Merge branch 'feature/image-upload' into release

@@ -244,6 +244,77 @@ $http_worker->onMessage = function ($connection, $request) {
         return;
     }
 
+    // 3. Generate Pre-Signed URL for Direct Upload
+    if (strpos($path, '/tos/sign') === 0) {
+        $query = $request->get();
+        $filename = $query['filename'] ?? 'file_' . time();
+        $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
+
+        // Validation - Keep it simple for demo
+        $allowed = ['jpg', 'jpeg', 'png', 'gif', 'webp', 'mp4', 'pdf', 'xls', 'xlsx'];
+        if (!in_array($ext, $allowed) && $ext !== '') {
+            // If no extension providing, we might just allow it or fail. 
+            // Ideally client should provide full filename with extension.
+        }
+
+        // TOS Configuration (Keys from hsobs.php)
+        $ak = 'AKLTZjkyMzliYjQ5N2IyNDFjNDliMTBiY2E2ZmU5ODhjNTM';
+        $sk = 'WldKbE5XUmpPRGxqWmpZM05EUTBObUpqTTJSa01qVTNNMkprWmpsbU9Uaw==';
+        $endpoint = 'tos-cn-shanghai.volces.com';
+        $region = 'cn-shanghai';
+        $bucket = 'ocxun';
+
+        try {
+            $client = new TosClient([
+                'region' => $region,
+                'endpoint' => $endpoint,
+                'ak' => $ak,
+                'sk' => $sk,
+            ]);
+
+            $uuid = bin2hex(random_bytes(8));
+            // TODO: User ID from token
+            $userPhone = 'guest';
+            // Ensure filename is safe
+            $safeName = preg_replace('/[^a-zA-Z0-9._-]/', '', $filename);
+            if (!$safeName)
+                $safeName = 'unnamed';
+
+            $objectKey = "clawdbot/{$userPhone}/direct_{$uuid}_{$safeName}";
+
+            // Generate Pre-Signed PUT URL (Valid for 15 mins)
+            // Note: The SDK method name might vary slightly based on version, 
+            // but `preSignedURL` is standard for TOS PHP SDK v2.
+            $input = new \Tos\Model\PreSignedURLInput(
+                'PUT',
+                $bucket,
+                $objectKey,
+                300 // 5 minutes validity
+            );
+
+            // Add content-type if known? client will send it. 
+            // For simple PUT, we just sign the method and resource.
+
+            $output = $client->preSignedURL($input);
+            $signedUrl = $output->getSignedUrl();
+
+            // Public Access URL (Assuming bucket is public-read or we use signed Get URL)
+            // For this project, we used public-read ACL in previous code, so we assume public access.
+            $publicUrl = "https://{$bucket}.{$endpoint}/{$objectKey}";
+
+            $connection->send(json_encode([
+                'ok' => true,
+                'uploadUrl' => $signedUrl,
+                'publicUrl' => $publicUrl,
+                'key' => $objectKey
+            ]));
+
+        } catch (Exception $e) {
+            $connection->send(new \Workerman\Protocols\Http\Response(500, [], json_encode(['ok' => false, 'error' => $e->getMessage()])));
+        }
+        return;
+    }
+
     $connection->send("Moltbot Relay HTTP Server");
 };