Load .env, prefer WEBUI secret, add build script

Load local .env in napcat-shell and prioritize NAPCAT_WEBUI_SECRET_KEY across the app. Changes include:
- package.json: add build🐚config script to build shell and copy env for dev builds.
- packages/napcat-develop/config/.env and loadNapCat.cjs: update default WEBUI secret to `napcatqq` and set the same env in the loader.
- packages/napcat-shell/napcat.ts: read config/.env into process.env at startup, rework pathWrapper/logger initialization, and minor formatting cleanups.
- packages/napcat-webui-backend/index.ts: InitWebUi now prefers NAPCAT_WEBUI_SECRET_KEY from the environment (updates config and logs the change); only generates a random token if no env override and current token is default.
These changes make it easier to override the WebUI token for development and ensure the token is propagated when building the shell for dev workflows.

package.json

@@ -6,6 +6,7 @@
   "scripts": {
     "build:shell": "pnpm --filter napcat-shell run build || exit 1",
     "build:shell:dev": "pnpm --filter napcat-shell run build:dev || exit 1",
+    "build:shell:config": "pnpm --filter napcat-shell run build && pnpm --filter napcat-develop run copy-env",
     "build:framework": "pnpm --filter napcat-framework run build || exit 1",
     "build:webui": "pnpm --filter napcat-webui-frontend run build || exit 1",
     "build:plugin-builtin": "pnpm --filter napcat-plugin-builtin run build || exit 1",
@@ -14,8 +15,7 @@
     "test": "pnpm --filter napcat-test run test",
     "test:ui": "pnpm --filter napcat-test run test:ui",
     "lint": "eslint .",
-    "lint:fix": "eslint . --fix",
-    "build:shell:config": "pnpm --filter napcat-shell run build && pnpm --filter napcat-develop run copy-env"
+    "lint:fix": "eslint . --fix"
   },
   "devDependencies": {
     "@rollup/plugin-node-resolve": "^16.0.3",

packages/napcat-develop/config/.env

@@ -1,4 +1,4 @@
 NAPCAT_DISABLE_PIPE=1
 NAPCAT_DISABLE_MULTI_PROCESS=1
 NAPCAT_WEBUI_JWT_SECRET_KEY=napcat_dev_secret_key
-NAPCAT_WEBUI_SECRET_KEY=napcat
+NAPCAT_WEBUI_SECRET_KEY=napcatqq

packages/napcat-develop/loadNapCat.cjs

@@ -78,7 +78,7 @@ async function copyAll () {
   process.env.NAPCAT_WORKDIR = TARGET_DIR;
   // 开发环境使用固定密钥
   process.env.NAPCAT_WEBUI_JWT_SECRET_KEY = 'napcat_dev_secret_key';
-  process.env.NAPCAT_WEBUI_SECRET_KEY = 'napcat';
+  process.env.NAPCAT_WEBUI_SECRET_KEY = 'napcatqq';
   console.log('Loading NapCat module...');
   await import(pathToFileURL(NAPCAT_MJS_PATH).href);
 }

packages/napcat-shell/napcat.ts

@@ -7,11 +7,33 @@ import { AuthHelper } from '@/napcat-webui-backend/src/helper/SignToken';
 import { webUiRuntimePort } from '@/napcat-webui-backend/index';
 import { createProcessManager, type IProcessManager, type IWorkerProcess } from './process-api';
 import path from 'path';
+import fs from 'fs';
 import { fileURLToPath } from 'url';
 
-// ES 模块中获取 __dirname
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
+const pathWrapper = new NapCatPathWrapper();
+const envPath = path.join(__dirname, 'config', '.env');
+if (fs.existsSync(envPath)) {
+  try {
+    const data = fs.readFileSync(envPath, 'utf8');
+    let loadedCount = 0;
+    data.split(/\r?\n/).forEach(line => {
+      line = line.trim();
+      if (line && !line.startsWith('#')) {
+        const parts = line.split('=');
+        const key = parts[0]?.trim();
+        const value = parts.slice(1).join('=').trim();
+        if (key && value) {
+          process.env[key] = value;
+          loadedCount++;
+        }
+      }
+    });
+  } catch (e) {
+    console.log('[NapCat] Failed to load .env file:', e);
+  }
+}
 
 // 环境变量配置
 const ENV = {
@@ -20,6 +42,7 @@ const ENV = {
   isPipeDisabled: process.env['NAPCAT_DISABLE_PIPE'] === '1',
 } as const;
 
+
 // Worker 消息类型
 interface WorkerMessage {
   type: 'restart' | 'restart-prepare' | 'shutdown';
@@ -27,8 +50,7 @@ interface WorkerMessage {
   port?: number;
 }
 
-// 初始化日志
-const pathWrapper = new NapCatPathWrapper();
+
 const logger = new LogWrapper(pathWrapper.logsPath);
 
 // 进程管理器和当前 Worker 进程引用
@@ -223,21 +245,21 @@ async function startWorker (passQuickLogin: boolean = true, secretKey?: string,
     // 如果不是由于主动重启或关闭引起的退出，尝试自动重新拉起
     if (!isRestarting && !isShuttingDown) {
       const now = Date.now();
-      
+
       // 清理超出时间窗口的崩溃记录
       while (recentCrashTimestamps.length > 0 && now - recentCrashTimestamps[0]! > CRASH_TIME_WINDOW) {
         recentCrashTimestamps.shift();
       }
-      
+
       // 记录本次崩溃
       recentCrashTimestamps.push(now);
-      
+
       // 检查是否超过崩溃阈值
       if (recentCrashTimestamps.length >= MAX_CRASHES_IN_WINDOW) {
         logger.logError(`[NapCat] [${processType}] Worker进程在 ${CRASH_TIME_WINDOW / 1000} 秒内异常退出 ${MAX_CRASHES_IN_WINDOW} 次，主进程退出`);
         process.exit(1);
       }
-      
+
       logger.logWarn(`[NapCat] [${processType}] Worker进程意外退出 (${recentCrashTimestamps.length}/${MAX_CRASHES_IN_WINDOW})，正在尝试重新拉起...`);
       startWorker(true).catch(e => {
         logger.logError(`[NapCat] [${processType}] 重新拉起Worker进程失败:`, e);

packages/napcat-webui-backend/index.ts

@@ -123,9 +123,14 @@ export async function InitWebUi (logger: ILogWrapper, pathWrapper: NapCatPathWra
     return;
   }
 
-  // 检查并更新默认密码（仅在启用WebUI时）
-  if (config.token === 'napcat' || !config.token) {
-    const randomToken = process.env['NAPCAT_WEBUI_SECRET_KEY'] || getRandomToken(8);
+  // 优先使用环境变量覆盖 Token
+  if (process.env['NAPCAT_WEBUI_SECRET_KEY'] && config.token !== process.env['NAPCAT_WEBUI_SECRET_KEY']) {
+    await WebUiConfig.UpdateWebUIConfig({ token: process.env['NAPCAT_WEBUI_SECRET_KEY'] });
+    logger.log(`[NapCat] [WebUi] 检测到环境变量配置，已更新 WebUI Token 为 ${process.env['NAPCAT_WEBUI_SECRET_KEY']}`);
+    config = await WebUiConfig.GetWebUIConfig();
+  } else if (config.token === 'napcat' || !config.token) {
+    // 只有没设置环境变量，且是默认密码时，才生成随机密码
+    const randomToken = getRandomToken(8);
     await WebUiConfig.UpdateWebUIConfig({ token: randomToken });
     logger.log('[NapCat] [WebUi] 检测到默认密码，已自动更新为安全密码');