security: harden architecture against Moltbot security model
- Discord: add allowed_users field + sender validation in listen() - Slack: add allowed_users field + sender validation in listen() - Webhook: add X-Webhook-Secret header auth (401 on mismatch) - SecurityPolicy: add ActionTracker with sliding-window rate limiting - record_action() enforces max_actions_per_hour - is_rate_limited() checks without recording - Gateway: print auth status on startup (ENABLED/DISABLED) - 22 new tests (Discord/Slack allowlists, gateway header extraction, rate limiter: starts at zero, records, allows within limit, blocks over limit, clone independence) - 554 tests passing, 0 clippy warnings
This commit is contained in:
argenis de la rosa
parent
cf0ca71fdc
commit
542bb80743
7 changed files with 287 additions and 6 deletions
|
|
@ -715,6 +715,7 @@ fn setup_channels() -> Result<ChannelsConfig> {
|
|||
config.discord = Some(DiscordConfig {
|
||||
bot_token: token,
|
||||
guild_id: if guild.is_empty() { None } else { Some(guild) },
|
||||
allowed_users: vec![],
|
||||
});
|
||||
}
|
||||
2 => {
|
||||
|
|
@ -791,6 +792,7 @@ fn setup_channels() -> Result<ChannelsConfig> {
|
|||
bot_token: token,
|
||||
app_token: if app_token.is_empty() { None } else { Some(app_token) },
|
||||
channel_id: if channel.is_empty() { None } else { Some(channel) },
|
||||
allowed_users: vec![],
|
||||
});
|
||||
}
|
||||
3 => {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue