whekin/household-bot
1
0
Fork 0
mirror of https://github.com/whekin/household-bot.git synced 2026-03-31 11:54:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(cd): properly set webhook secret and add verification step

Browse Source
This commit is contained in:
whekin
2026-03-16 03:58:16 +04:00
parent 74348c3ef5
commit 21303de0ba
2 changed files with 50 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
scripts/ops/telegram-webhook.ts
View File

@@ -51,15 +51,21 @@ async function run(): Promise<void> {
return
}
case 'set': {
const params = new URLSearchParams({
url: requireEnv('TELEGRAM_WEBHOOK_URL')
})
const webhookUrl = requireEnv('TELEGRAM_WEBHOOK_URL')
const secretToken = process.env.TELEGRAM_WEBHOOK_SECRET?.trim()
if (secretToken) {
params.set('secret_token', secretToken)
if (!secretToken) {
console.error(
'WARNING: TELEGRAM_WEBHOOK_SECRET not set - webhook will be set without secret token'
)
throw new Error('TELEGRAM_WEBHOOK_SECRET is required for secure webhook setup')
}
const params = new URLSearchParams({
url: webhookUrl,
secret_token: secretToken
})
const maxConnections = process.env.TELEGRAM_MAX_CONNECTIONS?.trim()
if (maxConnections) {
params.set('max_connections', maxConnections)
@@ -70,6 +76,7 @@ async function run(): Promise<void> {
params.set('drop_pending_updates', dropPendingUpdates)
}
console.log(`Setting webhook to: ${webhookUrl}`)
const result = await telegramRequest(botToken, 'setWebhook', params)
console.log(JSON.stringify({ ok: true, result }, null, 2))
return