docs: align ADR path references to doc/adr (singular)
All checks were successful
Docker Build / build-and-push-image (push) Successful in 56s
All checks were successful
Docker Build / build-and-push-image (push) Successful in 56s
Mirror of factory#8 path correction. Updates Gitea URLs in AUTH.md / HOWTO_ADD_BOT.md and the '// Voir factory/...' header comments in code.
This commit is contained in:
2
AUTH.md
2
AUTH.md
@@ -1,6 +1,6 @@
|
||||
[← README](README.md) · [HOWTO_ADD_BOT](HOWTO_ADD_BOT.md) · **Authentification**
|
||||
|
||||
> **Détails de design** : [factory ADR 20260509 — telegram-gateway auth](https://gitea.arcodange.lab/arcodange-org/factory/src/branch/main/docs/adr/20260509-telegram-gateway-auth.md)
|
||||
> **Détails de design** : [factory ADR 20260509 — telegram-gateway auth](https://gitea.arcodange.lab/arcodange-org/factory/src/branch/main/doc/adr/20260509-telegram-gateway-auth.md)
|
||||
|
||||
# Authentification
|
||||
|
||||
|
||||
@@ -35,7 +35,7 @@ la session n'a rien à recevoir en retour.
|
||||
|
||||
Utile pour valider la chaîne, créer un canal de log conversationnel, etc.
|
||||
|
||||
> **Auth (Phase 1.5, ADR [20260509](https://gitea.arcodange.lab/arcodange-org/factory/src/branch/main/docs/adr/20260509-telegram-gateway-auth.md))** : par défaut, **`requireAuth: true`** s'applique → tout user qui DM ce bot doit d'abord ouvrir une session via `/auth <code>` chez `@arcodange_factory_bot`. Voir [`AUTH.md`](AUTH.md). Pour rendre un bot public, ajouter explicitement `requireAuth: false`.
|
||||
> **Auth (Phase 1.5, ADR [20260509](https://gitea.arcodange.lab/arcodange-org/factory/src/branch/main/doc/adr/20260509-telegram-gateway-auth.md))** : par défaut, **`requireAuth: true`** s'applique → tout user qui DM ce bot doit d'abord ouvrir une session via `/auth <code>` chez `@arcodange_factory_bot`. Voir [`AUTH.md`](AUTH.md). Pour rendre un bot public, ajouter explicitement `requireAuth: false`.
|
||||
|
||||
Steps (humain ou session Claude avec accès au cluster + au repo) :
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
// Voir factory/docs/adr/20260509-telegram-gateway-auth.md
|
||||
// Voir factory/doc/adr/20260509-telegram-gateway-auth.md
|
||||
package main
|
||||
|
||||
import (
|
||||
|
||||
2
auth.go
2
auth.go
@@ -1,4 +1,4 @@
|
||||
// Voir factory/docs/adr/20260509-telegram-gateway-auth.md
|
||||
// Voir factory/doc/adr/20260509-telegram-gateway-auth.md
|
||||
package main
|
||||
|
||||
import (
|
||||
|
||||
@@ -45,7 +45,7 @@ spec:
|
||||
value: ":{{ .Values.service.port }}"
|
||||
- name: CONFIG_PATH
|
||||
value: /etc/telegram-gateway/bots.yaml
|
||||
# Auth layer — voir factory/docs/adr/20260509-telegram-gateway-auth.md.
|
||||
# Auth layer — voir factory/doc/adr/20260509-telegram-gateway-auth.md.
|
||||
# AUTH_SECRET et ALLOWED_USERS arrivent via envFrom secretRef.
|
||||
- name: REDIS_URL
|
||||
value: {{ .Values.auth.redisURL | quote }}
|
||||
|
||||
@@ -82,7 +82,7 @@ autoscaling:
|
||||
# Bot routing config — non-secret, becomes the bots.yaml ConfigMap entry.
|
||||
# Tokens & secret_token values live in a k8s Secret named `secret.name`.
|
||||
#
|
||||
# Auth gate (Phase 1.5, ADR factory/docs/adr/20260509-telegram-gateway-auth.md):
|
||||
# Auth gate (Phase 1.5, ADR factory/doc/adr/20260509-telegram-gateway-auth.md):
|
||||
# - `requireAuth` defaults to **true** (secure by default). Add
|
||||
# `requireAuth: false` only for bots you want to expose publicly.
|
||||
# - For `handler: auth`, requireAuth is auto-forced to false (the auth bot
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
// Voir factory/docs/adr/20260509-telegram-gateway-auth.md
|
||||
// Voir factory/doc/adr/20260509-telegram-gateway-auth.md
|
||||
package main
|
||||
|
||||
import (
|
||||
|
||||
2
main.go
2
main.go
@@ -47,7 +47,7 @@ func runServer() {
|
||||
tg := NewTelegramClient()
|
||||
|
||||
// Phase 1.5 — auth layer (Redis-backed sessions). See
|
||||
// factory/docs/adr/20260509-telegram-gateway-auth.md.
|
||||
// factory/doc/adr/20260509-telegram-gateway-auth.md.
|
||||
authSecret := os.Getenv("AUTH_SECRET")
|
||||
redisURL := envOr("REDIS_URL", "redis://redis.tools.svc.cluster.local:6379/0")
|
||||
ttl := 24 * time.Hour
|
||||
|
||||
@@ -169,7 +169,7 @@ type DeleteMessageParams struct {
|
||||
|
||||
// DeleteMessage removes a message from a chat. Used as best-effort replay
|
||||
// defense after a successful /auth (we delete the message that contained
|
||||
// the secret). See factory/docs/adr/20260509-telegram-gateway-auth.md.
|
||||
// the secret). See factory/doc/adr/20260509-telegram-gateway-auth.md.
|
||||
func (c *TelegramClient) DeleteMessage(ctx context.Context, token string, chatID, messageID int64) error {
|
||||
body, err := json.Marshal(DeleteMessageParams{ChatID: chatID, MessageID: messageID})
|
||||
if err != nil {
|
||||
|
||||
@@ -48,7 +48,7 @@ func (u Update) ChatID() (int64, bool) {
|
||||
|
||||
// UserID extracts the Telegram user ID (`from.id`) from whichever sub-payload
|
||||
// is set. Used by the auth layer (factory bot session, requireAuth gate, allowlist).
|
||||
// See factory/docs/adr/20260509-telegram-gateway-auth.md.
|
||||
// See factory/doc/adr/20260509-telegram-gateway-auth.md.
|
||||
func (u Update) UserID() (int64, bool) {
|
||||
switch {
|
||||
case u.Message != nil && u.Message.From != nil:
|
||||
|
||||
Reference in New Issue
Block a user