node-telegram-utils 0.0.1-security → 0.64.0

package/src/telegramPolling.js

@@ -0,0 +1,202 @@
+const errors = require('./errors');
+const debug = require('debug')('node-telegram-bot-api');
+const deprecate = require('./utils').deprecate;
+const ANOTHER_WEB_HOOK_USED = 409;
+
+
+class TelegramBotPolling {
+  /**
+   * Handles polling against the Telegram servers.
+   * @param  {TelegramBot} bot
+   * @see https://core.telegram.org/bots/api#getting-updates
+   */
+  constructor(bot) {
+    this.bot = bot;
+    this.options = (typeof bot.options.polling === 'boolean') ? {} : bot.options.polling;
+    this.options.interval = (typeof this.options.interval === 'number') ? this.options.interval : 300;
+    this.options.params = (typeof this.options.params === 'object') ? this.options.params : {};
+    this.options.params.offset = (typeof this.options.params.offset === 'number') ? this.options.params.offset : 0;
+    this.options.params.timeout = (typeof this.options.params.timeout === 'number') ? this.options.params.timeout : 10;
+    if (typeof this.options.timeout === 'number') {
+      deprecate('`options.polling.timeout` is deprecated. Use `options.polling.params` instead.');
+      this.options.params.timeout = this.options.timeout;
+    }
+    this._lastUpdate = 0;
+    this._lastRequest = null;
+    this._abort = false;
+    this._pollingTimeout = null;
+  }
+
+  /**
+   * Start polling
+   * @param  {Object} [options]
+   * @param  {Object} [options.restart]
+   * @return {Promise}
+   */
+  start(options = {}) {
+    if (this._lastRequest) {
+      if (!options.restart) {
+        return Promise.resolve();
+      }
+      return this.stop({
+        cancel: true,
+        reason: 'Polling restart',
+      }).then(() => {
+        return this._polling();
+      });
+    }
+    return this._polling();
+  }
+
+  /**
+   * Stop polling
+   * @param  {Object} [options] Options
+   * @param  {Boolean} [options.cancel] Cancel current request
+   * @param  {String} [options.reason] Reason for stopping polling
+   * @return {Promise}
+   */
+  stop(options = {}) {
+    if (!this._lastRequest) {
+      return Promise.resolve();
+    }
+    const lastRequest = this._lastRequest;
+    this._lastRequest = null;
+    clearTimeout(this._pollingTimeout);
+    if (options.cancel) {
+      const reason = options.reason || 'Polling stop';
+      lastRequest.cancel(reason);
+      return Promise.resolve();
+    }
+    this._abort = true;
+    return lastRequest.finally(() => {
+      this._abort = false;
+    });
+  }
+
+  /**
+   * Return `true` if is polling. Otherwise, `false`.
+   */
+  isPolling() {
+    return !!this._lastRequest;
+  }
+
+  /**
+   * Handle error thrown during polling.
+   * @private
+   * @param  {Error} error
+   */
+  _error(error) {
+    if (!this.bot.listeners('polling_error').length) {
+      return console.error('error: [polling_error] %j', error); // eslint-disable-line no-console
+    }
+    return this.bot.emit('polling_error', error);
+  }
+
+  /**
+   * Invokes polling (with recursion!)
+   * @return {Promise} promise of the current request
+   * @private
+   */
+  _polling() {
+    this._lastRequest = this
+      ._getUpdates()
+      .then(updates => {
+        this._lastUpdate = Date.now();
+        debug('polling data %j', updates);
+        updates.forEach(update => {
+          this.options.params.offset = update.update_id + 1;
+          debug('updated offset: %s', this.options.params.offset);
+          try {
+            this.bot.processUpdate(update);
+          } catch (err) {
+            err._processing = true;
+            throw err;
+          }
+        });
+        return null;
+      })
+      .catch(err => {
+        debug('polling error: %s', err.message);
+        if (!err._processing) {
+          return this._error(err);
+        }
+        delete err._processing;
+        /*
+         * An error occured while processing the items,
+         * i.e. in `this.bot.processUpdate()` above.
+         * We need to mark the already-processed items
+         * to avoid fetching them again once the application
+         * is restarted, or moves to next polling interval
+         * (in cases where unhandled rejections do not terminate
+         * the process).
+         * See https://github.com/yagop/node-telegram-bot-api/issues/36#issuecomment-268532067
+         */
+        if (!this.bot.options.badRejection) {
+          return this._error(err);
+        }
+        const opts = {
+          offset: this.options.params.offset,
+          limit: 1,
+          timeout: 0,
+        };
+        return this.bot.getUpdates(opts).then(() => {
+          return this._error(err);
+        }).catch(requestErr => {
+          /*
+           * We have been unable to handle this error.
+           * We have to log this to stderr to ensure devops
+           * understands that they may receive already-processed items
+           * on app restart.
+           * We simply can not rescue this situation, emit "error"
+           * event, with the hope that the application exits.
+           */
+          /* eslint-disable no-console */
+          const bugUrl = 'https://github.com/yagop/node-telegram-bot-api/issues/36#issuecomment-268532067';
+          console.error('error: Internal handling of The Offset Infinite Loop failed');
+          console.error(`error: Due to error '${requestErr}'`);
+          console.error('error: You may receive already-processed updates on app restart');
+          console.error(`error: Please see ${bugUrl} for more information`);
+          /* eslint-enable no-console */
+          return this.bot.emit('error', new errors.FatalError(err));
+        });
+      })
+      .finally(() => {
+        if (this._abort) {
+          debug('Polling is aborted!');
+        } else {
+          debug('setTimeout for %s miliseconds', this.options.interval);
+          this._pollingTimeout = setTimeout(() => this._polling(), this.options.interval);
+        }
+      });
+    return this._lastRequest;
+  }
+
+  /**
+   * Unset current webhook. Used when we detect that a webhook has been set
+   * and we are trying to poll. Polling and WebHook are mutually exclusive.
+   * @see https://core.telegram.org/bots/api#getting-updates
+   * @private
+   */
+  _unsetWebHook() {
+    debug('unsetting webhook');
+    return this.bot._request('setWebHook');
+  }
+
+  /**
+   * Retrieve updates
+   */
+  _getUpdates() {
+    debug('polling with options: %j', this.options.params);
+    return this.bot.getUpdates(this.options.params)
+      .catch(err => {
+        if (err.response && err.response.statusCode === ANOTHER_WEB_HOOK_USED) {
+          return this._unsetWebHook().then(() => {
+            return this.bot.getUpdates(this.options.params);
+          });
+        }
+        throw err;
+      });
+  }
+}
+
+module.exports = TelegramBotPolling;

package/src/telegramWebHook.js

@@ -0,0 +1,158 @@
+const errors = require('./errors');
+const debug = require('debug')('node-telegram-bot-api');
+const https = require('https');
+const http = require('http');
+const fs = require('fs');
+const bl = require('bl');
+
+class TelegramBotWebHook {
+  /**
+   * Sets up a webhook to receive updates
+   * @param  {TelegramBot} bot
+   * @see https://core.telegram.org/bots/api#getting-updates
+   */
+  constructor(bot) {
+    this.bot = bot;
+    this.options = (typeof bot.options.webHook === 'boolean') ? {} : bot.options.webHook;
+    this.options.host = this.options.host || '0.0.0.0';
+    this.options.port = this.options.port || 8443;
+    this.options.https = this.options.https || {};
+    this.options.healthEndpoint = this.options.healthEndpoint || '/healthz';
+    this._healthRegex = new RegExp(this.options.healthEndpoint);
+    this._webServer = null;
+    this._open = false;
+    this._requestListener = this._requestListener.bind(this);
+    this._parseBody = this._parseBody.bind(this);
+
+    if (this.options.key && this.options.cert) {
+      debug('HTTPS WebHook enabled (by key/cert)');
+      this.options.https.key = fs.readFileSync(this.options.key);
+      this.options.https.cert = fs.readFileSync(this.options.cert);
+      this._webServer = https.createServer(this.options.https, this._requestListener);
+    } else if (this.options.pfx) {
+      debug('HTTPS WebHook enabled (by pfx)');
+      this.options.https.pfx = fs.readFileSync(this.options.pfx);
+      this._webServer = https.createServer(this.options.https, this._requestListener);
+    } else if (Object.keys(this.options.https).length) {
+      debug('HTTPS WebHook enabled by (https)');
+      this._webServer = https.createServer(this.options.https, this._requestListener);
+    } else {
+      debug('HTTP WebHook enabled');
+      this._webServer = http.createServer(this._requestListener);
+    }
+  }
+
+  /**
+   * Open WebHook by listening on the port
+   * @return {Promise}
+   */
+  open() {
+    if (this.isOpen()) {
+      return Promise.resolve();
+    }
+    return new Promise((resolve, reject) => {
+      this._webServer.listen(this.options.port, this.options.host, () => {
+        debug('WebHook listening on port %s', this.options.port);
+        this._open = true;
+        return resolve();
+      });
+
+      this._webServer.once('error', (err) => {
+        reject(err);
+      });
+    });
+  }
+
+  /**
+   * Close the webHook
+   * @return {Promise}
+   */
+  close() {
+    if (!this.isOpen()) {
+      return Promise.resolve();
+    }
+    return new Promise((resolve, reject) => {
+      this._webServer.close(error => {
+        if (error) return reject(error);
+        this._open = false;
+        return resolve();
+      });
+    });
+  }
+
+  /**
+   * Return `true` if server is listening. Otherwise, `false`.
+   */
+  isOpen() {
+    // NOTE: Since `http.Server.listening` was added in v5.7.0
+    // and we still need to support Node v4,
+    // we are going to fallback to 'this._open'.
+    // The following LOC would suffice for newer versions of Node.js
+    // return this._webServer.listening;
+    return this._open;
+  }
+
+  /**
+   * Handle error thrown during processing of webhook request.
+   * @private
+   * @param  {Error} error
+   */
+  _error(error) {
+    if (!this.bot.listeners('webhook_error').length) {
+      return console.error('error: [webhook_error] %j', error); // eslint-disable-line no-console
+    }
+    return this.bot.emit('webhook_error', error);
+  }
+
+  /**
+   * Handle request body by passing it to 'callback'
+   * @private
+   */
+  _parseBody(error, body) {
+    if (error) {
+      return this._error(new errors.FatalError(error));
+    }
+
+    let data;
+    try {
+      data = JSON.parse(body.toString());
+    } catch (parseError) {
+      return this._error(new errors.ParseError(parseError.message));
+    }
+
+    return this.bot.processUpdate(data);
+  }
+
+  /**
+   * Listener for 'request' event on server
+   * @private
+   * @see https://nodejs.org/docs/latest/api/http.html#http_http_createserver_requestlistener
+   * @see https://nodejs.org/docs/latest/api/https.html#https_https_createserver_options_requestlistener
+   */
+  _requestListener(req, res) {
+    debug('WebHook request URL: %s', req.url);
+    debug('WebHook request headers: %j', req.headers);
+
+    if (req.url.indexOf(this.bot.token) !== -1) {
+      if (req.method !== 'POST') {
+        debug('WebHook request isn\'t a POST');
+        res.statusCode = 418; // I'm a teabot!
+        res.end();
+      } else {
+        req
+          .pipe(bl(this._parseBody))
+          .on('finish', () => res.end('OK'));
+      }
+    } else if (this._healthRegex.test(req.url)) {
+      debug('WebHook health check passed');
+      res.statusCode = 200;
+      res.end('OK');
+    } else {
+      debug('WebHook request unauthorized');
+      res.statusCode = 401;
+      res.end();
+    }
+  }
+}
+
+module.exports = TelegramBotWebHook;

package/src/utils.js

@@ -0,0 +1,3 @@
+const util = require('util');
+// Native deprecation warning
+exports.deprecate = (msg) => util.deprecate(() => { }, msg, 'node-telegram-bot-api')();