mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-06-01 07:01:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

fix(gateway): remove discord role allowlist auth bypass (#30742)

Browse source
This commit is contained in:
Teknium 2026-05-24 04:24:49 -07:00 committed by GitHub
parent 1f897b0dc9
commit c3caca6584
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 0 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

12
gateway/run.py
View file

@ -6329,18 +6329,6 @@ class GatewayRunner:
if allow_bots_var and os.getenv(allow_bots_var, "none").lower().strip() in {"mentions", "all"}: if allow_bots_var and os.getenv(allow_bots_var, "none").lower().strip() in {"mentions", "all"}:
return True return True
# Discord role-based access (DISCORD_ALLOWED_ROLES): the adapter's
# on_message pre-filter already verified role membership — if the
# message reached here, the user passed that check. Authorize
# directly to avoid the "no allowlists configured" branch below
# rejecting role-only setups where DISCORD_ALLOWED_USERS is empty
# (issue #7871).
if (
source.platform == Platform.DISCORD
and os.getenv("DISCORD_ALLOWED_ROLES", "").strip()
):
return True
# Check pairing store (always checked, regardless of allowlists) # Check pairing store (always checked, regardless of allowlists)
platform_name = source.platform.value if source.platform else "" platform_name = source.platform.value if source.platform else ""
if self.pairing_store.is_approved(platform_name, user_id): if self.pairing_store.is_approved(platform_name, user_id):