github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 21:14:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix (telegram/whatsapp): use account-scoped pairing allowlists

Browse Source
This commit is contained in:
Vignesh Natarajan
2026-02-15 19:09:07 -08:00
parent ee10feb80e
commit 6957354d48
6 changed files with 35 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/telegram/bot-handlers.ts
View File

@@ -227,7 +227,11 @@ export const registerTelegramHandlers = ({
} }
} }
const storeAllowFrom = await readChannelAllowFromStore("telegram").catch(() => []); const storeAllowFrom = await readChannelAllowFromStore(
"telegram",
process.env,
accountId,
).catch(() => []);
await processMessage(primaryEntry.ctx, allMedia, storeAllowFrom); await processMessage(primaryEntry.ctx, allMedia, storeAllowFrom);
} catch (err) { } catch (err) {
runtime.error?.(danger(`media group handler failed: ${String(err)}`)); runtime.error?.(danger(`media group handler failed: ${String(err)}`));
@@ -258,7 +262,11 @@ export const registerTelegramHandlers = ({
date: last.msg.date ?? first.msg.date, date: last.msg.date ?? first.msg.date,
}; };
const storeAllowFrom = await readChannelAllowFromStore("telegram").catch(() => []); const storeAllowFrom = await readChannelAllowFromStore(
"telegram",
process.env,
accountId,
).catch(() => []);
const baseCtx = first.ctx; const baseCtx = first.ctx;
const getFile = const getFile =
typeof baseCtx.getFile === "function" ? baseCtx.getFile.bind(baseCtx) : async () => ({}); typeof baseCtx.getFile === "function" ? baseCtx.getFile.bind(baseCtx) : async () => ({});
@@ -330,6 +338,7 @@ export const registerTelegramHandlers = ({
const isForum = callbackMessage.chat.is_forum === true; const isForum = callbackMessage.chat.is_forum === true;
const groupAllowContext = await resolveTelegramGroupAllowFromContext({ const groupAllowContext = await resolveTelegramGroupAllowFromContext({
chatId, chatId,
accountId,
isForum, isForum,
messageThreadId, messageThreadId,
groupAllowFrom, groupAllowFrom,
@@ -699,6 +708,7 @@ export const registerTelegramHandlers = ({
const isForum = msg.chat.is_forum === true; const isForum = msg.chat.is_forum === true;
const groupAllowContext = await resolveTelegramGroupAllowFromContext({ const groupAllowContext = await resolveTelegramGroupAllowFromContext({
chatId, chatId,
accountId,
isForum, isForum,
messageThreadId, messageThreadId,
groupAllowFrom, groupAllowFrom,

1
src/telegram/bot-message-context.ts
View File

@@ -273,6 +273,7 @@ export const buildTelegramMessageContext = async ({
const { code, created } = await upsertChannelPairingRequest({ const { code, created } = await upsertChannelPairingRequest({
channel: "telegram", channel: "telegram",
id: telegramUserId, id: telegramUserId,
accountId: account.accountId,
meta: { meta: {
username: from?.username, username: from?.username,
firstName: from?.first_name, firstName: from?.first_name,

5
src/telegram/bot-native-commands.ts
View File

@@ -127,6 +127,7 @@ async function resolveTelegramCommandAuth(params: {
msg: NonNullable<TelegramNativeCommandContext["message"]>; msg: NonNullable<TelegramNativeCommandContext["message"]>;
bot: Bot; bot: Bot;
cfg: OpenClawConfig; cfg: OpenClawConfig;
accountId: string;
telegramCfg: TelegramAccountConfig; telegramCfg: TelegramAccountConfig;
allowFrom?: Array<string | number>; allowFrom?: Array<string | number>;
groupAllowFrom?: Array<string | number>; groupAllowFrom?: Array<string | number>;
@@ -142,6 +143,7 @@ async function resolveTelegramCommandAuth(params: {
msg, msg,
bot, bot,
cfg, cfg,
accountId,
telegramCfg, telegramCfg,
allowFrom, allowFrom,
groupAllowFrom, groupAllowFrom,
@@ -156,6 +158,7 @@ async function resolveTelegramCommandAuth(params: {
const isForum = (msg.chat as { is_forum?: boolean }).is_forum === true; const isForum = (msg.chat as { is_forum?: boolean }).is_forum === true;
const groupAllowContext = await resolveTelegramGroupAllowFromContext({ const groupAllowContext = await resolveTelegramGroupAllowFromContext({
chatId, chatId,
accountId,
isForum, isForum,
messageThreadId, messageThreadId,
groupAllowFrom, groupAllowFrom,
@@ -371,6 +374,7 @@ export const registerTelegramNativeCommands = ({
msg, msg,
bot, bot,
cfg, cfg,
accountId,
telegramCfg, telegramCfg,
allowFrom, allowFrom,
groupAllowFrom, groupAllowFrom,
@@ -623,6 +627,7 @@ export const registerTelegramNativeCommands = ({
msg, msg,
bot, bot,
cfg, cfg,
accountId,
telegramCfg, telegramCfg,
allowFrom, allowFrom,
groupAllowFrom, groupAllowFrom,

7
src/telegram/bot/helpers.ts
View File

@@ -18,6 +18,7 @@ export type TelegramThreadSpec = {
export async function resolveTelegramGroupAllowFromContext(params: { export async function resolveTelegramGroupAllowFromContext(params: {
chatId: string | number; chatId: string | number;
accountId?: string;
isForum?: boolean; isForum?: boolean;
messageThreadId?: number | null; messageThreadId?: number | null;
groupAllowFrom?: Array<string | number>; groupAllowFrom?: Array<string | number>;
@@ -38,7 +39,11 @@ export async function resolveTelegramGroupAllowFromContext(params: {
isForum: params.isForum, isForum: params.isForum,
messageThreadId: params.messageThreadId, messageThreadId: params.messageThreadId,
}); });
const storeAllowFrom = await readChannelAllowFromStore("telegram").catch(() => []); const storeAllowFrom = await readChannelAllowFromStore(
"telegram",
process.env,
params.accountId,
).catch(() => []);
const { groupConfig, topicConfig } = params.resolveTelegramGroupConfig( const { groupConfig, topicConfig } = params.resolveTelegramGroupConfig(
params.chatId, params.chatId,
resolvedThreadId, resolvedThreadId,

6
src/web/auto-reply/monitor/process-message.ts
View File

@@ -88,7 +88,11 @@ async function resolveWhatsAppCommandAuthorized(params: {
return normalizeAllowFromE164(configuredGroupAllowFrom).includes(senderE164); return normalizeAllowFromE164(configuredGroupAllowFrom).includes(senderE164);
} }
const storeAllowFrom = await readChannelAllowFromStore("whatsapp").catch(() => []); const storeAllowFrom = await readChannelAllowFromStore(
"whatsapp",
process.env,
params.msg.accountId,
).catch(() => []);
const combinedAllowFrom = Array.from( const combinedAllowFrom = Array.from(
new Set([...(configuredAllowFrom ?? []), ...storeAllowFrom]), new Set([...(configuredAllowFrom ?? []), ...storeAllowFrom]),
); );

7
src/web/inbound/access-control.ts
View File

@@ -40,7 +40,11 @@ export async function checkInboundAccessControl(params: {
}); });
const dmPolicy = account.dmPolicy ?? "pairing"; const dmPolicy = account.dmPolicy ?? "pairing";
const configuredAllowFrom = account.allowFrom; const configuredAllowFrom = account.allowFrom;
const storeAllowFrom = await readChannelAllowFromStore("whatsapp").catch(() => []); const storeAllowFrom = await readChannelAllowFromStore(
"whatsapp",
process.env,
account.accountId,
).catch(() => []);
// Without user config, default to self-only DM access so the owner can talk to themselves. // Without user config, default to self-only DM access so the owner can talk to themselves.
const combinedAllowFrom = Array.from( const combinedAllowFrom = Array.from(
new Set([...(configuredAllowFrom ?? []), ...storeAllowFrom]), new Set([...(configuredAllowFrom ?? []), ...storeAllowFrom]),
@@ -148,6 +152,7 @@ export async function checkInboundAccessControl(params: {
const { code, created } = await upsertChannelPairingRequest({ const { code, created } = await upsertChannelPairingRequest({
channel: "whatsapp", channel: "whatsapp",
id: candidate, id: candidate,
accountId: account.accountId,
meta: { name: (params.pushName ?? "").trim() || undefined }, meta: { name: (params.pushName ?? "").trim() || undefined },
}); });
if (created) { if (created) {