github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 02:48:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: enforce strict allowlist across pairing stores (#23017)

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-22 00:00:23 +01:00
committed by GitHub
parent 617e38cec0
commit 0bd9f0d4ac
31 changed files with 162 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/imessage/monitor/inbound-processing.ts
View File

@@ -138,7 +138,8 @@ export function resolveIMessageInboundDecision(params: {
}
const groupId = isGroup ? groupIdCandidate : undefined;
const effectiveDmAllowFrom = Array.from(new Set([...params.allowFrom, ...params.storeAllowFrom]))
const storeAllowFrom = params.dmPolicy === "allowlist" ? [] : params.storeAllowFrom;
const effectiveDmAllowFrom = Array.from(new Set([...params.allowFrom, ...storeAllowFrom]))
.map((v) => String(v).trim())
.filter(Boolean);
// Keep DM pairing-store authorization scoped to DMs; group access must come from explicit group allowlist config.