github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 00:41:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(security): share DM allowlist state resolver

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-18 23:58:11 +00:00
parent 2709c0ba51
commit 5c5c032f42
4 changed files with 83 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/commands/doctor-security.ts
View File

@@ -5,8 +5,7 @@ import { formatCliCommand } from "../cli/command-format.js";
import type { OpenClawConfig, GatewayBindMode } from "../config/config.js";
import { resolveGatewayAuth } from "../gateway/auth.js";
import { isLoopbackHost, resolveGatewayBindHost } from "../gateway/net.js";
import { readChannelAllowFromStore } from "../pairing/pairing-store.js";
import { normalizeStringEntries } from "../shared/string-normalization.js";
import { resolveDmAllowState } from "../security/dm-policy-shared.js";
import { note } from "../terminal/note.js";
export async function noteSecurityWarnings(cfg: OpenClawConfig) {
@@ -85,23 +84,12 @@ export async function noteSecurityWarnings(cfg: OpenClawConfig) {
}) => {
const dmPolicy = params.dmPolicy;
const policyPath = params.policyPath ?? `${params.allowFromPath}policy`;
const configAllowFrom = normalizeStringEntries(
Array.isArray(params.allowFrom) ? params.allowFrom : undefined,
);
const hasWildcard = configAllowFrom.includes("*");
const storeAllowFrom = await readChannelAllowFromStore(params.provider).catch(() => []);
const normalizedCfg = configAllowFrom
.filter((v) => v !== "*")
.map((v) => (params.normalizeEntry ? params.normalizeEntry(v) : v))
.map((v) => v.trim())
.filter(Boolean);
const normalizedStore = storeAllowFrom
.map((v) => (params.normalizeEntry ? params.normalizeEntry(v) : v))
.map((v) => v.trim())
.filter(Boolean);
const allowCount = Array.from(new Set([...normalizedCfg, ...normalizedStore])).length;
const { hasWildcard, allowCount, isMultiUserDm } = await resolveDmAllowState({
provider: params.provider,
allowFrom: params.allowFrom,
normalizeEntry: params.normalizeEntry,
});
const dmScope = cfg.session?.dmScope ?? "main";
const isMultiUserDm = hasWildcard || allowCount > 1;
if (dmPolicy === "open") {
const allowFromPath = `${params.allowFromPath}allowFrom`;