mirror of
https://github.com/HKUDS/nanobot.git
synced 2026-05-21 09:02:32 +00:00
5be3df1d6f
BaseChannel.is_allowed ORs is_approved (the pairing store) into the allow decision; the signal override dropped that step and only looked at config.allow_from. With the new DM-pairing flow in place, an approved-via-pairing sender's next message would have failed the allow check and triggered another pairing code in a loop. OR in a normalized check against the pairing store: walk each part of the pipe-joined sender_id through _normalize_signal_id and call is_approved for each variant, so an approval stored under one form (phone with/without "+", UUID/ACI) still matches when the next inbound uses a different form. Mirrors how slack.py:643 handles it. Also tightens the empty-allowlist warning to only fire when nothing else granted access, since pairing-store hits are now a valid path. Not part of the original review, but Comments 2 and 3 turn this latent gap into a broken round-trip — included so the pairing UX actually works.