github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 12:44:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

security(telegram): fail closed group allowlist against DM pairing store

Browse Source
This commit is contained in:
bmendonca3
2026-02-24 19:07:20 -07:00
committed by Ayaan Zaidi
parent 5500000492
commit c7352f6b3f
3 changed files with 36 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/telegram/bot/helpers.ts
View File

@@ -3,11 +3,7 @@ import { formatLocationText, type NormalizedLocation } from "../../channels/loca
import { resolveTelegramPreviewStreamMode } from "../../config/discord-preview-streaming.js";
import type { TelegramGroupConfig, TelegramTopicConfig } from "../../config/types.js";
import { readChannelAllowFromStore } from "../../pairing/pairing-store.js";
import {
firstDefined,
normalizeAllowFromWithStore,
type NormalizedAllowFrom,
} from "../bot-access.js";
import { firstDefined, normalizeAllowFrom, type NormalizedAllowFrom } from "../bot-access.js";
import type { TelegramStreamMode } from "./types.js";
const TELEGRAM_GENERAL_TOPIC_ID = 1;
@@ -51,11 +47,9 @@ export async function resolveTelegramGroupAllowFromContext(params: {
resolvedThreadId,
);
const groupAllowOverride = firstDefined(topicConfig?.allowFrom, groupConfig?.allowFrom);
const effectiveGroupAllow = normalizeAllowFromWithStore({
allowFrom: groupAllowOverride ?? params.groupAllowFrom,
storeAllowFrom,
dmPolicy: params.dmPolicy,
});
// Group sender access must remain explicit (groupAllowFrom/per-group allowFrom only).
// DM pairing store entries are not a group authorization source.
const effectiveGroupAllow = normalizeAllowFrom(groupAllowOverride ?? params.groupAllowFrom);
const hasGroupAllowOverride = typeof groupAllowOverride !== "undefined";
return {
resolvedThreadId,