kaffa/telegram-bot-workers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: security hardening and performance improvements

Browse Source 
Security:
- Add token+secret auth to /setup-webhook and /webhook-info endpoints
- Disable /api/test in production environment (ENVIRONMENT=production)

Performance:
- Add retryWithBackoff to weather-tool (maxRetries: 2)
- Add KV caching to executeLookupDocs (1h TTL)

Code Quality:
- Centralize error messages in src/constants/messages.ts
- Update 5 files to use centralized error constants

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
kappa
2026-01-21 17:35:51 +09:00
parent 91f50ddc12
commit dab279c765
12 changed files with 121 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/index.ts
View File

@@ -21,6 +21,16 @@ export default {
return Response.json({ error: 'WEBHOOK_SECRET not configured' }, { status: 500 });
}
// 인증: token + secret 검증
const token = url.searchParams.get('token');
const secret = url.searchParams.get('secret');
if (!token || token !== env.BOT_TOKEN) {
return new Response('Unauthorized: Invalid or missing token', { status: 401 });
}
if (!secret || secret !== env.WEBHOOK_SECRET) {
return new Response('Unauthorized: Invalid or missing secret', { status: 401 });
}
const webhookUrl = `${url.origin}/webhook`;
const result = await setWebhook(env.BOT_TOKEN, webhookUrl, env.WEBHOOK_SECRET);
return Response.json(result);
@@ -31,6 +41,20 @@ export default {
if (!env.BOT_TOKEN) {
return Response.json({ error: 'BOT_TOKEN not configured' }, { status: 500 });
}
if (!env.WEBHOOK_SECRET) {
return Response.json({ error: 'WEBHOOK_SECRET not configured' }, { status: 500 });
}
// 인증: token + secret 검증
const token = url.searchParams.get('token');
const secret = url.searchParams.get('secret');
if (!token || token !== env.BOT_TOKEN) {
return new Response('Unauthorized: Invalid or missing token', { status: 401 });
}
if (!secret || secret !== env.WEBHOOK_SECRET) {
return new Response('Unauthorized: Invalid or missing secret', { status: 401 });
}
const result = await getWebhookInfo(env.BOT_TOKEN);
return Response.json(result);
}