HA add-on: support telegram allowlist (skip pairing)
This commit is contained in:
@@ -16,6 +16,9 @@ map:
|
|||||||
options:
|
options:
|
||||||
telegram_bot_token: ""
|
telegram_bot_token: ""
|
||||||
timezone: "Europe/Sofia"
|
timezone: "Europe/Sofia"
|
||||||
|
# Optional: lock DMs to specific Telegram user ids (comma-separated).
|
||||||
|
# If set, add-on will use dmPolicy=allowlist and allowFrom=<ids>.
|
||||||
|
telegram_allow_from: ""
|
||||||
homeassistant_token: ""
|
homeassistant_token: ""
|
||||||
mikrotik_host: "192.168.88.1"
|
mikrotik_host: "192.168.88.1"
|
||||||
mikrotik_ssh_user: "papur"
|
mikrotik_ssh_user: "papur"
|
||||||
@@ -23,6 +26,7 @@ options:
|
|||||||
schema:
|
schema:
|
||||||
telegram_bot_token: str
|
telegram_bot_token: str
|
||||||
timezone: str
|
timezone: str
|
||||||
|
telegram_allow_from: str?
|
||||||
homeassistant_token: str?
|
homeassistant_token: str?
|
||||||
mikrotik_host: str
|
mikrotik_host: str
|
||||||
mikrotik_ssh_user: str
|
mikrotik_ssh_user: str
|
||||||
|
|||||||
+21
-2
@@ -11,6 +11,7 @@ fi
|
|||||||
|
|
||||||
BOT_TOKEN=$(jq -r '.telegram_bot_token // empty' "$OPTIONS_FILE")
|
BOT_TOKEN=$(jq -r '.telegram_bot_token // empty' "$OPTIONS_FILE")
|
||||||
TZNAME=$(jq -r '.timezone // "Europe/Sofia"' "$OPTIONS_FILE")
|
TZNAME=$(jq -r '.timezone // "Europe/Sofia"' "$OPTIONS_FILE")
|
||||||
|
ALLOW_FROM_RAW=$(jq -r '.telegram_allow_from // empty' "$OPTIONS_FILE")
|
||||||
HA_TOKEN=$(jq -r '.homeassistant_token // empty' "$OPTIONS_FILE")
|
HA_TOKEN=$(jq -r '.homeassistant_token // empty' "$OPTIONS_FILE")
|
||||||
MT_HOST=$(jq -r '.mikrotik_host // "192.168.88.1"' "$OPTIONS_FILE")
|
MT_HOST=$(jq -r '.mikrotik_host // "192.168.88.1"' "$OPTIONS_FILE")
|
||||||
MT_USER=$(jq -r '.mikrotik_ssh_user // "papur"' "$OPTIONS_FILE")
|
MT_USER=$(jq -r '.mikrotik_ssh_user // "papur"' "$OPTIONS_FILE")
|
||||||
@@ -35,8 +36,23 @@ if [ -n "$HA_TOKEN" ]; then
|
|||||||
printf '%s' "$HA_TOKEN" > /data/secrets/homeassistant.token
|
printf '%s' "$HA_TOKEN" > /data/secrets/homeassistant.token
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Decide Telegram DM access policy.
|
||||||
|
# If telegram_allow_from is set (comma-separated user ids), we use allowlist mode.
|
||||||
|
DM_POLICY="pairing"
|
||||||
|
ALLOW_FROM_JSON=""
|
||||||
|
if [ -n "$ALLOW_FROM_RAW" ]; then
|
||||||
|
DM_POLICY="allowlist"
|
||||||
|
# convert "1,2, 3" -> ["1","2","3"]
|
||||||
|
ALLOW_FROM_JSON=$(python3 - <<'PY'
|
||||||
|
import os,json
|
||||||
|
raw=os.environ.get('ALLOW_FROM_RAW','')
|
||||||
|
ids=[s.strip() for s in raw.split(',') if s.strip()]
|
||||||
|
print(json.dumps(ids))
|
||||||
|
PY
|
||||||
|
)
|
||||||
|
fi
|
||||||
|
|
||||||
# Write Clawdbot gateway config (JSON5) into the expected location.
|
# Write Clawdbot gateway config (JSON5) into the expected location.
|
||||||
# Use pairing for DMs by default; no hardcoded chat allowlist needed.
|
|
||||||
cat > /data/.clawdbot/clawdbot.json <<EOF
|
cat > /data/.clawdbot/clawdbot.json <<EOF
|
||||||
{
|
{
|
||||||
gateway: { mode: "local" },
|
gateway: { mode: "local" },
|
||||||
@@ -52,12 +68,15 @@ cat > /data/.clawdbot/clawdbot.json <<EOF
|
|||||||
telegram: {
|
telegram: {
|
||||||
enabled: true,
|
enabled: true,
|
||||||
botToken: "${BOT_TOKEN}",
|
botToken: "${BOT_TOKEN}",
|
||||||
dmPolicy: "pairing"
|
dmPolicy: "${DM_POLICY}"${ALLOW_FROM_RAW:+,
|
||||||
|
allowFrom: ${ALLOW_FROM_JSON}}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
echo "Telegram dmPolicy=${DM_POLICY}${ALLOW_FROM_RAW:+ (allowFrom=${ALLOW_FROM_RAW})}"
|
||||||
|
|
||||||
# Connectivity sanity checks (do NOT print the token)
|
# Connectivity sanity checks (do NOT print the token)
|
||||||
echo "Sanity check: DNS + Telegram API reachability"
|
echo "Sanity check: DNS + Telegram API reachability"
|
||||||
if curl -fsS --max-time 10 https://api.telegram.org/ >/dev/null; then
|
if curl -fsS --max-time 10 https://api.telegram.org/ >/dev/null; then
|
||||||
|
|||||||
Reference in New Issue
Block a user