Stats: hide sensible data (#24)

Adds the --stats-hide-sensible-data flag (Docker: $TELEGRAM_STAT_HIDE_SENSIBLE_DATA=1), removing the bot token and the webhook url from the stats endpoint.
2020-12-15 17:43:20 +01:00 · 2020-12-15 17:43:20 +01:00 · c08d466be0
parent 7c642e8e41
commit c08d466be0
5 changed files with 20 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -107,6 +107,9 @@ Allow http connection in non-local mode
 ##### Flag `--max-batch-operations=<number>`
 maximum number of batch operations (default 10000)

+##### Executable parameter `--stats-hide-sensible-data`
+Makes the stats page (if enabled) hide the bot token and the webhook url to no leak user secrets, when served publicly.
+
 #### Existing Command Line Parameters
 Which are not properly documented, so they are written down here.

--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@ -19,6 +19,9 @@ CUSTOM_ARGS=""
 if [ -n "$TELEGRAM_STAT" ]; then
  CUSTOM_ARGS="${CUSTOM_ARGS} --http-stat-port=8082"
 fi
+if [ -n "$TELEGRAM_STAT_HIDE_SENSIBLE_DATA" ]; then
+  CUSTOM_ARGS="${CUSTOM_ARGS} --stats-hide-sensible-data"
+fi
 if [ -n "$TELEGRAM_FILTER" ]; then
  CUSTOM_ARGS="${CUSTOM_ARGS} --filter=$TELEGRAM_FILTER"
 fi
--- a/telegram-bot-api/ClientManager.cpp
+++ b/telegram-bot-api/ClientManager.cpp
@ -1,5 +1,5 @@
 //
-// Copyright Aliaksei Levin (levlam@telegram.org), Arseny Smirnov (arseny30@gmail.com) 2014-2020
+// Copyright Aliaksei Levin (levlam@telegram.org), Arseny Smirnov (arseny30@gmail.com) 2014-2020, Luckydonald (tdlight-telegram-bot-api+code@luckydonald.de) 2020
 //
 // Distributed under the Boost Software License, Version 1.0. (See accompanying
 // file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
@ -289,9 +289,17 @@ void ClientManager::get_stats(td::PromiseActor<td::BufferSlice> promise,
    sb << "\n";
    sb << "id\t" << bot_info.id_ << "\n";
    sb << "uptime\t" << now - bot_info.start_time_ << "\n";
-    sb << "token\t" << bot_info.token_ << "\n";
+    if (!parameters_->stats_hide_sensible_data_) {
+      sb << "token\t" << bot_info.token_ << "\n";
+    }
    sb << "username\t" << bot_info.username_ << "\n";
-    sb << "webhook\t" << bot_info.webhook_ << "\n";
+    if (!parameters_->stats_hide_sensible_data_) {
+      sb << "webhook\t" << bot_info.webhook_ << "\n";
+    } else if (bot_info.webhook_.empty()) {
+      sb << "webhook disabled" << "\n";
+    } else {
+      sb << "webhook enabled" << "\n";
+    }
    sb << "has_custom_certificate\t" << bot_info.has_webhook_certificate_ << "\n";
    sb << "head_update_id\t" << bot_info.head_update_id_ << "\n";
    sb << "tail_update_id\t" << bot_info.tail_update_id_ << "\n";
--- a/telegram-bot-api/ClientParameters.h
+++ b/telegram-bot-api/ClientParameters.h
@ -61,6 +61,7 @@ struct ClientParameters {
  bool no_file_limit_ = true;
  bool allow_users_ = false;
  bool allow_users_registration_ = false;
+  bool stats_hide_sensible_data_ = false;

  td::int32 api_id_ = 0;
  td::string api_hash_;
--- a/telegram-bot-api/telegram-bot-api.cpp
+++ b/telegram-bot-api/telegram-bot-api.cpp
@ -180,6 +180,8 @@ int main(int argc, char *argv[]) {
  options.add_option('\0', "allow-users-registration", "allow user accounts to be registered on the API",
                     [&] { parameters->allow_users_registration_ = true; });

+  options.add_option('\0', "stats-hide-sensible-data", "in the stats hide sensible data like bot token and webhook url", [&] { parameters->stats_hide_sensible_data_ = true; });
+
  options.add_checked_option(
      '\0', "api-id",
      "application identifier for Telegram API access, which can be obtained at https://my.telegram.org (defaults to "