docs: align ADR path references to doc/adr (singular)
All checks were successful
Docker Build / build-and-push-image (push) Successful in 56s
All checks were successful
Docker Build / build-and-push-image (push) Successful in 56s
Mirror of factory#8 path correction. Updates Gitea URLs in AUTH.md / HOWTO_ADD_BOT.md and the '// Voir factory/...' header comments in code.
This commit is contained in:
2
AUTH.md
2
AUTH.md
@@ -1,6 +1,6 @@
|
|||||||
[← README](README.md) · [HOWTO_ADD_BOT](HOWTO_ADD_BOT.md) · **Authentification**
|
[← README](README.md) · [HOWTO_ADD_BOT](HOWTO_ADD_BOT.md) · **Authentification**
|
||||||
|
|
||||||
> **Détails de design** : [factory ADR 20260509 — telegram-gateway auth](https://gitea.arcodange.lab/arcodange-org/factory/src/branch/main/docs/adr/20260509-telegram-gateway-auth.md)
|
> **Détails de design** : [factory ADR 20260509 — telegram-gateway auth](https://gitea.arcodange.lab/arcodange-org/factory/src/branch/main/doc/adr/20260509-telegram-gateway-auth.md)
|
||||||
|
|
||||||
# Authentification
|
# Authentification
|
||||||
|
|
||||||
|
|||||||
@@ -35,7 +35,7 @@ la session n'a rien à recevoir en retour.
|
|||||||
|
|
||||||
Utile pour valider la chaîne, créer un canal de log conversationnel, etc.
|
Utile pour valider la chaîne, créer un canal de log conversationnel, etc.
|
||||||
|
|
||||||
> **Auth (Phase 1.5, ADR [20260509](https://gitea.arcodange.lab/arcodange-org/factory/src/branch/main/docs/adr/20260509-telegram-gateway-auth.md))** : par défaut, **`requireAuth: true`** s'applique → tout user qui DM ce bot doit d'abord ouvrir une session via `/auth <code>` chez `@arcodange_factory_bot`. Voir [`AUTH.md`](AUTH.md). Pour rendre un bot public, ajouter explicitement `requireAuth: false`.
|
> **Auth (Phase 1.5, ADR [20260509](https://gitea.arcodange.lab/arcodange-org/factory/src/branch/main/doc/adr/20260509-telegram-gateway-auth.md))** : par défaut, **`requireAuth: true`** s'applique → tout user qui DM ce bot doit d'abord ouvrir une session via `/auth <code>` chez `@arcodange_factory_bot`. Voir [`AUTH.md`](AUTH.md). Pour rendre un bot public, ajouter explicitement `requireAuth: false`.
|
||||||
|
|
||||||
Steps (humain ou session Claude avec accès au cluster + au repo) :
|
Steps (humain ou session Claude avec accès au cluster + au repo) :
|
||||||
|
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
// Voir factory/docs/adr/20260509-telegram-gateway-auth.md
|
// Voir factory/doc/adr/20260509-telegram-gateway-auth.md
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
|||||||
2
auth.go
2
auth.go
@@ -1,4 +1,4 @@
|
|||||||
// Voir factory/docs/adr/20260509-telegram-gateway-auth.md
|
// Voir factory/doc/adr/20260509-telegram-gateway-auth.md
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
|||||||
@@ -45,7 +45,7 @@ spec:
|
|||||||
value: ":{{ .Values.service.port }}"
|
value: ":{{ .Values.service.port }}"
|
||||||
- name: CONFIG_PATH
|
- name: CONFIG_PATH
|
||||||
value: /etc/telegram-gateway/bots.yaml
|
value: /etc/telegram-gateway/bots.yaml
|
||||||
# Auth layer — voir factory/docs/adr/20260509-telegram-gateway-auth.md.
|
# Auth layer — voir factory/doc/adr/20260509-telegram-gateway-auth.md.
|
||||||
# AUTH_SECRET et ALLOWED_USERS arrivent via envFrom secretRef.
|
# AUTH_SECRET et ALLOWED_USERS arrivent via envFrom secretRef.
|
||||||
- name: REDIS_URL
|
- name: REDIS_URL
|
||||||
value: {{ .Values.auth.redisURL | quote }}
|
value: {{ .Values.auth.redisURL | quote }}
|
||||||
|
|||||||
@@ -82,7 +82,7 @@ autoscaling:
|
|||||||
# Bot routing config — non-secret, becomes the bots.yaml ConfigMap entry.
|
# Bot routing config — non-secret, becomes the bots.yaml ConfigMap entry.
|
||||||
# Tokens & secret_token values live in a k8s Secret named `secret.name`.
|
# Tokens & secret_token values live in a k8s Secret named `secret.name`.
|
||||||
#
|
#
|
||||||
# Auth gate (Phase 1.5, ADR factory/docs/adr/20260509-telegram-gateway-auth.md):
|
# Auth gate (Phase 1.5, ADR factory/doc/adr/20260509-telegram-gateway-auth.md):
|
||||||
# - `requireAuth` defaults to **true** (secure by default). Add
|
# - `requireAuth` defaults to **true** (secure by default). Add
|
||||||
# `requireAuth: false` only for bots you want to expose publicly.
|
# `requireAuth: false` only for bots you want to expose publicly.
|
||||||
# - For `handler: auth`, requireAuth is auto-forced to false (the auth bot
|
# - For `handler: auth`, requireAuth is auto-forced to false (the auth bot
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
// Voir factory/docs/adr/20260509-telegram-gateway-auth.md
|
// Voir factory/doc/adr/20260509-telegram-gateway-auth.md
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
|||||||
2
main.go
2
main.go
@@ -47,7 +47,7 @@ func runServer() {
|
|||||||
tg := NewTelegramClient()
|
tg := NewTelegramClient()
|
||||||
|
|
||||||
// Phase 1.5 — auth layer (Redis-backed sessions). See
|
// Phase 1.5 — auth layer (Redis-backed sessions). See
|
||||||
// factory/docs/adr/20260509-telegram-gateway-auth.md.
|
// factory/doc/adr/20260509-telegram-gateway-auth.md.
|
||||||
authSecret := os.Getenv("AUTH_SECRET")
|
authSecret := os.Getenv("AUTH_SECRET")
|
||||||
redisURL := envOr("REDIS_URL", "redis://redis.tools.svc.cluster.local:6379/0")
|
redisURL := envOr("REDIS_URL", "redis://redis.tools.svc.cluster.local:6379/0")
|
||||||
ttl := 24 * time.Hour
|
ttl := 24 * time.Hour
|
||||||
|
|||||||
@@ -169,7 +169,7 @@ type DeleteMessageParams struct {
|
|||||||
|
|
||||||
// DeleteMessage removes a message from a chat. Used as best-effort replay
|
// DeleteMessage removes a message from a chat. Used as best-effort replay
|
||||||
// defense after a successful /auth (we delete the message that contained
|
// defense after a successful /auth (we delete the message that contained
|
||||||
// the secret). See factory/docs/adr/20260509-telegram-gateway-auth.md.
|
// the secret). See factory/doc/adr/20260509-telegram-gateway-auth.md.
|
||||||
func (c *TelegramClient) DeleteMessage(ctx context.Context, token string, chatID, messageID int64) error {
|
func (c *TelegramClient) DeleteMessage(ctx context.Context, token string, chatID, messageID int64) error {
|
||||||
body, err := json.Marshal(DeleteMessageParams{ChatID: chatID, MessageID: messageID})
|
body, err := json.Marshal(DeleteMessageParams{ChatID: chatID, MessageID: messageID})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@@ -48,7 +48,7 @@ func (u Update) ChatID() (int64, bool) {
|
|||||||
|
|
||||||
// UserID extracts the Telegram user ID (`from.id`) from whichever sub-payload
|
// UserID extracts the Telegram user ID (`from.id`) from whichever sub-payload
|
||||||
// is set. Used by the auth layer (factory bot session, requireAuth gate, allowlist).
|
// is set. Used by the auth layer (factory bot session, requireAuth gate, allowlist).
|
||||||
// See factory/docs/adr/20260509-telegram-gateway-auth.md.
|
// See factory/doc/adr/20260509-telegram-gateway-auth.md.
|
||||||
func (u Update) UserID() (int64, bool) {
|
func (u Update) UserID() (int64, bool) {
|
||||||
switch {
|
switch {
|
||||||
case u.Message != nil && u.Message.From != nil:
|
case u.Message != nil && u.Message.From != nil:
|
||||||
|
|||||||
Reference in New Issue
Block a user