From 126f8eefe10f0cb59fd4097011e16743eec127eb Mon Sep 17 00:00:00 2001
From: JunghwanNA <70629228+shaun0927@users.noreply.github.com>
Date: Fri, 17 Apr 2026 16:59:32 +0900
Subject: [PATCH] feat(wechat): add wechat_allowed_users gating, mirror QQ
 pattern

Closes #95.

wechatapp.py was the only adapter under frontends/ without an
allowed_users gate, while every other adapter (tg, fs, qq, dingtalk,
wecom) reads <platform>_allowed_users from mykey.py and rejects
unknown senders.

Mirror the QQ adapter's pattern (introduced in PR #25):

  - Read 'wechat_allowed_users' via mykeys, normalize via the same
    'set comprehension that keeps non-empty stripped strings' idiom.
  - Use the existing chatapp_common.public_access() helper so the
    semantics ('empty or ["*"] means public') match the rest of the
    ecosystem; this preserves backward compatibility for existing
    setups that have no wechat_allowed_users key.
  - Drop unauthorized senders with the same '[<Adapter>] unauthorized
    user: <id>' log message convention used by qq/dingtalk.

Add the optional knob to mykey_template.py next to the other
allowed_users entries so users can copy the comment block.
---
 frontends/wechatapp.py | 7 +++++++
 mykey_template.py      | 1 +
 2 files changed, 8 insertions(+)

diff --git a/frontends/wechatapp.py b/frontends/wechatapp.py
index 52aee39a..5b9591be 100644
--- a/frontends/wechatapp.py
+++ b/frontends/wechatapp.py
@@ -6,6 +6,10 @@
 sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
 _TEMP_DIR = os.path.join(os.path.dirname(os.path.dirname(os.path.abspath(__file__))), 'temp')
 from agentmain import GeneraticAgent
+from llmcore import mykeys
+from chatapp_common import public_access
+
+ALLOWED = {str(x).strip() for x in mykeys.get('wechat_allowed_users', []) if str(x).strip()}
 
 # ── WxBotClient (inline from wx_bot_client.py) ──
 API = 'https://ilinkai.weixin.qq.com'
@@ -233,6 +237,9 @@ def on_message(bot, msg):
     text = bot.extract_text(msg).strip()
     uid = msg.get('from_user_id', '')
     ctx = msg.get('context_token', '')
+    if not public_access(ALLOWED) and uid not in ALLOWED:
+        print(f'[WX] unauthorized user: {uid}', file=sys.__stdout__)
+        return
     media_paths = _dl_media(msg.get('item_list', []))
     if not text and not media_paths: return
     if media_paths:
diff --git a/mykey_template.py b/mykey_template.py
index 9f938e7c..3b522ca6 100644
--- a/mykey_template.py
+++ b/mykey_template.py
@@ -392,6 +392,7 @@
 # wecom_secret = 'your_bot_secret'
 # wecom_allowed_users = ['your_user_id']            # 留空或 ['*'] 表示允许所有企业微信用户
 # wecom_welcome_message = '你好，我在线上。'
+# wechat_allowed_users = ['from_user_id']           # 留空或 ['*'] 表示允许所有微信用户
 # dingtalk_client_id = 'your_app_key'
 # dingtalk_client_secret = 'your_app_secret'
 # dingtalk_allowed_users = ['your_staff_id']        # 留空或 ['*'] 表示允许所有钉钉用户