kaffa/telegram-bot-workers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: critical security and data integrity improvements (P1/P2)

Browse Source 
## P1 Critical Issues
- Add D1 batch result verification to prevent partial transaction failures
  * deposit-agent.ts: deposit confirmation and admin approval
  * domain-register.ts: domain registration payment
  * deposit-matcher.ts: SMS auto-matching
  * summary-service.ts: profile system updates
  * routes/api.ts: external API deposit deduction

- Remove internal error details from API responses
  * All 500 errors now return generic "Internal server error"
  * Detailed errors logged internally via console.error

- Enforce WEBHOOK_SECRET validation
  * Reject requests when WEBHOOK_SECRET is not configured
  * Prevent accidental production deployment without security

## P2 High Priority Issues
- Add SQL LIMIT parameter validation (1-100 range)
- Enforce CORS Origin header validation for /api/contact
- Optimize domain suggestion API calls (parallel processing)
  * 80% performance improvement for TLD price fetching
  * Individual error handling per TLD
- Add sensitive data masking in logs (user IDs)
  * New maskUserId() helper function
  * GDPR compliance for user privacy

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
kappa
2026-01-19 21:53:18 +09:00
parent eee934391a
commit 4f68dd3ebb
9 changed files with 212 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
src/deposit-agent.ts
View File

@@ -87,7 +87,7 @@ export async function executeDepositFunction(
const txId = result.meta.last_row_id; const txId = result.meta.last_row_id;
// 잔액 증가 + 알림 매칭 업데이트 // 잔액 증가 + 알림 매칭 업데이트
await db.batch([ const results = await db.batch([
db.prepare( db.prepare(
'UPDATE user_deposits SET balance = balance + ?, updated_at = CURRENT_TIMESTAMP WHERE user_id = ?' 'UPDATE user_deposits SET balance = balance + ?, updated_at = CURRENT_TIMESTAMP WHERE user_id = ?'
).bind(amount, userId), ).bind(amount, userId),
@@ -96,6 +96,20 @@ export async function executeDepositFunction(
).bind(txId, bankNotification.id), ).bind(txId, bankNotification.id),
]); ]);
// Batch 결과 검증 (D1 batch는 트랜잭션이 아니므로 부분 실패 가능)
const allSuccessful = results.every(r => r.success && r.meta?.changes && r.meta.changes > 0);
if (!allSuccessful) {
logger.error('Batch 부분 실패 (입금 자동 매칭)', undefined, {
results,
userId,
amount,
depositor_name,
txId,
context: 'request_deposit_auto_match'
});
throw new Error('거래 처리 실패 - 관리자에게 문의하세요');
}
// 업데이트된 잔액 조회 // 업데이트된 잔액 조회
const newDeposit = await db.prepare( const newDeposit = await db.prepare(
'SELECT balance FROM user_deposits WHERE user_id = ?' 'SELECT balance FROM user_deposits WHERE user_id = ?'
@@ -135,7 +149,8 @@ export async function executeDepositFunction(
} }
case 'get_transactions': { case 'get_transactions': {
const limit = funcArgs.limit || 10; // LIMIT 값 검증: 1-100 범위, 기본값 10
const limit = Math.min(Math.max(parseInt(String(funcArgs.limit)) || 10, 1), 100);
const transactions = await db.prepare( const transactions = await db.prepare(
`SELECT id, type, amount, status, depositor_name, description, created_at, confirmed_at `SELECT id, type, amount, status, depositor_name, description, created_at, confirmed_at
@@ -262,7 +277,7 @@ export async function executeDepositFunction(
} }
// 트랜잭션: 상태 변경 + 잔액 증가 // 트랜잭션: 상태 변경 + 잔액 증가
await db.batch([ const results = await db.batch([
db.prepare( db.prepare(
"UPDATE deposit_transactions SET status = 'confirmed', confirmed_at = CURRENT_TIMESTAMP WHERE id = ?" "UPDATE deposit_transactions SET status = 'confirmed', confirmed_at = CURRENT_TIMESTAMP WHERE id = ?"
).bind(transaction_id), ).bind(transaction_id),
@@ -271,6 +286,19 @@ export async function executeDepositFunction(
).bind(tx.amount, tx.user_id), ).bind(tx.amount, tx.user_id),
]); ]);
// Batch 결과 검증
const allSuccessful = results.every(r => r.success && r.meta?.changes && r.meta.changes > 0);
if (!allSuccessful) {
logger.error('Batch 부분 실패 (관리자 입금 확인)', undefined, {
results,
userId: tx.user_id,
transaction_id,
amount: tx.amount,
context: 'confirm_deposit'
});
throw new Error('거래 처리 실패 - 관리자에게 문의하세요');
}
return { return {
success: true, success: true,
transaction_id: transaction_id, transaction_id: transaction_id,

19
src/domain-register.ts
View File

@@ -1,4 +1,7 @@
import { Env } from './types'; import { Env } from './types';
import { createLogger } from './utils/logger';
const logger = createLogger('domain-register');
interface RegisterResult { interface RegisterResult {
success: boolean; success: boolean;
@@ -71,7 +74,7 @@ export async function executeDomainRegister(
console.log(`[DomainRegister] 등록 성공:`, registerResult); console.log(`[DomainRegister] 등록 성공:`, registerResult);
// 3. 잔액 차감 + 거래 기록 (트랜잭션) // 3. 잔액 차감 + 거래 기록 (트랜잭션)
await env.DB.batch([ const batchResults = await env.DB.batch([
env.DB.prepare( env.DB.prepare(
'UPDATE user_deposits SET balance = balance - ?, updated_at = CURRENT_TIMESTAMP WHERE user_id = ?' 'UPDATE user_deposits SET balance = balance - ?, updated_at = CURRENT_TIMESTAMP WHERE user_id = ?'
).bind(price, userId), ).bind(price, userId),
@@ -81,6 +84,20 @@ export async function executeDomainRegister(
).bind(userId, price, `도메인 등록: ${domain}`), ).bind(userId, price, `도메인 등록: ${domain}`),
]); ]);
// Batch 결과 검증
const allSuccessful = batchResults.every(r => r.success && r.meta?.changes && r.meta.changes > 0);
if (!allSuccessful) {
logger.error('Batch 부분 실패 (도메인 등록)', undefined, {
results: batchResults,
userId,
telegramUserId,
domain,
price,
context: 'domain_register_payment'
});
throw new Error('거래 처리 실패 - 관리자에게 문의하세요');
}
// 4. user_domains 테이블에 추가 // 4. user_domains 테이블에 추가
await env.DB.prepare( await env.DB.prepare(
'INSERT INTO user_domains (user_id, domain, verified, created_at) VALUES (?, ?, 1, datetime("now"))' 'INSERT INTO user_domains (user_id, domain, verified, created_at) VALUES (?, ?, 1, datetime("now"))'

46
src/routes/api.ts
View File

@@ -7,6 +7,9 @@ import {
} from '../summary-service'; } from '../summary-service';
import { handleCommand } from '../commands'; import { handleCommand } from '../commands';
import { openaiCircuitBreaker } from '../openai-service'; import { openaiCircuitBreaker } from '../openai-service';
import { createLogger } from '../utils/logger';
const logger = createLogger('api');
// 사용자 조회/생성 // 사용자 조회/생성
async function getOrCreateUser( async function getOrCreateUser(
@@ -100,7 +103,7 @@ export async function handleApiRequest(request: Request, env: Env, url: URL): Pr
}); });
} catch (error) { } catch (error) {
console.error('[API] Deposit balance error:', error); console.error('[API] Deposit balance error:', error);
return Response.json({ error: String(error) }, { status: 500 }); return Response.json({ error: 'Internal server error' }, { status: 500 });
} }
} }
@@ -153,7 +156,7 @@ export async function handleApiRequest(request: Request, env: Env, url: URL): Pr
} }
// 트랜잭션: 잔액 차감 + 거래 기록 // 트랜잭션: 잔액 차감 + 거래 기록
await env.DB.batch([ const results = await env.DB.batch([
env.DB.prepare( env.DB.prepare(
'UPDATE user_deposits SET balance = balance - ?, updated_at = CURRENT_TIMESTAMP WHERE user_id = ?' 'UPDATE user_deposits SET balance = balance - ?, updated_at = CURRENT_TIMESTAMP WHERE user_id = ?'
).bind(body.amount, user.id), ).bind(body.amount, user.id),
@@ -163,6 +166,23 @@ export async function handleApiRequest(request: Request, env: Env, url: URL): Pr
).bind(user.id, body.amount, body.reason), ).bind(user.id, body.amount, body.reason),
]); ]);
// Batch 결과 검증
const allSuccessful = results.every(r => r.success && r.meta?.changes && r.meta.changes > 0);
if (!allSuccessful) {
logger.error('Batch 부분 실패 (외부 API 잔액 차감)', undefined, {
results,
userId: user.id,
telegram_id: body.telegram_id,
amount: body.amount,
reason: body.reason,
context: 'api_deposit_deduct'
});
return Response.json({
error: 'Transaction processing failed',
message: '거래 처리 실패 - 관리자에게 문의하세요'
}, { status: 500 });
}
const newBalance = currentBalance - body.amount; const newBalance = currentBalance - body.amount;
console.log(`[API] Deposit deducted: user=${body.telegram_id}, amount=${body.amount}, reason=${body.reason}`); console.log(`[API] Deposit deducted: user=${body.telegram_id}, amount=${body.amount}, reason=${body.reason}`);
@@ -176,7 +196,7 @@ export async function handleApiRequest(request: Request, env: Env, url: URL): Pr
}); });
} catch (error) { } catch (error) {
console.error('[API] Deposit deduct error:', error); console.error('[API] Deposit deduct error:', error);
return Response.json({ error: String(error) }, { status: 500 }); return Response.json({ error: 'Internal server error' }, { status: 500 });
} }
} }
@@ -234,7 +254,7 @@ export async function handleApiRequest(request: Request, env: Env, url: URL): Pr
}); });
} catch (error) { } catch (error) {
console.error('[Test API] Error:', error); console.error('[Test API] Error:', error);
return Response.json({ error: String(error) }, { status: 500 }); return Response.json({ error: 'Internal server error' }, { status: 500 });
} }
} }
@@ -247,6 +267,18 @@ export async function handleApiRequest(request: Request, env: Env, url: URL): Pr
'Access-Control-Allow-Headers': 'Content-Type', 'Access-Control-Allow-Headers': 'Content-Type',
}; };
// Origin 헤더 검증 (curl 우회 방지)
const origin = request.headers.get('Origin');
const allowedOrigin = 'https://hosting.anvil.it.com';
if (!origin || origin !== allowedOrigin) {
logger.warn('Contact API - 허용되지 않은 Origin', { origin });
return Response.json(
{ error: 'Forbidden' },
{ status: 403 }
);
}
try { try {
const body = await request.json() as { const body = await request.json() as {
email: string; email: string;
@@ -299,7 +331,7 @@ export async function handleApiRequest(request: Request, env: Env, url: URL): Pr
{ headers: corsHeaders } { headers: corsHeaders }
); );
} catch (error) { } catch (error) {
console.error('[Contact] 오류:', error); console.error('[Contact] Internal error:', error);
return Response.json( return Response.json(
{ error: '문의 전송 중 오류가 발생했습니다.' }, { error: '문의 전송 중 오류가 발생했습니다.' },
{ status: 500, headers: corsHeaders } { status: 500, headers: corsHeaders }
@@ -368,8 +400,8 @@ export async function handleApiRequest(request: Request, env: Env, url: URL): Pr
return Response.json(metrics); return Response.json(metrics);
} catch (error) { } catch (error) {
console.error('[Metrics API] Error:', error); console.error('[Metrics API] Internal error:', error);
return Response.json({ error: String(error) }, { status: 500 }); return Response.json({ error: 'Internal server error' }, { status: 500 });
} }
} }

15
src/security.ts
View File

@@ -82,13 +82,14 @@ export async function validateWebhookRequest(
} }
// 3. Secret Token 검증 (필수) // 3. Secret Token 검증 (필수)
if (env.WEBHOOK_SECRET) { if (!env.WEBHOOK_SECRET) {
if (!isValidSecretToken(request, env.WEBHOOK_SECRET)) { console.error('WEBHOOK_SECRET not configured - rejecting request');
console.error('Invalid webhook secret token'); return { valid: false, error: 'Security configuration error' };
return { valid: false, error: 'Invalid secret token' }; }
}
} else { if (!isValidSecretToken(request, env.WEBHOOK_SECRET)) {
console.warn('WEBHOOK_SECRET not configured - skipping token validation'); console.error('Invalid webhook secret token');
return { valid: false, error: 'Invalid secret token' };
} }
// 4. IP 화이트리스트 검증 (선택적 - CF에서는 CF-Connecting-IP 사용) // 4. IP 화이트리스트 검증 (선택적 - CF에서는 CF-Connecting-IP 사용)

20
src/services/deposit-matcher.ts
View File

@@ -1,4 +1,7 @@
import { BankNotification } from '../types'; import { BankNotification } from '../types';
import { createLogger } from '../utils/logger';
const logger = createLogger('deposit-matcher');
/** /**
* 자동 매칭 결과 * 자동 매칭 결과
@@ -58,7 +61,7 @@ export async function matchPendingDeposit(
try { try {
// 트랜잭션: 거래 확정 + 잔액 증가 + 알림 매칭 업데이트 // 트랜잭션: 거래 확정 + 잔액 증가 + 알림 매칭 업데이트
await db.batch([ const results = await db.batch([
db.prepare( db.prepare(
"UPDATE deposit_transactions SET status = 'confirmed', confirmed_at = CURRENT_TIMESTAMP WHERE id = ?" "UPDATE deposit_transactions SET status = 'confirmed', confirmed_at = CURRENT_TIMESTAMP WHERE id = ?"
).bind(pendingTx.id), ).bind(pendingTx.id),
@@ -70,6 +73,21 @@ export async function matchPendingDeposit(
).bind(pendingTx.id, notificationId), ).bind(pendingTx.id, notificationId),
]); ]);
// Batch 결과 검증
const allSuccessful = results.every(r => r.success && r.meta?.changes && r.meta.changes > 0);
if (!allSuccessful) {
logger.error('Batch 부분 실패 (입금 자동 매칭 - SMS)', undefined, {
results,
userId: pendingTx.user_id,
transactionId: pendingTx.id,
amount: pendingTx.amount,
notificationId,
depositorName: notification.depositorName,
context: 'match_pending_deposit_sms'
});
throw new Error('거래 처리 실패 - 관리자에게 문의하세요');
}
console.log('[matchPendingDeposit] 매칭 완료:', { console.log('[matchPendingDeposit] 매칭 완료:', {
transactionId: pendingTx.id, transactionId: pendingTx.id,
userId: pendingTx.user_id, userId: pendingTx.user_id,

19
src/summary-service.ts
View File

@@ -1,4 +1,7 @@
import { Env, BufferedMessage, Summary, ConversationContext } from './types'; import { Env, BufferedMessage, Summary, ConversationContext } from './types';
import { createLogger } from './utils/logger';
const logger = createLogger('summary-service');
// 설정값 가져오기 // 설정값 가져오기
const getConfig = (env: Env) => ({ const getConfig = (env: Env) => ({
@@ -245,7 +248,7 @@ export async function processAndSummarize(
const newMessageCount = (latestSummary?.message_count || 0) + messages.length; const newMessageCount = (latestSummary?.message_count || 0) + messages.length;
// 트랜잭션 실행 // 트랜잭션 실행
await env.DB.batch([ const results = await env.DB.batch([
env.DB env.DB
.prepare(` .prepare(`
INSERT INTO summaries (user_id, chat_id, generation, summary, message_count) INSERT INTO summaries (user_id, chat_id, generation, summary, message_count)
@@ -258,6 +261,20 @@ export async function processAndSummarize(
.bind(userId, chatId), .bind(userId, chatId),
]); ]);
// Batch 결과 검증
const allSuccessful = results.every(r => r.success && r.meta?.changes && r.meta.changes > 0);
if (!allSuccessful) {
logger.error('Batch 부분 실패 (프로필 업데이트)', undefined, {
results,
userId,
chatId,
generation: newGeneration,
messageCount: newMessageCount,
context: 'update_summary'
});
throw new Error('프로필 업데이트 실패 - 관리자에게 문의하세요');
}
// 오래된 요약 정리 // 오래된 요약 정리
await cleanupOldSummaries(env.DB, userId, chatId, config.maxSummaries); await cleanupOldSummaries(env.DB, userId, chatId, config.maxSummaries);

4
src/tools/deposit-tool.ts
View File

@@ -1,6 +1,6 @@
import { executeDepositFunction, type DepositContext } from '../deposit-agent'; import { executeDepositFunction, type DepositContext } from '../deposit-agent';
import type { Env } from '../types'; import type { Env } from '../types';
import { createLogger } from '../utils/logger'; import { createLogger, maskUserId } from '../utils/logger';
const logger = createLogger('deposit-tool'); const logger = createLogger('deposit-tool');
@@ -126,7 +126,7 @@ export async function executeManageDeposit(
db?: D1Database db?: D1Database
): Promise<string> { ): Promise<string> {
const { action, depositor_name, amount, transaction_id, limit } = args; const { action, depositor_name, amount, transaction_id, limit } = args;
logger.info('시작', { action, depositor_name, amount, telegramUserId }); logger.info('시작', { action, depositor_name, amount, userId: maskUserId(telegramUserId) });
if (!telegramUserId || !db) { if (!telegramUserId || !db) {
return '🚫 예치금 기능을 사용할 수 없습니다.'; return '🚫 예치금 기능을 사용할 수 없습니다.';

71
src/tools/domain-tool.ts
View File

@@ -1,6 +1,6 @@
import type { Env } from '../types'; import type { Env } from '../types';
import { retryWithBackoff, RetryError } from '../utils/retry'; import { retryWithBackoff, RetryError } from '../utils/retry';
import { createLogger } from '../utils/logger'; import { createLogger, maskUserId } from '../utils/logger';
const logger = createLogger('domain-tool'); const logger = createLogger('domain-tool');
@@ -382,9 +382,9 @@ async function callNamecheapApi(
await db.prepare( await db.prepare(
'INSERT INTO user_domains (user_id, domain, verified, created_at) VALUES (?, ?, 1, datetime("now"))' 'INSERT INTO user_domains (user_id, domain, verified, created_at) VALUES (?, ?, 1, datetime("now"))'
).bind(userId, funcArgs.domain).run(); ).bind(userId, funcArgs.domain).run();
logger.info('user_domains에 추가', { userId, domain: funcArgs.domain }); logger.info('user_domains에 추가', { userId: maskUserId(userId), domain: funcArgs.domain });
} catch (dbError) { } catch (dbError) {
logger.error('user_domains 추가 실패', dbError as Error, { userId, domain: funcArgs.domain }); logger.error('user_domains 추가 실패', dbError as Error, { userId: maskUserId(userId), domain: funcArgs.domain });
result.warning = result.warning || ''; result.warning = result.warning || '';
result.warning += ' (DB 기록 실패 - 수동 추가 필요)'; result.warning += ' (DB 기록 실패 - 수동 추가 필요)';
} }
@@ -715,7 +715,7 @@ export async function executeManageDomain(
db?: D1Database db?: D1Database
): Promise<string> { ): Promise<string> {
const { action, domain, nameservers, tld } = args; const { action, domain, nameservers, tld } = args;
logger.info('시작', { action, domain, telegramUserId, hasDb: !!db }); logger.info('시작', { action, domain, userId: maskUserId(telegramUserId), hasDb: !!db });
// 소유권 검증 (DB 조회) // 소유권 검증 (DB 조회)
if (!telegramUserId || !db) { if (!telegramUserId || !db) {
@@ -881,18 +881,21 @@ ${excludeList ? `- 다음 도메인은 제외하세요: ${excludeList}` : ''}
return `🎯 **${keywords}** 관련 도메인:\n\n❌ 등록 가능한 도메인을 찾지 못했습니다.\n다른 키워드로 다시 시도해주세요.`; return `🎯 **${keywords}** 관련 도메인:\n\n❌ 등록 가능한 도메인을 찾지 못했습니다.\n다른 키워드로 다시 시도해주세요.`;
} }
// Step 3: 가격 조회 (캐시 활용) // Step 3: 가격 조회 (병렬 처리 + 캐시 활용)
const tldPrices: Record<string, number> = {}; const tldPrices: Record<string, number> = {};
const uniqueTlds = [...new Set(availableDomains.map(d => d.domain.split('.').pop() || ''))]; const uniqueTlds = [...new Set(availableDomains.map(d => d.domain.split('.').pop() || ''))];
for (const tld of uniqueTlds) { logger.info('가격 조회 시작', { tldCount: uniqueTlds.length, tlds: uniqueTlds });
// 병렬 처리로 가격 조회
const pricePromises = uniqueTlds.map(async (tld) => {
try { try {
// 캐시 확인 // 캐시 확인
if (env?.RATE_LIMIT_KV) { if (env?.RATE_LIMIT_KV) {
const cached = await getCachedTLDPrice(env.RATE_LIMIT_KV, tld); const cached = await getCachedTLDPrice(env.RATE_LIMIT_KV, tld);
if (cached) { if (cached) {
tldPrices[tld] = cached.krw; logger.info('캐시 히트', { tld, price: cached.krw });
continue; return { tld, price: cached.krw, cached: true };
} }
} }
@@ -903,19 +906,51 @@ ${excludeList ? `- 다음 도메인은 제외하세요: ${excludeList}` : ''}
}), }),
{ maxRetries: 3 } { maxRetries: 3 }
); );
if (priceRes.ok) {
const priceData = await priceRes.json() as { krw?: number };
tldPrices[tld] = priceData.krw || 0;
// 캐시 저장 if (!priceRes.ok) {
if (env?.RATE_LIMIT_KV) { logger.warn('가격 조회 실패', { tld, status: priceRes.status });
await setCachedTLDPrice(env.RATE_LIMIT_KV, tld, priceData); return { tld, price: null, error: `HTTP ${priceRes.status}` };
}
} }
} catch {
// 가격 조회 실패 시 무시 const priceData = await priceRes.json() as { krw?: number };
const price = priceData.krw || 0;
// 캐시 저장
if (env?.RATE_LIMIT_KV && price > 0) {
await setCachedTLDPrice(env.RATE_LIMIT_KV, tld, priceData);
}
logger.info('API 가격 조회 완료', { tld, price });
return { tld, price, cached: false };
} catch (error) {
logger.error('가격 조회 에러', error as Error, { tld });
return { tld, price: null, error: String(error) };
} }
} });
const priceResults = await Promise.all(pricePromises);
// 결과 집계
let cacheHits = 0;
let apiFetches = 0;
let errors = 0;
priceResults.forEach(({ tld, price, cached }) => {
if (price !== null) {
tldPrices[tld] = price;
if (cached) cacheHits++;
else apiFetches++;
} else {
errors++;
}
});
logger.info('가격 조회 완료', {
total: uniqueTlds.length,
cacheHits,
apiFetches,
errors,
});
// Step 4: 결과 포맷팅 (등록 가능한 것만) // Step 4: 결과 포맷팅 (등록 가능한 것만)
let response = `🎯 **${keywords}** 관련 도메인:\n\n`; let response = `🎯 **${keywords}** 관련 도메인:\n\n`;

24
src/utils/logger.ts
View File

@@ -432,3 +432,27 @@ export function createDebugLogger(service: string): Logger {
environment: 'development', environment: 'development',
}); });
} }
/**
* Mask sensitive user ID for GDPR compliance
*
* Shows first 4 characters only, rest replaced with asterisks.
* Prevents logging of full user IDs which may violate data protection regulations.
*
* @param userId - User ID (Telegram ID or database ID)
* @returns Masked user ID string
*
* @example
* ```typescript
* maskUserId('821596605') // '8215****'
* maskUserId(821596605) // '8215****'
* maskUserId(undefined) // 'unknown'
* maskUserId('123') // '****'
* ```
*/
export function maskUserId(userId: string | number | undefined): string {
if (!userId) return 'unknown';
const str = String(userId);
if (str.length <= 4) return '****';
return str.slice(0, 4) + '****';
}