github/openclaw
1
1
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-02-19 18:39:20 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix(telegram): match DM allowFrom against sender user id

Browse Source 
Telegram DM access-control incorrectly used chatId as the allowFrom match key.

For DMs, allowFrom entries are typically Telegram user ids (msg.from.id) and/or @usernames. Using chatId causes legitimate DMs to be rejected or silently dropped even when dmPolicy is open/allowlist.

This change matches allowFrom against the sender's user id when available, falling back to chatId only if msg.from.id is missing.

Tests: existing telegram DM/thread routing tests pass.

Closes #4515
This commit is contained in:
Mark Liu
2026-02-08 01:43:19 +08:00
committed by Ayaan Zaidi
parent c6e142f22e
commit 29425e27e5
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/telegram/bot-message-context.ts
View File

@@ -229,8 +229,9 @@ export const buildTelegramMessageContext = async ({
}
if (dmPolicy !== "open") {
const candidate = String(chatId);
const senderUsername = msg.from?.username ?? "";
const senderUserId = msg.from?.id != null ? String(msg.from.id) : null;
const candidate = senderUserId ?? String(chatId);
const allowMatch = resolveSenderAllowMatch({
allow: effectiveDmAllow,
senderId: candidate,