mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-07 21:51:24 +00:00
fix: harden discord and slack reaction ingress authorization
This commit is contained in:
Peter Steinberger
@@ -1,5 +1,5 @@
|
||||
import { ChannelType, type Guild } from "@buape/carbon";
|
||||
import { describe, expect, it, vi } from "vitest";
|
||||
import { beforeEach, describe, expect, it, vi } from "vitest";
|
||||
import { typedCases } from "../test-utils/typed-cases.js";
|
||||
import {
|
||||
allowListMatches,
|
||||
@@ -20,6 +20,12 @@ import {
|
||||
} from "./monitor.js";
|
||||
import { DiscordMessageListener, DiscordReactionListener } from "./monitor/listeners.js";
|
||||
|
||||
const readAllowFromStoreMock = vi.hoisted(() => vi.fn());
|
||||
|
||||
vi.mock("../pairing/pairing-store.js", () => ({
|
||||
readChannelAllowFromStore: (...args: unknown[]) => readAllowFromStoreMock(...args),
|
||||
}));
|
||||
|
||||
const fakeGuild = (id: string, name: string) => ({ id, name }) as Guild;
|
||||
|
||||
const makeEntries = (
|
||||
@@ -899,6 +905,12 @@ function makeReactionClient(options?: {
|
||||
|
||||
function makeReactionListenerParams(overrides?: {
|
||||
botUserId?: string;
|
||||
dmEnabled?: boolean;
|
||||
groupDmEnabled?: boolean;
|
||||
groupDmChannels?: string[];
|
||||
dmPolicy?: "open" | "pairing" | "allowlist" | "disabled";
|
||||
allowFrom?: string[];
|
||||
groupPolicy?: "open" | "allowlist" | "disabled";
|
||||
allowNameMatching?: boolean;
|
||||
guildEntries?: Record<string, DiscordGuildEntryResolved>;
|
||||
}) {
|
||||
@@ -907,6 +919,12 @@ function makeReactionListenerParams(overrides?: {
|
||||
accountId: "acc-1",
|
||||
runtime: {} as import("../runtime.js").RuntimeEnv,
|
||||
botUserId: overrides?.botUserId ?? "bot-1",
|
||||
dmEnabled: overrides?.dmEnabled ?? true,
|
||||
groupDmEnabled: overrides?.groupDmEnabled ?? true,
|
||||
groupDmChannels: overrides?.groupDmChannels ?? [],
|
||||
dmPolicy: overrides?.dmPolicy ?? "open",
|
||||
allowFrom: overrides?.allowFrom ?? [],
|
||||
groupPolicy: overrides?.groupPolicy ?? "open",
|
||||
allowNameMatching: overrides?.allowNameMatching ?? false,
|
||||
guildEntries: overrides?.guildEntries,
|
||||
logger: {
|
||||
@@ -919,6 +937,12 @@ function makeReactionListenerParams(overrides?: {
|
||||
}
|
||||
|
||||
describe("discord DM reaction handling", () => {
|
||||
beforeEach(() => {
|
||||
enqueueSystemEventSpy.mockClear();
|
||||
resolveAgentRouteMock.mockClear();
|
||||
readAllowFromStoreMock.mockReset().mockResolvedValue([]);
|
||||
});
|
||||
|
||||
it("processes DM reactions with or without guild allowlists", async () => {
|
||||
const cases = [
|
||||
{ name: "no guild allowlist", guildEntries: undefined },
|
||||
@@ -952,9 +976,77 @@ describe("discord DM reaction handling", () => {
|
||||
}
|
||||
});
|
||||
|
||||
it("blocks DM reactions when dmPolicy is disabled", async () => {
|
||||
const data = makeReactionEvent({ botAsAuthor: true });
|
||||
const client = makeReactionClient({ channelType: ChannelType.DM });
|
||||
const listener = new DiscordReactionListener(
|
||||
makeReactionListenerParams({ dmPolicy: "disabled" }),
|
||||
);
|
||||
|
||||
await listener.handle(data, client);
|
||||
|
||||
expect(enqueueSystemEventSpy).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it("blocks DM reactions for unauthorized sender in allowlist mode", async () => {
|
||||
const data = makeReactionEvent({ botAsAuthor: true, userId: "user-1" });
|
||||
const client = makeReactionClient({ channelType: ChannelType.DM });
|
||||
const listener = new DiscordReactionListener(
|
||||
makeReactionListenerParams({
|
||||
dmPolicy: "allowlist",
|
||||
allowFrom: ["user:user-2"],
|
||||
}),
|
||||
);
|
||||
|
||||
await listener.handle(data, client);
|
||||
|
||||
expect(enqueueSystemEventSpy).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it("allows DM reactions for authorized sender in allowlist mode", async () => {
|
||||
const data = makeReactionEvent({ botAsAuthor: true, userId: "user-1" });
|
||||
const client = makeReactionClient({ channelType: ChannelType.DM });
|
||||
const listener = new DiscordReactionListener(
|
||||
makeReactionListenerParams({
|
||||
dmPolicy: "allowlist",
|
||||
allowFrom: ["user:user-1"],
|
||||
}),
|
||||
);
|
||||
|
||||
await listener.handle(data, client);
|
||||
|
||||
expect(enqueueSystemEventSpy).toHaveBeenCalledOnce();
|
||||
});
|
||||
|
||||
it("blocks group DM reactions when group DMs are disabled", async () => {
|
||||
const data = makeReactionEvent({ botAsAuthor: true });
|
||||
const client = makeReactionClient({ channelType: ChannelType.GroupDM });
|
||||
const listener = new DiscordReactionListener(
|
||||
makeReactionListenerParams({ groupDmEnabled: false }),
|
||||
);
|
||||
|
||||
await listener.handle(data, client);
|
||||
|
||||
expect(enqueueSystemEventSpy).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it("blocks guild reactions when groupPolicy is disabled", async () => {
|
||||
const data = makeReactionEvent({
|
||||
guildId: "guild-123",
|
||||
botAsAuthor: true,
|
||||
guild: { id: "guild-123", name: "Guild" },
|
||||
});
|
||||
const client = makeReactionClient({ channelType: ChannelType.GuildText });
|
||||
const listener = new DiscordReactionListener(
|
||||
makeReactionListenerParams({ groupPolicy: "disabled" }),
|
||||
);
|
||||
|
||||
await listener.handle(data, client);
|
||||
|
||||
expect(enqueueSystemEventSpy).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it("still processes guild reactions (no regression)", async () => {
|
||||
enqueueSystemEventSpy.mockClear();
|
||||
resolveAgentRouteMock.mockClear();
|
||||
resolveAgentRouteMock.mockReturnValueOnce({
|
||||
agentId: "default",
|
||||
channel: "discord",
|
||||
|
||||
@@ -7,14 +7,20 @@ import {
|
||||
PresenceUpdateListener,
|
||||
type User,
|
||||
} from "@buape/carbon";
|
||||
import { danger } from "../../globals.js";
|
||||
import { danger, logVerbose } from "../../globals.js";
|
||||
import { formatDurationSeconds } from "../../infra/format-time/format-duration.ts";
|
||||
import { enqueueSystemEvent } from "../../infra/system-events.js";
|
||||
import { createSubsystemLogger } from "../../logging/subsystem.js";
|
||||
import { readChannelAllowFromStore } from "../../pairing/pairing-store.js";
|
||||
import { resolveAgentRoute } from "../../routing/resolve-route.js";
|
||||
import { resolveDmGroupAccessWithLists } from "../../security/dm-policy-shared.js";
|
||||
import {
|
||||
isDiscordGroupAllowedByPolicy,
|
||||
normalizeDiscordAllowList,
|
||||
normalizeDiscordSlug,
|
||||
resolveDiscordAllowListMatch,
|
||||
resolveDiscordChannelConfigWithFallback,
|
||||
resolveGroupDmAllow,
|
||||
resolveDiscordGuildEntry,
|
||||
shouldEmitDiscordReactionNotification,
|
||||
} from "./allow-list.js";
|
||||
@@ -37,6 +43,12 @@ type DiscordReactionListenerParams = {
|
||||
accountId: string;
|
||||
runtime: RuntimeEnv;
|
||||
botUserId?: string;
|
||||
dmEnabled: boolean;
|
||||
groupDmEnabled: boolean;
|
||||
groupDmChannels: string[];
|
||||
dmPolicy: "open" | "pairing" | "allowlist" | "disabled";
|
||||
allowFrom: string[];
|
||||
groupPolicy: "open" | "allowlist" | "disabled";
|
||||
allowNameMatching: boolean;
|
||||
guildEntries?: Record<string, import("./allow-list.js").DiscordGuildEntryResolved>;
|
||||
logger: Logger;
|
||||
@@ -179,6 +191,12 @@ async function runDiscordReactionHandler(params: {
|
||||
cfg: params.handlerParams.cfg,
|
||||
accountId: params.handlerParams.accountId,
|
||||
botUserId: params.handlerParams.botUserId,
|
||||
dmEnabled: params.handlerParams.dmEnabled,
|
||||
groupDmEnabled: params.handlerParams.groupDmEnabled,
|
||||
groupDmChannels: params.handlerParams.groupDmChannels,
|
||||
dmPolicy: params.handlerParams.dmPolicy,
|
||||
allowFrom: params.handlerParams.allowFrom,
|
||||
groupPolicy: params.handlerParams.groupPolicy,
|
||||
allowNameMatching: params.handlerParams.allowNameMatching,
|
||||
guildEntries: params.handlerParams.guildEntries,
|
||||
logger: params.handlerParams.logger,
|
||||
@@ -193,6 +211,12 @@ async function handleDiscordReactionEvent(params: {
|
||||
cfg: LoadedConfig;
|
||||
accountId: string;
|
||||
botUserId?: string;
|
||||
dmEnabled: boolean;
|
||||
groupDmEnabled: boolean;
|
||||
groupDmChannels: string[];
|
||||
dmPolicy: "open" | "pairing" | "allowlist" | "disabled";
|
||||
allowFrom: string[];
|
||||
groupPolicy: "open" | "allowlist" | "disabled";
|
||||
allowNameMatching: boolean;
|
||||
guildEntries?: Record<string, import("./allow-list.js").DiscordGuildEntryResolved>;
|
||||
logger: Logger;
|
||||
@@ -236,6 +260,12 @@ async function handleDiscordReactionEvent(params: {
|
||||
channelType === ChannelType.PublicThread ||
|
||||
channelType === ChannelType.PrivateThread ||
|
||||
channelType === ChannelType.AnnouncementThread;
|
||||
if (isDirectMessage && !params.dmEnabled) {
|
||||
return;
|
||||
}
|
||||
if (isGroupDm && !params.groupDmEnabled) {
|
||||
return;
|
||||
}
|
||||
let parentId = "parentId" in channel ? (channel.parentId ?? undefined) : undefined;
|
||||
let parentName: string | undefined;
|
||||
let parentSlug = "";
|
||||
@@ -264,6 +294,45 @@ async function handleDiscordReactionEvent(params: {
|
||||
reactionBase = { baseText, contextKey };
|
||||
return reactionBase;
|
||||
};
|
||||
const isDirectReactionAuthorized = async () => {
|
||||
if (!isDirectMessage) {
|
||||
return true;
|
||||
}
|
||||
const storeAllowFrom =
|
||||
params.dmPolicy === "allowlist"
|
||||
? []
|
||||
: await readChannelAllowFromStore("discord").catch(() => []);
|
||||
const access = resolveDmGroupAccessWithLists({
|
||||
isGroup: false,
|
||||
dmPolicy: params.dmPolicy,
|
||||
groupPolicy: params.groupPolicy,
|
||||
allowFrom: params.allowFrom,
|
||||
groupAllowFrom: [],
|
||||
storeAllowFrom,
|
||||
isSenderAllowed: (allowEntries) => {
|
||||
const allowList = normalizeDiscordAllowList(allowEntries, ["discord:", "user:", "pk:"]);
|
||||
const allowMatch = allowList
|
||||
? resolveDiscordAllowListMatch({
|
||||
allowList,
|
||||
candidate: {
|
||||
id: user.id,
|
||||
name: user.username,
|
||||
tag: formatDiscordUserTag(user),
|
||||
},
|
||||
allowNameMatching: params.allowNameMatching,
|
||||
})
|
||||
: { allowed: false };
|
||||
return allowMatch.allowed;
|
||||
},
|
||||
});
|
||||
if (access.decision !== "allow") {
|
||||
logVerbose(
|
||||
`discord reaction blocked sender=${user.id} (dmPolicy=${params.dmPolicy}, decision=${access.decision}, reason=${access.reason})`,
|
||||
);
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
};
|
||||
const emitReaction = (text: string, parentPeerId?: string) => {
|
||||
const { contextKey } = resolveReactionBase();
|
||||
const route = resolveAgentRoute({
|
||||
@@ -322,6 +391,44 @@ async function handleDiscordReactionEvent(params: {
|
||||
parentSlug,
|
||||
scope: "thread",
|
||||
});
|
||||
const isGuildReactionAllowed = (channelConfig: { allowed?: boolean } | null) => {
|
||||
if (!isGuildMessage) {
|
||||
return true;
|
||||
}
|
||||
const channelAllowlistConfigured =
|
||||
Boolean(guildInfo?.channels) && Object.keys(guildInfo?.channels ?? {}).length > 0;
|
||||
const channelAllowed = channelConfig?.allowed !== false;
|
||||
if (
|
||||
!isDiscordGroupAllowedByPolicy({
|
||||
groupPolicy: params.groupPolicy,
|
||||
guildAllowlisted: Boolean(guildInfo),
|
||||
channelAllowlistConfigured,
|
||||
channelAllowed,
|
||||
})
|
||||
) {
|
||||
return false;
|
||||
}
|
||||
if (channelConfig?.allowed === false) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
};
|
||||
|
||||
if (!(await isDirectReactionAuthorized())) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (
|
||||
isGroupDm &&
|
||||
!resolveGroupDmAllow({
|
||||
channels: params.groupDmChannels,
|
||||
channelId: data.channel_id,
|
||||
channelName,
|
||||
channelSlug,
|
||||
})
|
||||
) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Parallelize async operations for thread channels
|
||||
if (isThreadChannel) {
|
||||
@@ -370,6 +477,9 @@ async function handleDiscordReactionEvent(params: {
|
||||
if (channelConfig?.allowed === false) {
|
||||
return;
|
||||
}
|
||||
if (!isGuildReactionAllowed(channelConfig)) {
|
||||
return;
|
||||
}
|
||||
|
||||
const messageAuthorId = message?.author?.id ?? undefined;
|
||||
if (!shouldNotifyReaction({ mode: reactionMode, messageAuthorId })) {
|
||||
@@ -394,6 +504,9 @@ async function handleDiscordReactionEvent(params: {
|
||||
if (channelConfig?.allowed === false) {
|
||||
return;
|
||||
}
|
||||
if (!isGuildReactionAllowed(channelConfig)) {
|
||||
return;
|
||||
}
|
||||
|
||||
const reactionMode = guildInfo?.reactionNotifications ?? "own";
|
||||
|
||||
|
||||
@@ -561,6 +561,12 @@ export async function monitorDiscordProvider(opts: MonitorDiscordOpts = {}) {
|
||||
accountId: account.accountId,
|
||||
runtime,
|
||||
botUserId,
|
||||
dmEnabled,
|
||||
groupDmEnabled,
|
||||
groupDmChannels: groupDmChannels ?? [],
|
||||
dmPolicy,
|
||||
allowFrom: allowFrom ?? [],
|
||||
groupPolicy,
|
||||
allowNameMatching: isDangerousNameMatchingEnabled(discordCfg),
|
||||
guildEntries,
|
||||
logger,
|
||||
@@ -573,6 +579,12 @@ export async function monitorDiscordProvider(opts: MonitorDiscordOpts = {}) {
|
||||
accountId: account.accountId,
|
||||
runtime,
|
||||
botUserId,
|
||||
dmEnabled,
|
||||
groupDmEnabled,
|
||||
groupDmChannels: groupDmChannels ?? [],
|
||||
dmPolicy,
|
||||
allowFrom: allowFrom ?? [],
|
||||
groupPolicy,
|
||||
allowNameMatching: isDangerousNameMatchingEnabled(discordCfg),
|
||||
guildEntries,
|
||||
logger,
|
||||
|
||||
Reference in New Issue
Block a user