diff --git a/gateway/config.py b/gateway/config.py index 67ebf7346..a156e79c5 100644 --- a/gateway/config.py +++ b/gateway/config.py @@ -687,6 +687,11 @@ def load_gateway_config() -> GatewayConfig: os.environ["TELEGRAM_REACTIONS"] = str(telegram_cfg["reactions"]).lower() if "proxy_url" in telegram_cfg and not os.getenv("TELEGRAM_PROXY"): os.environ["TELEGRAM_PROXY"] = str(telegram_cfg["proxy_url"]).strip() + if "group_allowed_chats" in telegram_cfg and not os.getenv("TELEGRAM_GROUP_ALLOWED_USERS"): + gac = telegram_cfg["group_allowed_chats"] + if isinstance(gac, list): + gac = ",".join(str(v) for v in gac) + os.environ["TELEGRAM_GROUP_ALLOWED_USERS"] = str(gac) if "disable_link_previews" in telegram_cfg: plat_data = platforms_data.setdefault(Platform.TELEGRAM.value, {}) if not isinstance(plat_data, dict): diff --git a/gateway/run.py b/gateway/run.py index f7d8e8b70..ecc6d17bc 100644 --- a/gateway/run.py +++ b/gateway/run.py @@ -3037,6 +3037,7 @@ class GatewayRunner: Platform.QQBOT: "QQ_ALLOWED_USERS", } platform_group_env_map = { + Platform.TELEGRAM: "TELEGRAM_GROUP_ALLOWED_USERS", Platform.QQBOT: "QQ_GROUP_ALLOWED_USERS", } platform_allow_all_map = { @@ -3093,7 +3094,7 @@ class GatewayRunner: # Check platform-specific and global allowlists platform_allowlist = os.getenv(platform_env_map.get(source.platform, ""), "").strip() group_allowlist = "" - if source.chat_type == "group": + if source.chat_type in {"group", "forum"}: group_allowlist = os.getenv(platform_group_env_map.get(source.platform, ""), "").strip() global_allowlist = os.getenv("GATEWAY_ALLOWED_USERS", "").strip() @@ -3102,7 +3103,7 @@ class GatewayRunner: return os.getenv("GATEWAY_ALLOW_ALL_USERS", "").lower() in ("true", "1", "yes") # Some platforms authorize group traffic by chat ID rather than sender ID. - if group_allowlist and source.chat_type == "group" and source.chat_id: + if group_allowlist and source.chat_type in {"group", "forum"} and source.chat_id: allowed_group_ids = { chat_id.strip() for chat_id in group_allowlist.split(",") if chat_id.strip() } diff --git a/scripts/release.py b/scripts/release.py index 271c65f04..41a51ebb2 100755 --- a/scripts/release.py +++ b/scripts/release.py @@ -48,6 +48,7 @@ AUTHOR_MAP = { "jefferson@heimdallstrategy.com": "Mind-Dragon", "130918800+devorun@users.noreply.github.com": "devorun", "maks.mir@yahoo.com": "say8hi", + "web3blind@users.noreply.github.com": "web3blind", # contributors (from noreply pattern) "david.vv@icloud.com": "davidvv", "wangqiang@wangqiangdeMac-mini.local": "xiaoqiang243", diff --git a/tests/gateway/test_unauthorized_dm_behavior.py b/tests/gateway/test_unauthorized_dm_behavior.py index 98e71442b..23c06cc33 100644 --- a/tests/gateway/test_unauthorized_dm_behavior.py +++ b/tests/gateway/test_unauthorized_dm_behavior.py @@ -12,6 +12,7 @@ from gateway.session import SessionSource def _clear_auth_env(monkeypatch) -> None: for key in ( "TELEGRAM_ALLOWED_USERS", + "TELEGRAM_GROUP_ALLOWED_USERS", "DISCORD_ALLOWED_USERS", "WHATSAPP_ALLOWED_USERS", "SLACK_ALLOWED_USERS", @@ -178,6 +179,26 @@ def test_qq_group_allowlist_does_not_authorize_other_groups(monkeypatch): assert runner._is_user_authorized(source) is False +def test_telegram_group_allowlist_authorizes_forum_chat_without_user_allowlist(monkeypatch): + _clear_auth_env(monkeypatch) + monkeypatch.setenv("TELEGRAM_GROUP_ALLOWED_USERS", "-1001878443972") + + runner, _adapter = _make_runner( + Platform.TELEGRAM, + GatewayConfig(platforms={Platform.TELEGRAM: PlatformConfig(enabled=True, token="t")}), + ) + + source = SessionSource( + platform=Platform.TELEGRAM, + user_id="999", + chat_id="-1001878443972", + user_name="tester", + chat_type="forum", + ) + + assert runner._is_user_authorized(source) is True + + @pytest.mark.asyncio async def test_unauthorized_dm_pairs_by_default(monkeypatch): _clear_auth_env(monkeypatch)