Spaces:
Running
Running
refactor: consolidate Telegram user ID configuration into TELEGRAM_ALLOWED_USERS environment variable
Browse files- .env.example +2 -5
- README.md +5 -2
- SECURITY.md +1 -1
- start.sh +7 -1
.env.example
CHANGED
|
@@ -164,11 +164,8 @@ WHATSAPP_ENABLED=false
|
|
| 164 |
# Get bot token from: https://t.me/BotFather
|
| 165 |
TELEGRAM_BOT_TOKEN=your_bot_token_here
|
| 166 |
|
| 167 |
-
#
|
| 168 |
-
|
| 169 |
-
|
| 170 |
-
# Multiple user IDs (comma-separated for team access)
|
| 171 |
-
# TELEGRAM_USER_IDS=123456789,987654321,555555555
|
| 172 |
|
| 173 |
# ββ OPTIONAL: Cloudflare Outbound Proxy ββ
|
| 174 |
# Automatically bypass platform network blocks for Telegram/WhatsApp/Google/etc.
|
|
|
|
| 164 |
# Get bot token from: https://t.me/BotFather
|
| 165 |
TELEGRAM_BOT_TOKEN=your_bot_token_here
|
| 166 |
|
| 167 |
+
# Allowed Telegram User IDs (comma-separated numeric IDs)
|
| 168 |
+
# TELEGRAM_ALLOWED_USERS=123456789,987654321
|
|
|
|
|
|
|
|
|
|
| 169 |
|
| 170 |
# ββ OPTIONAL: Cloudflare Outbound Proxy ββ
|
| 171 |
# Automatically bypass platform network blocks for Telegram/WhatsApp/Google/etc.
|
README.md
CHANGED
|
@@ -16,6 +16,10 @@ secrets:
|
|
| 16 |
description: "Strong token to secure your OpenClaw Control UI (generate: openssl rand -hex 32)."
|
| 17 |
- name: CLOUDFLARE_WORKERS_TOKEN
|
| 18 |
description: "Cloudflare API token β auto-creates a Worker proxy and KeepAlive monitor."
|
|
|
|
|
|
|
|
|
|
|
|
|
| 19 |
---
|
| 20 |
|
| 21 |
<!-- Badges -->
|
|
@@ -111,8 +115,7 @@ To chat via Telegram:
|
|
| 111 |
| Variable | Default | Description |
|
| 112 |
| :--- | :--- | :--- |
|
| 113 |
| `TELEGRAM_BOT_TOKEN` | β | Telegram bot token from BotFather |
|
| 114 |
-
| `
|
| 115 |
-
| `TELEGRAM_USER_IDS` | β | Comma-separated Telegram user IDs for team access |
|
| 116 |
|
| 117 |
## π Cloudflare Proxy Setup
|
| 118 |
|
|
|
|
| 16 |
description: "Strong token to secure your OpenClaw Control UI (generate: openssl rand -hex 32)."
|
| 17 |
- name: CLOUDFLARE_WORKERS_TOKEN
|
| 18 |
description: "Cloudflare API token β auto-creates a Worker proxy and KeepAlive monitor."
|
| 19 |
+
- name: TELEGRAM_ALLOWED_USERS
|
| 20 |
+
description: "Comma-separated Telegram user IDs for access"
|
| 21 |
+
- name: TELEGRAM_BOT_TOKEN
|
| 22 |
+
description: "Telegram bot token from BotFather"
|
| 23 |
---
|
| 24 |
|
| 25 |
<!-- Badges -->
|
|
|
|
| 115 |
| Variable | Default | Description |
|
| 116 |
| :--- | :--- | :--- |
|
| 117 |
| `TELEGRAM_BOT_TOKEN` | β | Telegram bot token from BotFather |
|
| 118 |
+
| `TELEGRAM_ALLOWED_USERS` | β | Comma-separated Telegram user IDs for access |
|
|
|
|
| 119 |
|
| 120 |
## π Cloudflare Proxy Setup
|
| 121 |
|
SECURITY.md
CHANGED
|
@@ -18,7 +18,7 @@ When deploying HuggingClaw:
|
|
| 18 |
- **Use a strong `GATEWAY_TOKEN`** β generate with `openssl rand -hex 32`
|
| 19 |
- **Keep your HF token scoped** β use fine-grained tokens with minimum permissions
|
| 20 |
- **Don't commit `.env` files** β the `.gitignore` already excludes them
|
| 21 |
-
- **Use `
|
| 22 |
- **Review logs regularly** β check for unauthorized access attempts
|
| 23 |
|
| 24 |
## Supported Versions
|
|
|
|
| 18 |
- **Use a strong `GATEWAY_TOKEN`** β generate with `openssl rand -hex 32`
|
| 19 |
- **Keep your HF token scoped** β use fine-grained tokens with minimum permissions
|
| 20 |
- **Don't commit `.env` files** β the `.gitignore` already excludes them
|
| 21 |
+
- **Use `TELEGRAM_ALLOWED_USERS`** β restricts bot access to your account only
|
| 22 |
- **Review logs regularly** β check for unauthorized access attempts
|
| 23 |
|
| 24 |
## Supported Versions
|
start.sh
CHANGED
|
@@ -393,7 +393,13 @@ if [ -n "${TELEGRAM_BOT_TOKEN:-}" ]; then
|
|
| 393 |
}
|
| 394 |
')
|
| 395 |
|
| 396 |
-
if [ -n "${
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 397 |
# Convert comma-separated IDs to JSON array (already safe β jq -R parses).
|
| 398 |
IDS_JSON=$(echo "$TELEGRAM_USER_IDS" | tr ',' '\n' | sed 's/^ *//;s/ *$//' | jq -R . | jq -s .)
|
| 399 |
CONFIG_JSON=$(jq \
|
|
|
|
| 393 |
}
|
| 394 |
')
|
| 395 |
|
| 396 |
+
if [ -n "${TELEGRAM_ALLOWED_USERS:-}" ]; then
|
| 397 |
+
# Convert comma-separated IDs to JSON array (already safe β jq -R parses).
|
| 398 |
+
IDS_JSON=$(echo "$TELEGRAM_ALLOWED_USERS" | tr ',' '\n' | sed 's/^ *//;s/ *$//' | jq -R . | jq -s .)
|
| 399 |
+
CONFIG_JSON=$(jq \
|
| 400 |
+
--argjson ids "$IDS_JSON" \
|
| 401 |
+
'.channels.telegram += {"dmPolicy": "allowlist", "allowFrom": $ids}' <<<"$CONFIG_JSON")
|
| 402 |
+
elif [ -n "${TELEGRAM_USER_IDS:-}" ]; then
|
| 403 |
# Convert comma-separated IDs to JSON array (already safe β jq -R parses).
|
| 404 |
IDS_JSON=$(echo "$TELEGRAM_USER_IDS" | tr ',' '\n' | sed 's/^ *//;s/ *$//' | jq -R . | jq -s .)
|
| 405 |
CONFIG_JSON=$(jq \
|