github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-11 16:03:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: enforce explicit group auth boundaries across channels

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-26 18:15:57 +01:00
parent d0d83a2020
commit 64de4b6d6a
20 changed files with 614 additions and 331 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/imessage/monitor/inbound-processing.ts
View File

@@ -256,10 +256,11 @@ export function resolveIMessageInboundDecision(params: {
const canDetectMention = mentionRegexes.length > 0;
const useAccessGroups = params.cfg.commands?.useAccessGroups !== false;
const commandDmAllowFrom = isGroup ? params.allowFrom : effectiveDmAllowFrom;
const ownerAllowedForCommands =
effectiveDmAllowFrom.length > 0
commandDmAllowFrom.length > 0
? isAllowedIMessageSender({
allowFrom: effectiveDmAllowFrom,
allowFrom: commandDmAllowFrom,
sender,
chatId,
chatGuid,
@@ -280,7 +281,7 @@ export function resolveIMessageInboundDecision(params: {
const commandGate = resolveControlCommandGate({
useAccessGroups,
authorizers: [
{ configured: effectiveDmAllowFrom.length > 0, allowed: ownerAllowedForCommands },
{ configured: commandDmAllowFrom.length > 0, allowed: ownerAllowedForCommands },
{ configured: effectiveGroupAllowFrom.length > 0, allowed: groupAllowedForCommands },
],
allowTextCommands: true,