vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-01 02:30:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(security): enforce account-scoped pairing APIs

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-26 21:57:10 +01:00
parent a0c5e28f3b
commit bce643a0bd
27 changed files with 331 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/security/fix.ts
View File

@@ -7,7 +7,7 @@ import { collectIncludePathsRecursive } from "../config/includes-scan.js";
import { resolveConfigPath, resolveOAuthDir, resolveStateDir } from "../config/paths.js";
import { readChannelAllowFromStore } from "../pairing/pairing-store.js";
import { runExec } from "../process/exec.js";
import { normalizeAgentId } from "../routing/session-key.js";
import { DEFAULT_ACCOUNT_ID, normalizeAgentId } from "../routing/session-key.js";
import { createIcaclsResetCommand, formatIcaclsResetCommand, type ExecFn } from "./windows-acl.js";
export type SecurityFixChmodAction = {
@@ -412,7 +412,11 @@ export async function fixSecurityFootguns(opts?: {
const fixed = applyConfigFixes({ cfg: snap.config, env });
changes = fixed.changes;
const whatsappStoreAllowFrom = await readChannelAllowFromStore("whatsapp", env).catch(() => []);
const whatsappStoreAllowFrom = await readChannelAllowFromStore(
"whatsapp",
env,
DEFAULT_ACCOUNT_ID,
).catch(() => []);
if (whatsappStoreAllowFrom.length > 0) {
setWhatsAppGroupAllowFromFromStore({
cfg: fixed.cfg,