mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-06 07:20:43 +00:00
test(extensions): move channel contracts to owners
This commit is contained in:
Peter Steinberger
@@ -1,12 +1,12 @@
|
||||
import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime";
|
||||
import { describe, expect, it } from "vitest";
|
||||
import {
|
||||
DEFAULT_IMESSAGE_ATTACHMENT_ROOTS,
|
||||
resolveIMessageAttachmentRoots,
|
||||
resolveIMessageRemoteAttachmentRoots,
|
||||
} from "../../test/helpers/channels/channel-media-roots-contract.js";
|
||||
import type { OpenClawConfig } from "../config/types.js";
|
||||
} from "../contract-api.js";
|
||||
|
||||
describe("channel-inbound-roots contract", () => {
|
||||
describe("iMessage channel-inbound-roots contract", () => {
|
||||
function expectResolvedRootsCase(resolve: () => string[], expected: readonly string[]) {
|
||||
expect(resolve()).toEqual(expected);
|
||||
}
|
||||
@@ -1,12 +1,9 @@
|
||||
import { describe, expect, it } from "vitest";
|
||||
import {
|
||||
getSignalContractSurface,
|
||||
type SignalSender,
|
||||
} from "../../../../test/helpers/channels/dm-policy-contract.js";
|
||||
import {
|
||||
DM_GROUP_ACCESS_REASON,
|
||||
resolveDmGroupAccessWithLists,
|
||||
} from "../../../security/dm-policy-shared.js";
|
||||
} from "openclaw/plugin-sdk/channel-policy";
|
||||
import { describe, expect, it } from "vitest";
|
||||
import { isSignalSenderAllowed, type SignalSender } from "../contract-api.js";
|
||||
|
||||
type ChannelSmokeCase = {
|
||||
name: string;
|
||||
@@ -21,9 +18,7 @@ const signalSender: SignalSender = {
|
||||
};
|
||||
const signalSenderE164 = "+15550001111";
|
||||
|
||||
function createChannelSmokeCases(
|
||||
isSignalSenderAllowed: (sender: SignalSender, allowFrom: string[]) => boolean,
|
||||
): ChannelSmokeCase[] {
|
||||
function createChannelSmokeCases(): ChannelSmokeCase[] {
|
||||
return [
|
||||
{
|
||||
name: "bluebubbles",
|
||||
@@ -52,7 +47,7 @@ function expandChannelIngressCases(cases: readonly ChannelSmokeCase[]) {
|
||||
);
|
||||
}
|
||||
|
||||
describe("security/dm-policy-shared channel smoke", () => {
|
||||
describe("Signal dm-policy shared contract", () => {
|
||||
function expectBlockedGroupAccess(params: {
|
||||
storeAllowFrom: string[];
|
||||
isSenderAllowed: (allowFrom: string[]) => boolean;
|
||||
@@ -71,11 +66,8 @@ describe("security/dm-policy-shared channel smoke", () => {
|
||||
expect(access.reason).toBe("groupPolicy=allowlist (not allowlisted)");
|
||||
}
|
||||
|
||||
it("blocks group ingress when sender is only in pairing store", async () => {
|
||||
const { isSignalSenderAllowed } = await getSignalContractSurface();
|
||||
for (const { testCase } of expandChannelIngressCases(
|
||||
createChannelSmokeCases(isSignalSenderAllowed),
|
||||
)) {
|
||||
it("blocks group ingress when sender is only in pairing store", () => {
|
||||
for (const { testCase } of expandChannelIngressCases(createChannelSmokeCases())) {
|
||||
expectBlockedGroupAccess({
|
||||
storeAllowFrom: testCase.storeAllowFrom,
|
||||
isSenderAllowed: testCase.isSenderAllowed,
|
||||
@@ -1,25 +0,0 @@
|
||||
import { resolveRelativeBundledPluginPublicModuleId } from "../../../src/test-utils/bundled-plugin-public-surface.js";
|
||||
|
||||
type IMessageContractSurface = {
|
||||
DEFAULT_IMESSAGE_ATTACHMENT_ROOTS: string[];
|
||||
resolveIMessageAttachmentRoots: (params: unknown) => string[];
|
||||
resolveIMessageRemoteAttachmentRoots: (params: unknown) => string[];
|
||||
};
|
||||
|
||||
const {
|
||||
DEFAULT_IMESSAGE_ATTACHMENT_ROOTS,
|
||||
resolveIMessageAttachmentRoots,
|
||||
resolveIMessageRemoteAttachmentRoots,
|
||||
} = (await import(
|
||||
resolveRelativeBundledPluginPublicModuleId({
|
||||
fromModuleUrl: import.meta.url,
|
||||
pluginId: "imessage",
|
||||
artifactBasename: "contract-api.js",
|
||||
})
|
||||
)) as IMessageContractSurface;
|
||||
|
||||
export {
|
||||
DEFAULT_IMESSAGE_ATTACHMENT_ROOTS,
|
||||
resolveIMessageAttachmentRoots,
|
||||
resolveIMessageRemoteAttachmentRoots,
|
||||
};
|
||||
@@ -1,26 +0,0 @@
|
||||
import { resolveRelativeBundledPluginPublicModuleId } from "../../../src/test-utils/bundled-plugin-public-surface.js";
|
||||
|
||||
export type SignalSender = {
|
||||
kind: string;
|
||||
raw: string;
|
||||
e164?: string;
|
||||
uuid?: string;
|
||||
username?: string;
|
||||
};
|
||||
|
||||
type SignalContractApiSurface = {
|
||||
isSignalSenderAllowed: (...args: unknown[]) => boolean;
|
||||
};
|
||||
|
||||
let signalContractSurface: Promise<SignalContractApiSurface> | undefined;
|
||||
|
||||
export function getSignalContractSurface(): Promise<SignalContractApiSurface> {
|
||||
signalContractSurface ??= import(
|
||||
resolveRelativeBundledPluginPublicModuleId({
|
||||
fromModuleUrl: import.meta.url,
|
||||
pluginId: "signal",
|
||||
artifactBasename: "contract-api.js",
|
||||
})
|
||||
) as Promise<SignalContractApiSurface>;
|
||||
return signalContractSurface;
|
||||
}
|
||||
@@ -1,146 +0,0 @@
|
||||
import type { OpenClawConfig } from "../../../src/config/config.js";
|
||||
import type { SecurityAuditFinding } from "../../../src/security/audit.types.js";
|
||||
import {
|
||||
loadBundledPluginPublicSurfaceSync,
|
||||
resolveRelativeBundledPluginPublicModuleId,
|
||||
} from "../../../src/test-utils/bundled-plugin-public-surface.js";
|
||||
|
||||
type SecurityAuditAccount = {
|
||||
accountId: string;
|
||||
enabled?: boolean;
|
||||
token?: unknown;
|
||||
tokenSource?: string;
|
||||
config?: Record<string, unknown>;
|
||||
[key: string]: unknown;
|
||||
};
|
||||
type FlexibleSecurityAuditParams = {
|
||||
cfg?: OpenClawConfig;
|
||||
sourceConfig?: OpenClawConfig;
|
||||
account: SecurityAuditAccount;
|
||||
accountId?: string | null;
|
||||
orderedAccountIds?: string[];
|
||||
hasExplicitAccountPath?: boolean;
|
||||
};
|
||||
type ConfigSecurityAuditParams = {
|
||||
cfg: OpenClawConfig;
|
||||
};
|
||||
type AsyncChannelSecurityAuditCollector = (
|
||||
params: FlexibleSecurityAuditParams,
|
||||
) => Promise<SecurityAuditFinding[]>;
|
||||
type SyncChannelSecurityAuditCollector = (
|
||||
params: FlexibleSecurityAuditParams,
|
||||
) => SecurityAuditFinding[];
|
||||
type ConfigSecurityAuditCollector = (params: ConfigSecurityAuditParams) => SecurityAuditFinding[];
|
||||
type DiscordSecurityAuditSurface = {
|
||||
collectDiscordSecurityAuditFindings: AsyncChannelSecurityAuditCollector;
|
||||
};
|
||||
type FeishuSecuritySurface = {
|
||||
collectFeishuSecurityAuditFindings: ConfigSecurityAuditCollector;
|
||||
};
|
||||
type SlackSecuritySurface = {
|
||||
collectSlackSecurityAuditFindings: AsyncChannelSecurityAuditCollector;
|
||||
};
|
||||
type SynologyChatSecuritySurface = {
|
||||
collectSynologyChatSecurityAuditFindings: SyncChannelSecurityAuditCollector;
|
||||
};
|
||||
type TelegramSecuritySurface = {
|
||||
collectTelegramSecurityAuditFindings: AsyncChannelSecurityAuditCollector;
|
||||
};
|
||||
type ZalouserSecuritySurface = {
|
||||
collectZalouserSecurityAuditFindings: SyncChannelSecurityAuditCollector;
|
||||
};
|
||||
|
||||
const discordSecurityAuditModuleId = resolveRelativeBundledPluginPublicModuleId({
|
||||
fromModuleUrl: import.meta.url,
|
||||
pluginId: "discord",
|
||||
artifactBasename: "security-audit-contract-api.js",
|
||||
});
|
||||
const slackSecurityModuleId = resolveRelativeBundledPluginPublicModuleId({
|
||||
fromModuleUrl: import.meta.url,
|
||||
pluginId: "slack",
|
||||
artifactBasename: "security-contract-api.js",
|
||||
});
|
||||
const telegramSecurityModuleId = resolveRelativeBundledPluginPublicModuleId({
|
||||
fromModuleUrl: import.meta.url,
|
||||
pluginId: "telegram",
|
||||
artifactBasename: "security-audit-contract-api.js",
|
||||
});
|
||||
let discordSecurityAuditSurfacePromise: Promise<DiscordSecurityAuditSurface> | undefined;
|
||||
let slackSecuritySurfacePromise: Promise<SlackSecuritySurface> | undefined;
|
||||
let telegramSecuritySurfacePromise: Promise<TelegramSecuritySurface> | undefined;
|
||||
|
||||
function loadDiscordSecurityAuditSurface(): Promise<DiscordSecurityAuditSurface> {
|
||||
discordSecurityAuditSurfacePromise ??= import(
|
||||
discordSecurityAuditModuleId
|
||||
) as Promise<DiscordSecurityAuditSurface>;
|
||||
return discordSecurityAuditSurfacePromise;
|
||||
}
|
||||
|
||||
function loadFeishuSecuritySurface(): FeishuSecuritySurface {
|
||||
return loadBundledPluginPublicSurfaceSync<FeishuSecuritySurface>({
|
||||
pluginId: "feishu",
|
||||
artifactBasename: "security-contract-api.js",
|
||||
});
|
||||
}
|
||||
|
||||
function loadSlackSecuritySurface(): Promise<SlackSecuritySurface> {
|
||||
slackSecuritySurfacePromise ??= import(slackSecurityModuleId) as Promise<SlackSecuritySurface>;
|
||||
return slackSecuritySurfacePromise;
|
||||
}
|
||||
|
||||
function loadSynologyChatSecuritySurface(): SynologyChatSecuritySurface {
|
||||
return loadBundledPluginPublicSurfaceSync<SynologyChatSecuritySurface>({
|
||||
pluginId: "synology-chat",
|
||||
artifactBasename: "contract-api.js",
|
||||
});
|
||||
}
|
||||
|
||||
function loadTelegramSecuritySurface(): Promise<TelegramSecuritySurface> {
|
||||
telegramSecuritySurfacePromise ??= import(
|
||||
telegramSecurityModuleId
|
||||
) as Promise<TelegramSecuritySurface>;
|
||||
return telegramSecuritySurfacePromise;
|
||||
}
|
||||
|
||||
function loadZalouserSecuritySurface(): ZalouserSecuritySurface {
|
||||
return loadBundledPluginPublicSurfaceSync<ZalouserSecuritySurface>({
|
||||
pluginId: "zalouser",
|
||||
artifactBasename: "contract-api.js",
|
||||
});
|
||||
}
|
||||
|
||||
export const collectDiscordSecurityAuditFindings: DiscordSecurityAuditSurface["collectDiscordSecurityAuditFindings"] =
|
||||
(async (...args) =>
|
||||
(await loadDiscordSecurityAuditSurface()).collectDiscordSecurityAuditFindings(
|
||||
...args,
|
||||
)) as DiscordSecurityAuditSurface["collectDiscordSecurityAuditFindings"];
|
||||
|
||||
export const collectFeishuSecurityAuditFindings: FeishuSecuritySurface["collectFeishuSecurityAuditFindings"] =
|
||||
((...args) =>
|
||||
loadFeishuSecuritySurface().collectFeishuSecurityAuditFindings(
|
||||
...args,
|
||||
)) as FeishuSecuritySurface["collectFeishuSecurityAuditFindings"];
|
||||
|
||||
export const collectSlackSecurityAuditFindings: SlackSecuritySurface["collectSlackSecurityAuditFindings"] =
|
||||
(async (...args) =>
|
||||
(await loadSlackSecuritySurface()).collectSlackSecurityAuditFindings(
|
||||
...args,
|
||||
)) as SlackSecuritySurface["collectSlackSecurityAuditFindings"];
|
||||
|
||||
export const collectSynologyChatSecurityAuditFindings: SynologyChatSecuritySurface["collectSynologyChatSecurityAuditFindings"] =
|
||||
((...args) =>
|
||||
loadSynologyChatSecuritySurface().collectSynologyChatSecurityAuditFindings(
|
||||
...args,
|
||||
)) as SynologyChatSecuritySurface["collectSynologyChatSecurityAuditFindings"];
|
||||
|
||||
export const collectTelegramSecurityAuditFindings: TelegramSecuritySurface["collectTelegramSecurityAuditFindings"] =
|
||||
(async (...args) =>
|
||||
(await loadTelegramSecuritySurface()).collectTelegramSecurityAuditFindings(
|
||||
...args,
|
||||
)) as TelegramSecuritySurface["collectTelegramSecurityAuditFindings"];
|
||||
|
||||
export const collectZalouserSecurityAuditFindings: ZalouserSecuritySurface["collectZalouserSecurityAuditFindings"] =
|
||||
((...args) =>
|
||||
loadZalouserSecuritySurface().collectZalouserSecurityAuditFindings(
|
||||
...args,
|
||||
)) as ZalouserSecuritySurface["collectZalouserSecurityAuditFindings"];
|
||||
Reference in New Issue
Block a user