MarcoBuster/tdlight-telegram-bot-api
1
0
Fork 0
mirror of https://github.com/tdlight-team/tdlight-telegram-bot-api.git synced 2024-11-04 11:07:23 +01:00
Code Issues Releases Wiki Activity

Stats: hide sensible data (#24)

Browse Source 
Adds the --stats-hide-sensible-data flag (Docker: $TELEGRAM_STAT_HIDE_SENSIBLE_DATA=1), removing the bot token and the webhook url from the stats endpoint.
This commit is contained in:
Luckydonald 2020-12-15 17:43:20 +01:00 committed by GitHub
parent 7c642e8e41
commit c08d466be0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -107,6 +107,9 @@ Allow http connection in non-local mode
##### Flag `--max-batch-operations=<number>` ##### Flag `--max-batch-operations=<number>`
maximum number of batch operations (default 10000) maximum number of batch operations (default 10000)
##### Executable parameter `--stats-hide-sensible-data`
Makes the stats page (if enabled) hide the bot token and the webhook url to no leak user secrets, when served publicly.
#### Existing Command Line Parameters #### Existing Command Line Parameters
Which are not properly documented, so they are written down here. Which are not properly documented, so they are written down here.

3
docker-entrypoint.sh
View File

@ -19,6 +19,9 @@ CUSTOM_ARGS=""
if [ -n "$TELEGRAM_STAT" ]; then if [ -n "$TELEGRAM_STAT" ]; then
CUSTOM_ARGS="${CUSTOM_ARGS} --http-stat-port=8082" CUSTOM_ARGS="${CUSTOM_ARGS} --http-stat-port=8082"
fi fi
if [ -n "$TELEGRAM_STAT_HIDE_SENSIBLE_DATA" ]; then
CUSTOM_ARGS="${CUSTOM_ARGS} --stats-hide-sensible-data"
fi
if [ -n "$TELEGRAM_FILTER" ]; then if [ -n "$TELEGRAM_FILTER" ]; then
CUSTOM_ARGS="${CUSTOM_ARGS} --filter=$TELEGRAM_FILTER" CUSTOM_ARGS="${CUSTOM_ARGS} --filter=$TELEGRAM_FILTER"
fi fi

14
telegram-bot-api/ClientManager.cpp
View File

@ -1,5 +1,5 @@
// //
// Copyright Aliaksei Levin (levlam@telegram.org), Arseny Smirnov (arseny30@gmail.com) 2014-2020 // Copyright Aliaksei Levin (levlam@telegram.org), Arseny Smirnov (arseny30@gmail.com) 2014-2020, Luckydonald (tdlight-telegram-bot-api+code@luckydonald.de) 2020
// //
// Distributed under the Boost Software License, Version 1.0. (See accompanying // Distributed under the Boost Software License, Version 1.0. (See accompanying
// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) // file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
@ -289,9 +289,17 @@ void ClientManager::get_stats(td::PromiseActor<td::BufferSlice> promise,
sb << "\n"; sb << "\n";
sb << "id\t" << bot_info.id_ << "\n"; sb << "id\t" << bot_info.id_ << "\n";
sb << "uptime\t" << now - bot_info.start_time_ << "\n"; sb << "uptime\t" << now - bot_info.start_time_ << "\n";
sb << "token\t" << bot_info.token_ << "\n"; if (!parameters_->stats_hide_sensible_data_) {
sb << "token\t" << bot_info.token_ << "\n";
}
sb << "username\t" << bot_info.username_ << "\n"; sb << "username\t" << bot_info.username_ << "\n";
sb << "webhook\t" << bot_info.webhook_ << "\n"; if (!parameters_->stats_hide_sensible_data_) {
sb << "webhook\t" << bot_info.webhook_ << "\n";
} else if (bot_info.webhook_.empty()) {
sb << "webhook disabled" << "\n";
} else {
sb << "webhook enabled" << "\n";
}
sb << "has_custom_certificate\t" << bot_info.has_webhook_certificate_ << "\n"; sb << "has_custom_certificate\t" << bot_info.has_webhook_certificate_ << "\n";
sb << "head_update_id\t" << bot_info.head_update_id_ << "\n"; sb << "head_update_id\t" << bot_info.head_update_id_ << "\n";
sb << "tail_update_id\t" << bot_info.tail_update_id_ << "\n"; sb << "tail_update_id\t" << bot_info.tail_update_id_ << "\n";

1
telegram-bot-api/ClientParameters.h
View File

@ -61,6 +61,7 @@ struct ClientParameters {
bool no_file_limit_ = true; bool no_file_limit_ = true;
bool allow_users_ = false; bool allow_users_ = false;
bool allow_users_registration_ = false; bool allow_users_registration_ = false;
bool stats_hide_sensible_data_ = false;
td::int32 api_id_ = 0; td::int32 api_id_ = 0;
td::string api_hash_; td::string api_hash_;

2
telegram-bot-api/telegram-bot-api.cpp
View File

@ -180,6 +180,8 @@ int main(int argc, char *argv[]) {
options.add_option('\0', "allow-users-registration", "allow user accounts to be registered on the API", options.add_option('\0', "allow-users-registration", "allow user accounts to be registered on the API",
[&] { parameters->allow_users_registration_ = true; }); [&] { parameters->allow_users_registration_ = true; });
options.add_option('\0', "stats-hide-sensible-data", "in the stats hide sensible data like bot token and webhook url", [&] { parameters->stats_hide_sensible_data_ = true; });
options.add_checked_option( options.add_checked_option(
'\0', "api-id", '\0', "api-id",
"application identifier for Telegram API access, which can be obtained at https://my.telegram.org (defaults to " "application identifier for Telegram API access, which can be obtained at https://my.telegram.org (defaults to "