feat(ws3): ADR-093 Callback User-ID Binding + ADR-094 Webhook 入口
## T3.1/T3.2 Bound User Check(security_interceptor.py)
- verify_callback() Step 0: 檢查 Redis cb_bind:{nonce}
→ 若有 binding 且 caller != bound_user_id → UserNotWhitelistedError
→ 若 key 不存在(舊格式)→ 降級走 whitelist(向後相容)
→ 若 Redis unavailable → 降級繼續(安全降級)
- bind_callback_user(nonce, user_id): async 方法,TTL=48h
## T3.3 Telegram Webhook 入口(ADR-094)
- apps/api/src/api/v1/telegram_webhook.py(新建)
POST /api/v1/telegram/webhook
- X-Telegram-Bot-Api-Secret-Token header 驗證
- TELEGRAM_WEBHOOK_SECRET="" → dev 跳過(不 break 現有測試)
- WS4 Hermes NL 接入預留佔位
## T3.4 config.py
- 新增 TELEGRAM_WEBHOOK_SECRET field(預設空字串)
## main.py
- 掛載 telegram_webhook_v1.router 到 /api/v1
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -455,6 +455,12 @@ class Settings(BaseSettings):
|
||||
default="",
|
||||
description="HMAC secret for webhook signature verification",
|
||||
)
|
||||
# 2026-04-24 Claude Sonnet 4.6 (ADR-094): Telegram Webhook Secret Token
|
||||
# 與 setWebhook API 呼叫時的 secret_token 相同;空字串 → dev 環境跳過驗證
|
||||
TELEGRAM_WEBHOOK_SECRET: str = Field(
|
||||
default="",
|
||||
description="Telegram Webhook Secret Token(setWebhook 設定的同一值)",
|
||||
)
|
||||
WEBHOOK_NONCE_TTL: int = Field(
|
||||
default=300,
|
||||
description="Nonce TTL in seconds for replay attack prevention",
|
||||
|
||||
Reference in New Issue
Block a user