refactor(telegram): dedupe group auth checks

2026-05-04 11:20:21 +00:00 · 2026-02-15 16:12:36 +00:00
parent 234d69f83f
commit 933a9945ae
1 changed files with 20 additions and 26 deletions
--- a/src/telegram/bot-native-commands.ts
+++ b/src/telegram/bot-native-commands.ts
@@ -171,6 +171,22 @@ async function resolveTelegramCommandAuth(params: {
  const senderId = senderIdRaw ? String(senderIdRaw) : "";
  const senderUsername = msg.from?.username ?? "";

+  const isGroupSenderAllowed = () =>
+    senderIdRaw != null &&
+    isSenderAllowed({
+      allow: effectiveGroupAllow,
+      senderId: String(senderIdRaw),
+      senderUsername,
+    });
+
+  const rejectNotAuthorized = async () => {
+    await withTelegramApiErrorLogging({
+      operation: "sendMessage",
+      fn: () => bot.api.sendMessage(chatId, "You are not authorized to use this command."),
+    });
+    return null;
+  };
+
  if (isGroup && groupConfig?.enabled === false) {
    await withTelegramApiErrorLogging({
      operation: "sendMessage",
@@ -186,19 +202,8 @@ async function resolveTelegramCommandAuth(params: {
    return null;
  }
  if (requireAuth && isGroup && hasGroupAllowOverride) {
-    if (
-      senderIdRaw == null ||
-      !isSenderAllowed({
-        allow: effectiveGroupAllow,
-        senderId: String(senderIdRaw),
-        senderUsername,
-      })
-    ) {
-      await withTelegramApiErrorLogging({
-        operation: "sendMessage",
-        fn: () => bot.api.sendMessage(chatId, "You are not authorized to use this command."),
-      });
-      return null;
+    if (!isGroupSenderAllowed()) {
+      return await rejectNotAuthorized();
    }
  }

@@ -213,19 +218,8 @@ async function resolveTelegramCommandAuth(params: {
      return null;
    }
    if (groupPolicy === "allowlist" && requireAuth) {
-      if (
-        senderIdRaw == null ||
-        !isSenderAllowed({
-          allow: effectiveGroupAllow,
-          senderId: String(senderIdRaw),
-          senderUsername,
-        })
-      ) {
-        await withTelegramApiErrorLogging({
-          operation: "sendMessage",
-          fn: () => bot.api.sendMessage(chatId, "You are not authorized to use this command."),
-        });
-        return null;
+      if (!isGroupSenderAllowed()) {
+        return await rejectNotAuthorized();
      }
    }
    const groupAllowlist = resolveGroupPolicy(chatId);