thepopebot 1.0.0

package/setup/lib/telegram-verify.mjs

@@ -0,0 +1,66 @@
+import chalk from 'chalk';
+import inquirer from 'inquirer';
+
+/**
+ * Run the chat ID verification flow
+ * @param {string} verificationCode - The code user should send to bot
+ * @returns {Promise<string|null>} - The chat ID or null if skipped/failed
+ */
+export async function runVerificationFlow(verificationCode) {
+  console.log(chalk.bold.yellow('\n  Chat ID Verification\n'));
+  console.log(chalk.dim('  To lock the bot to your chat, send the verification code.\n'));
+  console.log(chalk.cyan('  Send this message to your bot: ') + chalk.bold(verificationCode));
+  console.log(chalk.dim('\n  The bot will reply with your chat ID. Paste it below.\n'));
+
+  const { chatId } = await inquirer.prompt([{
+    type: 'input',
+    name: 'chatId',
+    message: 'Paste your chat ID from the bot (or press Enter to skip):',
+    validate: (input) => {
+      if (!input) return true; // Allow empty to skip
+      if (!/^-?\d+$/.test(input.trim())) {
+        return 'Chat ID should be a number (can be negative for groups)';
+      }
+      return true;
+    }
+  }]);
+
+  return chatId.trim() || null;
+}
+
+/**
+ * Wait for server to pick up .env changes and verify it's running
+ * @param {string} ngrokUrl - The ngrok URL
+ * @param {string} apiKey - The API key for authentication
+ * @returns {Promise<boolean>} - True if verified successfully
+ */
+export async function verifyRestart(ngrokUrl, apiKey) {
+  console.log(chalk.dim('\n  Waiting for server to pick up changes...\n'));
+  await new Promise(resolve => setTimeout(resolve, 3000));
+
+  // Verify server is up
+  try {
+    const response = await fetch(`${ngrokUrl}/api/ping`, {
+      method: 'GET',
+      headers: { 'x-api-key': apiKey },
+      signal: AbortSignal.timeout(10000)
+    });
+
+    if (!response.ok) {
+      console.log(chalk.red('  ✗ Could not reach server.\n'));
+      return false;
+    }
+
+    const data = await response.json();
+    if (data.message !== 'Pong!') {
+      console.log(chalk.red('  ✗ Unexpected server response.\n'));
+      return false;
+    }
+  } catch (err) {
+    console.log(chalk.red(`  ✗ Server not reachable: ${err.message}\n`));
+    return false;
+  }
+
+  console.log(chalk.green('  ✓ Server is running\n'));
+  return true;
+}

package/setup/lib/telegram.mjs

@@ -0,0 +1,76 @@
+import { randomBytes } from 'crypto';
+
+/**
+ * Generate a verification code for Telegram chat ID capture
+ */
+export function generateVerificationCode() {
+  return 'verify-' + randomBytes(4).toString('hex');
+}
+
+/**
+ * Register a Telegram webhook
+ */
+export async function setTelegramWebhook(botToken, webhookUrl, secretToken = null) {
+  // Delete first — Telegram ignores secret_token changes if the URL is unchanged
+  await deleteTelegramWebhook(botToken);
+
+  const body = { url: webhookUrl };
+  if (secretToken) {
+    body.secret_token = secretToken;
+  }
+
+  const response = await fetch(
+    `https://api.telegram.org/bot${botToken}/setWebhook`,
+    {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(body),
+    }
+  );
+
+  const result = await response.json();
+  return result;
+}
+
+/**
+ * Get current webhook info
+ */
+export async function getTelegramWebhookInfo(botToken) {
+  const response = await fetch(`https://api.telegram.org/bot${botToken}/getWebhookInfo`);
+  const result = await response.json();
+  return result;
+}
+
+/**
+ * Delete existing webhook
+ */
+export async function deleteTelegramWebhook(botToken) {
+  const response = await fetch(`https://api.telegram.org/bot${botToken}/deleteWebhook`, {
+    method: 'POST',
+  });
+  const result = await response.json();
+  return result;
+}
+
+/**
+ * Validate bot token by calling getMe
+ */
+export async function validateBotToken(botToken) {
+  try {
+    const response = await fetch(`https://api.telegram.org/bot${botToken}/getMe`);
+    const result = await response.json();
+    if (result.ok) {
+      return { valid: true, botInfo: result.result };
+    }
+    return { valid: false, error: result.description };
+  } catch (error) {
+    return { valid: false, error: error.message };
+  }
+}
+
+/**
+ * Get BotFather URL for creating a new bot
+ */
+export function getBotFatherURL() {
+  return 'https://t.me/BotFather';
+}

package/setup/package.json

@@ -0,0 +1,6 @@
+{
+  "name": "thepopebot-setup",
+  "version": "1.0.0",
+  "type": "module",
+  "private": true
+}

package/setup/setup-telegram.mjs

@@ -0,0 +1,236 @@
+#!/usr/bin/env node
+
+import chalk from 'chalk';
+import ora from 'ora';
+import inquirer from 'inquirer';
+import { readFileSync, existsSync } from 'fs';
+import { join } from 'path';
+
+import { checkPrerequisites } from './lib/prerequisites.mjs';
+import { setVariables } from './lib/github.mjs';
+import { setTelegramWebhook, validateBotToken, generateVerificationCode } from './lib/telegram.mjs';
+import { confirm, generateTelegramWebhookSecret } from './lib/prompts.mjs';
+import { updateEnvVariable } from './lib/auth.mjs';
+import { runVerificationFlow } from './lib/telegram-verify.mjs';
+
+const ROOT_DIR = process.cwd();
+
+function printSuccess(message) {
+  console.log(chalk.green('  \u2713 ') + message);
+}
+
+function printWarning(message) {
+  console.log(chalk.yellow('  \u26a0 ') + message);
+}
+
+function printInfo(message) {
+  console.log(chalk.dim('  \u2192 ') + message);
+}
+
+/**
+ * Parse .env file and return object
+ */
+function loadEnvFile() {
+  const envPath = join(ROOT_DIR, '.env');
+  if (!existsSync(envPath)) {
+    return null;
+  }
+  const content = readFileSync(envPath, 'utf-8');
+  const env = {};
+  for (const line of content.split('\n')) {
+    const match = line.match(/^([^#=]+)=(.*)$/);
+    if (match) {
+      env[match[1].trim()] = match[2].trim();
+    }
+  }
+  return env;
+}
+
+async function main() {
+  console.log(chalk.bold.cyan('\n  Telegram Webhook Setup\n'));
+  console.log(chalk.dim('  Use this to reconfigure Telegram after restarting ngrok.\n'));
+
+  // Check prerequisites
+  const prereqs = await checkPrerequisites();
+
+  if (!prereqs.git.remoteInfo) {
+    console.log(chalk.red('Could not detect GitHub repository from git remote.'));
+    process.exit(1);
+  }
+
+  const { owner, repo } = prereqs.git.remoteInfo;
+  printInfo(`Repository: ${owner}/${repo}`);
+
+  // Load existing config
+  const env = loadEnvFile();
+
+  // Get ngrok URL first (verify server is up)
+  console.log(chalk.yellow('\n  Make sure your server is running:\n'));
+  console.log(chalk.dim('  Terminal 1: ') + chalk.cyan('npm run dev'));
+  console.log(chalk.dim('  Terminal 2: ') + chalk.cyan('ngrok http 3000\n'));
+
+  let ngrokUrl = null;
+  while (!ngrokUrl) {
+    const { url } = await inquirer.prompt([
+      {
+        type: 'input',
+        name: 'url',
+        message: 'Paste your ngrok URL (https://...ngrok...):',
+        validate: (input) => {
+          if (!input) return 'URL is required';
+          if (!input.startsWith('https://')) return 'URL must start with https://';
+          if (!input.includes('ngrok')) return 'URL should be an ngrok URL';
+          return true;
+        },
+      },
+    ]);
+    const testUrl = url.replace(/\/$/, '');
+
+    // Verify the server is reachable through ngrok
+    const healthSpinner = ora('Verifying server is reachable...').start();
+    const apiKey = env?.API_KEY;
+    try {
+      const response = await fetch(`${testUrl}/api/ping`, {
+        method: 'GET',
+        headers: apiKey ? { 'x-api-key': apiKey } : {},
+        signal: AbortSignal.timeout(10000)
+      });
+      if (response.ok) {
+        const data = await response.json();
+        if (data.message === 'Pong!') {
+          healthSpinner.succeed('Server is reachable and authenticated');
+          ngrokUrl = testUrl;
+        } else {
+          healthSpinner.fail('Unexpected response from server');
+          const retry = await confirm('Try again?');
+          if (!retry) {
+            ngrokUrl = testUrl;
+          }
+        }
+      } else if (response.status === 401) {
+        healthSpinner.fail('Server responded but API key mismatch');
+        printWarning('Check that API_KEY in .env matches the running server');
+        const retry = await confirm('Try again?');
+        if (!retry) {
+          ngrokUrl = testUrl;
+        }
+      } else {
+        healthSpinner.fail(`Server returned status ${response.status}`);
+        printWarning('Make sure the server is running (npm run dev)');
+        const retry = await confirm('Try again?');
+        if (!retry) {
+          ngrokUrl = testUrl;
+        }
+      }
+    } catch (error) {
+      healthSpinner.fail(`Could not reach server: ${error.message}`);
+      printWarning('Make sure both the server AND ngrok are running');
+      const retry = await confirm('Try again?');
+      if (!retry) {
+        ngrokUrl = testUrl;
+      }
+    }
+  }
+
+  // Set GH_WEBHOOK_URL variable
+  const urlSpinner = ora('Updating GH_WEBHOOK_URL variable...').start();
+  const urlResult = await setVariables(owner, repo, { GH_WEBHOOK_URL: ngrokUrl });
+  if (urlResult.GH_WEBHOOK_URL.success) {
+    urlSpinner.succeed('GH_WEBHOOK_URL variable updated');
+  } else {
+    urlSpinner.fail(`Failed: ${urlResult.GH_WEBHOOK_URL.error}`);
+  }
+
+  // Get Telegram token - try .env first
+  let token = env?.TELEGRAM_BOT_TOKEN;
+  if (token) {
+    printInfo('Using Telegram token from .env');
+    const validateSpinner = ora('Validating bot token...').start();
+    const validation = await validateBotToken(token);
+    if (validation.valid) {
+      validateSpinner.succeed(`Bot: @${validation.botInfo.username}`);
+    } else {
+      validateSpinner.fail(`Invalid token in .env: ${validation.error}`);
+      token = null;
+    }
+  }
+
+  if (!token) {
+    const { inputToken } = await inquirer.prompt([
+      {
+        type: 'password',
+        name: 'inputToken',
+        message: 'Telegram bot token:',
+        mask: '*',
+        validate: (input) => {
+          if (!input) return 'Token is required';
+          if (!/^\d+:[A-Za-z0-9_-]+$/.test(input)) {
+            return 'Invalid format. Should be like 123456789:ABC-DEF...';
+          }
+          return true;
+        },
+      },
+    ]);
+    token = inputToken;
+
+    const validateSpinner = ora('Validating bot token...').start();
+    const validation = await validateBotToken(token);
+    if (!validation.valid) {
+      validateSpinner.fail(`Invalid token: ${validation.error}`);
+      process.exit(1);
+    }
+    validateSpinner.succeed(`Bot: @${validation.botInfo.username}`);
+  }
+
+  // Handle webhook secret
+  let webhookSecret = env?.TELEGRAM_WEBHOOK_SECRET;
+  if (webhookSecret) {
+    printInfo('Using existing webhook secret');
+  } else {
+    webhookSecret = await generateTelegramWebhookSecret();
+    updateEnvVariable('TELEGRAM_WEBHOOK_SECRET', webhookSecret);
+    printSuccess('Generated webhook secret');
+  }
+
+  // Register Telegram webhook
+  const webhookUrl = `${ngrokUrl}/api/telegram/webhook`;
+  const tgSpinner = ora('Registering Telegram webhook...').start();
+  const tgResult = await setTelegramWebhook(token, webhookUrl, webhookSecret);
+  if (tgResult.ok) {
+    tgSpinner.succeed('Telegram webhook registered');
+  } else {
+    tgSpinner.fail(`Failed: ${tgResult.description}`);
+  }
+
+  // Handle chat ID verification (required — bot ignores all messages without it)
+  let telegramChatId = env?.TELEGRAM_CHAT_ID;
+
+  if (telegramChatId) {
+    printInfo(`Using existing chat ID: ${telegramChatId}`);
+  } else {
+    // Generate new code and update .env
+    const verificationCode = generateVerificationCode();
+    updateEnvVariable('TELEGRAM_VERIFICATION', verificationCode);
+
+    console.log(chalk.yellow('\n  Waiting for server to restart with new verification code...\n'));
+    await new Promise(resolve => setTimeout(resolve, 3000));
+
+    const chatId = await runVerificationFlow(verificationCode);
+
+    if (chatId) {
+      updateEnvVariable('TELEGRAM_CHAT_ID', chatId);
+      printSuccess(`Chat ID saved: ${chatId}`);
+    } else {
+      printWarning('Chat ID is required \u2014 the bot will not respond without it.');
+      printInfo('Run npm run setup-telegram again to complete setup.');
+    }
+  }
+
+  console.log(chalk.green('\n  Done!\n'));
+  console.log(chalk.dim(`  Webhook URL: ${webhookUrl}\n`));
+}
+
+main().catch((error) => {
+  console.error(chalk.red('\nFailed:'), error.message);
+  process.exit(1);
+});