fix: harden msteams group access

2026-01-12 08:31:59 +00:00
parent 4d075a703e
commit 006e1352d8
12 changed files with 206 additions and 7 deletions
--- a/src/msteams/policy.ts
+++ b/src/msteams/policy.ts
@@ -1,4 +1,5 @@
 import type {
+  GroupPolicy,
  MSTeamsChannelConfig,
  MSTeamsConfig,
  MSTeamsReplyStyle,
@@ -56,3 +57,25 @@ export function resolveMSTeamsReplyPolicy(params: {

  return { requireMention, replyStyle };
 }
+
+export function isMSTeamsGroupAllowed(params: {
+  groupPolicy: GroupPolicy;
+  allowFrom: Array<string | number>;
+  senderId: string;
+  senderName?: string | null;
+}): boolean {
+  const { groupPolicy } = params;
+  if (groupPolicy === "disabled") return false;
+  if (groupPolicy === "open") return true;
+  const allowFrom = params.allowFrom
+    .map((entry) => String(entry).trim().toLowerCase())
+    .filter(Boolean);
+  if (allowFrom.length === 0) return false;
+  if (allowFrom.includes("*")) return true;
+  const senderId = params.senderId.toLowerCase();
+  const senderName = params.senderName?.toLowerCase();
+  return (
+    allowFrom.includes(senderId) ||
+    (senderName ? allowFrom.includes(senderName) : false)
+  );
+}