@codebam/cf-workers-telegram-bot 11.2.0 → 11.3.1

package/dist/telegram_bot.d.ts

@@ -19,6 +19,8 @@ export default class TelegramBot {
     currentContext: TelegramExecutionContext;
     /** Default command to use when no matching command is found */
     defaultCommand: string;
+    /** Optional secret token for webhook verification */
+    secretToken?: string;
     /**
      *	Create a bot
      *	@param token - the telegram secret token
@@ -26,6 +28,7 @@ export default class TelegramBot {
      */
     constructor(token: string, options?: {
         defaultCommand?: string;
+        secretToken?: string;
     });
     /**
      * Register a function on the bot

package/dist/telegram_bot.js

@@ -19,17 +19,22 @@ export default class TelegramBot {
     currentContext;
     /** Default command to use when no matching command is found */
     defaultCommand = ':message';
+    /** Optional secret token for webhook verification */
+    secretToken;
     /**
      *	Create a bot
      *	@param token - the telegram secret token
      *	@param options - optional configuration for the bot
      */
     constructor(token, options) {
-        this.token = token;
-        this.api = new URL('https://api.telegram.org/bot' + token);
+        this.token = token.trim();
+        this.api = new URL('https://api.telegram.org/bot' + this.token);
         if (options?.defaultCommand) {
             this.defaultCommand = options.defaultCommand;
         }
+        if (options?.secretToken) {
+            this.secretToken = options.secretToken;
+        }
         // Register default handler for the default command to avoid errors
         this.commands[this.defaultCommand] = () => Promise.resolve(new Response('Command not implemented'));
     }
@@ -125,7 +130,7 @@ export default class TelegramBot {
      * @param request - the request to handle
      */
     async handle(request) {
-        this.webhook = new Webhook(this.token, request);
+        this.webhook = new Webhook(this.token, request, this.secretToken);
         const url = new URL(request.url);
         // Check if the request is for this bot
         if (!url.pathname.startsWith(`/${this.token}`)) {
@@ -135,6 +140,10 @@ export default class TelegramBot {
         switch (request.method) {
             case 'POST': {
                 try {
+                    // Verify secret token if configured
+                    if (this.secretToken && request.headers.get('X-Telegram-Bot-Api-Secret-Token') !== this.secretToken) {
+                        return new Response('Unauthorized', { status: 403 });
+                    }
                     this.update = await request.json();
                     console.log(this.update);
                     const ctx = new TelegramExecutionContext(this, this.update);

package/dist/webhook.d.ts

@@ -7,13 +7,16 @@ export default class Webhook {
     private readonly api;
     /** Webhook URL that Telegram will send updates to */
     private readonly webhook;
+    /** Secret token to be sent in the X-Telegram-Bot-Api-Secret-Token header */
+    private readonly secretToken?;
     /**
      * Creates a new Webhook instance.
      *
      * @param token - The Telegram bot token
      * @param request - The incoming request object used to determine the webhook URL
+     * @param secretToken - Optional secret token for webhook verification
      */
-    constructor(token: string, request: Request);
+    constructor(token: string, request: Request, secretToken?: string);
     /**
      * Sets the webhook URL for the Telegram bot.
      *

package/dist/webhook.js

@@ -7,15 +7,19 @@ export default class Webhook {
     api;
     /** Webhook URL that Telegram will send updates to */
     webhook;
+    /** Secret token to be sent in the X-Telegram-Bot-Api-Secret-Token header */
+    secretToken;
     /**
      * Creates a new Webhook instance.
      *
      * @param token - The Telegram bot token
      * @param request - The incoming request object used to determine the webhook URL
+     * @param secretToken - Optional secret token for webhook verification
      */
-    constructor(token, request) {
+    constructor(token, request, secretToken) {
         this.api = new URL(`https://api.telegram.org/bot${token}`);
         this.webhook = new URL(`${new URL(request.url).origin}/${token}`);
+        this.secretToken = secretToken;
     }
     /**
      * Sets the webhook URL for the Telegram bot.
@@ -27,14 +31,18 @@ export default class Webhook {
         const baseUrl = this.api.toString();
         const url = new URL(`${baseUrl}${baseUrl.endsWith('/') ? '' : '/'}setWebhook`);
         // Configure webhook parameters
-        const params = new URLSearchParams({
+        const params = {
             url: this.webhook.toString(),
             max_connections: '40',
             allowed_updates: JSON.stringify(['message', 'inline_query', 'guest_message', 'business_message', 'business_connection']),
             drop_pending_updates: 'true',
-        });
+        };
+        if (this.secretToken) {
+            params.secret_token = this.secretToken;
+        }
+        const searchParams = new URLSearchParams(params);
         try {
-            const response = await fetch(`${url.toString()}?${params.toString()}`);
+            const response = await fetch(`${url.toString()}?${searchParams.toString()}`);
             if (response.status !== 200) {
                 throw new Error(`Telegram API error (setWebhook): ${String(response.status)} ${response.statusText}`);
             }
@@ -43,7 +51,7 @@ export default class Webhook {
                 const json = await cloned.json();
                 console.log({
                     method: 'setWebhook',
-                    params: Object.fromEntries(params),
+                    params: params,
                     response: json,
                 });
             }

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@codebam/cf-workers-telegram-bot",
-	"version": "11.2.0",
+	"version": "11.3.1",
 	"description": "serverless telegram bot on cf workers",
 	"main": "./dist/main.js",
 	"module": "./dist/main.js",