brinza/telebot_template
Template
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add more security in webhooks

Browse Source
This commit is contained in:
Ilya Bezrukov 2024-08-07 02:38:33 +03:00
parent a8f39d4630
commit 3b12868201
3 changed files with 26 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
mybot/__init__.py
View File

@ -27,7 +27,8 @@ def create_bot(config: Config, i18n: I18N, engine):
if config.use_webhook: if config.use_webhook:
bot.set_webhook(config.webhook.url, bot.set_webhook(config.webhook.url,
drop_pending_updates=config.webhook.drop_pending_updates, drop_pending_updates=config.webhook.drop_pending_updates,
max_connections=config.webhook.max_connections) max_connections=config.webhook.max_connections,
secret_token=config.webhook.secret_token)
return bot return bot

13
mybot/config.py
View File

@ -1,4 +1,5 @@
import os import os
import secrets
from dataclasses import dataclass from dataclasses import dataclass
@ -27,6 +28,12 @@ class WebhookConfig:
url_path: str url_path: str
max_connections: int max_connections: int
drop_pending_updates: bool drop_pending_updates: bool
use_secret_token: bool
secret_token: str
def __post_init__(self):
if self.use_secret_token and not self.secret_token:
self.secret_token = secrets.token_hex()
@property @property
def url(self): def url(self):
@ -35,9 +42,11 @@ class WebhookConfig:
@classmethod @classmethod
def from_env(cls): def from_env(cls):
return cls(os.getenv("WEBHOOK_DOMAIN"), return cls(os.getenv("WEBHOOK_DOMAIN"),
os.getenv("WEBHOOK_URL_PATH"), os.getenv("WEBHOOK_URL_PATH", "/"),
int(os.getenv("WEBHOOK_MAX_CONNECTIONS", 40)), int(os.getenv("WEBHOOK_MAX_CONNECTIONS", 40)),
bool(int(os.getenv("WEBHOOK_DROP_PENDING", True)))) bool(int(os.getenv("WEBHOOK_DROP_PENDING", True))),
bool(int(os.getenv("WEBHOOK_USE_SECRET_TOKEN", True))),
os.getenv("WEBHOOK_SECRET_TOKEN"))
@dataclass @dataclass

26
mybot/webhook/__init__.py
View File

@ -1,35 +1,35 @@
from flask import Flask, Blueprint, request, abort, g from flask import Flask, request, abort, g
from telebot import TeleBot from telebot import TeleBot
from telebot.types import Update from telebot.types import Update
from ..config import Config from ..config import Config
bot_bp = Blueprint("bot", __name__)
@bot_bp.route("/", methods=["GET", "POST"])
def handle_updates(): def handle_updates():
if request.method == "GET": if request.method == "GET":
abort(404) abort(404) # safer to 404
if g.config.webhook.use_secret_token:
if request.headers.get("X-Telegram-Bot-Api-Secret-Token") != g.config.webhook.secret_token:
abort(404)
if request.headers.get("content-type") == "application/json": if request.headers.get("content-type") == "application/json":
update = Update.de_json(request.get_json()) update = Update.de_json(request.get_json())
g.bot.process_new_updates([update]) g.bot.process_new_updates([update])
return "" return ""
else: else:
abort(403) abort(404) # safer to 404
def inject_g(bot: TeleBot, config: Config): def inject_g(**kwargs):
def inner(): def inner():
g.bot = bot for k, v in kwargs.items():
g.config = config setattr(g, k, v)
return inner return inner
def create_app(bot: TeleBot, config: Config): def create_app(bot: TeleBot, config: Config):
app = Flask(__name__) app = Flask(__name__)
app.register_blueprint(bot_bp, url_prefix=f"{config.webhook.url_path}") app.add_url_rule(config.webhook.url_path,
app.before_request(inject_g(bot, config)) view_func=handle_updates,
methods=["GET", "POST"])
app.before_request(inject_g(bot=bot, config=config))
return app return app