug-level log when an http:// URL is rejected and the code falls back to register_to_file_service(), so unexpected non-HTTPS inputs are easier to trace.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The HTTPS-only checks are duplicated across several `_resolve_*_url` methods; consider extracting a small helper (e.g., `_is_https_url(candidate: str) -> bool`) to reduce repetition and ensure consistent behavior if the logic ever evolves (such as supporting additional schemes or validation).
- For future debugging, it may be useful to emit a debug-level log when an `http://` URL is rejected and the code falls back to `register_to_file_service()`, so unexpected non-HTTPS inputs are easier to trace.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[dosubot]

Related Documentation

Checked 1 published document(s) in 1 knowledge base(s). No updates required.

^{How did I do? Any feedback?}  

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enforces the use of HTTPS URLs in the LINE adapter to comply with the LINE Messaging API's requirements for media URLs. It fixes a bug where HTTP URLs were being passed through, leading to errors. The changes ensure that only HTTPS URLs are directly used, while HTTP URLs are handled by the register_to_file_service() method.

Highlights

• Security Enhancement: Ensures that only HTTPS URLs are directly passed through in the LINE adapter, aligning with LINE Messaging API requirements.
• Bug Fix: Addresses a 400 error caused by allowing HTTP URLs, which are not supported by the LINE Messaging API for media URLs.
• Code Modification: Modified five URL resolution methods in line_event.py to enforce HTTPS for image, record, video, video preview, and file URLs.

Changelog

• astrbot/core/platform/sources/line/line_event.py
  • Modified URL resolution methods to only allow HTTPS URLs to pass through directly.

Activity

• The pull request includes modifications to the _resolve_image_url, _resolve_record_url, _resolve_video_url, _resolve_video_preview_url, and _resolve_file_url methods in astrbot/core/platform/sources/line/line_event.py.
• The changes ensure that only HTTPS URLs are directly passed through, while HTTP URLs are handled by the register_to_file_service() method.
• Screenshots and test results are provided to demonstrate the fix.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request correctly fixes a bug where http:// URLs for media were causing errors with the LINE API. The changes ensure only https:// URLs are passed through directly, with other schemes correctly falling back to the file service. The implementation is correct. I've added one comment regarding potential code duplication which could be addressed to improve maintainability.

[astrbot-doc-agent]

No docs changes were generated in this run (docs repo had no updates).

Docs repo: AstrBotDevs/AstrBot-docs
Trigger: PR merged

---

AI change summary (not committed):

• 在 LINE 适配器文档中补充说明：LINE Messaging API 要求媒体（图片、语音、视频、文件）URL 必须为 HTTPS。
• 记录变更行为：HTTP URL 将自动通过文件服务处理，不再直接发送。
• 涉及中英文文档 (zh/en) 同步更新。

---

Experimental bot notice:

• This output is generated by AstrBot-Doc-Agent for review only.
• It does not represent the final documentation form.