fix(group): 群組訊息移到 security interceptor 前 — 修復 whitelist 擋掉所有群組訊息
All checks were successful
CD Pipeline / build-and-deploy (push) Successful in 7m10s
All checks were successful
CD Pipeline / build-and-deploy (push) Successful in 7m10s
根因: intercept_telegram() 的 whitelist 是字串,user_id 是 int
型別不匹配 → exception → telegram_chat_unauthorized → 群組訊息全被丟棄
修法: SRE 群組訊息優先路由,不走個人 whitelist
(群組成員由 Telegram 群組管理員控制,安全邊界已存在)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -3097,7 +3097,16 @@ class TelegramGateway:
|
||||
text=text[:50],
|
||||
)
|
||||
|
||||
# 1. 安全檢查 (ADR-012)
|
||||
# 1. 群組訊息路由優先 (2026-04-03 ogt: SRE 戰情室群組無需個人白名單)
|
||||
# 群組是封閉環境,成員由 Telegram 群組管理員控制,不走個人 whitelist
|
||||
is_group = chat_type in ("group", "supergroup")
|
||||
is_sre_group = str(chat_id) == str(settings.SRE_GROUP_CHAT_ID)
|
||||
|
||||
if is_group and is_sre_group:
|
||||
await self._handle_group_message(text, user_id, username, chat_id, message_id)
|
||||
return
|
||||
|
||||
# 2. 個人 chat 安全檢查 (ADR-012)
|
||||
try:
|
||||
interceptor = get_security_interceptor()
|
||||
await interceptor.intercept_telegram(user_id)
|
||||
@@ -3105,7 +3114,7 @@ class TelegramGateway:
|
||||
logger.warning("telegram_chat_unauthorized", user_id=user_id, error=str(e))
|
||||
return
|
||||
|
||||
# 2. /ai 指令攔截 (Phase 24 C — 2026-04-03 ogt)
|
||||
# 3. /ai 指令攔截 (Phase 24 C — 2026-04-03 ogt)
|
||||
if text.strip().lower().startswith("/ai"):
|
||||
whitelist = settings.get_tg_user_whitelist()
|
||||
if not whitelist or user_id not in whitelist:
|
||||
@@ -3118,24 +3127,6 @@ class TelegramGateway:
|
||||
logger.info("telegram_ai_command_handled", user_id=user_id, text=text[:50])
|
||||
return
|
||||
|
||||
# 3. 群組訊息路由 (2026-04-03 ogt: SRE 戰情室群組支援)
|
||||
# 群組裡 @ 指定 Bot 或直接發訊息 → 雙 AI 並行回應到群組
|
||||
is_group = chat_type in ("group", "supergroup")
|
||||
is_sre_group = str(chat_id) == str(settings.SRE_GROUP_CHAT_ID)
|
||||
|
||||
logger.info(
|
||||
"group_routing_check",
|
||||
chat_id=chat_id,
|
||||
chat_type=chat_type,
|
||||
is_group=is_group,
|
||||
is_sre_group=is_sre_group,
|
||||
sre_group_config=str(settings.SRE_GROUP_CHAT_ID),
|
||||
)
|
||||
|
||||
if is_group and is_sre_group:
|
||||
await self._handle_group_message(text, user_id, username, chat_id, message_id)
|
||||
return
|
||||
|
||||
# 4. 個人 chat — 顯示輸入狀態
|
||||
await self._send_chat_action(chat_id, "typing")
|
||||
|
||||
|
||||
Reference in New Issue
Block a user