Merge pull request #282 from dmitriy-kharchenko/master

Added validation and error checking for incoming updates in ListenFor…
bot-api-6.1
TJ Horner 2020-07-29 11:42:08 -04:00 committed by GitHub
commit fb8759e91d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 31 additions and 12 deletions

26
bot.go
View File

@ -557,21 +557,35 @@ func (bot *BotAPI) ListenForWebhook(pattern string) UpdatesChannel {
ch := make(chan Update, bot.Buffer)
http.HandleFunc(pattern, func(w http.ResponseWriter, r *http.Request) {
ch <- bot.HandleUpdate(w, r)
update, err := bot.HandleUpdate(r)
if err != nil {
errMsg, _ := json.Marshal(map[string]string{"error": err.Error()})
w.WriteHeader(http.StatusBadRequest)
w.Header().Set("Content-Type", "application/json")
_, _ = w.Write(errMsg)
return
}
ch <- *update
})
return ch
}
// HandleUpdate parses and returns update received via webhook
func (bot *BotAPI) HandleUpdate(res http.ResponseWriter, req *http.Request) Update {
bytes, _ := ioutil.ReadAll(req.Body)
req.Body.Close()
func (bot *BotAPI) HandleUpdate(r *http.Request) (*Update, error) {
if r.Method != http.MethodPost {
err := errors.New("wrong HTTP method required POST")
return nil, err
}
var update Update
json.Unmarshal(bytes, &update)
err := json.NewDecoder(r.Body).Decode(&update)
if err != nil {
return nil, err
}
return update
return &update, nil
}
// AnswerInlineQuery sends a response to an inline query.

View File

@ -645,7 +645,12 @@ func ExampleWebhookHandler() {
}
http.HandleFunc("/"+bot.Token, func(w http.ResponseWriter, r *http.Request) {
log.Printf("%+v\n", bot.HandleUpdate(w, r))
update, err := bot.HandleUpdate(r)
if err != nil {
log.Printf("%+v\n", err.Error())
} else {
log.Printf("%+v\n", *update)
}
})
go http.ListenAndServeTLS("0.0.0.0:8443", "cert.pem", "key.pem", nil)