telegram_bot_engine 0.3.4 → 0.6.1

data/lib/telegram_bot_engine/dispatch.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+require "action_dispatch"
+require "active_support/security_utils"
+
+module TelegramBotEngine
+  # The single inbound webhook endpoint for ALL bots (docs/0001 §3.7). The host app mounts
+  # this once: `mount TelegramBotEngine::Dispatch, at: config.webhook_mount_path`. For
+  # `POST <mount>/:webhook_secret` it resolves the Bot by its secret path segment, validates
+  # the X-Telegram-Bot-Api-Secret-Token header (telegram-bot 0.16 does NOT — docs/0001 §9),
+  # then hands off to the host's UpdatesController via `dispatch(bot.client, update, request)`.
+  class Dispatch
+    SECRET_TOKEN_HEADER = "HTTP_X_TELEGRAM_BOT_API_SECRET_TOKEN"
+    # The resolved Bot record is exposed to the controller here so SubscriberCommands can
+    # scope inbound /start·/stop to the bot the update arrived for.
+    ENV_BOT_KEY = "telegram_bot_engine.bot"
+
+    def self.call(env)
+      new.call(env)
+    end
+
+    def call(env)
+      request = ActionDispatch::Request.new(env)
+      return respond(405, "method not allowed") unless request.post?
+
+      bot = resolve_bot(request)
+      return respond(404, "unknown bot") unless bot
+      return respond(403, "invalid secret token") unless valid_secret_token?(request, bot)
+
+      controller = dispatch_controller
+      return respond(503, "dispatch_controller not configured") unless controller
+
+      begin
+        update = request.request_parameters
+      rescue ActionDispatch::Http::Parameters::ParseError
+        return respond(400, "bad request")
+      end
+
+      request.set_header(ENV_BOT_KEY, bot)
+      controller.dispatch(bot.client, update, request)
+      respond(200, "")
+    end
+
+    private
+
+    def resolve_bot(request)
+      # Route on the NON-secret webhook_id path segment; the secret_token is validated from the
+      # header only (docs/0001 §3.7) so the credential never reaches request/SQL logs.
+      webhook_id = request.path_info.to_s.split("/").reject(&:empty?).last
+      return nil if webhook_id.blank?
+
+      TelegramBotEngine::Bot.active.find_by(webhook_id: webhook_id)
+    end
+
+    def valid_secret_token?(request, bot)
+      provided = request.get_header(SECRET_TOKEN_HEADER).to_s
+      return false if provided.empty?
+
+      ActiveSupport::SecurityUtils.secure_compare(provided, bot.webhook_secret.to_s)
+    end
+
+    def dispatch_controller
+      target = TelegramBotEngine.config.dispatch_controller
+      return nil if target.blank?
+
+      target.respond_to?(:dispatch) ? target : target.to_s.constantize
+    end
+
+    def respond(status, body)
+      [status, { "Content-Type" => "text/plain; charset=utf-8" }, [body]]
+    end
+  end
+end

data/lib/telegram_bot_engine/registry.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module TelegramBotEngine
+  # Resolves and caches a Telegram::Bot::Client per Bot record, keyed by bot id
+  # (docs/0001 §2 cap 2, §3.2). This fills telegram-bot's gap: `Telegram.bots` is
+  # boot-memoized (`@bots ||=`) and not built for runtime hot-add or token rotation.
+  # We resolve a fresh `Telegram::Bot::Client.new(token)` per bot_id rather than
+  # leaning on `Telegram.reset_bots`, which is unsafe under concurrency (docs/0001 §9).
+  module Registry
+    @mutex = Mutex.new
+    @clients = {}
+
+    class << self
+      # The client for this bot, built once and cached by bot id.
+      def client_for(bot)
+        @mutex.synchronize do
+          @clients[bot.id] ||= build_client(bot)
+        end
+      end
+
+      # Drop a bot's cached client so the next resolve rebuilds it. Called from
+      # Bot#after_save / #after_destroy so token rotation can never serve a stale client.
+      def invalidate(bot)
+        @mutex.synchronize { @clients.delete(bot.id) }
+      end
+
+      # Clear the whole cache (test isolation; also safe to call on reload).
+      def reset!
+        @mutex.synchronize { @clients = {} }
+      end
+
+      private
+
+      def build_client(bot)
+        Telegram::Bot::Client.new(bot.token, bot.slug)
+      end
+    end
+  end
+end

data/lib/telegram_bot_engine/subscriber_commands.rb

@@ -12,7 +12,7 @@ module TelegramBotEngine
     # /start - create subscription if authorized
     def start!(*)
       subscription = TelegramBotEngine::Subscription.find_or_initialize_by(
-        chat_id: chat["id"]
+        chat_id: chat["id"], bot_id: current_bot&.id
       )
       subscription.assign_attributes(
         user_id: from["id"],
@@ -24,7 +24,7 @@ module TelegramBotEngine
 
       TelegramBotEngine::Event.log(
         event_type: "command", action: "start",
-        chat_id: chat["id"], username: from["username"]
+        chat_id: chat["id"], username: from["username"], bot_id: current_bot&.id
       )
 
       welcome = TelegramBotEngine.config.welcome_message % {
@@ -36,12 +36,12 @@ module TelegramBotEngine
 
     # /stop - deactivate subscription
     def stop!(*)
-      subscription = TelegramBotEngine::Subscription.find_by(chat_id: chat["id"])
+      subscription = TelegramBotEngine::Subscription.find_by(chat_id: chat["id"], bot_id: current_bot&.id)
       subscription&.update(active: false)
 
       TelegramBotEngine::Event.log(
         event_type: "command", action: "stop",
-        chat_id: chat["id"], username: from["username"]
+        chat_id: chat["id"], username: from["username"], bot_id: current_bot&.id
       )
 
       respond_with :message, text: "You've been unsubscribed. Send /start to resubscribe."
@@ -51,7 +51,7 @@ module TelegramBotEngine
     def help!(*)
       TelegramBotEngine::Event.log(
         event_type: "command", action: "help",
-        chat_id: chat["id"], username: from["username"]
+        chat_id: chat["id"], username: from["username"], bot_id: current_bot&.id
       )
 
       respond_with :message, text: "📋 *Available Commands*\n\n#{available_commands_text}", parse_mode: "Markdown"
@@ -60,17 +60,27 @@ module TelegramBotEngine
     private
 
     def authorize_user!
-      return if TelegramBotEngine::Authorizer.authorized?(from["username"])
+      return if TelegramBotEngine::Authorizer.authorized?(from["username"], bot: current_bot)
 
       TelegramBotEngine::Event.log(
         event_type: "auth_failure", action: "unauthorized",
-        chat_id: chat["id"], username: from["username"]
+        chat_id: chat["id"], username: from["username"], bot_id: current_bot&.id
       )
 
       respond_with :message, text: TelegramBotEngine.config.unauthorized_message
       throw :abort
     end
 
+    # The Bot this inbound update arrived for, set by TelegramBotEngine::Dispatch in the
+    # request env (docs/0001 §3.7). nil when there is no inbound request context (e.g. the
+    # poller, or a host controller without webhook_request) → default/global behavior, unchanged.
+    def current_bot
+      return unless respond_to?(:webhook_request)
+
+      request = webhook_request
+      request && request.env["telegram_bot_engine.bot"]
+    end
+
     # Auto-generates command list from public methods ending with !
     def available_commands_text
       commands = self.class.public_instance_methods(false)

data/lib/telegram_bot_engine/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module TelegramBotEngine
-  VERSION = "0.3.4"
+  VERSION = "0.6.1"
 end

data/lib/telegram_bot_engine/webhook_registrar.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module TelegramBotEngine
+  # Registers/removes a bot's Telegram webhook (docs/0001 §3.6). The webhook URL embeds the
+  # bot's per-bot `webhook_secret` path segment, and `secret_token` is set to the same secret
+  # so the inbound dispatcher can authenticate Telegram via the X-Telegram-Bot-Api-Secret-Token
+  # header. setWebhook is idempotent (overwrites), so re-registering is always safe.
+  module WebhookRegistrar
+    class << self
+      def register(bot, base_url: nil)
+        base_url ||= TelegramBotEngine.config.webhook_base_url
+        return false if base_url.blank?
+
+        TelegramBotEngine.client_for(bot).set_webhook(
+          url: webhook_url(bot, base_url),
+          secret_token: bot.webhook_secret
+        )
+        true
+      end
+
+      def remove(bot)
+        TelegramBotEngine.client_for(bot).delete_webhook
+        true
+      end
+
+      def webhook_url(bot, base_url)
+        # The URL path carries the NON-secret webhook_id; the secret stays in secret_token only.
+        "#{base_url.to_s.chomp('/')}#{TelegramBotEngine.config.webhook_mount_path}/#{bot.webhook_id}"
+      end
+    end
+  end
+end

data/lib/telegram_bot_engine.rb

@@ -3,6 +3,9 @@
 require "telegram/bot"
 require "telegram_bot_engine/version"
 require "telegram_bot_engine/configuration"
+require "telegram_bot_engine/registry"
+require "telegram_bot_engine/webhook_registrar"
+require "telegram_bot_engine/dispatch"
 require "telegram_bot_engine/authorizer"
 require "telegram_bot_engine/subscriber_commands"
 require "telegram_bot_engine/engine"
@@ -21,11 +24,20 @@ module TelegramBotEngine
       @config = Configuration.new
     end
 
-    # Broadcast to all active subscribers via background jobs
-    def broadcast(text, **options)
+    # The Telegram::Bot::Client for a Bot record, resolved from the DB and cached by
+    # bot id (token-rotation safe). See TelegramBotEngine::Registry / docs/0001 §3.2.
+    def client_for(bot)
+      Registry.client_for(bot)
+    end
+
+    # Broadcast to all active subscribers via background jobs, delivered through `bot`.
+    # `bot:` omitted ⇒ the default bot ⇒ today's behavior, unchanged (docs/0001 §3.3).
+    def broadcast(text, bot: nil, **options)
+      bot ||= TelegramBotEngine::Bot.default
       subscriber_count = 0
-      TelegramBotEngine::Subscription.active.find_each do |subscription|
+      TelegramBotEngine::Subscription.active.for_bot(bot).find_each do |subscription|
         TelegramBotEngine::DeliveryJob.perform_later(
+          bot.id,
           subscription.chat_id,
           text,
           options
@@ -35,18 +47,21 @@ module TelegramBotEngine
 
       TelegramBotEngine::Event.log(
         event_type: "delivery", action: "broadcast",
-        details: { subscriber_count: subscriber_count, text_preview: text.to_s[0, 100] }
+        bot_id: bot.id,
+        details: { bot: bot.slug, subscriber_count: subscriber_count, text_preview: text.to_s[0, 100] }
       )
     end
 
-    # Send to a specific chat via background job
-    def notify(chat_id:, text:, **options)
-      TelegramBotEngine::DeliveryJob.perform_later(chat_id, text, options)
+    # Send to a specific chat via background job, delivered through `bot`.
+    # `bot:` omitted ⇒ the default bot ⇒ today's behavior, unchanged (docs/0001 §3.3).
+    def notify(chat_id:, text:, bot: nil, **options)
+      bot ||= TelegramBotEngine::Bot.default
+      TelegramBotEngine::DeliveryJob.perform_later(bot.id, chat_id, text, options)
 
       TelegramBotEngine::Event.log(
         event_type: "delivery", action: "notify",
-        chat_id: chat_id,
-        details: { text_preview: text.to_s[0, 100] }
+        chat_id: chat_id, bot_id: bot.id,
+        details: { bot: bot.slug, text_preview: text.to_s[0, 100] }
       )
     end
   end

metadata

@@ -1,10 +1,10 @@
 --- !ruby/object:Gem::Specification
 name: telegram_bot_engine
 version: !ruby/object:Gem::Version
-  version: 0.3.4
+  version: 0.6.1
 platform: ruby
 authors:
-- TelegramBotEngine Contributors
+- Tomáš Landovský
 bindir: bin
 cert_chain: []
 date: 1980-01-02 00:00:00.000000000 Z
@@ -16,6 +16,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '7.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '9.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -23,6 +26,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '7.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '9.0'
 - !ruby/object:Gem::Dependency
   name: telegram-bot
   requirement: !ruby/object:Gem::Requirement
@@ -39,21 +45,31 @@ dependencies:
         version: '0.16'
 description: A mountable Rails engine that adds subscriber persistence, authorization,
   broadcasting, and an admin UI on top of the telegram-bot gem.
+email:
+- landovsky@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- CHANGELOG.md
+- LICENSE
 - README.md
 - app/controllers/telegram_bot_engine/admin/allowlist_controller.rb
 - app/controllers/telegram_bot_engine/admin/base_controller.rb
+- app/controllers/telegram_bot_engine/admin/bots_controller.rb
 - app/controllers/telegram_bot_engine/admin/dashboard_controller.rb
 - app/controllers/telegram_bot_engine/admin/events_controller.rb
 - app/controllers/telegram_bot_engine/admin/subscriptions_controller.rb
+- app/jobs/telegram_bot_engine/application_job.rb
 - app/jobs/telegram_bot_engine/delivery_job.rb
 - app/models/telegram_bot_engine/allowed_user.rb
+- app/models/telegram_bot_engine/bot.rb
 - app/models/telegram_bot_engine/event.rb
 - app/models/telegram_bot_engine/subscription.rb
 - app/views/telegram_bot_engine/admin/allowlist/index.html.erb
+- app/views/telegram_bot_engine/admin/bots/edit.html.erb
+- app/views/telegram_bot_engine/admin/bots/index.html.erb
+- app/views/telegram_bot_engine/admin/bots/new.html.erb
 - app/views/telegram_bot_engine/admin/dashboard/show.html.erb
 - app/views/telegram_bot_engine/admin/events/index.html.erb
 - app/views/telegram_bot_engine/admin/layouts/application.html.erb
@@ -62,17 +78,29 @@ files:
 - db/migrate/001_create_telegram_bot_engine_subscriptions.rb
 - db/migrate/002_create_telegram_bot_engine_allowed_users.rb
 - db/migrate/003_create_telegram_bot_engine_events.rb
+- db/migrate/004_create_telegram_bot_engine_bots.rb
+- db/migrate/005_add_bot_to_telegram_bot_engine_subscriptions.rb
+- db/migrate/006_add_bot_to_telegram_bot_engine_allowed_users.rb
+- db/migrate/007_add_bot_to_telegram_bot_engine_events.rb
+- db/migrate/008_add_webhook_id_to_telegram_bot_engine_bots.rb
 - lib/tasks/telegram_bot_engine.rake
 - lib/telegram_bot_engine.rb
 - lib/telegram_bot_engine/authorizer.rb
 - lib/telegram_bot_engine/configuration.rb
+- lib/telegram_bot_engine/dispatch.rb
 - lib/telegram_bot_engine/engine.rb
+- lib/telegram_bot_engine/registry.rb
 - lib/telegram_bot_engine/subscriber_commands.rb
 - lib/telegram_bot_engine/version.rb
+- lib/telegram_bot_engine/webhook_registrar.rb
 homepage: https://github.com/landovsky/telegram-bot-channels-gem
 licenses:
 - MIT
-metadata: {}
+metadata:
+  source_code_uri: https://github.com/landovsky/telegram-bot-channels-gem
+  changelog_uri: https://github.com/landovsky/telegram-bot-channels-gem/blob/main/CHANGELOG.md
+  bug_tracker_uri: https://github.com/landovsky/telegram-bot-channels-gem/issues
+  rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
 - lib