github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-12 02:23:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(security): enforce account-scoped pairing APIs

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-26 21:57:10 +01:00
parent a0c5e28f3b
commit bce643a0bd
27 changed files with 331 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/signal/monitor/event-handler.ts
View File

@@ -31,10 +31,7 @@ import { danger, logVerbose, shouldLogVerbose } from "../../globals.js";
import { enqueueSystemEvent } from "../../infra/system-events.js";
import { mediaKindFromMime } from "../../media/constants.js";
import { buildPairingReply } from "../../pairing/pairing-messages.js";
import {
readChannelAllowFromStore,
upsertChannelPairingRequest,
} from "../../pairing/pairing-store.js";
import { upsertChannelPairingRequest } from "../../pairing/pairing-store.js";
import { resolveAgentRoute } from "../../routing/resolve-route.js";
import {
DM_GROUP_ACCESS_REASON,
@@ -459,8 +456,8 @@ export function createSignalEventHandler(deps: SignalEventHandlerDeps) {
const senderDisplay = formatSignalSenderDisplay(sender);
const storeAllowFrom = await readStoreAllowFromForDmPolicy({
provider: "signal",
accountId: deps.accountId,
dmPolicy: deps.dmPolicy,
readStore: (provider) => readChannelAllowFromStore(provider),
});
const resolveAccessDecision = (isGroup: boolean) =>
resolveDmGroupAccessWithLists({
@@ -517,6 +514,7 @@ export function createSignalEventHandler(deps: SignalEventHandlerDeps) {
const { code, created } = await upsertChannelPairingRequest({
channel: "signal",
id: senderId,
accountId: deps.accountId,
meta: { name: envelope.sourceName ?? undefined },
});
if (created) {