let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: secure twilio webhook verification

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-26 16:18:29 +00:00
parent b623557a2e
commit 97200984f8
8 changed files with 41 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
extensions/voice-call/src/config.ts
View File

@@ -217,13 +217,12 @@ export const VoiceCallTunnelConfigSchema = z
/**
* Allow ngrok free tier compatibility mode.
* When true, signature verification failures on ngrok-free.app URLs
* will be logged but allowed through. Less secure, but necessary
* for ngrok free tier which may modify URLs.
* will include extra diagnostics. Signature verification is still required.
*/
allowNgrokFreeTier: z.boolean().default(true),
allowNgrokFreeTier: z.boolean().default(false),
})
.strict()
.default({ provider: "none", allowNgrokFreeTier: true });
.default({ provider: "none", allowNgrokFreeTier: false });
export type VoiceCallTunnelConfig = z.infer<typeof VoiceCallTunnelConfigSchema>;
// -----------------------------------------------------------------------------
@@ -418,11 +417,14 @@ export function resolveVoiceCallConfig(config: VoiceCallConfig): VoiceCallConfig
}
// Tunnel Config
resolved.tunnel = resolved.tunnel ?? { provider: "none", allowNgrokFreeTier: true };
resolved.tunnel = resolved.tunnel ?? {
provider: "none",
allowNgrokFreeTier: false,
};
resolved.tunnel.ngrokAuthToken =
resolved.tunnel.ngrokAuthToken ?? process.env.NGROK_AUTHTOKEN;
resolved.tunnel.ngrokDomain =
resolved.tunnel.ngrokDomain ?? process.env.NGROK_DOMAIN;
resolved.tunnel.ngrokAuthToken ?? process.env.NGROK_AUTHTOKEN;
resolved.tunnel.ngrokDomain =
resolved.tunnel.ngrokDomain ?? process.env.NGROK_DOMAIN;
return resolved;
}