github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 00:23:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(security): unify command gating and blocked-key guards

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 13:04:31 +01:00
parent 356d61aacf
commit 08e020881d
10 changed files with 111 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
src/auto-reply/reply/commands-config.ts
View File

@@ -1,6 +1,5 @@
import { resolveChannelConfigWrites } from "../../channels/plugins/config-writes.js";
import { normalizeChannelId } from "../../channels/registry.js";
import { isCommandFlagEnabled } from "../../config/commands.js";
import {
getConfigValueAtPath,
parseConfigPath,
@@ -18,7 +17,7 @@ import {
setConfigOverride,
unsetConfigOverride,
} from "../../config/runtime-overrides.js";
import { logVerbose } from "../../globals.js";
import { rejectUnauthorizedCommand, requireCommandFlagEnabled } from "./command-gates.js";
import type { CommandHandler } from "./commands-types.js";
import { parseConfigCommand } from "./config-commands.js";
import { parseDebugCommand } from "./debug-commands.js";
@@ -31,19 +30,16 @@ export const handleConfigCommand: CommandHandler = async (params, allowTextComma
if (!configCommand) {
return null;
}
if (!params.command.isAuthorizedSender) {
logVerbose(
`Ignoring /config from unauthorized sender: ${params.command.senderId || "<unknown>"}`,
);
return { shouldContinue: false };
const unauthorized = rejectUnauthorizedCommand(params, "/config");
if (unauthorized) {
return unauthorized;
}
if (!isCommandFlagEnabled(params.cfg, "config")) {
return {
shouldContinue: false,
reply: {
text: "⚠️ /config is disabled. Set commands.config=true to enable.",
},
};
const disabled = requireCommandFlagEnabled(params.cfg, {
label: "/config",
configKey: "config",
});
if (disabled) {
return disabled;
}
if (configCommand.action === "error") {
return {
@@ -185,19 +181,16 @@ export const handleDebugCommand: CommandHandler = async (params, allowTextComman
if (!debugCommand) {
return null;
}
if (!params.command.isAuthorizedSender) {
logVerbose(
`Ignoring /debug from unauthorized sender: ${params.command.senderId || "<unknown>"}`,
);
return { shouldContinue: false };
const unauthorized = rejectUnauthorizedCommand(params, "/debug");
if (unauthorized) {
return unauthorized;
}
if (!isCommandFlagEnabled(params.cfg, "debug")) {
return {
shouldContinue: false,
reply: {
text: "⚠️ /debug is disabled. Set commands.debug=true to enable.",
},
};
const disabled = requireCommandFlagEnabled(params.cfg, {
label: "/debug",
configKey: "debug",
});
if (disabled) {
return disabled;
}
if (debugCommand.action === "error") {
return {