vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-02 12:00:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(security): enforce account-scoped pairing APIs

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-26 21:57:10 +01:00
parent a0c5e28f3b
commit bce643a0bd
27 changed files with 331 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/line/bot-handlers.ts
View File

@@ -74,6 +74,7 @@ async function sendLinePairingReply(params: {
const { code, created } = await upsertChannelPairingRequest({
channel: "line",
id: senderId,
accountId: context.account.accountId,
});
if (!created) {
return;
@@ -121,7 +122,11 @@ async function shouldProcessLineEvent(
const senderId = userId ?? "";
const dmPolicy = account.config.dmPolicy ?? "pairing";
const storeAllowFrom = await readChannelAllowFromStore("line").catch(() => []);
const storeAllowFrom = await readChannelAllowFromStore(
"line",
process.env,
account.accountId,
).catch(() => []);
const effectiveDmAllow = normalizeDmAllowFromWithStore({
allowFrom: account.config.allowFrom,
storeAllowFrom,