github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-11 07:04:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): keep DM pairing allowlists out of group auth

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-26 12:58:06 +01:00
parent d08dafb08f
commit 8bdda7a651
15 changed files with 194 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/telegram/bot-native-commands.ts
View File

@@ -41,7 +41,7 @@ import { resolveAgentRoute } from "../routing/resolve-route.js";
import { resolveThreadSessionKeys } from "../routing/session-key.js";
import type { RuntimeEnv } from "../runtime.js";
import { withTelegramApiErrorLogging } from "./api-logging.js";
import { isSenderAllowed, normalizeAllowFromWithStore } from "./bot-access.js";
import { isSenderAllowed, normalizeDmAllowFromWithStore } from "./bot-access.js";
import {
buildCappedTelegramMenuCommands,
buildPluginTelegramMenuCommands,
@@ -251,7 +251,7 @@ async function resolveTelegramCommandAuth(params: {
}
}
const dmAllow = normalizeAllowFromWithStore({
const dmAllow = normalizeDmAllowFromWithStore({
allowFrom: allowFrom,
storeAllowFrom,
dmPolicy: telegramCfg.dmPolicy ?? "pairing",