Fix weird stuff regarding safe mode and replace with actual safe mode, a.k.a. use webhook secret

Author: alwaeles

config/nutgram.yaml

@@ -2,8 +2,8 @@ nutgram:
   # The Telegram bot token
   token: '%env(string:TELEGRAM_TOKEN)%'
 
-  # If true, the webhook mode validates the incoming IP range is from a Telegram server
-  safeMode: false
+  # Specify webhook secret for increased security
+  #webhook_secret: '%env(string:TELEGRAM_TOKEN)%'
 
   # If the nutgram bundle should automatically load the routes from config/telegram.php
   routes: true

src/Console/WebhookSetCommand.php

@@ -10,6 +10,7 @@
 use Symfony\Component\Console\Input\InputOption;
 use Symfony\Component\Console\Output\OutputInterface;
 use Symfony\Component\Console\Style\SymfonyStyle;
+use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
 
 #[AsCommand(
     name: 'nutgram:hook:set',
@@ -19,10 +20,13 @@ class WebhookSetCommand extends Command
 {
     private Nutgram $bot;
 
-    public function __construct(Nutgram $bot, string $name = null)
+    private ParameterBagInterface $parameters;
+
+    public function __construct(Nutgram $bot, ParameterBagInterface $parameters, string $name = null)
     {
         parent::__construct($name);
         $this->bot = $bot;
+        $this->parameters = $parameters;
     }
 
     protected function configure(): void
@@ -50,7 +54,8 @@ protected function execute(InputInterface $input, OutputInterface $output): int
             $max_connections = (int)$max_connections;
         }
 
-        $this->bot->setWebhook($url, ip_address: $ip_address, max_connections: $max_connections);
+        $secret = $this->parameters->get('nutgram.config')['webhook_secret'];
+        $this->bot->setWebhook($url, ip_address: $ip_address, max_connections: $max_connections, secret_token: $secret);
 
         $io->info("Bot webhook set with url: $url");
 

src/DependencyInjection/Configuration.php

@@ -14,7 +14,7 @@ public function getConfigTreeBuilder(): TreeBuilder
         $treeBuilder->getRootNode()
             ->children()
                 ->scalarNode('token')->end()
-                ->booleanNode('safeMode')->end()
+				->scalarNode('webhook_secret')->defaultNull()->end()
                 ->booleanNode('routes')->end()
                 ->arrayNode('config')
                 ->children()

src/DependencyInjection/Factory/NutgramFactory.php

@@ -53,8 +53,9 @@ public function createNutgram(
         } else {
             $webhook = Webhook::class;
 
-            if ($config['safe_mode'] ?? false) {
-                $webhook = new $webhook(fn() => $requestStack->getCurrentRequest()?->getClientIp());
+            if ($config['webhook_secret']) {
+                $webhook = new Webhook(secretToken: $config['webhook_secret']);
+                $webhook->setSafeMode(true);
             }
 
             $bot->setRunningMode($webhook);

tests/Fixtures/test_config.yaml

@@ -4,8 +4,8 @@ framework:
 
 nutgram:
   token: '%env(string:TELEGRAM_TOKEN)%'
-  safeMode: false
   routes: true
+  webhook_secret: 'VerySecret'
   config:
     botId: 123
     apiUrl: 'BlaBla'

tests/Functional/CommandTest.php

@@ -8,6 +8,7 @@
 use SergiX44\NutgramBundle\Console\WebhookRemoveCommand;
 use SergiX44\NutgramBundle\Console\WebhookSetCommand;
 use Symfony\Component\Console\Tester\CommandTester;
+use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
 
 it('call the logout command', function () {
     /** @var \SergiX44\Nutgram\Testing\FakeNutgram $instance */
@@ -72,8 +73,9 @@
 it('calls the set webhook', function () {
     /** @var \SergiX44\Nutgram\Testing\FakeNutgram $instance */
     $instance = static::getContainer()->get(Nutgram::class);
+    $parameters = static::getContainer()->get(ParameterBagInterface::class);
 
-    $commandTester = new CommandTester(new WebhookSetCommand($instance));
+    $commandTester = new CommandTester(new WebhookSetCommand($instance, $parameters));
     $commandTester->execute(['url' => 'http://foo.bar']);
     $commandTester->assertCommandIsSuccessful();