opencode-remote-control 0.2.7 → 0.2.8

package/dist/core/auth.js

@@ -0,0 +1,95 @@
+// Authorization management for OpenCode Remote Control
+// First user to send /start becomes the owner automatically
+const authState = {
+    telegramOwner: null,
+    feishuOwner: null,
+};
+// Auth file path for persistence
+import { homedir } from 'os';
+import { join } from 'path';
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'fs';
+const AUTH_DIR = join(homedir(), '.opencode-remote');
+const AUTH_FILE = join(AUTH_DIR, 'auth.json');
+function ensureAuthDir() {
+    if (!existsSync(AUTH_DIR)) {
+        mkdirSync(AUTH_DIR, { recursive: true });
+    }
+}
+function loadAuth() {
+    try {
+        if (existsSync(AUTH_FILE)) {
+            const data = JSON.parse(readFileSync(AUTH_FILE, 'utf-8'));
+            authState.telegramOwner = data.telegramOwner || null;
+            authState.feishuOwner = data.feishuOwner || null;
+        }
+    }
+    catch (error) {
+        console.warn('Failed to load auth state, starting fresh:', error);
+    }
+}
+function saveAuth() {
+    try {
+        ensureAuthDir();
+        writeFileSync(AUTH_FILE, JSON.stringify(authState, null, 2));
+    }
+    catch (error) {
+        console.error('Failed to save auth state:', error);
+    }
+}
+// Initialize on module load
+loadAuth();
+export function isAuthorized(platform, userId) {
+    if (platform === 'telegram') {
+        return authState.telegramOwner === userId;
+    }
+    else {
+        return authState.feishuOwner === userId;
+    }
+}
+export function hasOwner(platform) {
+    if (platform === 'telegram') {
+        return authState.telegramOwner !== null;
+    }
+    else {
+        return authState.feishuOwner !== null;
+    }
+}
+export function claimOwnership(platform, userId) {
+    if (platform === 'telegram') {
+        if (authState.telegramOwner) {
+            if (authState.telegramOwner === userId) {
+                return { success: true, message: 'already_owner' };
+            }
+            return { success: false, message: 'already_claimed' };
+        }
+        authState.telegramOwner = userId;
+        saveAuth();
+        return { success: true, message: 'claimed' };
+    }
+    else {
+        if (authState.feishuOwner) {
+            if (authState.feishuOwner === userId) {
+                return { success: true, message: 'already_owner' };
+            }
+            return { success: false, message: 'already_claimed' };
+        }
+        authState.feishuOwner = userId;
+        saveAuth();
+        return { success: true, message: 'claimed' };
+    }
+}
+export function getOwner(platform) {
+    if (platform === 'telegram') {
+        return authState.telegramOwner;
+    }
+    else {
+        return authState.feishuOwner;
+    }
+}
+// For debugging/display
+export function getAuthStatus() {
+    return {
+        telegram: authState.telegramOwner !== null,
+        feishu: authState.feishuOwner !== null,
+    };
+}

package/dist/feishu/bot.js

@@ -5,6 +5,7 @@ import { initSessionManager, getOrCreateSession } from '../core/session.js';
 import { splitMessage } from '../core/notifications.js';
 import { EMOJI } from '../core/types.js';
 import { initOpenCode, createSession, sendMessage, checkConnection } from '../opencode/client.js';
+import { isAuthorized, hasOwner, claimOwnership, getAuthStatus } from '../core/auth.js';
 let feishuClient = null;
 let wsClient = null;
 let config = null;
@@ -82,9 +83,33 @@ async function handleCommand(adapter, ctx, text) {
     const parts = text.split(/\s+/);
     const command = parts[0].toLowerCase();
     switch (command) {
-        case '/start':
-        case '/help':
-            await adapter.reply(ctx.threadId, `🚀 OpenCode Remote Control ready
+        case '/start': {
+            const result = claimOwnership('feishu', ctx.userId);
+            if (result.success) {
+                if (result.message === 'claimed') {
+                    await adapter.reply(ctx.threadId, `🔐 **Security Setup Complete!**
+
+✅ You are now the authorized owner of this bot.
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+⚠️  **IMPORTANT SECURITY NOTICE**
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+Only YOU can control OpenCode through this bot.
+Other users will be blocked automatically.
+
+Your Feishu ID: \`${ctx.userId}\`
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+🚀 **Ready to use!**
+💬 Send me a prompt to start coding
+/help — see all commands
+/status — check OpenCode connection`);
+                }
+                else {
+                    // Already owner
+                    await adapter.reply(ctx.threadId, `🚀 OpenCode Remote Control ready
 
 💬 Send me a prompt to start coding
 /help — see all commands
@@ -100,6 +125,31 @@ Commands:
 /files — List changed files
 /retry — Retry connection
 
+💬 Anything else is treated as a prompt for OpenCode!`);
+                }
+            }
+            else {
+                // Already claimed by someone else
+                await adapter.reply(ctx.threadId, `🚫 **Access Denied**
+
+This bot is already secured by another user.
+
+If you are the owner, check your configuration.`);
+            }
+            break;
+        }
+        case '/help':
+            await adapter.reply(ctx.threadId, `📖 Commands
+
+/start — Claim ownership & Start bot
+/status — Check connection
+/reset — Reset session
+/approve — Approve pending changes
+/reject — Reject pending changes
+/diff — See full diff
+/files — List changed files
+/retry — Retry connection
+
 💬 Anything else is treated as a prompt for OpenCode!`);
             break;
         case '/approve': {
@@ -180,9 +230,26 @@ async function handleMessage(adapter, ctx, text) {
     const session = getOrCreateSession(ctx.threadId, 'feishu');
     // Check if it's a command
     if (text.startsWith('/')) {
+        // Commands are handled by handleCommand which has its own auth logic for /start
         await handleCommand(adapter, ctx, text);
         return;
     }
+    // Authorization check for non-command messages
+    if (!isAuthorized('feishu', ctx.userId)) {
+        if (!hasOwner('feishu')) {
+            await adapter.reply(ctx.threadId, `🔐 **Authorization Required**
+
+This bot is not yet secured.
+
+Please send /start to claim ownership first.`);
+        }
+        else {
+            await adapter.reply(ctx.threadId, `🚫 **Access Denied**
+
+You are not authorized to use this bot.`);
+        }
+        return;
+    }
     // Check OpenCode connection
     const connected = await checkConnection();
     if (!connected) {
@@ -347,6 +414,25 @@ export async function startFeishuBot(botConfig) {
     console.log('✨ Long connection mode - NO tunnel/ngrok required!');
     console.log('   Just make sure your computer can access the internet.');
     console.log('');
+    // Show security status
+    const authStatus = getAuthStatus();
+    if (!authStatus.feishu) {
+        console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
+        console.log('  🔐 SECURITY NOTICE');
+        console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
+        console.log('');
+        console.log('  Bot is NOT yet secured!');
+        console.log('  The FIRST user to send /start will become the owner.');
+        console.log('');
+        console.log('  👉 Open Feishu and send /start to YOUR bot NOW!');
+        console.log('');
+        console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
+        console.log('');
+    }
+    else {
+        console.log('🔒 Bot is secured (owner authorized)');
+        console.log('');
+    }
     console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
     console.log('  📋 Configuration Checklist');
     console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');

package/dist/telegram/bot.js

@@ -4,6 +4,7 @@ import { loadConfig } from '../core/types.js';
 import { initSessionManager, getOrCreateSession } from '../core/session.js';
 import { splitMessage } from '../core/notifications.js';
 import { initOpenCode, createSession, sendMessage, checkConnection } from '../opencode/client.js';
+import { isAuthorized, hasOwner, claimOwnership, getAuthStatus } from '../core/auth.js';
 // Lazy initialization - bot is only created when startBot() is called
 let config = null;
 let bot = null;
@@ -18,11 +19,47 @@ function getThreadId(ctx) {
 function setupBotCommands(bot, openCodeSessions) {
     // Start command
     bot.command('start', async (ctx) => {
-        await ctx.reply(`🚀 OpenCode Remote Control ready
+        const userId = String(ctx.from?.id);
+        const result = claimOwnership('telegram', userId);
+        if (result.success) {
+            if (result.message === 'claimed') {
+                await ctx.reply(`🔐 **Security Setup Complete!**
+
+✅ You are now the authorized owner of this bot.
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+⚠️  **IMPORTANT SECURITY NOTICE**
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+Only YOU can control OpenCode through this bot.
+Other users will be blocked automatically.
+
+Your Telegram ID: \`${userId}\`
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+🚀 **Ready to use!**
+💬 Send me a prompt to start coding
+/help — see all commands
+/status — check OpenCode connection`, { parse_mode: 'Markdown' });
+            }
+            else {
+                // Already owner
+                await ctx.reply(`🚀 OpenCode Remote Control ready
 
 💬 Send me a prompt to start coding
 /help — see all commands
 /status — check OpenCode connection`);
+            }
+        }
+        else {
+            // Already claimed by someone else
+            await ctx.reply(`🚫 **Access Denied**
+
+This bot is already secured by another user.
+
+If you are the owner, check your configuration.`, { parse_mode: 'Markdown' });
+        }
     });
     // Help command
     bot.command('help', async (ctx) => {
@@ -132,9 +169,26 @@ Cannot connect to OpenCode server.
     // Handle all other messages as prompts
     bot.on('message:text', async (ctx) => {
         const text = ctx.message.text;
+        const userId = String(ctx.from?.id);
         // Skip if it's a command (already handled)
         if (text.startsWith('/'))
             return;
+        // Authorization check
+        if (!isAuthorized('telegram', userId)) {
+            if (!hasOwner('telegram')) {
+                await ctx.reply(`🔐 **Authorization Required**
+
+This bot is not yet secured.
+
+Please send /start to claim ownership first.`, { parse_mode: 'Markdown' });
+            }
+            else {
+                await ctx.reply(`🚫 **Access Denied**
+
+You are not authorized to use this bot.`, { parse_mode: 'Markdown' });
+            }
+            return;
+        }
         const threadId = getThreadId(ctx);
         // Send typing indicator
         await ctx.api.sendChatAction(ctx.chat.id, 'typing');
@@ -236,6 +290,24 @@ export async function startBot() {
         console.log('Make sure OpenCode is running');
     }
     console.log('🚀 Starting Telegram bot...');
+    // Show security status
+    const authStatus = getAuthStatus();
+    if (!authStatus.telegram) {
+        console.log('');
+        console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
+        console.log('  🔐 SECURITY NOTICE');
+        console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
+        console.log('');
+        console.log('  Bot is NOT yet secured!');
+        console.log('  The FIRST user to send /start will become the owner.');
+        console.log('');
+        console.log('  👉 Open Telegram and send /start to YOUR bot NOW!');
+        console.log('');
+        console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
+    }
+    else {
+        console.log('🔒 Bot is secured (owner authorized)');
+    }
     // Handle graceful shutdown
     const shutdown = async () => {
         console.log('\n🛑 Shutting down Telegram bot...');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-remote-control",
-  "version": "0.2.7",
+  "version": "0.2.8",
   "description": "Control OpenCode from anywhere via Telegram or Feishu",
   "type": "module",
   "bin": {