fix(security): make allowFrom id-only by default with dangerous name opt-in (#24907)

* fix(channels): default allowFrom to id-only; add dangerous name opt-in * docs(security): align channel allowFrom docs with id-only default
2026-05-29 20:15:03 +00:00 · 2026-02-24 01:01:51 +00:00
parent 41b0568b35
commit cfa44ea6b4
53 changed files with 852 additions and 100 deletions
--- a/extensions/irc/src/normalize.ts
+++ b/extensions/irc/src/normalize.ts
@@ -77,12 +77,15 @@ export function formatIrcSenderId(message: IrcInboundMessage): string {
  return base;
 }

-export function buildIrcAllowlistCandidates(message: IrcInboundMessage): string[] {
+export function buildIrcAllowlistCandidates(
+  message: IrcInboundMessage,
+  params?: { allowNameMatching?: boolean },
+): string[] {
  const nick = message.senderNick.trim().toLowerCase();
  const user = message.senderUser?.trim().toLowerCase();
  const host = message.senderHost?.trim().toLowerCase();
  const candidates = new Set<string>();
-  if (nick) {
+  if (nick && params?.allowNameMatching === true) {
    candidates.add(nick);
  }
  if (nick && user) {
@@ -100,6 +103,7 @@ export function buildIrcAllowlistCandidates(message: IrcInboundMessage): string[
 export function resolveIrcAllowlistMatch(params: {
  allowFrom: string[];
  message: IrcInboundMessage;
+  allowNameMatching?: boolean;
 }): { allowed: boolean; source?: string } {
  const allowFrom = new Set(
    params.allowFrom.map((entry) => entry.trim().toLowerCase()).filter(Boolean),
@@ -107,7 +111,9 @@ export function resolveIrcAllowlistMatch(params: {
  if (allowFrom.has("*")) {
    return { allowed: true, source: "wildcard" };
  }
-  const candidates = buildIrcAllowlistCandidates(params.message);
+  const candidates = buildIrcAllowlistCandidates(params.message, {
+    allowNameMatching: params.allowNameMatching,
+  });
  for (const candidate of candidates) {
    if (allowFrom.has(candidate)) {
      return { allowed: true, source: candidate };