diff --git a/src/quickbot/api_route/telegram.py b/src/quickbot/api_route/telegram.py index 4e10f23..27bb806 100644 --- a/src/quickbot/api_route/telegram.py +++ b/src/quickbot/api_route/telegram.py @@ -21,7 +21,7 @@ async def telegram_webhook( app: QBotApp = request.app request_token = request.headers.get("X-Telegram-Bot-Api-Secret-Token") - if request_token != app.bot_auth_token: + if request_token != app.config.TELEGRAM_WEBHOOK_AUTH_KEY: logger.warning("Unauthorized request %s", request) return Response(status_code=403) try: diff --git a/src/quickbot/config/__init__.py b/src/quickbot/config/__init__.py index 3cb939b..9121f0f 100644 --- a/src/quickbot/config/__init__.py +++ b/src/quickbot/config/__init__.py @@ -46,6 +46,8 @@ class Config(BaseSettings): ) else '' }" + + TELEGRAM_WEBHOOK_AUTH_KEY: str = "changethis" TELEGRAM_BOT_USERNAME: str = "quickbot" TELEGRAM_BOT_SERVER: str = "https://api.telegram.org" @@ -54,10 +56,6 @@ class Config(BaseSettings): ADMIN_TELEGRAM_ID: int - USE_NGROK: bool = False - NGROK_AUTH_TOKEN: str = "changethis" - NGROK_URL: str = "" - LOG_LEVEL: str = "DEBUG" def _check_default_secret(self, var_name: str, value: str | None) -> None: diff --git a/src/quickbot/main.py b/src/quickbot/main.py index b05d357..a066f84 100644 --- a/src/quickbot/main.py +++ b/src/quickbot/main.py @@ -123,8 +123,6 @@ class QBotApp(Generic[UserType, ConfigType], FastAPI): self.dp = dp - self.bot_auth_token = token_hex(128) - self.start_handler = bot_start self.bot_commands = dict[str, BotCommand]() @@ -174,7 +172,7 @@ class QBotApp(Generic[UserType, ConfigType], FastAPI): url=f"{self.config.TELEGRAM_WEBHOOK_URL}/telegram/webhook", drop_pending_updates=True, allowed_updates=self.allowed_updates, - secret_token=self.bot_auth_token, + secret_token=self.webhook_auth_key, ) async def show_form(