security(ringcentral): remove sensitive data from logs and clean up schema
- Remove message text from log output to prevent leaking sensitive content - Remove obsolete credentialsFile field from config schema - Add missing selfOnly and allowOtherChats fields to schema Co-authored-by: factory-droid[bot] <138933559+factory-droid[bot]@users.noreply.github.com>
This commit is contained in:
parent
f8343a4100
commit
f71da54d8f
@ -27,7 +27,6 @@ const RingCentralAccountSchemaBase = z
|
||||
clientSecret: z.string().optional(),
|
||||
jwt: z.string().optional(),
|
||||
server: z.string().optional(),
|
||||
credentialsFile: z.string().optional(),
|
||||
webhookPath: z.string().optional(),
|
||||
webhookVerificationToken: z.string().optional(),
|
||||
markdown: MarkdownConfigSchema,
|
||||
@ -44,6 +43,8 @@ const RingCentralAccountSchemaBase = z
|
||||
blockStreamingCoalesce: BlockStreamingCoalesceSchema.optional(),
|
||||
allowBots: z.boolean().optional(),
|
||||
botExtensionId: z.string().optional(),
|
||||
selfOnly: z.boolean().optional(),
|
||||
allowOtherChats: z.boolean().optional(),
|
||||
})
|
||||
.strict();
|
||||
|
||||
|
||||
@ -199,7 +199,7 @@ async function processMessageWithPipeline(params: {
|
||||
// This is because the bot uses the JWT user's identity, so we're essentially
|
||||
// having a conversation with ourselves (the AI assistant)
|
||||
const selfOnly = account.config.selfOnly !== false; // default true
|
||||
runtime.log?.(`[${account.accountId}] Processing message: senderId=${senderId}, ownerId=${ownerId}, selfOnly=${selfOnly}, chatId=${chatId}, text=${rawBody.slice(0, 50)}`);
|
||||
runtime.log?.(`[${account.accountId}] Processing message: senderId=${senderId}, ownerId=${ownerId}, selfOnly=${selfOnly}, chatId=${chatId}`);
|
||||
|
||||
if (selfOnly && ownerId) {
|
||||
if (senderId !== ownerId) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user