telegram: gate /start, /help, /status behind dmPolicy

The bot command handlers bypassed access control — they responded to any DM user regardless of dmPolicy, leaking bot presence and contradicting ACCESS.md's "Drop silently. No reply." contract for allowlist mode. Add dmCommandGate() that applies the same disabled/allowlist checks as gate() without the pairing side effects, and route all three handlers through it. Also prune expired pending codes before /status iterates them. Fixes #854
2026-03-22 12:13:09 +00:00 · 2026-03-22 08:07:07 +00:00
parent 61c0597779
commit 0a0f09866c
1 changed files with 19 additions and 13 deletions
--- a/external_plugins/telegram/server.ts
+++ b/external_plugins/telegram/server.ts
@@ -261,6 +261,19 @@ function gate(ctx: Context): GateResult {
  return { action: 'drop' }
 }

+// Like gate() but for bot commands: no pairing side effects, just allow/drop.
+function dmCommandGate(ctx: Context): { access: Access; senderId: string } | null {
+  if (ctx.chat?.type !== 'private') return null
+  if (!ctx.from) return null
+  const senderId = String(ctx.from.id)
+  const access = loadAccess()
+  const pruned = pruneExpired(access)
+  if (pruned) saveAccess(access)
+  if (access.dmPolicy === 'disabled') return null
+  if (access.dmPolicy === 'allowlist' && !access.allowFrom.includes(senderId)) return null
+  return { access, senderId }
+}
+
 function isMentioned(ctx: Context, extraPatterns?: string[]): boolean {
  const entities = ctx.message?.entities ?? ctx.message?.caption_entities ?? []
  const text = ctx.message?.text ?? ctx.message?.caption ?? ''
@@ -585,12 +598,7 @@ process.on('SIGINT', shutdown)
 // the gate's behavior for unrecognized groups.

 bot.command('start', async ctx => {
-  if (ctx.chat?.type !== 'private') return
-  const access = loadAccess()
-  if (access.dmPolicy === 'disabled') {
-    await ctx.reply(`This bot isn't accepting new connections.`)
-    return
-  }
+  if (!dmCommandGate(ctx)) return
  await ctx.reply(
    `This bot bridges Telegram to a Claude Code session.\n\n` +
    `To pair:\n` +
@@ -601,7 +609,7 @@ bot.command('start', async ctx => {
 })

 bot.command('help', async ctx => {
-  if (ctx.chat?.type !== 'private') return
+  if (!dmCommandGate(ctx)) return
  await ctx.reply(
    `Messages you send here route to a paired Claude Code session. ` +
    `Text and photos are forwarded; replies and reactions come back.\n\n` +
@@ -611,14 +619,12 @@ bot.command('help', async ctx => {
 })

 bot.command('status', async ctx => {
-  if (ctx.chat?.type !== 'private') return
-  const from = ctx.from
-  if (!from) return
-  const senderId = String(from.id)
-  const access = loadAccess()
+  const gated = dmCommandGate(ctx)
+  if (!gated) return
+  const { access, senderId } = gated

  if (access.allowFrom.includes(senderId)) {
-    const name = from.username ? `@${from.username}` : senderId
+    const name = ctx.from!.username ? `@${ctx.from!.username}` : senderId
    await ctx.reply(`Paired as ${name}.`)
    return
  }