LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-03-08 06:54:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ed21b63bb8490274bcaa7e90e062f2a82d445be8
moltbot/src/plugin-sdk/command-auth.ts

115 lines
4.1 KiB
TypeScript
Raw Blame History

import type { OpenClawConfig } from "../config/config.js";
import { resolveDmGroupAccessWithLists } from "../security/dm-policy-shared.js";
export type ResolveSenderCommandAuthorizationParams = {
cfg: OpenClawConfig;
rawBody: string;
isGroup: boolean;
dmPolicy: string;
configuredAllowFrom: string[];
configuredGroupAllowFrom?: string[];
senderId: string;
isSenderAllowed: (senderId: string, allowFrom: string[]) => boolean;
readAllowFromStore: () => Promise<string[]>;
shouldComputeCommandAuthorized: (rawBody: string, cfg: OpenClawConfig) => boolean;
resolveCommandAuthorizedFromAuthorizers: (params: {
useAccessGroups: boolean;
authorizers: Array<{ configured: boolean; allowed: boolean }>;
}) => boolean;
};
export type CommandAuthorizationRuntime = {
shouldComputeCommandAuthorized: (rawBody: string, cfg: OpenClawConfig) => boolean;
resolveCommandAuthorizedFromAuthorizers: (params: {
useAccessGroups: boolean;
authorizers: Array<{ configured: boolean; allowed: boolean }>;
}) => boolean;
};
export type ResolveSenderCommandAuthorizationWithRuntimeParams = Omit<
ResolveSenderCommandAuthorizationParams,
"shouldComputeCommandAuthorized" | "resolveCommandAuthorizedFromAuthorizers"
> & {
runtime: CommandAuthorizationRuntime;
};
export function resolveDirectDmAuthorizationOutcome(params: {
isGroup: boolean;
dmPolicy: string;
senderAllowedForCommands: boolean;
}): "disabled" | "unauthorized" | "allowed" {
if (params.isGroup) {
return "allowed";
}
if (params.dmPolicy === "disabled") {
return "disabled";
}
if (params.dmPolicy !== "open" && !params.senderAllowedForCommands) {
return "unauthorized";
}
return "allowed";
}
export async function resolveSenderCommandAuthorizationWithRuntime(
params: ResolveSenderCommandAuthorizationWithRuntimeParams,
): ReturnType<typeof resolveSenderCommandAuthorization> {
return resolveSenderCommandAuthorization({
...params,
shouldComputeCommandAuthorized: params.runtime.shouldComputeCommandAuthorized,
resolveCommandAuthorizedFromAuthorizers: params.runtime.resolveCommandAuthorizedFromAuthorizers,
});
}
export async function resolveSenderCommandAuthorization(
params: ResolveSenderCommandAuthorizationParams,
): Promise<{
shouldComputeAuth: boolean;
effectiveAllowFrom: string[];
effectiveGroupAllowFrom: string[];
senderAllowedForCommands: boolean;
commandAuthorized: boolean | undefined;
}> {
const shouldComputeAuth = params.shouldComputeCommandAuthorized(params.rawBody, params.cfg);
const storeAllowFrom =
!params.isGroup &&
params.dmPolicy !== "allowlist" &&
(params.dmPolicy !== "open" || shouldComputeAuth)
? await params.readAllowFromStore().catch(() => [])
: [];
const access = resolveDmGroupAccessWithLists({
isGroup: params.isGroup,
dmPolicy: params.dmPolicy,
groupPolicy: "allowlist",
allowFrom: params.configuredAllowFrom,
groupAllowFrom: params.configuredGroupAllowFrom ?? [],
storeAllowFrom,
isSenderAllowed: (allowFrom) => params.isSenderAllowed(params.senderId, allowFrom),
});
const effectiveAllowFrom = access.effectiveAllowFrom;
const effectiveGroupAllowFrom = access.effectiveGroupAllowFrom;
const useAccessGroups = params.cfg.commands?.useAccessGroups !== false;
const senderAllowedForCommands = params.isSenderAllowed(
params.senderId,
params.isGroup ? effectiveGroupAllowFrom : effectiveAllowFrom,
);
const ownerAllowedForCommands = params.isSenderAllowed(params.senderId, effectiveAllowFrom);
const groupAllowedForCommands = params.isSenderAllowed(params.senderId, effectiveGroupAllowFrom);
const commandAuthorized = shouldComputeAuth
? params.resolveCommandAuthorizedFromAuthorizers({
useAccessGroups,
authorizers: [
{ configured: effectiveAllowFrom.length > 0, allowed: ownerAllowedForCommands },
{ configured: effectiveGroupAllowFrom.length > 0, allowed: groupAllowedForCommands },
],
})
: undefined;
return {
shouldComputeAuth,
effectiveAllowFrom,
effectiveGroupAllowFrom,
senderAllowedForCommands,
commandAuthorized,
};
}
Reference in New Issue View Git Blame Copy Permalink