Merge pull request #282 from dmitriy-kharchenko/master Added validation and error checking for incoming updates in ListenFor…
TJ Horner me@tjhorner.com
Wed, 29 Jul 2020 11:42:08 -0400
3 files changed,
31 insertions(+),
12 deletions(-)
M
bot.go
→
bot.go
@@ -557,21 +557,35 @@ func (bot *BotAPI) ListenForWebhook(pattern string) UpdatesChannel {
ch := make(chan Update, bot.Buffer) http.HandleFunc(pattern, func(w http.ResponseWriter, r *http.Request) { - ch <- bot.HandleUpdate(w, r) + update, err := bot.HandleUpdate(r) + if err != nil { + errMsg, _ := json.Marshal(map[string]string{"error": err.Error()}) + w.WriteHeader(http.StatusBadRequest) + w.Header().Set("Content-Type", "application/json") + _, _ = w.Write(errMsg) + return + } + + ch <- *update }) return ch } // HandleUpdate parses and returns update received via webhook -func (bot *BotAPI) HandleUpdate(res http.ResponseWriter, req *http.Request) Update { - bytes, _ := ioutil.ReadAll(req.Body) - req.Body.Close() +func (bot *BotAPI) HandleUpdate(r *http.Request) (*Update, error) { + if r.Method != http.MethodPost { + err := errors.New("wrong HTTP method required POST") + return nil, err + } - var update Update - json.Unmarshal(bytes, &update) + var update Update + err := json.NewDecoder(r.Body).Decode(&update) + if err != nil { + return nil, err + } - return update + return &update, nil } // AnswerInlineQuery sends a response to an inline query.
M
bot_test.go
→
bot_test.go
@@ -644,8 +644,13 @@ if info.LastErrorDate != 0 {
log.Printf("[Telegram callback failed]%s", info.LastErrorMessage) } - http.HandleFunc("/" + bot.Token, func(w http.ResponseWriter, r *http.Request) { - log.Printf("%+v\n", bot.HandleUpdate(w, r)) + http.HandleFunc("/"+bot.Token, func(w http.ResponseWriter, r *http.Request) { + update, err := bot.HandleUpdate(r) + if err != nil { + log.Printf("%+v\n", err.Error()) + } else { + log.Printf("%+v\n", *update) + } }) go http.ListenAndServeTLS("0.0.0.0:8443", "cert.pem", "key.pem", nil)
M
helpers.go
→
helpers.go
@@ -778,9 +778,9 @@ }
// NewOneTimeReplyKeyboard creates a new one time keyboard. func NewOneTimeReplyKeyboard(rows ...[]KeyboardButton) ReplyKeyboardMarkup { - markup := NewReplyKeyboard(rows...) - markup.OneTimeKeyboard = true - return markup + markup := NewReplyKeyboard(rows...) + markup.OneTimeKeyboard = true + return markup } // NewInlineKeyboardButtonData creates an inline keyboard button with text