Commit graph

58 commits

Author SHA1 Message Date
Maybe Waffle
22c6330ba8 Prepare 0.5.0 release 2022-04-13 14:58:38 +04:00
Maybe Waffle
439a345dee Use tokio's try_recv instead of hacks 2022-04-10 17:25:06 +04:00
Maybe Waffle
daec5ee13e Hide bot token in errors
This fixes a potential[^1] security vulnerability -- if bot shows errors
from teloxide to the user & for some reason network error happened[^2]
the url of the request would be included in the error. Since TBA
includes bot token in the error this may lead to token leakage.

This commit fixes that issue by removing the token from the urls of
`reqwest::Error`, we try to only replace the token, but if we fail we
remove the whole url.

This can be tested by using a very low timeout value for the http
reqwest client:
```rust
let client = reqwest::Client::builder()
    .timeout(std::time::Duration::from_millis(1))
    .build()
    .unwrap();

let bot = Bot::from_env_with_client(client).auto_send();

// see if the token is redacted when network error (timeout) happens
// while sending common requests
let _ = dbg!(bot.get_me().await);

// see if the token is redacted when network error (timeout) happens
// while downloading files ("path" is unimportant as the timeout is so
// low the request probably won't even be sent)
let _ = dbg!(bot.download_file_stream("path").next().await);
```

For me this gives the following result:
```text
[t.rs:26] bot.get_me().await = Err(
    Network(
        reqwest::Error {
            kind: Request,
            url: Url {
                scheme: "https",
                cannot_be_a_base: false,
                username: "",
                password: None,
                host: Some(
                    Domain(
                        "api.telegram.org",
                    ),
                ),
                port: None,
                path: "/token:redacted/GetMe",
                query: None,
                fragment: None,
            },
            source: TimedOut,
        },
    ),
)
[t.rs:31] bot.download_file_stream("path").next().await = Some(
    Err(
        reqwest::Error {
            kind: Request,
            url: Url {
                scheme: "https",
                cannot_be_a_base: false,
                username: "",
                password: None,
                host: Some(
                    Domain(
                        "api.telegram.org",
                    ),
                ),
                port: None,
                path: "/file/token:redacted/path",
                query: None,
                fragment: None,
            },
            source: TimedOut,
        },
    ),
)
```

Note that this commits parent is `d0be260` and not the current master
the master branch currently contains breaking changes (we'll need to
make a release from this brach directly).

[^1]: Note that there are recorded cases where the token got exposed.
[^2]: Note that this can be theoretically be controlled by the user when
      sending/downloading bigger files.
2022-04-03 13:34:17 +04:00
Maybe Waffle
1a61d02858 Release 0.4.4 2022-03-21 19:22:22 +04:00
Maybe Waffle
11c79499e3 Release 0.4.3 2022-03-07 22:43:24 +04:00
Maybe Waffle
1d7825c97a Prepare 0.4.2 release 2022-02-17 15:03:41 +03:00
Maybe Waffle
bfb64665a6 Release 0.4.1 2022-02-13 21:08:40 +03:00
Maybe Waffle
4f85b8dc03 Dump version (-> 0.4.0) 2022-02-03 17:48:36 +03:00
Maybe Waffle
dde40e613f Change process of building docs
- introduce `docs` alias that does the right thing (tm)
- use `-Zrustdoc-scrape-examples`
2022-01-31 18:23:30 +03:00
Maybe Waffle
5b4ed3faa9 Allow sending impl AsyncRead
This commit adds `InputFile::read` constructor that creates `InputFile`
from an `impl AsyncRead + Send + Unpin + 'static`.

Internally this requires quite a bit of work, since we need to support
cloning `InputFile`s but the `AsyncRead` trait only allows us reading it
once.

To support this, if `InputFile` detects that it's shared, it reads the
contents of the `AsyncRead` into a buffer and then shares the buffer
(or an error if it has occured).
2022-01-13 17:14:24 +03:00
Maybe Waffle
a84e897db9 Refactor multipart requests
This removes the logic in the multipart serializer that unserialized
`InputFile`s from serde. Now `InputFile`s  are serialized either as
their value (for `FileId` and `Url`) or as an `attach://<id>` string
where `<id>` is replaced with some id unique for the file. The file data
itself is acquired through `MultipartPayload` trait.

Since the `<id>` must be the same while serializing the file with serde
and while acquiring data through `MultipartPayload` trait, `InputFile`
needs to store said id. As such, `InputFile` is now a structure with
private fields and it's structure can't be observed by users. The only
things that `InputFile` provides are
- Constructors (`url`, `file_id`, `file`, `memory`)
- File name setter
- `Clone` and `Debug` implementations
2022-01-13 17:14:13 +03:00
Maybe Waffle
62e9e8afd4 Make ChatPermissions into bitflags 2021-12-29 20:36:08 +03:00
Hirrolot
a07c9b0431
Merge pull request #149 from teloxide/remove-authors
Remove the `authors` field from `Cargo.toml`
2021-12-23 16:42:54 +06:00
Hirrolot
a976bd8a33 Remove the authors field from Cargo.toml 2021-12-23 16:35:53 +06:00
Maybe Waffle
c4b148459d Add regression test for issue 473 2021-11-20 19:50:15 +03:00
Dominic
1d9811918b
disable default features of chrono 2021-10-23 17:36:42 +02:00
Maybe Waffle
bd8bafd03b Fix *_inline methods (release v0.3.4) 2021-10-18 13:47:02 +03:00
Waffle
5349c85404 Fix compilation with nigthly feature
The `min_type_alias_impl_trait` feature was removed in faviour of `type_alias_impl_trait`.
2021-08-03 02:29:26 +03:00
Waffle
1d379a3452 Dump version: 0.3.1 => 0.3.2 2021-07-27 12:58:11 +03:00
Waffle
1fe4518ee9 Add tools for Bot/Request type erasure 2021-07-12 16:58:51 +03:00
Waffle
9e8819d726 Add Trace bot adaptor 2021-07-10 17:41:20 +03:00
Waffle
1eddea5c85 Remove accidentally added cargo feature 2021-07-08 13:50:17 +03:00
Waffle
5aa622b361 impl HasPayload, Request and Requester for either::Either
This allows to use different adaptors depending on runtime context.
2021-07-08 13:04:40 +03:00
Waffle
b2152db747 Prepare 0.3.1 release 2021-07-07 20:14:27 +03:00
Waffle
df69d07f2b Bump version (0.2.2 => 0.3.0) 2021-07-04 17:36:07 +03:00
Waffle
2c9a4208b7 Update deps 2021-07-04 17:36:07 +03:00
Waffle
421cf42835 Use url::Url for urls, use chrono::DateTime<Utc> for dates 2021-07-03 23:35:13 +03:00
Waffle
4de91811c4 Fix docs.rs metadata 2021-05-09 00:43:16 +03:00
Waffle
653c804037 Update types to TBA 5.2 2021-05-04 16:01:18 +03:00
Diego Roig
84a18d2b5d fix reqwest dependency features 2021-03-26 16:47:03 -05:00
Waffle
46b6c124eb Bump version (0.2.1 => 0.2.2) 2021-03-22 10:53:19 +03:00
Waffle
670979e5ca Release 0.2.1 2021-03-19 12:28:05 +03:00
Waffle
fd841ecd95 prepare for 0.2 release 2021-03-16 15:48:36 +03:00
Temirkhan Myrzamadi
61eed38c32 Fix SemiparsedVec 2021-03-13 17:46:16 +06:00
Temirkhan Myrzamadi
e519849c6a
Merge pull request #53 from teloxide/remove_dbg
Remove dbg! print
2021-02-17 15:17:23 +03:00
Waffle
7c18750a8f Remove dbg! print 2021-02-17 14:23:13 +03:00
Waffle
6b9e278578 fix crates.io categories 2021-02-17 00:17:14 +03:00
Waffle
2f78da091a fill fields in Cargo.toml before releasing the lib 2021-02-17 00:06:37 +03:00
Temirkhan Myrzamadi
592fadfa7d
Merge pull request #40 from teloxide/remove_git_dep
Remove git dependency
2021-01-22 09:17:25 +06:00
Waffle
3c70ae5de0 make native-tls default feature 2021-01-21 23:48:04 +03:00
Mikail Bagishov
56f0fc609d fixup 2021-01-21 23:48:04 +03:00
Mikail Bagishov
e289729055 Support rustls
This was teloxide-based applications can be easily compiled for musl
targets.
2021-01-21 23:47:46 +03:00
Waffle
6abf571c96 Remove git dependency 2021-01-21 22:25:20 +03:00
Waffle
580f50e736 Add very basic example 2021-01-13 16:12:04 +03:00
Waffle
d3ecca662b Normalize docs 2021-01-07 18:00:57 +03:00
Waffle
71d90002ce update dependencies 2021-01-07 15:58:51 +03:00
Waffle
d7d8bc6246 Add all tba methods to Requester trait 2020-11-24 19:32:29 +03:00
Waffle
e79f83d4a1 Move bot adaptors to own module and place then under features
This commit moves `bot::{auto_send,cache_me,limits}` modules to
`adaptors::{auto_send,cache_me,throttle}.

ALso it adds 4 crate features:
- `throttle`
- `cache_me`
- `auto_send`
- `full` (enables all features, except `nightly`)
2020-10-21 05:14:48 +03:00
Waffle
d43f2514d3 [throttle] use channel close to send unlock "messages"
Also use `with_capacity` for queue
2020-10-02 20:53:00 +03:00
Waffle
7fdf9cd9a6 [throttle] implement send_ref 2020-10-02 20:53:00 +03:00