mirror of
https://github.com/moltbot/moltbot.git
synced 2026-04-23 14:45:46 +00:00
fix: tighten commands.allowFrom override + IPv6-safe callback URL
This commit is contained in:
committed by
Muhammed Mukhthar CM
parent
5771f483fc
commit
1c1027634f
@@ -503,7 +503,13 @@ export function resolveCallbackUrl(params: {
|
||||
if (params.config.callbackUrl) {
|
||||
return params.config.callbackUrl;
|
||||
}
|
||||
const host = params.gatewayHost || "localhost";
|
||||
let host = params.gatewayHost || "localhost";
|
||||
const path = normalizeCallbackPath(params.config.callbackPath);
|
||||
|
||||
// Bracket IPv6 literals so the URL is valid: http://[::1]:3015/...
|
||||
if (host.includes(":") && !(host.startsWith("[") && host.endsWith("]"))) {
|
||||
host = `[${host}]`;
|
||||
}
|
||||
|
||||
return `http://${host}:${params.gatewayPort}${path}`;
|
||||
}
|
||||
|
||||
@@ -165,7 +165,9 @@ function resolveCommandsAllowFromList(params: {
|
||||
|
||||
const rawList = Array.isArray(providerList) ? providerList : globalList;
|
||||
if (!Array.isArray(rawList)) {
|
||||
return null; // No applicable list found
|
||||
// commands.allowFrom is configured, but there's no provider-specific list and no "*".
|
||||
// Treat as an explicit deny for this provider (override semantics).
|
||||
return [];
|
||||
}
|
||||
|
||||
return formatAllowFromList({
|
||||
|
||||
@@ -296,6 +296,33 @@ describe("resolveCommandAuthorization", () => {
|
||||
expect(whatsappAuth.isAuthorizedSender).toBe(true);
|
||||
});
|
||||
|
||||
it("denies providers not present in commands.allowFrom when no wildcard is set", () => {
|
||||
const cfg = {
|
||||
commands: {
|
||||
allowFrom: {
|
||||
signal: ["user123"],
|
||||
},
|
||||
},
|
||||
// Channel allowFrom would normally allow, but commands.allowFrom should override.
|
||||
channels: { whatsapp: { allowFrom: ["*"] } },
|
||||
} as OpenClawConfig;
|
||||
|
||||
const ctx = {
|
||||
Provider: "whatsapp",
|
||||
Surface: "whatsapp",
|
||||
From: "whatsapp:anyuser",
|
||||
SenderId: "anyuser",
|
||||
} as MsgContext;
|
||||
|
||||
const auth = resolveCommandAuthorization({
|
||||
ctx,
|
||||
cfg,
|
||||
commandAuthorized: true,
|
||||
});
|
||||
|
||||
expect(auth.isAuthorizedSender).toBe(false);
|
||||
});
|
||||
|
||||
it("falls back to channel allowFrom when commands.allowFrom not set", () => {
|
||||
const cfg = {
|
||||
channels: { whatsapp: { allowFrom: ["+15551234567"] } },
|
||||
|
||||
Reference in New Issue
Block a user