Skip to content

Commit

Permalink
fix(secret): secret hash expose (#23)
Browse files Browse the repository at this point in the history
  • Loading branch information
@XiaoMouz
XiaoMouz authored Jun 27, 2024
1 parent a528200 commit 0106974
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion routes/telegram-hook.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,13 @@ export default eventHandler(async (evt) => {
const webhookUrl = `https://${host}/telegram-hook?secret_hash=${SECRET_HASH}`
const isSet = await bot.telegram.setWebhook(webhookUrl)
const info = await bot.telegram.getWebhookInfo()
return `Set webhook to ${webhookUrl}: ${isSet}<br/>${JSON.stringify(info)}`
return `Set webhook to ${webhookUrl.replaceAll(
SECRET_HASH,

Check failure on line 16 in routes/telegram-hook.ts

View workflow job for this annotation

GitHub Actions / lint 

No overload matches this call.
"*"

Check warning on line 17 in routes/telegram-hook.ts

View workflow job for this annotation

GitHub Actions / lint 

Replace `"*"` with `'*',`
)}: ${isSet}<br/>${JSON.stringify(info).replaceAll(

Check warning on line 18 in routes/telegram-hook.ts

View workflow job for this annotation

GitHub Actions / lint 

Replace `⏎······SECRET_HASH,⏎······"*"⏎····` with `SECRET_HASH,·'*'`
SECRET_HASH,

Check failure on line 19 in routes/telegram-hook.ts

View workflow job for this annotation

GitHub Actions / lint 

No overload matches this call.
"*"
)}`
} else if (query.secret_hash === SECRET_HASH) {
const body = await readBody(evt)
await bot.handleUpdate(body)
Expand Down

0 comments on commit 0106974

Please sign in to comment.