admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity

refactor(security): remove unused empty allowlist mode

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-21 19:57:36 +01:00
parent 2ba6de7eaa
commit 51c0893673
2 changed files with 1 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/plugin-sdk/allow-from.test.ts
View File

@@ -37,18 +37,6 @@ describe("isAllowedParsedChatSender", () => {
expect(allowed).toBe(false);
});
it("can explicitly allow when allowFrom is empty", () => {
const allowed = isAllowedParsedChatSender({
allowFrom: [],
sender: "+15551234567",
emptyAllowFrom: "allow",
normalizeSender: (sender) => sender,
parseAllowTarget,
});
expect(allowed).toBe(true);
});
it("allows wildcard entries", () => {
const allowed = isAllowedParsedChatSender({
allowFrom: ["*"],

5
src/plugin-sdk/allow-from.ts
View File

@@ -21,15 +21,12 @@ export function isAllowedParsedChatSender<TParsed extends ParsedChatAllowTarget>
chatId?: number | null;
chatGuid?: string | null;
chatIdentifier?: string | null;
emptyAllowFrom?: "deny" | "allow";
normalizeSender: (sender: string) => string;
parseAllowTarget: (entry: string) => TParsed;
}): boolean {
const allowFrom = params.allowFrom.map((entry) => String(entry).trim());
if (allowFrom.length === 0) {
// Fail closed by default. Callers can opt into legacy "empty = allow all"
// behavior explicitly when a surface intentionally treats an empty list as open.
return params.emptyAllowFrom === "allow";
return false;
}
if (allowFrom.includes("*")) {
return true;