@@ -66,15 +66,23 @@ function parseAllowedUserIds(raw: string | string[] | undefined): string[] {
|
66 | 66 | return normalizeStringEntries(raw.split(",")); |
67 | 67 | } |
68 | 68 | |
69 | | -function parseRateLimitPerMinute(raw: string | undefined): number { |
70 | | -if (raw == null) { |
71 | | -return 30; |
| 69 | +function normalizeRateLimitPerMinuteValue(raw: unknown): number | undefined { |
| 70 | +if (typeof raw === "number") { |
| 71 | +return Number.isSafeInteger(raw) && raw >= 0 ? raw : undefined; |
| 72 | +} |
| 73 | +if (typeof raw !== "string") { |
| 74 | +return undefined; |
72 | 75 | } |
73 | 76 | const trimmed = raw.trim(); |
74 | | -if (!/^-?\d+$/.test(trimmed)) { |
75 | | -return 30; |
| 77 | +if (!/^\d+$/.test(trimmed)) { |
| 78 | +return undefined; |
76 | 79 | } |
77 | | -return parseStrictInteger(trimmed) ?? 30; |
| 80 | +const parsed = parseStrictInteger(trimmed); |
| 81 | +return parsed != null && parsed >= 0 ? parsed : undefined; |
| 82 | +} |
| 83 | + |
| 84 | +function parseRateLimitPerMinute(raw: string | undefined): number { |
| 85 | +return normalizeRateLimitPerMinuteValue(raw) ?? 30; |
78 | 86 | } |
79 | 87 | |
80 | 88 | /** |
@@ -143,7 +151,8 @@ export function resolveAccount(
|
143 | 151 | dangerouslyAllowInheritedWebhookPath, |
144 | 152 | dmPolicy: merged.dmPolicy ?? "allowlist", |
145 | 153 | allowedUserIds: parseAllowedUserIds(merged.allowedUserIds ?? envAllowedUserIds), |
146 | | -rateLimitPerMinute: merged.rateLimitPerMinute ?? envRateLimitValue, |
| 154 | +rateLimitPerMinute: |
| 155 | +normalizeRateLimitPerMinuteValue(merged.rateLimitPerMinute) ?? envRateLimitValue, |
147 | 156 | botName: merged.botName ?? envBotName, |
148 | 157 | allowInsecureSsl: merged.allowInsecureSsl ?? false, |
149 | 158 | }; |
|