let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: gate /activation to owners in groups

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-05 02:03:02 +01:00
parent f871563f37
commit 17422608b2
2 changed files with 50 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/auto-reply/reply/commands.ts
View File

@@ -165,7 +165,23 @@ export async function handleCommands(params: {
reply: { text: "⚙️ Group activation only applies to group chats." }, reply: { text: "⚙️ Group activation only applies to group chats." },
}; };
} }
if (!command.isAuthorizedSender) { const activationOwnerList =
command.ownerList.length > 0
? command.ownerList
: command.isWhatsAppSurface && command.to
? [normalizeE164(command.to)]
: [];
const activationSenderE164 = command.senderE164
? normalizeE164(command.senderE164)
: "";
const isActivationOwner =
Boolean(activationSenderE164) &&
activationOwnerList.includes(activationSenderE164);
if (
!command.isAuthorizedSender ||
(command.isWhatsAppSurface && !isActivationOwner)
) {
logVerbose( logVerbose(
`Ignoring /activation from unauthorized sender in group: ${command.senderE164 || "<unknown>"}`, `Ignoring /activation from unauthorized sender in group: ${command.senderE164 || "<unknown>"}`,
); );

59
src/gateway/server.misc.test.ts
View File

@@ -17,35 +17,42 @@ import {
installGatewayTestHooks(); installGatewayTestHooks();
describe("gateway server misc", () => { describe("gateway server misc", () => {
test("hello-ok advertises the gateway port for canvas host", async () => { test(
const prevToken = process.env.CLAWDBOT_GATEWAY_TOKEN; "hello-ok advertises the gateway port for canvas host",
process.env.CLAWDBOT_GATEWAY_TOKEN = "secret"; { timeout: 15_000 },
testTailnetIPv4.value = "100.64.0.1"; async () => {
testState.gatewayBind = "lan"; const prevToken = process.env.CLAWDBOT_GATEWAY_TOKEN;
const canvasPort = await getFreePort(); process.env.CLAWDBOT_GATEWAY_TOKEN = "secret";
testState.canvasHostPort = canvasPort; testTailnetIPv4.value = "100.64.0.1";
testState.gatewayBind = "lan";
const canvasPort = await getFreePort();
testState.canvasHostPort = canvasPort;
const port = await getFreePort(); const port = await getFreePort();
const server = await startGatewayServer(port, { const server = await startGatewayServer(port, {
bind: "lan", bind: "lan",
allowCanvasHostInTests: true, allowCanvasHostInTests: true,
}); });
const ws = new WebSocket(`ws://127.0.0.1:${port}`, { const ws = new WebSocket(`ws://127.0.0.1:${port}`, {
headers: { Host: `100.64.0.1:${port}` }, headers: { Host: `100.64.0.1:${port}` },
}); });
await new Promise<void>((resolve) => ws.once("open", resolve)); await new Promise<void>((resolve, reject) => {
ws.once("open", () => resolve());
ws.once("error", (err) => reject(err));
});
const hello = await connectOk(ws, { token: "secret" }); const hello = await connectOk(ws, { token: "secret" });
expect(hello.canvasHostUrl).toBe(`http://100.64.0.1:${canvasPort}`); expect(hello.canvasHostUrl).toBe(`http://100.64.0.1:${canvasPort}`);
ws.close(); ws.close();
await server.close(); await server.close();
if (prevToken === undefined) { if (prevToken === undefined) {
delete process.env.CLAWDBOT_GATEWAY_TOKEN; delete process.env.CLAWDBOT_GATEWAY_TOKEN;
} else { } else {
process.env.CLAWDBOT_GATEWAY_TOKEN = prevToken; process.env.CLAWDBOT_GATEWAY_TOKEN = prevToken;
} }
}); },
);
test("send dedupes by idempotencyKey", { timeout: 8000 }, async () => { test("send dedupes by idempotencyKey", { timeout: 8000 }, async () => {
const { server, ws } = await startServerWithClient(); const { server, ws } = await startServerWithClient();