fix(cron/whatsapp): route implicit delivery to allowlisted recipients (openclaw#21533) thanks @Takhoffman

Verified: - pnpm build - pnpm check - pnpm test:macmini Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
2026-05-08 00:01:24 +00:00 · 2026-02-19 20:33:37 -06:00
parent a87b5fb009
commit d9e46028f5
6 changed files with 194 additions and 2 deletions
--- a/src/channels/plugins/whatsapp-heartbeat.test.ts
+++ b/src/channels/plugins/whatsapp-heartbeat.test.ts
@@ -0,0 +1,71 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+
+vi.mock("../../config/sessions.js", () => ({
+  loadSessionStore: vi.fn(),
+  resolveStorePath: vi.fn(() => "/tmp/test-sessions.json"),
+}));
+
+vi.mock("../../pairing/pairing-store.js", () => ({
+  readChannelAllowFromStoreSync: vi.fn(() => []),
+}));
+
+import type { OpenClawConfig } from "../../config/config.js";
+import { loadSessionStore } from "../../config/sessions.js";
+import { readChannelAllowFromStoreSync } from "../../pairing/pairing-store.js";
+import { resolveWhatsAppHeartbeatRecipients } from "./whatsapp-heartbeat.js";
+
+function makeCfg(overrides?: Partial<OpenClawConfig>): OpenClawConfig {
+  return {
+    bindings: [],
+    channels: {},
+    ...overrides,
+  } as OpenClawConfig;
+}
+
+describe("resolveWhatsAppHeartbeatRecipients", () => {
+  beforeEach(() => {
+    vi.mocked(loadSessionStore).mockReset();
+    vi.mocked(readChannelAllowFromStoreSync).mockReset();
+    vi.mocked(readChannelAllowFromStoreSync).mockReturnValue([]);
+  });
+
+  it("uses allowFrom store recipients when session recipients are ambiguous", () => {
+    vi.mocked(loadSessionStore).mockReturnValue({
+      a: { lastChannel: "whatsapp", lastTo: "+15550000001", updatedAt: 2, sessionId: "a" },
+      b: { lastChannel: "whatsapp", lastTo: "+15550000002", updatedAt: 1, sessionId: "b" },
+    });
+    vi.mocked(readChannelAllowFromStoreSync).mockReturnValue(["+15550000001"]);
+
+    const cfg = makeCfg();
+    const result = resolveWhatsAppHeartbeatRecipients(cfg);
+
+    expect(result).toEqual({ recipients: ["+15550000001"], source: "session-single" });
+  });
+
+  it("falls back to allowFrom when no session recipient is authorized", () => {
+    vi.mocked(loadSessionStore).mockReturnValue({
+      a: { lastChannel: "whatsapp", lastTo: "+15550000099", updatedAt: 2, sessionId: "a" },
+    });
+    vi.mocked(readChannelAllowFromStoreSync).mockReturnValue(["+15550000001"]);
+
+    const cfg = makeCfg();
+    const result = resolveWhatsAppHeartbeatRecipients(cfg);
+
+    expect(result).toEqual({ recipients: ["+15550000001"], source: "allowFrom" });
+  });
+
+  it("includes both session and allowFrom recipients when --all is set", () => {
+    vi.mocked(loadSessionStore).mockReturnValue({
+      a: { lastChannel: "whatsapp", lastTo: "+15550000099", updatedAt: 2, sessionId: "a" },
+    });
+    vi.mocked(readChannelAllowFromStoreSync).mockReturnValue(["+15550000001"]);
+
+    const cfg = makeCfg();
+    const result = resolveWhatsAppHeartbeatRecipients(cfg, { all: true });
+
+    expect(result).toEqual({
+      recipients: ["+15550000099", "+15550000001"],
+      source: "all",
+    });
+  });
+});
--- a/src/channels/plugins/whatsapp-heartbeat.ts
+++ b/src/channels/plugins/whatsapp-heartbeat.ts
@@ -1,5 +1,6 @@
 import type { OpenClawConfig } from "../../config/config.js";
 import { loadSessionStore, resolveStorePath } from "../../config/sessions.js";
+import { readChannelAllowFromStoreSync } from "../../pairing/pairing-store.js";
 import { normalizeE164 } from "../../utils.js";
 import { normalizeChatChannelId } from "../registry.js";

@@ -51,18 +52,34 @@ export function resolveWhatsAppHeartbeatRecipients(
  }

  const sessionRecipients = getSessionRecipients(cfg);
-  const allowFrom =
+  const configuredAllowFrom =
    Array.isArray(cfg.channels?.whatsapp?.allowFrom) && cfg.channels.whatsapp.allowFrom.length > 0
      ? cfg.channels.whatsapp.allowFrom.filter((v) => v !== "*").map(normalizeE164)
      : [];
+  const storeAllowFrom = readChannelAllowFromStoreSync("whatsapp").map(normalizeE164);

  const unique = (list: string[]) => [...new Set(list.filter(Boolean))];
+  const allowFrom = unique([...configuredAllowFrom, ...storeAllowFrom]);

  if (opts.all) {
    const all = unique([...sessionRecipients.map((s) => s.to), ...allowFrom]);
    return { recipients: all, source: "all" };
  }

+  if (allowFrom.length > 0) {
+    const allowSet = new Set(allowFrom);
+    const authorizedSessionRecipients = sessionRecipients
+      .map((entry) => entry.to)
+      .filter((recipient) => allowSet.has(recipient));
+    if (authorizedSessionRecipients.length === 1) {
+      return { recipients: [authorizedSessionRecipients[0]], source: "session-single" };
+    }
+    if (authorizedSessionRecipients.length > 1) {
+      return { recipients: authorizedSessionRecipients, source: "session-ambiguous" };
+    }
+    return { recipients: allowFrom, source: "allowFrom" };
+  }
+
  if (sessionRecipients.length === 1) {
    return { recipients: [sessionRecipients[0].to], source: "session-single" };
  }