vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-30 20:50:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(telegram): trust local bot api media roots

Browse Source
This commit is contained in:
Ayaan Zaidi
2026-04-04 11:10:22 +05:30
parent c91b6bf322
commit cfc52fcf2b
9 changed files with 211 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/config/types.telegram.ts
View File

@@ -229,6 +229,8 @@ export type TelegramAccountConfig = {
ackReaction?: string;
/** Custom Telegram Bot API root URL (e.g. "https://my-proxy.example.com" or a local Bot API server). */
apiRoot?: string;
/** Trusted local filesystem roots for self-hosted Telegram Bot API absolute file_path values. */
trustedLocalFileRoots?: string[];
/** Auto-rename DM forum topics on first message using LLM. Default: true. */
autoTopicLabel?: AutoTopicLabelConfig;
};

6
src/config/zod-schema.providers-core.ts
View File

@@ -298,6 +298,12 @@ export const TelegramAccountSchemaBase = z
errorPolicy: TelegramErrorPolicySchema,
errorCooldownMs: z.number().int().nonnegative().optional(),
apiRoot: z.string().url().optional(),
trustedLocalFileRoots: z
.array(z.string())
.optional()
.describe(
"Trusted local filesystem roots for self-hosted Telegram Bot API absolute file_path values. Only absolute paths under these roots are read directly; all other absolute paths are rejected.",
),
autoTopicLabel: AutoTopicLabelSchema,
})
.strict();