all repos — telegram-bot-api @ 7629a37f7708fa9a24c55fd490114922d026bdb3

Golang bindings for the Telegram Bot API

Added validation and error checking for incoming updates in ListenForWebhook
Dmitriy Kharchenko d.s.harchenko@mpt.ru
Sun, 24 Nov 2019 11:05:38 +0300
commit

7629a37f7708fa9a24c55fd490114922d026bdb3

parent

b33efeebc78563cfeddf19563781cffb16aaabdf

2 files changed, 25 insertions(+), 3 deletions(-)

jump to
M bot.gobot.go 
@@ -533,11 +533,33 @@ func (bot *BotAPI) ListenForWebhook(pattern string) UpdatesChannel {
 	ch := make(chan Update, bot.Buffer)
 
 	http.HandleFunc(pattern, func(w http.ResponseWriter, r *http.Request) {
-		bytes, _ := ioutil.ReadAll(r.Body)
+		if r.Method != http.MethodPost {
+			errMsg, _ := json.Marshal(map[string]string{"error": "Wrong HTTP method, required POST"})
+			w.WriteHeader(http.StatusMethodNotAllowed)
+			w.Header().Set("Content-Type", "application/json")
+			w.Write(errMsg)
+			return
+		}
+
+		bytes, err := ioutil.ReadAll(r.Body)
+		if err != nil {
+			errMsg, _ := json.Marshal(map[string]string{"error": err.Error()})
+			w.WriteHeader(http.StatusBadRequest)
+			w.Header().Set("Content-Type", "application/json")
+			w.Write(errMsg)
+			return
+		}
 		r.Body.Close()
 
 		var update Update
-		json.Unmarshal(bytes, &update)
+		err = json.Unmarshal(bytes, &update)
+		if err != nil {
+			errMsg, _ := json.Marshal(map[string]string{"error": err.Error()})
+			w.WriteHeader(http.StatusBadRequest)
+			w.Header().Set("Content-Type", "application/json")
+			w.Write(errMsg)
+			return
+		}
 
 		ch <- update
 	})
M helpers.gohelpers.go 
@@ -622,7 +622,7 @@ BaseEdit: BaseEdit{
 			ChatID:    chatID,
 			MessageID: messageID,
 		},
-		Caption:   caption,
+		Caption: caption,
 	}
 }