Gabriel Radureau
07115e3162
Some checks failed
Docker Build / build-and-push-image (push) Failing after 18s
Adds an authentication layer in front of the bot handlers : - Auth handler on the principal bot (@arcodange_factory_bot, slug factory) parses /start, /auth <code>, /whoami, /logout. On a successful /auth, the message containing the code is best-effort deleted from the user's chat (replay defense). - Redis-backed sessions (key tg-gw:auth:<from.id>, TTL 24h, configurable via AUTH_SESSION_TTL). Constant-time secret compare via crypto/subtle. - ALLOWED_USERS env (CSV of Telegram user IDs) — silent-drops anyone not in the list before the auth gate runs. - New per-bot field 'requireAuth' (pointer-bool). Default = true (secure by default). Auto-forced to false for handler=auth (chicken-and-egg). - Server gates: allowlist first, then requireAuth before handler dispatch. - Fail-at-startup if a bot is configured with handler=auth or requireAuth: true while AUTH_SECRET is unset. Design: factory/docs/adr/20260509-telegram-gateway-auth.md (in factory PR). User docs: AUTH.md (new), HOWTO_ADD_BOT.md (Cas 2 updated for default true and gated flow). New deps: github.com/redis/go-redis/v9. Refs ~/.claude/plans/pour-les-notifications-on-inherited-seal.md § Phase 1.5.
120 lines
3.1 KiB
Go
120 lines
3.1 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"flag"
|
|
"log"
|
|
"net/http"
|
|
"os"
|
|
"os/signal"
|
|
"syscall"
|
|
"time"
|
|
)
|
|
|
|
const defaultListenAddr = ":8080"
|
|
const defaultConfigPath = "/etc/telegram-gateway/bots.yaml"
|
|
|
|
func main() {
|
|
subcmd := ""
|
|
if len(os.Args) > 1 && os.Args[1] != "" && os.Args[1][0] != '-' {
|
|
subcmd = os.Args[1]
|
|
os.Args = append([]string{os.Args[0]}, os.Args[2:]...)
|
|
}
|
|
|
|
switch subcmd {
|
|
case "setwebhook":
|
|
runSetWebhook()
|
|
case "deletewebhook":
|
|
runDeleteWebhook()
|
|
case "", "serve":
|
|
runServer()
|
|
default:
|
|
log.Fatalf("unknown subcommand: %s (expected: serve | setwebhook | deletewebhook)", subcmd)
|
|
}
|
|
}
|
|
|
|
func runServer() {
|
|
addr := flag.String("addr", envOr("LISTEN_ADDR", defaultListenAddr), "listen address")
|
|
configPath := flag.String("config", envOr("CONFIG_PATH", defaultConfigPath), "bot routing config (YAML)")
|
|
flag.Parse()
|
|
|
|
cfg, err := LoadConfig(*configPath)
|
|
if err != nil {
|
|
log.Fatalf("load config: %v", err)
|
|
}
|
|
|
|
tg := NewTelegramClient()
|
|
|
|
// Phase 1.5 — auth layer (Redis-backed sessions). See
|
|
// factory/docs/adr/20260509-telegram-gateway-auth.md.
|
|
authSecret := os.Getenv("AUTH_SECRET")
|
|
redisURL := envOr("REDIS_URL", "redis://redis.tools.svc.cluster.local:6379/0")
|
|
ttl := 24 * time.Hour
|
|
if raw := os.Getenv("AUTH_SESSION_TTL"); raw != "" {
|
|
if d, err := time.ParseDuration(raw); err == nil && d > 0 {
|
|
ttl = d
|
|
} else {
|
|
log.Printf("AUTH_SESSION_TTL=%q invalid, defaulting to 24h", raw)
|
|
}
|
|
}
|
|
var auth *Auth
|
|
if authSecret != "" {
|
|
var aerr error
|
|
auth, aerr = NewAuth(redisURL, authSecret, ttl)
|
|
if aerr != nil {
|
|
log.Fatalf("init auth: %v", aerr)
|
|
}
|
|
log.Printf("auth layer initialized (TTL=%s, redis=%s)", ttl, redisURL)
|
|
} else {
|
|
log.Print("AUTH_SECRET unset → auth layer disabled (no bot may have handler=auth or requireAuth: true)")
|
|
}
|
|
|
|
allowlist := NewAllowlist(os.Getenv("ALLOWED_USERS"))
|
|
if allowlist.Open() {
|
|
log.Print("ALLOWED_USERS empty → allowlist open to all")
|
|
} else {
|
|
log.Printf("allowlist active (%d user(s) allowed)", allowlist.Size())
|
|
}
|
|
|
|
registry, err := NewRegistry(cfg, tg, auth)
|
|
if err != nil {
|
|
log.Fatalf("build registry: %v", err)
|
|
}
|
|
|
|
srv := &http.Server{
|
|
Addr: *addr,
|
|
Handler: NewServer(registry, auth, allowlist, tg).Routes(),
|
|
ReadHeaderTimeout: 5 * time.Second,
|
|
ReadTimeout: 30 * time.Second,
|
|
WriteTimeout: 30 * time.Second,
|
|
IdleTimeout: 60 * time.Second,
|
|
}
|
|
|
|
ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
|
|
defer stop()
|
|
|
|
go func() {
|
|
log.Printf("telegram-gateway listening on %s (%d bot(s) loaded)", *addr, registry.Count())
|
|
if err := srv.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) {
|
|
log.Fatalf("server: %v", err)
|
|
}
|
|
}()
|
|
|
|
<-ctx.Done()
|
|
log.Print("shutdown signal received, draining...")
|
|
shutdownCtx, cancel := context.WithTimeout(context.Background(), 15*time.Second)
|
|
defer cancel()
|
|
if err := srv.Shutdown(shutdownCtx); err != nil {
|
|
log.Printf("graceful shutdown error: %v", err)
|
|
}
|
|
log.Print("bye")
|
|
}
|
|
|
|
func envOr(key, fallback string) string {
|
|
if v := os.Getenv(key); v != "" {
|
|
return v
|
|
}
|
|
return fallback
|
|
}
|