nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
18,137 Commits 787 Branches 80 Tags 5.3 GiB
Commit Graph

9 Commits

Author SHA1 Message Date
Vincent Koc 48cbfdfac0
Hardening: require LINE webhook signatures (#44090) 
* LINE: require webhook signatures in express handler

* LINE: require webhook signatures in node handler

* LINE: update express signature tests

* LINE: update node signature tests

* Changelog: note LINE webhook hardening

* LINE: validate signatures before parsing webhook bodies

* LINE: reject missing signatures before body reads
 2026-03-12 10:50:36 -04:00
Tak Hoffman dbccc73d7a
security(line): synthesize strict LINE auth boundary hardening 
LINE auth boundary hardening synthesis for inbound webhook authn/z/authz:
- account-scoped pairing-store access
- strict DM/group allowlist boundary separation
- fail-closed webhook auth/runtime behavior
- replay and duplicate handling with in-flight continuity for concurrent redeliveries

Source PRs: #26701, #26683, #25978, #17593, #16619, #31990, #26047, #30584, #18777
Related continuity context: #21955

Co-authored-by: bmendonca3 <208517100+bmendonca3@users.noreply.github.com>
Co-authored-by: davidahmann <46606159+davidahmann@users.noreply.github.com>
Co-authored-by: harshang03 <58983401+harshang03@users.noreply.github.com>
Co-authored-by: haosenwang1018 <167664334+haosenwang1018@users.noreply.github.com>
Co-authored-by: liuxiaopai-ai <73659136+liuxiaopai-ai@users.noreply.github.com>
Co-authored-by: coygeek <65363919+coygeek@users.noreply.github.com>
Co-authored-by: lailoo <20536249+lailoo@users.noreply.github.com>
 2026-03-03 00:21:15 -06:00
Tak Hoffman 9a5bfb1fe5
fix(line): synthesize media/auth/routing webhook regressions (openclaw#32546) thanks @Takhoffman 
Verified:
- pnpm build
- pnpm check
- pnpm test:macmini

Co-authored-by: Takhoffman <781889+Takhoffman@users.noreply.github.com>
Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
 2026-03-02 23:47:56 -06:00
Peter Steinberger 639d0221ff test: dedupe line and whatsapp target resolution tests 2026-02-18 05:31:13 +00:00
Peter Steinberger 077130bdb8 test: remove overlapping line webhook/account cases 2026-02-16 07:22:30 +00:00
artale 4f2f641950 fix(line): return 200 for webhook verification requests without signature 
LINE Platform sends POST {"events":[]} without an X-Line-Signature
header when the user clicks 'Verify' in the LINE Developers Console.
Both webhook.ts and monitor.ts rejected this with 400 'Missing
X-Line-Signature header', causing verification to fail.

Now detect the verification pattern (no signature + empty events array)
and return 200 OK immediately, while still requiring valid signatures
for all real webhook deliveries with non-empty events.

Fixes #16425
 2026-02-15 00:27:12 +01:00
cpojer 935a0e5708
chore: Enable `typescript/no-explicit-any` rule. 2026-02-02 16:18:09 +09:00
Luka Zhang 3b8792ee29 Security: fix timing attack vulnerability in LINE webhook signature validation 2026-01-26 19:21:26 -06:00
plum-dawg c96ffa7186
feat: Add Line plugin (#1630) 
* feat: add LINE plugin (#1630) (thanks @plum-dawg)

* feat: complete LINE plugin (#1630) (thanks @plum-dawg)

* chore: drop line plugin node_modules (#1630) (thanks @plum-dawg)

* test: mock /context report in commands test (#1630) (thanks @plum-dawg)

* test: limit macOS CI workers to avoid OOM (#1630) (thanks @plum-dawg)

* test: reduce macOS CI vitest workers (#1630) (thanks @plum-dawg)

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
 2026-01-25 12:22:36 +00:00