fix: add QR endpoint authentication and secure DM allowlist defaults (fixes #3)#4
Open
hnshah wants to merge 1 commit intoComposioHQ:masterfrom
Open
Conversation
…ixes ComposioHQ#3) **Security Issues Fixed:** 1. **Unauthenticated QR Endpoint** - The /qr endpoint was publicly accessible with no authentication - Anyone reaching the server could pair WhatsApp to the assistant - Attack: Scan QR → full WhatsApp access → read messages, send commands 2. **Wildcard DM Allowlist Defaults** - setup.sh automatically set TELEGRAM_ALLOWED_DMS=* (allow anyone) - Default .env.example had TELEGRAM_ALLOWED_DMS=* - Attack: Anyone could DM the bot and run commands/access memory **Solutions:** 1. **Optional Token Authentication for /qr** - Added QR_AUTH_TOKEN environment variable - When set: /qr?token=YOUR_TOKEN required - Auto-generates random token in setup.sh - Logs warning if token not set in production - Backward compatible: works without token (dev/local use) 2. **Restrictive DM Allowlist Defaults** - Changed .env.example: TELEGRAM_ALLOWED_DMS= (empty = restrictive) - Updated setup.sh to prompt for Telegram user IDs - Added docs: how to get Telegram ID from @userinfobot - Removed auto-wildcard behavior 3. **Security Documentation** - Added "Security" section to README with QR protection guide - Warning about wildcard allowlists on public servers - Production deployment security checklist **Testing:** ✅ QR endpoint without token: works (backward compatible) ✅ QR endpoint with token: requires ?token= query param ✅ QR endpoint with wrong token: returns 401 Unauthorized ✅ setup.sh prompts for Telegram user IDs instead of defaulting to * ✅ Logs show clear warnings when QR_AUTH_TOKEN not set **Breaking Changes:** None (token is optional, allowlists configurable) **Migration Guide:** For existing deployments, add to .env: ```bash QR_AUTH_TOKEN=$(openssl rand -hex 32) ``` Update Telegram config from wildcard to specific user IDs. Fixes ComposioHQ#3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Security Issues Fixed
This PR addresses the security concerns raised in #3.
Fixes #3