From efd05a2f65f7c131920204e4934c9ccad6ba3cef Mon Sep 17 00:00:00 2001
From: ogt <owen.tsai@gmail.com>
Date: Wed, 22 Apr 2026 09:46:07 +0800
Subject: [PATCH] =?UTF-8?q?fix(bot):=20=E4=BF=AE=E5=BE=A9=20/bot/internal/?=
 =?UTF-8?q?cmd=20=E5=91=BC=E5=8F=AB=E6=9C=AA=E5=AE=9A=E7=BE=A9=20verify=5F?=
 =?UTF-8?q?internal=5Ftoken?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 routes/openclaw_bot_routes.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/routes/openclaw_bot_routes.py b/routes/openclaw_bot_routes.py
index 3416aab..d8a5861 100644
--- a/routes/openclaw_bot_routes.py
+++ b/routes/openclaw_bot_routes.py
@@ -5926,7 +5926,8 @@ def internal_cmd():
     """接受 momo-telegram-bot 轉發的 cmd:* 按鈕指令並執行"""
     try:
         token = request.headers.get('X-Internal-Token', '')
-        if not verify_internal_token(token):
+        _expected = os.getenv("INTERNAL_WEBHOOK_TOKEN", "")
+        if _expected and token != _expected:
             return jsonify({'ok': False, 'error': 'Unauthorized'}), 401
         body = request.get_json(silent=True) or {}
         chat_id = body.get('chat_id')