max_bot 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0c17ffd6dfbd11379193864cf5bfd412ddfa995de84b9e82fa17e547dc7d7225
-  data.tar.gz: d831baa3f7bb717c2ad95acb41536c8925e43a62539ee6d784aa1c29cfc74254
+  metadata.gz: 55db0440db64b8a6755b400f5a30e811196f3a2e5d052d220932fcd0cbba21ff
+  data.tar.gz: 13196bf6a391f47391f3c7d2cd78e860ad4fd8c25300a7975f924f2a17332a36
 SHA512:
-  metadata.gz: 8b5dbbc7d6f38b01206430efc691ace09c68be6d0ee1a81322816ba5c4dde280ac338ab655cc4fd5d5f114fbe58938331150550df7be83462cd7776efc8bc6da
-  data.tar.gz: ed9cc5d5c132d6e4d8f22bc6bf7dbd16486ce4533bb659049053026a73725c54505f6de1bd1e23011b041a14939900d50cb75a126f46ad0d82f1b9575a312a1a
+  metadata.gz: dad1ce214df34da86bdb0e36a807d2202a72aced6f4af9f3fa91bfa1f8f0e13fc53fc225346aaa5e6058df8e357761e1bdf2b72a1866aee8391ccb92334d11f7
+  data.tar.gz: f02b42bacbe1c7e25498d2a16911506bf2a6a6f2e0eb160fdf2fea7300e471c26f62b43dea713c284042728bf191491ba69ffef71143694713164105af589700

data/CHANGELOG.md

@@ -1,5 +1,61 @@
 # Changelog
 
+## 0.3.0
+
+Changes in **0.3.0** compared to **0.2.0** are described below in **English** and **Russian**.
+
+### English
+
+#### New API methods
+
+- `api.me` — **GET /bots**: get bot info (useful for token validation).
+- `api.chat(chat_id)` — **GET /chats/{chatId}**: get group chat information.
+- `api.get_message(message_id)` — **GET /messages/{messageId}**: get a specific message.
+- `api.edit_message(message_id, text, ...)` — **PUT /messages/{messageId}**: edit a message (supports text, attachments, format, link).
+- `api.delete_message(message_id)` — **DELETE /messages/{messageId}**: delete a message.
+- `api.answer_callback(callback_query_id, ...)` — **POST /messages/callback**: reply to a callback query from inline keyboard buttons (supports `text`, `show_alert`, `url`).
+
+#### Attachments
+
+- `Attachments.clipboard_button(text, payload)` — new button type: **clipboard** (copies payload to clipboard on tap).
+
+#### Improvements & fixes
+
+- `Webhook.secret_valid?` now uses `OpenSSL.fixed_length_secure_compare` for proper constant-time comparison (was a manual XOR loop).
+- `Api.set_webhook` validates that `url` is a valid HTTP(S) URL.
+- `MultipartUpload` error responses now wrap the body in `{ message: ... }` so `ApiError#to_s` displays the message.
+- Added `Http#put` method for `PUT` requests.
+- `Attachments.inline_keyboard` fixed: `buttons` now wraps rows in an array (was `buttons: rows`, now `buttons: [rows]`).
+- 21 new tests (67 total, 153 assertions).
+
+---
+
+### Русский
+
+#### Новые методы API
+
+- `api.me` — **GET /bots**: информация о боте (удобно для проверки токена).
+- `api.chat(chat_id)` — **GET /chats/{chatId}**: информация о групповом чате.
+- `api.get_message(message_id)` — **GET /messages/{messageId}**: получить конкретное сообщение.
+- `api.edit_message(message_id, text, ...)` — **PUT /messages/{messageId}**: редактировать сообщение (поддерживает текст, вложения, формат, ссылку).
+- `api.delete_message(message_id)` — **DELETE /messages/{messageId}**: удалить сообщение.
+- `api.answer_callback(callback_query_id, ...)` — **POST /messages/callback**: ответ на callback-запрос от inline-кнопки (поддерживает `text`, `show_alert`, `url`).
+
+#### Вложения
+
+- `Attachments.clipboard_button(text, payload)` — новый тип кнопки: **clipboard** (копирует payload в буфер обмена по нажатию).
+
+#### Улучшения и исправления
+
+- `Webhook.secret_valid?` теперь использует `OpenSSL.fixed_length_secure_compare` для корректного сравнения за постоянное время (раньше был ручной XOR-цикл).
+- `Api.set_webhook` проверяет, что `url` — валидный HTTP(S) URL.
+- Ошибки `MultipartUpload` теперь оборачивают тело в `{ message: ... }`, чтобы `ApiError#to_s` отображал сообщение.
+- Добавлен метод `Http#put` для `PUT`-запросов.
+- Исправлен `Attachments.inline_keyboard`: `buttons` теперь оборачивает строки в массив (было `buttons: rows`, стало `buttons: [rows]`).
+- 21 новый тест (67 всего, 153 assertions).
+
+---
+
 ## 0.2.0
 
 Changes in **0.2.0** compared to **0.1.1** are described below in **English** and **Russian**.

data/README.md

@@ -8,7 +8,7 @@ Ruby-клиент для Bot API мессенджера **[MAX](https://dev.max.
 
 ## Требования
 
-- Ruby **≥ 2.5**
+- Ruby **≥ 3.2**
 - Токен бота в кабинете MAX (**Чат-боты → Интеграция → Получить токен**)
 
 ## Установка
@@ -16,7 +16,7 @@ Ruby-клиент для Bot API мессенджера **[MAX](https://dev.max.
 В `Gemfile`:
 
 ```ruby
-gem 'max_bot', '~> 0.2'
+gem 'max_bot', '~> 0.3'
 ```
 
 Локально из этого репозитория:
@@ -116,6 +116,8 @@ api.send_message('_cursive_', chat_id: 123, format: 'markdown')
 
 Типизированные хелперы под API: **image**, **video**, **audio**, **file**, **sticker**, **contact**, **inline_keyboard**, **location**, **share**. Примеры клавиатуры — в [документации MAX](https://dev.max.ru/docs-api).
 
+Кнопки: `callback_button`, `link_button`, `request_contact_button`, `request_geo_location_button`, `chat_button`, `message_button`, `clipboard_button`.
+
 ```ruby
 api.send_message(
   'Выберите',
@@ -194,11 +196,50 @@ api.send_media(type: :image, path: '/path/to/photo.jpg', text: 'Фото', chat_
    api.delete_webhook('https://your.domain/max/webhook')
    ```
 
+## Управление сообщениями и чатами
+
+```ruby
+# Информация о боте (проверка токена)
+bot = api.me
+puts bot[:name]  # => "My Bot"
+
+# Информация о чате
+chat = api.chat(chat_id)
+puts chat[:name]
+
+# Получить конкретное сообщение
+msg = api.get_message(message_id)
+
+# Редактировать сообщение
+api.edit_message(message_id, 'Новый текст', format: 'markdown')
+
+# Удалить сообщение
+api.delete_message(message_id)
+
+# Ответ на callback (inline-кнопки)
+api.answer_callback(callback_query_id, text: 'Выбрано!', show_alert: true)
+
+# Кнопка clipboard — копирует текст в буфер обмена
+api.send_message(
+  'Нажмите, чтобы скопировать',
+  chat_id: chat_id,
+  attachment: Max::Bot::Attachments.inline_keyboard([
+    [Max::Bot::Attachments.clipboard_button('Копировать', 'секретный_код')]
+  ])
+)
+```
+
 ## Другие методы API
 
 | Метод | HTTP |
 |--------|------|
 | `api.chats` | [GET /chats](https://dev.max.ru/docs-api/methods/GET/chats) |
+| `api.chat(chat_id)` | [GET /chats/{chatId}](https://dev.max.ru/docs-api/methods/GET/chats/%7BchatId%7D) |
+| `api.me` | [GET /bots](https://dev.max.ru/docs-api/methods/GET/bots) |
+| `api.get_message(message_id)` | [GET /messages/{messageId}](https://dev.max.ru/docs-api/methods/GET/messages/%7BmessageId%7D) |
+| `api.edit_message(message_id, ...)` | [PUT /messages/{messageId}](https://dev.max.ru/docs-api/methods/PUT/messages/%7BmessageId%7D) |
+| `api.delete_message(message_id)` | [DELETE /messages/{messageId}](https://dev.max.ru/docs-api/methods/DELETE/messages/%7BmessageId%7D) |
+| `api.answer_callback(...)` | [POST /messages/callback](https://dev.max.ru/docs-api/methods/POST/messages/callback) |
 | `api.subscriptions` | [GET /subscriptions](https://dev.max.ru/docs-api/methods/GET/subscriptions) |
 
 ## Ошибки

data/examples/polling_bot.rb

@@ -10,7 +10,7 @@ require 'bundler/setup'
 require 'logger'
 require 'max_bot'
 
-token = ENV['MAX_BOT_TOKEN']
+token = ENV.fetch('MAX_BOT_TOKEN', nil)
 abort 'Set MAX_BOT_TOKEN from the MAX platform (Chat bots → Integration → token).' if token.to_s.strip.empty?
 
 logger = Logger.new($stdout)

data/lib/max/bot/api/request_builders.rb

@@ -59,6 +59,14 @@ module Max
             query
           end
 
+          def callback_body(callback_query_id:, text:, show_alert:, url:)
+            body = { callback_query_id: callback_query_id }
+            body[:text] = text unless text.nil?
+            body[:show_alert] = show_alert unless show_alert.nil?
+            body[:url] = url unless url.nil?
+            body
+          end
+
           def media_attachment_from_upload(type, data)
             t = type.to_s
             payload = {}

data/lib/max/bot/api.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'uri'
+
 module Max
   module Bot
     # HTTP facade for the MAX Bot API (+platform-api.max.ru+).
@@ -56,9 +58,7 @@ module Max
       def upload_file(type:, path:, filename: nil)
         slot = create_upload(type: type)
         upload_url = slot[:url]
-        if upload_url.nil? || upload_url.to_s.empty?
-          raise ApiError.new('Upload response missing url', body: slot)
-        end
+        raise ApiError.new('Upload response missing url', body: slot) if upload_url.nil? || upload_url.to_s.empty?
 
         raw = MultipartUpload.post_file(
           upload_url: upload_url,
@@ -99,6 +99,7 @@ module Max
 
       # POST /subscriptions — https://dev.max.ru/docs-api/methods/POST/subscriptions
       def set_webhook(url:, update_types: nil, secret: nil)
+        assert_valid_url!(url, 'set_webhook url')
         body = RequestBuilders.subscription_body(url: url, update_types: update_types, secret: secret)
         http.post('/subscriptions', body: body)
       end
@@ -116,6 +117,70 @@ module Max
         http.get('/chats', query: query)
       end
 
+      # GET /chats/{chatId} — https://dev.max.ru/docs-api/methods/GET/chats/{chatId}
+      def chat(chat_id)
+        raise ArgumentError, 'chat_id must be a non-empty value' if chat_id.nil? || chat_id.to_s.strip.empty?
+
+        http.get("/chats/#{chat_id}")
+      end
+
+      # --- Bot info -------------------------------------------------
+
+      # GET /bots — https://dev.max.ru/docs-api/methods/GET/bots
+      def me
+        http.get('/bots')
+      end
+
+      # --- Message management ---------------------------------------
+
+      # GET /messages/{messageId} — https://dev.max.ru/docs-api/methods/GET/messages/{messageId}
+      def get_message(message_id)
+        raise ArgumentError, 'message_id must be a non-empty value' if message_id.nil? || message_id.to_s.strip.empty?
+
+        http.get("/messages/#{message_id}")
+      end
+
+      # PUT /messages/{messageId} — https://dev.max.ru/docs-api/methods/PUT/messages/{messageId}
+      def edit_message(message_id, text = nil, attachment: nil, attachments: nil, format: nil,
+                       link: nil)
+        raise ArgumentError, 'message_id must be a non-empty value' if message_id.nil? || message_id.to_s.strip.empty?
+
+        combined = RequestBuilders.combine_attachments(attachment, attachments)
+
+        http.put(
+          "/messages/#{message_id}",
+          body: RequestBuilders.message_body(
+            text: text,
+            attachments: combined,
+            format: format,
+            notify: nil,
+            link: link
+          )
+        )
+      end
+
+      # DELETE /messages/{messageId} — https://dev.max.ru/docs-api/methods/DELETE/messages/{messageId}
+      def delete_message(message_id)
+        raise ArgumentError, 'message_id must be a non-empty value' if message_id.nil? || message_id.to_s.strip.empty?
+
+        http.delete("/messages/#{message_id}")
+      end
+
+      # POST /messages/callback — https://dev.max.ru/docs-api/methods/POST/messages/callback
+      def answer_callback(callback_query_id, text: nil, show_alert: nil, url: nil)
+        raise ArgumentError, 'callback_query_id must be a non-empty value' if callback_query_id.nil? || callback_query_id.to_s.strip.empty?
+
+        http.post(
+          '/messages/callback',
+          body: RequestBuilders.callback_body(
+            callback_query_id: callback_query_id,
+            text: text,
+            show_alert: show_alert,
+            url: url
+          )
+        )
+      end
+
       private
 
       def assert_recipient!(chat_id, user_id)
@@ -130,11 +195,16 @@ module Max
         raise ArgumentError, 'send_message requires at least one of: text, attachments, attachment, link'
       end
 
+      def assert_valid_url!(value, label)
+        uri = URI.parse(value.to_s)
+        return if uri.is_a?(URI::HTTP) && uri.host && !uri.host.empty?
+
+        raise ArgumentError, "#{label} must be a valid HTTP(S) URL"
+      end
+
       def normalize_upload_type!(type)
         t = type.to_s
-        unless UPLOAD_TYPES.include?(t)
-          raise ArgumentError, "upload type must be one of #{UPLOAD_TYPES.join(', ')}"
-        end
+        raise ArgumentError, "upload type must be one of #{UPLOAD_TYPES.join(', ')}" unless UPLOAD_TYPES.include?(t)
 
         t
       end

data/lib/max/bot/attachments.rb

@@ -12,7 +12,7 @@ module Max
       module_function
 
       def prune(hash)
-        hash.reject { |_, v| v.nil? }
+        hash.compact
       end
 
       # --- Media (usually +token+ from +POST /uploads+ flow) ---
@@ -51,7 +51,7 @@ module Max
 
       # +rows+ is an Array of rows; each row is an Array of button Hashes (see +callback_button+, +link_button+, …).
       def inline_keyboard(rows)
-        { type: 'inline_keyboard', payload: { buttons: rows } }
+        { type: 'inline_keyboard', payload: { buttons: [rows] } }
       end
       alias keyboard inline_keyboard
 
@@ -98,6 +98,10 @@ module Max
         prune(type: 'message', text: text, payload: payload)
       end
 
+      def clipboard_button(text, payload)
+        { type: 'clipboard', text: text, payload: payload }
+      end
+
       # Escape hatch for new API button/attachment shapes.
       def raw(type:, payload: nil, **top_level)
         h = { type: type }

data/lib/max/bot/client.rb

@@ -6,10 +6,10 @@ module Max
     class Client
       attr_reader :api, :options
 
-      def self.run(token, **options, &block)
-        raise ArgumentError, 'block required' unless block
+      def self.run(token, **, &)
+        raise ArgumentError, 'block required' unless block_given?
 
-        new(token, **options).run(&block)
+        new(token, **).run(&)
       end
 
       def initialize(token, **options)
@@ -51,9 +51,9 @@ module Max
         result[:marker]
       end
 
-      def deliver_updates(result, &block)
+      def deliver_updates(result, &)
         updates = result.is_a?(Hash) ? (result[:updates] || []) : []
-        updates.each { |u| block.call(u) }
+        updates.each(&)
       end
 
       def handle_poll_error(error, backoff)

data/lib/max/bot/http.rb

@@ -24,6 +24,10 @@ module Max
         perform(:delete, path, query: query)
       end
 
+      def put(path, query: nil, body: nil)
+        perform(:put, path, query: query, body: body)
+      end
+
       private
 
       def perform(method, path, query: nil, body: nil)
@@ -39,7 +43,7 @@ module Max
       end
 
       def connection
-        @injected_connection || @default_connection ||= build_connection
+        @injected_connection || @connection ||= build_connection
       end
 
       def build_connection

data/lib/max/bot/json.rb

@@ -26,9 +26,9 @@ module Max
 
       def deep_symbolize(obj)
         case obj
-        when Hash
+        in Hash
           obj.each_with_object({}) { |(k, v), h| h[k.to_sym] = deep_symbolize(v) }
-        when Array
+        in Array
           obj.map { |e| deep_symbolize(e) }
         else
           obj

data/lib/max/bot/multipart_upload.rb

@@ -1,13 +1,14 @@
 # frozen_string_literal: true
 
 require 'net/http'
-require 'openssl'
 require 'securerandom'
 require 'uri'
 
 module Max
   module Bot
     # Multipart +data=@file+ upload to the URL returned by +POST /uploads+.
+    # Uses stdlib Net::HTTP to avoid Faraday multipart dependency (which requires
+    # the external faraday-multipart gem in Faraday 2.x).
     # @see https://dev.max.ru/docs-api/methods/POST/uploads
     module MultipartUpload
       module_function
@@ -43,7 +44,7 @@ module Max
           raise ApiError.new(
             "Upload failed HTTP #{response.code}",
             status: response.code.to_i,
-            body: response.body
+            body: { message: response.body }
           )
         end
 

data/lib/max/bot/update_helpers.rb

@@ -20,11 +20,10 @@ module Max
       def message_text(message)
         return unless message.is_a?(Hash)
 
-        body = message[:body]
-        case body
-        when Hash
+        case message[:body]
+        in Hash => body
           body[:text] || body[:markdown]
-        when String
+        in String => body
           body
         end
       end

data/lib/max/bot/version.rb

@@ -2,6 +2,6 @@
 
 module Max
   module Bot
-    VERSION = '0.2.0'
+    VERSION = '0.3.0'
   end
 end

data/lib/max/bot/webhook.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'openssl'
+
 module Max
   module Bot
     # Helpers for HTTPS webhook endpoints (POST body = Update JSON).
@@ -17,9 +19,7 @@ module Max
         b = expected_secret.to_s
         return false unless a.bytesize == b.bytesize
 
-        l = 0
-        a.bytes.zip(b.bytes) { |x, y| l |= x ^ y }
-        l.zero?
+        OpenSSL.fixed_length_secure_compare(a, b)
       end
 
       def extract_secret_header(env)

data/test/max/bot/api/request_builders_test.rb

@@ -9,7 +9,7 @@ module Max
         a = { type: 'share', payload: { url: 'https://a' } }
         b = { type: 'image', payload: { token: 't' } }
         out = Api::RequestBuilders.combine_attachments(a, [b])
-        assert_equal %w[share image], out.map { |h| h[:type] }
+        assert_equal(%w[share image], out.map { |h| h[:type] })
       end
 
       def test_combine_attachments_rejects_invalid_attachment
@@ -51,6 +51,27 @@ module Max
           Api::RequestBuilders.media_attachment_from_upload(:unknown, token: 'x')
         end
       end
+
+      def test_callback_body
+        b = Api::RequestBuilders.callback_body(
+          callback_query_id: 'cb_123',
+          text: 'Done',
+          show_alert: true,
+          url: nil
+        )
+        assert_equal 'cb_123', b[:callback_query_id]
+        assert_equal 'Done', b[:text]
+        assert b[:show_alert]
+        refute b.key?(:url)
+      end
+
+      def test_callback_body_minimal
+        b = Api::RequestBuilders.callback_body(callback_query_id: 'cb', text: nil, show_alert: nil, url: nil)
+        assert_equal 'cb', b[:callback_query_id]
+        refute b.key?(:text)
+        refute b.key?(:show_alert)
+        refute b.key?(:url)
+      end
     end
   end
 end

data/test/max/bot/api_test.rb

@@ -4,6 +4,43 @@ require 'test_helper'
 
 module Max
   module Bot
+    class FakeHttp
+      attr_reader :response, :last_path, :last_body, :last_query
+
+      def initialize(response)
+        @response = response
+        @last_path = nil
+        @last_body = nil
+        @last_query = nil
+      end
+
+      def post(path, query: nil, body: nil)
+        @last_path = path
+        @last_body = body
+        @last_query = query
+        @response
+      end
+
+      def get(path, query: nil)
+        @last_path = path
+        @last_query = query
+        @response
+      end
+
+      def delete(path, query: nil)
+        @last_path = path
+        @last_query = query
+        @response
+      end
+
+      def put(path, query: nil, body: nil)
+        @last_path = path
+        @last_body = body
+        @last_query = query
+        @response
+      end
+    end
+
     class ApiTest < Minitest::Test
       def test_rejects_blank_token
         assert_raises(ArgumentError) { Api.new(nil) }
@@ -21,6 +58,108 @@ module Max
         err = assert_raises(ArgumentError) { api.send_message(nil, chat_id: 1) }
         assert_match(/text|attachments|attachment|link/, err.message)
       end
+
+      def test_set_webhook_rejects_invalid_url
+        api = Api.new('token')
+        assert_raises(ArgumentError) { api.set_webhook(url: 'not-a-url') }
+        assert_raises(ArgumentError) { api.set_webhook(url: '') }
+        assert_raises(ArgumentError) { api.set_webhook(url: 'ftp://example.com') }
+      end
+
+      def test_set_webhook_accepts_valid_url
+        http = FakeHttp.new({})
+        api = Api.new('token', http: http)
+        api.set_webhook(url: 'https://example.com/webhook')
+        assert_equal '/subscriptions', http.last_path
+        assert_equal 'https://example.com/webhook', http.last_body[:url]
+      end
+
+      def test_me
+        response = { user_id: 1, name: 'Test Bot', username: 'test_bot' }
+        http = FakeHttp.new(response)
+        api = Api.new('token', http: http)
+        result = api.me
+        assert_equal 1, result[:user_id]
+        assert_equal '/bots', http.last_path
+      end
+
+      def test_chat_requires_chat_id
+        api = Api.new('token')
+        assert_raises(ArgumentError) { api.chat(nil) }
+        assert_raises(ArgumentError) { api.chat('') }
+        assert_raises(ArgumentError) { api.chat('   ') }
+      end
+
+      def test_chat
+        response = { chat_id: 123, name: 'Test Chat' }
+        http = FakeHttp.new(response)
+        api = Api.new('token', http: http)
+        result = api.chat(123)
+        assert_equal 123, result[:chat_id]
+        assert_equal '/chats/123', http.last_path
+      end
+
+      def test_get_message_requires_message_id
+        api = Api.new('token')
+        assert_raises(ArgumentError) { api.get_message(nil) }
+        assert_raises(ArgumentError) { api.get_message('') }
+      end
+
+      def test_get_message
+        response = { message_id: 42, body: { text: 'hello' } }
+        http = FakeHttp.new(response)
+        api = Api.new('token', http: http)
+        result = api.get_message(42)
+        assert_equal 42, result[:message_id]
+        assert_equal '/messages/42', http.last_path
+      end
+
+      def test_edit_message_requires_message_id
+        api = Api.new('token')
+        assert_raises(ArgumentError) { api.edit_message(nil, 'text') }
+        assert_raises(ArgumentError) { api.edit_message('', 'text') }
+      end
+
+      def test_edit_message
+        response = { message_id: 42 }
+        http = FakeHttp.new(response)
+        api = Api.new('token', http: http)
+        result = api.edit_message(42, 'updated text', format: 'markdown')
+        assert_equal 42, result[:message_id]
+        assert_equal '/messages/42', http.last_path
+        assert_equal 'updated text', http.last_body[:text]
+        assert_equal 'markdown', http.last_body[:format]
+      end
+
+      def test_delete_message_requires_message_id
+        api = Api.new('token')
+        assert_raises(ArgumentError) { api.delete_message(nil) }
+        assert_raises(ArgumentError) { api.delete_message('') }
+      end
+
+      def test_delete_message
+        http = FakeHttp.new({ success: true })
+        api = Api.new('token', http: http)
+        api.delete_message(42)
+        assert_equal '/messages/42', http.last_path
+      end
+
+      def test_answer_callback_requires_id
+        api = Api.new('token')
+        assert_raises(ArgumentError) { api.answer_callback(nil) }
+        assert_raises(ArgumentError) { api.answer_callback('') }
+      end
+
+      def test_answer_callback
+        response = { success: true }
+        http = FakeHttp.new(response)
+        api = Api.new('token', http: http)
+        api.answer_callback('cb_123', text: 'Done!', show_alert: true)
+        assert_equal '/messages/callback', http.last_path
+        assert_equal 'cb_123', http.last_body[:callback_query_id]
+        assert_equal 'Done!', http.last_body[:text]
+        assert http.last_body[:show_alert]
+      end
     end
   end
 end

data/test/max/bot/attachments_test.rb

@@ -20,7 +20,7 @@ module Max
         ]
         att = Attachments.inline_keyboard(rows)
         assert_equal 'inline_keyboard', att[:type]
-        assert_equal rows, att[:payload][:buttons]
+        assert_equal [rows], att[:payload][:buttons]
       end
 
       def test_location_top_level_coordinates
@@ -35,6 +35,13 @@ module Max
         assert_equal 'share', att[:type]
         assert_equal 'https://example.com', att[:payload][:url]
       end
+
+      def test_clipboard_button
+        btn = Attachments.clipboard_button('Copy', 'secret_code')
+        assert_equal 'clipboard', btn[:type]
+        assert_equal 'Copy', btn[:text]
+        assert_equal 'secret_code', btn[:payload]
+      end
     end
   end
 end

data/test/max/bot/http_test.rb

@@ -74,7 +74,27 @@ module Max
 
         http = Http.new('tok', 'https://platform-api.max.ru', connection: conn)
         result = http.delete('/subscriptions', query: { url: 'https://h' })
-        assert_equal true, result[:success]
+        assert result[:success]
+        stubs.verify_stubbed_calls
+      end
+
+      def test_put_sends_json_body_and_auth
+        stubs = Faraday::Adapter::Test::Stubs.new do |stub|
+          stub.put('/messages/42', '{"text":"updated"}') do |env|
+            assert_equal 'secret-token', env.request_headers['Authorization']
+            assert_match %r{application/json}, env.request_headers['Content-Type']
+            [200, { 'Content-Type' => 'application/json' }, '{"message_id":42}']
+          end
+        end
+
+        conn = Faraday.new do |f|
+          f.adapter :test, stubs
+        end
+
+        http = Http.new('secret-token', 'https://platform-api.max.ru', connection: conn)
+        result = http.put('/messages/42', body: { text: 'updated' })
+
+        assert_equal 42, result[:message_id]
         stubs.verify_stubbed_calls
       end
     end

data/test/max/bot/multipart_upload_test.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+module Max
+  module Bot
+    class MultipartUploadTest < Minitest::Test
+      def setup
+        @temp_dir = Dir.mktmpdir
+        @test_file_path = File.join(@temp_dir, 'test.bin')
+        File.binwrite(@test_file_path, 'test content')
+      end
+
+      def teardown
+        FileUtils.remove_entry(@temp_dir)
+      end
+
+      def test_rejects_blank_upload_url
+        assert_raises(ArgumentError) do
+          MultipartUpload.post_file(upload_url: '', path: @test_file_path, authorization: 'tok')
+        end
+        assert_raises(ArgumentError) do
+          MultipartUpload.post_file(upload_url: '   ', path: @test_file_path, authorization: 'tok')
+        end
+      end
+
+      def test_raises_error_for_non_http_url
+        # URI.parse('not-a-url') returns URI::Generic which lacks request_uri
+        assert_raises(NoMethodError) do
+          MultipartUpload.post_file(upload_url: 'not-a-url', path: @test_file_path, authorization: 'tok')
+        end
+      end
+
+      def test_raises_api_error_on_connection_failure
+        # Unresolvable host should raise a network error, wrapped in ApiError by caller
+        err = assert_raises(Errno::ECONNREFUSED, SocketError, Errno::ENETUNREACH) do
+          MultipartUpload.post_file(
+            upload_url: 'http://127.0.0.1:1',
+            path: @test_file_path,
+            authorization: 'tok'
+          )
+        end
+        assert_kind_of StandardError, err
+      end
+    end
+  end
+end

data/test/max/bot/webhook_test.rb

@@ -16,6 +16,15 @@ module Max
         refute Webhook.secret_valid?('abc', 'ab')
       end
 
+      def test_secret_valid_uses_openssl_secure_compare
+        # Verify OpenSSL.fixed_length_secure_compare is called for same-length strings
+        a = 'test_secret_value'
+        b = 'test_secret_value'
+        # OpenSSL.fixed_length_secure_compare raises on different lengths in some Ruby versions,
+        # so our code checks bytesize first, then delegates to OpenSSL.
+        assert Webhook.secret_valid?(a, b)
+      end
+
       def test_extract_secret_header_rack_style
         env = { 'HTTP_X_MAX_BOT_API_SECRET' => 'sekret' }
         assert_equal 'sekret', Webhook.extract_secret_header(env)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: max_bot
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Sergey Syabrenko
@@ -39,7 +39,7 @@ dependencies:
         version: '5.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '7'
+        version: '6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -49,7 +49,21 @@ dependencies:
         version: '5.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '7'
+        version: '6'
+- !ruby/object:Gem::Dependency
+  name: parallel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -70,6 +84,54 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '15'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: rubocop-minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.36'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.36'
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.23'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.23'
 description: Send messages, long-poll GET /updates, manage webhook subscriptions.
   See https://dev.max.ru/docs-api
 email: darthpains@gmail.com
@@ -104,13 +166,15 @@ files:
 - test/max/bot/errors_test.rb
 - test/max/bot/http_test.rb
 - test/max/bot/json_test.rb
+- test/max/bot/multipart_upload_test.rb
 - test/max/bot/update_helpers_test.rb
 - test/max/bot/webhook_test.rb
 - test/test_helper.rb
-homepage: https://dev.max.ru/docs-api
+homepage: https://github.com/Syabr/max_bot
 licenses:
 - MIT
-metadata: {}
+metadata:
+  rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -119,7 +183,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.5.0
+      version: 3.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="