github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-23 03:48:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(security): enforce account-scoped pairing APIs

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-26 21:57:10 +01:00
parent a0c5e28f3b
commit bce643a0bd
27 changed files with 331 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/web/inbound/access-control.ts
View File

@@ -6,10 +6,7 @@ import {
} from "../../config/runtime-group-policy.js";
import { logVerbose } from "../../globals.js";
import { buildPairingReply } from "../../pairing/pairing-messages.js";
import {
readChannelAllowFromStore,
upsertChannelPairingRequest,
} from "../../pairing/pairing-store.js";
import { upsertChannelPairingRequest } from "../../pairing/pairing-store.js";
import {
readStoreAllowFromForDmPolicy,
resolveDmGroupAccessWithLists,
@@ -66,8 +63,8 @@ export async function checkInboundAccessControl(params: {
const configuredAllowFrom = account.allowFrom ?? [];
const storeAllowFrom = await readStoreAllowFromForDmPolicy({
provider: "whatsapp",
accountId: account.accountId,
dmPolicy,
readStore: (provider) => readChannelAllowFromStore(provider, process.env, account.accountId),
});
// Without user config, default to self-only DM access so the owner can talk to themselves.
const defaultAllowFrom =