let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): lock down inbound DMs by default

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-06 17:51:38 +01:00
parent 327ad3c9c7
commit 967cef80bc
36 changed files with 2093 additions and 203 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
src/discord/monitor.tool-result.test.ts
View File

@@ -6,6 +6,8 @@ const sendMock = vi.fn();
const replyMock = vi.fn();
const updateLastRouteMock = vi.fn();
let config: Record<string, unknown> = {};
const readAllowFromStoreMock = vi.fn();
const upsertPairingRequestMock = vi.fn();
vi.mock("../config/config.js", async (importOriginal) => {
const actual = await importOriginal<typeof import("../config/config.js")>();
@@ -23,6 +25,13 @@ vi.mock("./send.js", () => ({
sendMessageDiscord: (...args: unknown[]) => sendMock(...args),
}));
vi.mock("../pairing/pairing-store.js", () => ({
readProviderAllowFromStore: (...args: unknown[]) =>
readAllowFromStoreMock(...args),
upsertProviderPairingRequest: (...args: unknown[]) =>
upsertPairingRequestMock(...args),
}));
vi.mock("../config/sessions.js", () => ({
resolveStorePath: vi.fn(() => "/tmp/clawdbot-sessions.json"),
updateLastRoute: (...args: unknown[]) => updateLastRouteMock(...args),
@@ -53,7 +62,10 @@ vi.mock("discord.js", () => {
}
}
login = vi.fn().mockResolvedValue(undefined);
destroy = vi.fn().mockResolvedValue(undefined);
destroy = vi.fn().mockImplementation(async () => {
handlers.clear();
Client.lastClient = null;
});
}
return {
@@ -98,12 +110,16 @@ async function waitForClient() {
beforeEach(() => {
config = {
messages: { responsePrefix: "PFX" },
discord: { dm: { enabled: true } },
discord: { dm: { enabled: true, policy: "open", allowFrom: ["*"] } },
routing: { allowFrom: [] },
};
sendMock.mockReset().mockResolvedValue(undefined);
replyMock.mockReset();
updateLastRouteMock.mockReset();
readAllowFromStoreMock.mockReset().mockResolvedValue([]);
upsertPairingRequestMock
.mockReset()
.mockResolvedValue({ code: "PAIRCODE", created: true });
});
describe("monitorDiscordProvider tool results", () => {
@@ -152,7 +168,7 @@ describe("monitorDiscordProvider tool results", () => {
config = {
messages: { responsePrefix: "PFX" },
discord: {
dm: { enabled: true },
dm: { enabled: true, policy: "open", allowFrom: ["*"] },
guilds: { "*": { requireMention: true } },
},
routing: {
@@ -202,4 +218,50 @@ describe("monitorDiscordProvider tool results", () => {
expect(replyMock).toHaveBeenCalledTimes(1);
expect(replyMock.mock.calls[0][0].WasMentioned).toBe(true);
});
it("replies with pairing code when dmPolicy is pairing and no allowFrom is set", async () => {
config = {
...config,
discord: { dm: { enabled: true, policy: "pairing", allowFrom: [] } },
};
const controller = new AbortController();
const run = monitorDiscordProvider({
token: "token",
abortSignal: controller.signal,
});
const discord = await import("discord.js");
const client = await waitForClient();
if (!client) throw new Error("Discord client not created");
const reply = vi.fn().mockResolvedValue(undefined);
client.emit(discord.Events.MessageCreate, {
id: "m3",
content: "hello",
author: { id: "u1", bot: false, username: "Ada", tag: "Ada#1" },
channelId: "c1",
channel: {
type: discord.ChannelType.DM,
isSendable: () => false,
},
guild: undefined,
mentions: { has: () => false },
attachments: { first: () => undefined },
type: discord.MessageType.Default,
createdTimestamp: Date.now(),
reply,
});
await flush();
controller.abort();
await run;
expect(replyMock).not.toHaveBeenCalled();
expect(upsertPairingRequestMock).toHaveBeenCalled();
expect(reply).toHaveBeenCalledTimes(1);
expect(String(reply.mock.calls[0]?.[0] ?? "")).toContain(
"Pairing code: PAIRCODE",
);
});
});

59
src/discord/monitor.ts
View File

@@ -41,6 +41,10 @@ import { enqueueSystemEvent } from "../infra/system-events.js";
import { getChildLogger } from "../logging.js";
import { detectMime } from "../media/mime.js";
import { saveMediaBuffer } from "../media/store.js";
import {
readProviderAllowFromStore,
upsertProviderPairingRequest,
} from "../pairing/pairing-store.js";
import type { RuntimeEnv } from "../runtime.js";
import { sendMessageDiscord } from "./send.js";
import { normalizeDiscordToken } from "./token.js";
@@ -142,6 +146,7 @@ export async function monitorDiscordProvider(opts: MonitorDiscordOpts = {}) {
const dmConfig = cfg.discord?.dm;
const guildEntries = cfg.discord?.guilds;
const groupPolicy = cfg.discord?.groupPolicy ?? "open";
const dmPolicy = dmConfig?.policy ?? "pairing";
const allowFrom = dmConfig?.allowFrom;
const mediaMaxBytes =
(opts.mediaMaxMb ?? cfg.discord?.mediaMaxMb ?? 8) * 1024 * 1024;
@@ -160,7 +165,7 @@ export async function monitorDiscordProvider(opts: MonitorDiscordOpts = {}) {
if (shouldLogVerbose()) {
logVerbose(
`discord: config dm=${dmEnabled ? "on" : "off"} allowFrom=${summarizeAllowList(allowFrom)} groupDm=${groupDmEnabled ? "on" : "off"} groupDmChannels=${summarizeAllowList(groupDmChannels)} groupPolicy=${groupPolicy} guilds=${summarizeGuilds(guildEntries)} historyLimit=${historyLimit} mediaMaxMb=${Math.round(mediaMaxBytes / (1024 * 1024))}`,
`discord: config dm=${dmEnabled ? "on" : "off"} dmPolicy=${dmPolicy} allowFrom=${summarizeAllowList(allowFrom)} groupDm=${groupDmEnabled ? "on" : "off"} groupDmChannels=${summarizeAllowList(groupDmChannels)} groupPolicy=${groupPolicy} guilds=${summarizeGuilds(guildEntries)} historyLimit=${historyLimit} mediaMaxMb=${Math.round(mediaMaxBytes / (1024 * 1024))}`,
);
}
@@ -210,6 +215,10 @@ export async function monitorDiscordProvider(opts: MonitorDiscordOpts = {}) {
logVerbose("discord: drop dm (dms disabled)");
return;
}
if (isDirectMessage && dmPolicy === "disabled") {
logVerbose("discord: drop dm (dmPolicy: disabled)");
return;
}
const botId = client.user?.id;
const forwardedSnapshot = resolveForwardedSnapshot(message);
const forwardedText = forwardedSnapshot
@@ -386,22 +395,58 @@ export async function monitorDiscordProvider(opts: MonitorDiscordOpts = {}) {
}
}
if (isDirectMessage && Array.isArray(allowFrom) && allowFrom.length > 0) {
const allowList = normalizeDiscordAllowList(allowFrom, [
if (isDirectMessage && dmPolicy !== "open") {
const storeAllowFrom = await readProviderAllowFromStore(
"discord",
).catch(() => []);
const effectiveAllowFrom = Array.from(
new Set([...(allowFrom ?? []), ...storeAllowFrom]),
);
const allowList = normalizeDiscordAllowList(effectiveAllowFrom, [
"discord:",
"user:",
]);
const permitted =
allowList &&
allowList != null &&
allowListMatches(allowList, {
id: message.author.id,
name: message.author.username,
tag: message.author.tag,
});
if (!permitted) {
logVerbose(
`Blocked unauthorized discord sender ${message.author.id} (not in allowFrom)`,
);
if (dmPolicy === "pairing") {
const { code } = await upsertProviderPairingRequest({
provider: "discord",
id: message.author.id,
meta: {
username: message.author.username,
tag: message.author.tag,
},
});
logVerbose(
`discord pairing request sender=${message.author.id} tag=${message.author.tag} code=${code}`,
);
try {
await message.reply(
[
"Clawdbot: access not configured.",
"",
`Pairing code: ${code}`,
"",
"Ask the bot owner to approve with:",
"clawdbot pairing approve --provider discord <code>",
].join("\n"),
);
} catch (err) {
logVerbose(
`discord pairing reply failed for ${message.author.id}: ${String(err)}`,
);
}
} else {
logVerbose(
`Blocked unauthorized discord sender ${message.author.id} (dmPolicy=${dmPolicy})`,
);
}
return;
}
}