

























@@ -5,14 +5,28 @@ import { upsertChannelPairingRequest } from "openclaw/plugin-sdk/conversation-ru
55import { defaultRuntime } from "openclaw/plugin-sdk/runtime-env";
66import { warnMissingProviderGroupPolicyFallbackOnce } from "openclaw/plugin-sdk/runtime-group-policy";
77import { resolveWhatsAppInboundPolicy, resolveWhatsAppIngressAccess } from "../inbound-policy.js";
8+import { buildWhatsAppInboundAdmission, type WhatsAppInboundAdmission } from "./admission.js";
899-export type InboundAccessControlResult = {
10-allowed: boolean;
11-shouldMarkRead: boolean;
10+export type BlockedInboundAccessControlResult = {
11+allowed: false;
12+shouldMarkRead: false;
1213isSelfChat: boolean;
1314resolvedAccountId: string;
15+admission?: never;
1416};
151718+export type AcceptedInboundAccessControlResult = {
19+allowed: true;
20+shouldMarkRead: true;
21+isSelfChat: boolean;
22+resolvedAccountId: string;
23+admission: WhatsAppInboundAdmission;
24+};
25+26+export type InboundAccessControlResult =
27+| BlockedInboundAccessControlResult
28+| AcceptedInboundAccessControlResult;
29+1630const PAIRING_REPLY_HISTORY_GRACE_MS = 30_000;
17311832function logWhatsAppVerbose(enabled: boolean | undefined, message: string) {
@@ -22,12 +36,24 @@ function logWhatsAppVerbose(enabled: boolean | undefined, message: string) {
2236defaultRuntime.log(message);
2337}
243839+function blockedInboundAccess(
40+policy: ReturnType<typeof resolveWhatsAppInboundPolicy>,
41+): BlockedInboundAccessControlResult {
42+return {
43+allowed: false,
44+shouldMarkRead: false,
45+isSelfChat: policy.isSelfChat,
46+resolvedAccountId: policy.account.accountId,
47+};
48+}
49+2550export async function checkInboundAccessControl(params: {
2651cfg: OpenClawConfig;
2752accountId: string;
2853from: string;
2954selfE164: string | null;
3055senderE164: string | null;
56+senderJid?: string | null;
3157group: boolean;
3258pushName?: string;
3359isFromMe: boolean;
@@ -64,12 +90,17 @@ export async function checkInboundAccessControl(params: {
6490accountId: policy.account.accountId,
6591log: (message) => logWhatsAppVerbose(params.verbose, message),
6692});
93+const conversationId = params.group ? params.remoteJid : params.from;
94+const accessSenderId = params.group ? params.senderE164 : params.from;
95+const admissionSenderId = params.group
96+ ? (params.senderE164 ?? params.senderJid ?? params.from)
97+ : params.from;
6798const access = await resolveWhatsAppIngressAccess({
6899cfg: params.cfg,
69100 policy,
70101isGroup: params.group,
71-conversationId: params.remoteJid,
72-senderId: params.group ? params.senderE164 : params.from,
102+ conversationId,
103+senderId: accessSenderId,
73104dmSenderId: params.from,
74105});
75106const { senderAccess } = access;
@@ -87,33 +118,18 @@ export async function checkInboundAccessControl(params: {
87118`Blocked group message from ${params.senderE164 ?? "unknown sender"} (groupPolicy: allowlist)`,
88119);
89120}
90-return {
91-allowed: false,
92-shouldMarkRead: false,
93-isSelfChat: policy.isSelfChat,
94-resolvedAccountId: policy.account.accountId,
95-};
121+return blockedInboundAccess(policy);
96122}
9712398124// DM access control (secure defaults): "pairing" (default) / "allowlist" / "open" / "disabled".
99125if (!params.group) {
100126if (params.isFromMe && !policy.isSamePhone(params.from)) {
101127logWhatsAppVerbose(params.verbose, "Skipping outbound DM (fromMe); no pairing reply needed.");
102-return {
103-allowed: false,
104-shouldMarkRead: false,
105-isSelfChat: policy.isSelfChat,
106-resolvedAccountId: policy.account.accountId,
107-};
128+return blockedInboundAccess(policy);
108129}
109130if (senderAccess.decision === "block" && senderAccess.reasonCode === "dm_policy_disabled") {
110131logWhatsAppVerbose(params.verbose, "Blocked dm (dmPolicy: disabled)");
111-return {
112-allowed: false,
113-shouldMarkRead: false,
114-isSelfChat: policy.isSelfChat,
115-resolvedAccountId: policy.account.accountId,
116-};
132+return blockedInboundAccess(policy);
117133}
118134if (senderAccess.decision === "pairing" && !policy.isSamePhone(params.from)) {
119135const candidate = params.from;
@@ -153,24 +169,14 @@ export async function checkInboundAccessControl(params: {
153169},
154170});
155171}
156-return {
157-allowed: false,
158-shouldMarkRead: false,
159-isSelfChat: policy.isSelfChat,
160-resolvedAccountId: policy.account.accountId,
161-};
172+return blockedInboundAccess(policy);
162173}
163174if (senderAccess.decision !== "allow") {
164175logWhatsAppVerbose(
165176params.verbose,
166177`Blocked unauthorized sender ${params.from} (dmPolicy=${policy.dmPolicy})`,
167178);
168-return {
169-allowed: false,
170-shouldMarkRead: false,
171-isSelfChat: policy.isSelfChat,
172-resolvedAccountId: policy.account.accountId,
173-};
179+return blockedInboundAccess(policy);
174180}
175181}
176182@@ -179,6 +185,14 @@ export async function checkInboundAccessControl(params: {
179185shouldMarkRead: true,
180186isSelfChat: policy.isSelfChat,
181187resolvedAccountId: policy.account.accountId,
188+admission: buildWhatsAppInboundAdmission({
189+ policy,
190+ access,
191+isGroup: params.group,
192+ conversationId,
193+senderId: admissionSenderId,
194+dmSenderId: params.from,
195+}),
182196};
183197}
184198此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。