Comments (20)
I've looked into that code and didn't directly found an example where you have to enter a username and password. The username and password you have to enter in the config of tgrsbot were for radarr and sonarr.
I could implement a feature that only specific groupchatids are allowed to chat with your bot. Is it that what you were implicating?
from addarr.
Sorry, i posted wrong project. https://github.com/eamondo2/telegram-radarr-bot?files=1
Look at the acl.json
from addarr.
I've found the auth part in that project. I just don't quite get it why I should do this. When you don't share your TelegramBot API, it's secure I assume. Except you could convince me?
from addarr.
Bots can't initiate conversations with users. A user must either add them to a group or send them a message first. People can use telegram.me/<bot_username> links or username search to find your bot..
So by default anyone can access your, on his name..
from addarr.
That's something I didn't know. Thanks for the explanation! I will look into it to make this chatbot more secure. I will make an /auth
command that you need to execute the first time.
from addarr.
Creat job! Thnx for your work
from addarr.
You could also implement a whitelist of user id's that would actually be allowed to interact with the bot at all instead. Would be quite easy to implement and would achieve the same goal.
from addarr.
That's indeed also a possibility how to implement this.
I was thinking to implement it like this. Before you could use the bot, you should execute an /auth command with password. Then when it's the right password, the chatid will be added to a whitelist of allowed chatid's. And every time you use the bot, this will be checked.
from addarr.
Wouldn't it make more sense to make /start
prompt for a password instead of requiring the user to call /auth <password>
before sending /start
? Especially because a new conversation with a bot on Telegram will automatically send /start
.
from addarr.
That's indeed a better way to handle this. I will soon change it to this. So the first time you enter the bot. Telegram will send /start
and then the bot will ask for the password. If it's it correct, your chatid will be saved to a file. Does this sound alright to you?
from addarr.
That would sound perfect yes. Could you however specify what file? Odds are the strange behavior I have with the docker image is directly related to this. As in if I restart the process of the bot I have to message /start
again to get it to work at all.
from addarr.
Now it's saved to chatid.txt
. So every time a chat is authorized, the bot will write the chatid int to this file.
from addarr.
Great work, I'll try it tomorrow π
from addarr.
It works, but it is flawed and that should probably be fixed ASAP.
You probably only tested this with a single user, in the case of multiple users the chat id's are simply appended after each other without any form of delimiter. As a result, if my user id would be 1 and yours would be 2, then the contents of chatids.txt would be 12. Naturally granting access to user with id 12 as well. New line delimiting would already be enough to fix this.
from addarr.
I fixed it. Thanks for letting me know!
from addarr.
I would say that it's still not entirely fixed though. You should probably read out the file line by line and check the complete line. If my id would be 12 and user with 1 or 2 would try to use this service it would still work.
from addarr.
I've made a fix for it. Now it reads line by line. I don't think my fix is the most efficient one. When I have more time I will look to change it.
from addarr.
Feature works great now, multiple chatids.
But what about logging when someone enters the wrong password? (audit)
from addarr.
Is a great idea. I will surely add this later!
from addarr.
The latest release consist of the added audit function. The audit is saved to the logfile.
from addarr.
Related Issues (20)
- Docker not starting HOT 6
- Authentication Error HOT 3
- Adding tags HOT 1
- TypeError: string indices must be integers, not 'str' HOT 7
- Authentication Issue: Incorrect Password Error in Group Chat HOT 1
- Add Support for qBittorrent Commands HOT 1
- Error at chosse Quality HOT 1
- Problem adding series at season selection HOT 1
- IndexError when search for movie title "The Ministry of Ungentlemanly Warfare" [BUG] HOT 1
- Error "You are missing configkeys in your config.yaml-file. Add these before restarting the bot." HOT 7
- Config Problem HOT 2
- addarr does not raise from synology HOT 3
- Container failing when trying to add a movie HOT 6
- Adding a series flow HOT 12
- requests.exceptions.MissingSchema: Invalid URL 'None': No scheme supplied. Perhaps you meant https://None? HOT 1
- ValueError: max() arg is an empty sequence HOT 1
- Finds, but does not add series "Unfortunately, it was not possible to add the series. To start a new search, enter - films" HOT 14
- CanΒ΄t start the bot
- Add movie url
- sonarr bug
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from addarr.