mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-05-08 03:01:47 +00:00
6a4ecc0a9f
Self-chat mode (default) previously replied to ANY incoming DM with a
Python-side pairing-code message. Two compounding defaults:
1. allowlist.js::matchesAllowedUser returned true for an empty
allowlist — so WHATSAPP_ALLOWED_USERS unset → everyone passes the JS
bridge gate → messages reach Python gateway → _is_user_authorized
returns False but _get_unauthorized_dm_behavior falls back to
'pair' → stranger gets a pairing code reply.
2. bridge.js had no mode check on !fromMe messages, so self-chat mode
(where the operator only wants to talk to themselves) forwarded
everything anyway.
Fix:
- allowlist.js: empty allowlist now returns false. Operators who want
an open bot must set WHATSAPP_ALLOWED_USERS=* explicitly (the
existing wildcard behaviour, consistent with SIGNAL_GROUP_ALLOWED_USERS).
- bridge.js: self-chat mode hard-rejects all !fromMe messages at the
bridge, before they ever reach the Python gateway. Bot mode still
enforces the allowlist.
- Startup log message updated to reflect the new per-mode behaviour
(was '⚠️ No WHATSAPP_ALLOWED_USERS set — all messages will be
processed', which was both inaccurate post-fix and a bad default
signal pre-fix).
- allowlist.test.mjs: new regression test pinning the empty-rejects
contract, + null/undefined defensive cases.
Behaviour delta for existing users:
- self-chat mode, no allowlist: strangers got pairing codes, now
silently dropped. Strictly better.
- bot mode, no allowlist: strangers got pairing codes via the
Python-side pairing flow, now silently dropped at the JS bridge.
Operators who genuinely want an open bot set
WHATSAPP_ALLOWED_USERS=*.
80 lines
3.5 KiB
JavaScript
80 lines
3.5 KiB
JavaScript
import test from 'node:test';
|
|
import assert from 'node:assert/strict';
|
|
import os from 'node:os';
|
|
import path from 'node:path';
|
|
import { mkdtempSync, rmSync, writeFileSync } from 'node:fs';
|
|
|
|
import {
|
|
expandWhatsAppIdentifiers,
|
|
matchesAllowedUser,
|
|
normalizeWhatsAppIdentifier,
|
|
parseAllowedUsers,
|
|
} from './allowlist.js';
|
|
|
|
test('normalizeWhatsAppIdentifier strips jid syntax and plus prefix', () => {
|
|
assert.equal(normalizeWhatsAppIdentifier('+19175395595@s.whatsapp.net'), '19175395595');
|
|
assert.equal(normalizeWhatsAppIdentifier('267383306489914@lid'), '267383306489914');
|
|
assert.equal(normalizeWhatsAppIdentifier('19175395595:12@s.whatsapp.net'), '19175395595');
|
|
});
|
|
|
|
test('expandWhatsAppIdentifiers resolves phone and lid aliases from session files', () => {
|
|
const sessionDir = mkdtempSync(path.join(os.tmpdir(), 'hermes-wa-allowlist-'));
|
|
|
|
try {
|
|
writeFileSync(path.join(sessionDir, 'lid-mapping-19175395595.json'), JSON.stringify('267383306489914'));
|
|
writeFileSync(path.join(sessionDir, 'lid-mapping-267383306489914_reverse.json'), JSON.stringify('19175395595'));
|
|
|
|
const aliases = expandWhatsAppIdentifiers('267383306489914@lid', sessionDir);
|
|
assert.deepEqual([...aliases].sort(), ['19175395595', '267383306489914']);
|
|
} finally {
|
|
rmSync(sessionDir, { recursive: true, force: true });
|
|
}
|
|
});
|
|
|
|
test('matchesAllowedUser accepts mapped lid sender when allowlist only contains phone number', () => {
|
|
const sessionDir = mkdtempSync(path.join(os.tmpdir(), 'hermes-wa-allowlist-'));
|
|
|
|
try {
|
|
writeFileSync(path.join(sessionDir, 'lid-mapping-19175395595.json'), JSON.stringify('267383306489914'));
|
|
writeFileSync(path.join(sessionDir, 'lid-mapping-267383306489914_reverse.json'), JSON.stringify('19175395595'));
|
|
|
|
const allowedUsers = parseAllowedUsers('+19175395595');
|
|
assert.equal(matchesAllowedUser('267383306489914@lid', allowedUsers, sessionDir), true);
|
|
assert.equal(matchesAllowedUser('188012763865257@lid', allowedUsers, sessionDir), false);
|
|
} finally {
|
|
rmSync(sessionDir, { recursive: true, force: true });
|
|
}
|
|
});
|
|
|
|
test('matchesAllowedUser treats * as allow-all wildcard', () => {
|
|
const sessionDir = mkdtempSync(path.join(os.tmpdir(), 'hermes-wa-allowlist-'));
|
|
|
|
try {
|
|
const allowedUsers = parseAllowedUsers('*');
|
|
assert.equal(matchesAllowedUser('19175395595@s.whatsapp.net', allowedUsers, sessionDir), true);
|
|
assert.equal(matchesAllowedUser('267383306489914@lid', allowedUsers, sessionDir), true);
|
|
} finally {
|
|
rmSync(sessionDir, { recursive: true, force: true });
|
|
}
|
|
});
|
|
|
|
test('matchesAllowedUser rejects everyone when allowlist is empty (#8389)', () => {
|
|
// Regression guard: empty allowlist used to return true (allow-everyone),
|
|
// which let any stranger DM the bridge and trigger a Python-side
|
|
// pairing-code reply. Secure default is now "reject unless explicitly
|
|
// configured"; operators who want an open bot must set `*`.
|
|
const sessionDir = mkdtempSync(path.join(os.tmpdir(), 'hermes-wa-allowlist-'));
|
|
|
|
try {
|
|
const empty = parseAllowedUsers('');
|
|
assert.equal(empty.size, 0);
|
|
assert.equal(matchesAllowedUser('19175395595@s.whatsapp.net', empty, sessionDir), false);
|
|
assert.equal(matchesAllowedUser('267383306489914@lid', empty, sessionDir), false);
|
|
|
|
// Null/undefined allowlist (defensive) also rejects.
|
|
assert.equal(matchesAllowedUser('19175395595@s.whatsapp.net', null, sessionDir), false);
|
|
assert.equal(matchesAllowedUser('19175395595@s.whatsapp.net', undefined, sessionDir), false);
|
|
} finally {
|
|
rmSync(sessionDir, { recursive: true, force: true });
|
|
}
|
|
});
|