mirror of
https://github.com/teloxide/teloxide.git
synced 2024-12-23 06:51:01 +01:00
daec5ee13e
This fixes a potential[^1] security vulnerability -- if bot shows errors from teloxide to the user & for some reason network error happened[^2] the url of the request would be included in the error. Since TBA includes bot token in the error this may lead to token leakage. This commit fixes that issue by removing the token from the urls of `reqwest::Error`, we try to only replace the token, but if we fail we remove the whole url. This can be tested by using a very low timeout value for the http reqwest client: ```rust let client = reqwest::Client::builder() .timeout(std::time::Duration::from_millis(1)) .build() .unwrap(); let bot = Bot::from_env_with_client(client).auto_send(); // see if the token is redacted when network error (timeout) happens // while sending common requests let _ = dbg!(bot.get_me().await); // see if the token is redacted when network error (timeout) happens // while downloading files ("path" is unimportant as the timeout is so // low the request probably won't even be sent) let _ = dbg!(bot.download_file_stream("path").next().await); ``` For me this gives the following result: ```text [t.rs:26] bot.get_me().await = Err( Network( reqwest::Error { kind: Request, url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some( Domain( "api.telegram.org", ), ), port: None, path: "/token:redacted/GetMe", query: None, fragment: None, }, source: TimedOut, }, ), ) [t.rs:31] bot.download_file_stream("path").next().await = Some( Err( reqwest::Error { kind: Request, url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some( Domain( "api.telegram.org", ), ), port: None, path: "/file/token:redacted/path", query: None, fragment: None, }, source: TimedOut, }, ), ) ``` Note that this commits parent is `d0be260` and not the current master the master branch currently contains breaking changes (we'll need to make a release from this brach directly). [^1]: Note that there are recorded cases where the token got exposed. [^2]: Note that this can be theoretically be controlled by the user when sending/downloading bigger files.
19 KiB
19 KiB
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
unreleased
0.4.5 - 2022-04-03
Fixed
- Hide bot token in errors (#200)
0.4.4 - 2022-04-21
Added
WrongFileIdOrUrl
andFailedToGetUrlContent
errors (#188)NotFound
error (#190)HasPayload::with_payload_mut
function (#189)
0.4.3 - 2022-03-08
Added
User::is_telegram
function (#186)
Fixed
Update::chat()
now returnsSome(&Chat)
forUpdateKind::ChatMember
,UpdateKind::MyChatMember
,UpdateKind::ChatJoinRequest
(#184)get_updates
timeouts (partially revert buggy #180) (#185)
0.4.2 - 2022-02-17 [yanked]
Deprecated
Message::chat_id
use.chat.id
field instead (#182)
Fixed
- Serialization of
SendPoll::type_
(it's now possible to send quiz polls) (#181)
Added
Payload::timeout_hint
method to properly handle long running requests likeGetUpdates
(#180)
0.4.1 - 2022-02-13
Fixed
- Deserialization of
UntilDate
(#178)
0.4.0 - 2022-02-03
Added
ApiError::TooMuchInlineQueryResults
(#135)ApiError::NotEnoughRightsToChangeChatPermissions
(#155)- Support for 5.4 telegram bot API (#133)
- Support for 5.5 telegram bot API (#143, #164)
- Support for 5.6 telegram bot API (#162)
- Support for 5.7 telegram bot API (#175)
EditedMessageIsTooLong
error (#109)UntilDate
enum and use it for{Restricted, Banned}::until_date
(#117)Limits::messages_per_min_channel
(#121)media_group_id
field toMediaDocument
andMediaAudio
(#139)caption_entities
method toInputMediaPhoto
(#140)User::is_anonymous
andUser::is_channel
functions (#151)UpdateKind::Error
(#156)
Changed
- Refactor
InputFile
(#167)- Make it an opaque structure, instead of enum
- Add
read
constructor, that allows creatingInputFile
fromimpl AsyncRead
- Internal changes
- Refactor errors (#134)
- Rename
DownloadError::NetworkError
toNetwork
- Rename
RequestError::ApiError
toApi
- Remove
RequestError::Api::status_code
and renameRequestError::Api::kind
to0
(struct to tuple struct) - Rename
RequestError::NetworkError
toNetwork
- Implement
Error
forApiError
- Rename
- Use
url::Url
for urls, usechrono::DateTime<Utc>
for dates in types (#115) - Mark
ApiError
asnon_exhaustive
(#125) InputFile
and related structures now do not implementPartialEq
,Eq
andHash
(#133)- How forwarded messages are represented (#151)
RequestError::InvalidJson
now has araw
field with raw json for easier debugability (#150)ChatPermissions
is now bitflags (#157)- Type of
WebhookInfo::ip_address
fromOption<String>
toOption<std::net::IpAddr>
(#172) - Type of
WebhookInfo::allowed_updates
fromOption<Vec<String>>
toOption<Vec<AllowedUpdate>>
(#174)
Fixed
- Deserialization of chat migrations, see issue #427 (#143)
- Type of
BanChatMember::until_date
:u64
->chrono::DateTime<Utc>
(#117) - Type of
Poll::correct_option_id
:i32
->u8
(#119) - Type of
Poll::open_period
:i32
->u16
(#119) Throttle
adaptor not honouring chat/min limits (#121)- Make
SendPoll::type_
optional (#133) - Bug with
caption_entities
, see issue #473 - Type of response for
CopyMessage
method (#141, #142) - Bad request serialization when the
language
field ofMessageEntityKind::Pre
isNone
(#145) - Deserialization of
MediaKind::Venue
(#147) - Deserialization of
VoiceChat{Started,Ended}
messages (#153) - Serialization of
BotCommandScope::Chat{,Administrators}
(#154)
Removed
get_updates_fault_tolerant
method andSemiparsedVec
(#156)
0.3.3 - 2021-08-03
Fixed
- Compilation with
nightly
feature (usetype_alias_impl_trait
instead ofmin_type_alias_impl_trait
) (#108)
0.3.2 - 2021-07-27
Added
ErasedRequester
bot adaptor,ErasedRequest
struct,{Request, RequesterExt}::erase
functions (#105)Trace
bot adaptor (#104)HasPayload
,Request
andRequester
implementations foreither::Either
(#103)
0.3.1 - 2021-07-07
0.3.0 - 2021-07-05
Added
impl Clone
for {CacheMe
,DefaultParseMode
,Throttle
} (#76)DefaultParseMode::parse_mode
which allows to get currently used default parse mode (#77)Thrrotle::{limits,set_limits}
functions (#77)Throttle::{with_settings,spawn_with_settings}
andthrottle::Settings
(#96)- Getters for fields nested in
Chat
(#80) - API errors:
ApiError::NotEnoughRightsToManagePins
,ApiError::BotKickedFromSupergroup
(#84) - Telegram bot API 5.2 support (#86)
- Telegram bot API 5.3 support (#99)
net::default_reqwest_settings
function (#90)
Changed
Message::url
now returns links to messages in private groups too (#80)- Refactor
ChatMember
methods (#74)- impl
Deref<Target = ChatMemberKind>
to makeChatMemberKind
's methods callable directly onChatMember
- Add
ChatMemberKind::is_{creator,administrator,member,restricted,left,kicked}
which checkkind
along withis_privileged
andis_in_chat
which combine some of the above. - Refactor privilege getters
- impl
- Rename
ChatAction::{RecordAudio => RecordVoice, UploadAudio => UploadVoice}
(#86) - Use
url::Url
for urls, usechrono::DateTime<Utc>
for dates (#97)
Fixed
- telegram_response: fix issue
retry_after
andmigrate_to_chat_id
handling (#94) - Type of
PublicChatSupergroup::slow_mode_delay
field:Option<i32>
=>Option<u32>
(#80) - Add missing
Chat::message_auto_delete_time
field (#80) - Output types of
LeaveChat
PinChatMessage
,SetChatDescription
,SetChatPhoto
SetChatTitle
,UnpinAllChatMessages
andUnpinChatMessage
:String
=>True
(#79) SendChatAction
output typeMessage
=>True
(#75)GetChatAdministrators
output typeChatMember
=>Vec<ChatMember>
(#73)reqwest
dependency bringingnative-tls
in even whenrustls
was selected (#71)- Type of
{Restricted,Kicked}::until_date
fields:i32
=>i64
(#74) - Type of
PhotoSize::{width,height}
fields:i32
=>u32
(#100)
0.2.2 - 2020-03-22
Fixed
- Typo:
ReplyMarkup::{keyboad => keyboard}
(#69)- Note: method with the old name was deprecated and hidden from docs
0.2.1 - 2020-03-19
Fixed
- Types fields privacy (make fields of some types public) (#68)
Dice::{emoji, value}
MessageMessageAutoDeleteTimerChanged::message_auto_delete_timer_changed
PassportElementError::{message, kind}
StickerSet::thumb
0.2.0 - 2020-03-16
Changed
- Refactor
ReplyMarkup
(#pr65) (BC)- Rename
ReplyMarkup::{InlineKeyboardMarkup => InlineKeyboard, ReplyKeyboardMarkup => Keyboard, ReplyKeyboardRemove => KeyboardRemove}
- Add
inline_kb
,keyboad
,kb_remove
andforce_reply
ReplyMarkup
consructors - Rename
ReplyKeyboardMarkup
=>KeyboardMarkup
- Rename
ReplyKeyboardRemove
=>KeyboardRemove
- Remove useless generic param from
ReplyKeyboardMarkup::new
andInlineKeyboardMarkup::new
- Change parameters order in
ReplyKeyboardMarkup::append_to_row
andInlineKeyboardMarkup::append_to_row
- Rename
- Support telegram bot API version 5.1 (see it's changelog) (#pr63) (BC)
- Support telegram bot API version 5.0 (see it's changelog) (#pr62) (BC)
Added
GetUpdatesFaultTolerant
- fault toletant version ofGetUpdates
(#58) (BC)- Derive
Clone
forAutoSend
.
Fixed
- Make
MediaContact::contact
public (#pr64) set_webhook
signature (makeallowed_updates
optional) (#59)- Fix typos in payloads (#57):
get_updates
:offset
i64
->i32
send_location
: makelive_period
optional
send_contact
signature (phone_number
andfirst_name
f64
=>String
) (#56)
Removed
Message::text_owned
(#pr62) (BC)
Changed
NonStrictVec
->SemiparsedVec
.
0.1.1 - 2020-02-17
Fixed
- Remove
dbg!
call from internals (#53)
0.1.0 - 2020-02-17
Added
#[non_exhaustive]
onInputFile
since we may want to add new ways to send files in the future (#49)MultipartPayload
for future proofing (#49)- Support for
rustls
(#24) #[must_use]
attr to payloads implemented by macro (#22)- forward-to-deref
Requester
impls (#39) Bot::{set_,}api_url
methods (#26, #35)payloads
moduleRequesterExt
trait which is implemented for allRequester
s and allows easily wrapping them in adaptorsadaptors
module (#14)throttle
,cache_me
,auto_send
andfull
crate features- Request throttling - opt-in feature represented by
Throttle
bot adapter which allows automatically checking telegram limits (#10, #46, #50) - Request auto sending - ability to
.await
requests without need to call.send()
(opt-in feature represented byAutoSend
bot adapter, #8) get_me
caching (opt-in feature represented byCacheMe
bot adapter)
Requester
trait which represents bot-clients (#7, #12, #27){Json,Multipart}Request
theBot
requests types (#6)Output<T>
alias to<<T as HasPayload>::Payload as Payload>::Output
Payload
,HasPayload
andRequest
traits which represent different parts of the request (#5)GetUpdatesNonStrict
'telegram' method, that behaves just likeGetUpdates
but doesn't #2 fail if one of updates fails to be deserialized- Move core code here from the
teloxide
main repo, for older changes see it'sCHANGELOG.md
.- Following modules were moved:
bot
requests
[exceptrequests::respond
function]types
errors
net
[private]
client_from_env
was moved fromteloxide::utils
to crate root ofteloxide-core
- To simplify
GetUpdates
request it was changed to simply returnVec<Update>
(instead ofVec<Result<Update, (Value, serde_json::Error)>>
)
- Following modules were moved:
Changed
- Cleanup setters in
types::*
(remove most of them) (#44) - Refactor
KeyboardButtonPollType
(#44) - Replace
Into<Vec<_>>
byIntoIterator<Item = _>
in function arguments (#44) - Update dependencies (including tokio 1.0) (#37)
- Refactor file downloading (#30):
- Make
net
module public - Move
Bot::download_file{,_stream}
methods to a newDownload
trait- Impl
Download
for all bot adaptors & theBot
itself
- Impl
- Change return type of
download_file_stream
— returnStream<Result<Bytes>>``, instead of
Future<Result<Stream<Result>>>`` - Add
api_url
param to standalone versions ofdownload_file{,_stream}
- Make
net::{TELEGRAM_API_URL, download_file{,_stream}}
pub
- Make
- Refactor
Bot
(#29):- Move default parse mode to an adaptor (
DefaultParseMode
) - Remove bot builder (it's not usefull anymore, since parse_mode is moved away)
- Undeprecate bot constructors (
Bot::{new, with_client, from_env_with_client}
)
- Move default parse mode to an adaptor (
- Rename
StickerType
=>InputSticker
,{CreateNewStickerSet,AddStickerToSet}::sticker_type}
=>sticker
(#23, #43) - Use
_: IntoIterator<Item = T>
bound instead of_: Into<Vec<T>>
in telegram methods which accept collections (#21) - Make
MessageDice::dice
pub (#20) - Merge
ApiErrorKind
andKnownApiErrorKind
intoApiError
(#13) - Refactor ChatMember (#9)
- Replace a bunch of
Option<_>
fields withChatMemberKind
- Remove setters (users are not expected to create this struct)
- Add getters
- Replace a bunch of
- Changed internal mechanism of sending multipart requests (#1)
- Added
RequestError::Io(io::Error)
to wrap I/O error those can happen while sending files to telegram - Make all fields of all methods
pub
(#3)