github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 20:58:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix (telegram/whatsapp): use account-scoped pairing allowlists

Browse Source
This commit is contained in:
Vignesh Natarajan
2026-02-15 19:09:07 -08:00
parent ee10feb80e
commit 6957354d48
6 changed files with 35 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/web/inbound/access-control.ts
View File

@@ -40,7 +40,11 @@ export async function checkInboundAccessControl(params: {
});
const dmPolicy = account.dmPolicy ?? "pairing";
const configuredAllowFrom = account.allowFrom;
const storeAllowFrom = await readChannelAllowFromStore("whatsapp").catch(() => []);
const storeAllowFrom = await readChannelAllowFromStore(
"whatsapp",
process.env,
account.accountId,
).catch(() => []);
// Without user config, default to self-only DM access so the owner can talk to themselves.
const combinedAllowFrom = Array.from(
new Set([...(configuredAllowFrom ?? []), ...storeAllowFrom]),
@@ -148,6 +152,7 @@ export async function checkInboundAccessControl(params: {
const { code, created } = await upsertChannelPairingRequest({
channel: "whatsapp",
id: candidate,
accountId: account.accountId,
meta: { name: (params.pushName ?? "").trim() || undefined },
});
if (created) {