feat: scope telegram inline buttons

src/telegram/bot-handlers.ts

@@ -13,6 +13,7 @@ import type { TelegramMessage } from "./bot/types.js";
 import { firstDefined, isSenderAllowed, normalizeAllowFrom } from "./bot-access.js";
 import { MEDIA_GROUP_TIMEOUT_MS, type MediaGroupEntry } from "./bot-updates.js";
 import { migrateTelegramGroupConfig } from "./group-migration.js";
+import { resolveTelegramInlineButtonsScope } from "./inline-buttons.js";
 import { readTelegramAllowFromStore } from "./pairing-store.js";
 import { resolveChannelConfigWrites } from "../channels/plugins/config-writes.js";
 
@@ -183,6 +184,131 @@ export const registerTelegramHandlers = ({
       const callbackMessage = callback.message;
       if (!data || !callbackMessage) return;
 
+      const inlineButtonsScope = resolveTelegramInlineButtonsScope({
+        cfg,
+        accountId,
+      });
+      if (inlineButtonsScope === "off") return;
+
+      const chatId = callbackMessage.chat.id;
+      const isGroup =
+        callbackMessage.chat.type === "group" || callbackMessage.chat.type === "supergroup";
+      if (inlineButtonsScope === "dm" && isGroup) return;
+      if (inlineButtonsScope === "group" && !isGroup) return;
+
+      const messageThreadId = (callbackMessage as { message_thread_id?: number }).message_thread_id;
+      const isForum = (callbackMessage.chat as { is_forum?: boolean }).is_forum === true;
+      const resolvedThreadId = resolveTelegramForumThreadId({
+        isForum,
+        messageThreadId,
+      });
+      const { groupConfig, topicConfig } = resolveTelegramGroupConfig(chatId, resolvedThreadId);
+      const storeAllowFrom = await readTelegramAllowFromStore().catch(() => []);
+      const groupAllowOverride = firstDefined(topicConfig?.allowFrom, groupConfig?.allowFrom);
+      const effectiveGroupAllow = normalizeAllowFrom([
+        ...(groupAllowOverride ?? groupAllowFrom ?? []),
+        ...storeAllowFrom,
+      ]);
+      const effectiveDmAllow = normalizeAllowFrom([
+        ...(telegramCfg.allowFrom ?? []),
+        ...storeAllowFrom,
+      ]);
+      const dmPolicy = telegramCfg.dmPolicy ?? "pairing";
+      const senderId = callback.from?.id ? String(callback.from.id) : "";
+      const senderUsername = callback.from?.username ?? "";
+
+      if (isGroup) {
+        if (groupConfig?.enabled === false) {
+          logVerbose(`Blocked telegram group ${chatId} (group disabled)`);
+          return;
+        }
+        if (topicConfig?.enabled === false) {
+          logVerbose(
+            `Blocked telegram topic ${chatId} (${resolvedThreadId ?? "unknown"}) (topic disabled)`,
+          );
+          return;
+        }
+        if (typeof groupAllowOverride !== "undefined") {
+          const allowed =
+            senderId &&
+            isSenderAllowed({
+              allow: effectiveGroupAllow,
+              senderId,
+              senderUsername,
+            });
+          if (!allowed) {
+            logVerbose(
+              `Blocked telegram group sender ${senderId || "unknown"} (group allowFrom override)`,
+            );
+            return;
+          }
+        }
+        const groupPolicy = telegramCfg.groupPolicy ?? "open";
+        if (groupPolicy === "disabled") {
+          logVerbose(`Blocked telegram group message (groupPolicy: disabled)`);
+          return;
+        }
+        if (groupPolicy === "allowlist") {
+          if (!senderId) {
+            logVerbose(`Blocked telegram group message (no sender ID, groupPolicy: allowlist)`);
+            return;
+          }
+          if (!effectiveGroupAllow.hasEntries) {
+            logVerbose(
+              "Blocked telegram group message (groupPolicy: allowlist, no group allowlist entries)",
+            );
+            return;
+          }
+          if (
+            !isSenderAllowed({
+              allow: effectiveGroupAllow,
+              senderId,
+              senderUsername,
+            })
+          ) {
+            logVerbose(
+              `Blocked telegram group message from ${senderId} (groupPolicy: allowlist)`,
+            );
+            return;
+          }
+        }
+        const groupAllowlist = resolveGroupPolicy(chatId);
+        if (groupAllowlist.allowlistEnabled && !groupAllowlist.allowed) {
+          logger.info(
+            { chatId, title: callbackMessage.chat.title, reason: "not-allowed" },
+            "skipping group message",
+          );
+          return;
+        }
+      }
+
+      if (inlineButtonsScope === "allowlist") {
+        if (!isGroup) {
+          if (dmPolicy === "disabled") return;
+          if (dmPolicy !== "open") {
+            const allowed =
+              effectiveDmAllow.hasWildcard ||
+              (effectiveDmAllow.hasEntries &&
+                isSenderAllowed({
+                  allow: effectiveDmAllow,
+                  senderId,
+                  senderUsername,
+                }));
+            if (!allowed) return;
+          }
+        } else {
+          const allowed =
+            effectiveGroupAllow.hasWildcard ||
+            (effectiveGroupAllow.hasEntries &&
+              isSenderAllowed({
+                allow: effectiveGroupAllow,
+                senderId,
+                senderUsername,
+              }));
+          if (!allowed) return;
+        }
+      }
+
       const syntheticMessage: TelegramMessage = {
         ...callbackMessage,
         from: callback.from,
@@ -191,7 +317,6 @@ export const registerTelegramHandlers = ({
         caption_entities: undefined,
         entities: undefined,
       };
-      const storeAllowFrom = await readTelegramAllowFromStore().catch(() => []);
       const getFile = typeof ctx.getFile === "function" ? ctx.getFile.bind(ctx) : async () => ({});
       await processMessage({ message: syntheticMessage, me: ctx.me, getFile }, [], storeAllowFrom, {
         forceWasMentioned: true,

src/telegram/bot.test.ts

@@ -382,6 +382,47 @@ describe("createTelegramBot", () => {
     expect(answerCallbackQuerySpy).toHaveBeenCalledWith("cbq-1");
   });
 
+  it("blocks callback_query when inline buttons are allowlist-only and sender not authorized", async () => {
+    onSpy.mockReset();
+    const replySpy = replyModule.__replySpy as unknown as ReturnType<typeof vi.fn>;
+    replySpy.mockReset();
+
+    createTelegramBot({
+      token: "tok",
+      config: {
+        channels: {
+          telegram: {
+            dmPolicy: "pairing",
+            capabilities: { inlineButtons: "allowlist" },
+            allowFrom: [],
+          },
+        },
+      },
+    });
+    const callbackHandler = onSpy.mock.calls.find((call) => call[0] === "callback_query")?.[1] as (
+      ctx: Record<string, unknown>,
+    ) => Promise<void>;
+    expect(callbackHandler).toBeDefined();
+
+    await callbackHandler({
+      callbackQuery: {
+        id: "cbq-2",
+        data: "cmd:option_b",
+        from: { id: 9, first_name: "Ada", username: "ada_bot" },
+        message: {
+          chat: { id: 1234, type: "private" },
+          date: 1736380800,
+          message_id: 11,
+        },
+      },
+      me: { username: "clawdbot_bot" },
+      getFile: async () => ({ download: async () => new Uint8Array() }),
+    });
+
+    expect(replySpy).not.toHaveBeenCalled();
+    expect(answerCallbackQuerySpy).toHaveBeenCalledWith("cbq-2");
+  });
+
   it("wraps inbound message with Telegram envelope", async () => {
     const originalTz = process.env.TZ;
     process.env.TZ = "Europe/Vienna";

src/telegram/inline-buttons.ts

@@ -0,0 +1,73 @@
+import type { ClawdbotConfig } from "../config/config.js";
+import type { TelegramInlineButtonsScope } from "../config/types.telegram.js";
+import { listTelegramAccountIds, resolveTelegramAccount } from "./accounts.js";
+
+const DEFAULT_INLINE_BUTTONS_SCOPE: TelegramInlineButtonsScope = "allowlist";
+
+function normalizeInlineButtonsScope(value: unknown): TelegramInlineButtonsScope | undefined {
+  if (typeof value !== "string") return undefined;
+  const trimmed = value.trim().toLowerCase();
+  if (
+    trimmed === "off" ||
+    trimmed === "dm" ||
+    trimmed === "group" ||
+    trimmed === "all" ||
+    trimmed === "allowlist"
+  ) {
+    return trimmed as TelegramInlineButtonsScope;
+  }
+  return undefined;
+}
+
+function resolveInlineButtonsScopeFromCapabilities(
+  capabilities: unknown,
+): TelegramInlineButtonsScope {
+  if (!capabilities) return DEFAULT_INLINE_BUTTONS_SCOPE;
+  if (Array.isArray(capabilities)) {
+    const enabled = capabilities.some(
+      (entry) => String(entry).trim().toLowerCase() === "inlinebuttons",
+    );
+    return enabled ? "all" : "off";
+  }
+  if (typeof capabilities === "object") {
+    const inlineButtons = (capabilities as { inlineButtons?: unknown }).inlineButtons;
+    return normalizeInlineButtonsScope(inlineButtons) ?? DEFAULT_INLINE_BUTTONS_SCOPE;
+  }
+  return DEFAULT_INLINE_BUTTONS_SCOPE;
+}
+
+export function resolveTelegramInlineButtonsScope(params: {
+  cfg: ClawdbotConfig;
+  accountId?: string | null;
+}): TelegramInlineButtonsScope {
+  const account = resolveTelegramAccount({ cfg: params.cfg, accountId: params.accountId });
+  return resolveInlineButtonsScopeFromCapabilities(account.config.capabilities);
+}
+
+export function isTelegramInlineButtonsEnabled(params: {
+  cfg: ClawdbotConfig;
+  accountId?: string | null;
+}): boolean {
+  if (params.accountId) {
+    return resolveTelegramInlineButtonsScope(params) !== "off";
+  }
+  const accountIds = listTelegramAccountIds(params.cfg);
+  if (accountIds.length === 0) {
+    return resolveTelegramInlineButtonsScope(params) !== "off";
+  }
+  return accountIds.some(
+    (accountId) =>
+      resolveTelegramInlineButtonsScope({ cfg: params.cfg, accountId }) !== "off",
+  );
+}
+
+export function resolveTelegramTargetChatType(
+  target: string,
+): "direct" | "group" | "unknown" {
+  const trimmed = target.trim();
+  if (!trimmed) return "unknown";
+  if (/^-?\d+$/.test(trimmed)) {
+    return trimmed.startsWith("-") ? "group" : "direct";
+  }
+  return "unknown";
+}