fix(tg-bot): filter /list to current user (no app-wide leak)

Author: VoxHash

src/commands/list.js

@@ -3,6 +3,8 @@
  * Supports both /m licenses and /list commands
  */
 
+const { getLinkedUser } = require('../client/DashboardClient');
+
 module.exports = {
   name: 'list',
   description: 'List user licenses',
@@ -66,6 +68,22 @@ module.exports = {
         }
       }
 
+      // Prevent app-wide license leakage: scope to the caller via Dashboard-linked email.
+      // If the user is not linked (or email missing), show an empty list.
+      const linked = await getLinkedUser(userId, { platform: 'telegram' });
+      const linkedEmail = (linked && linked.email ? String(linked.email) : '').trim().toLowerCase();
+      if (!linkedEmail) {
+        licenses = [];
+      } else {
+        licenses = licenses.filter((license) => {
+          const issuedEmail = (license?.issuedEmail ? String(license.issuedEmail) : '')
+            .trim()
+            .toLowerCase();
+          const email = (license?.email ? String(license.email) : '').trim().toLowerCase();
+          return issuedEmail === linkedEmail || email === linkedEmail;
+        });
+      }
+
       if (licenses.length === 0) {
         await bot.editMessageText(
           `📋 *Your Licenses*\n\n` +