fix: tighten file perms and enforce Slack ACL checks (#186)

- write config and cron store with 0600 instead of 0644 - check allow list in Slack slash commands and app mentions - pass workspace restrict flag to cron exec tool Closes #179
2026-02-16 16:06:39 +08:00
parent 17685da584
commit 5c321a90de
7 changed files with 86 additions and 7 deletions
--- a/pkg/cron/service.go
+++ b/pkg/cron/service.go
@@ -340,7 +340,7 @@ func (cs *CronService) saveStoreUnsafe() error {
 		return err
 	}

-	return os.WriteFile(cs.storePath, data, 0644)
+	return os.WriteFile(cs.storePath, data, 0600)
 }

 func (cs *CronService) AddJob(name string, schedule CronSchedule, message string, deliver bool, channel, to string) (*CronJob, error) {