feat(ws3): ADR-093 Callback User-ID Binding + ADR-094 Webhook 入口

## T3.1/T3.2 Bound User Check(security_interceptor.py)
- verify_callback() Step 0: 檢查 Redis cb_bind:{nonce}
  → 若有 binding 且 caller != bound_user_id → UserNotWhitelistedError
  → 若 key 不存在(舊格式)→ 降級走 whitelist(向後相容)
  → 若 Redis unavailable → 降級繼續(安全降級)
- bind_callback_user(nonce, user_id): async 方法,TTL=48h

## T3.3 Telegram Webhook 入口(ADR-094)
- apps/api/src/api/v1/telegram_webhook.py(新建)
  POST /api/v1/telegram/webhook
  - X-Telegram-Bot-Api-Secret-Token header 驗證
  - TELEGRAM_WEBHOOK_SECRET="" → dev 跳過(不 break 現有測試)
  - WS4 Hermes NL 接入預留佔位

## T3.4 config.py
- 新增 TELEGRAM_WEBHOOK_SECRET field(預設空字串)

## main.py
- 掛載 telegram_webhook_v1.router 到 /api/v1

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Your Name
2026-04-25 01:55:04 +08:00
parent ed3ba730a1
commit 294e0e3387
4 changed files with 143 additions and 0 deletions

View File

@@ -455,6 +455,12 @@ class Settings(BaseSettings):
default="",
description="HMAC secret for webhook signature verification",
)
# 2026-04-24 Claude Sonnet 4.6 (ADR-094): Telegram Webhook Secret Token
# 與 setWebhook API 呼叫時的 secret_token 相同;空字串 → dev 環境跳過驗證
TELEGRAM_WEBHOOK_SECRET: str = Field(
default="",
description="Telegram Webhook Secret TokensetWebhook 設定的同一值)",
)
WEBHOOK_NONCE_TTL: int = Field(
default=300,
description="Nonce TTL in seconds for replay attack prevention",