This commit is contained in:
blank X 2021-03-04 19:16:07 +07:00
parent d695dd9e9b
commit 91a25b6bd6
Signed by: blankie
GPG Key ID: CC15FC822C7F61F5
2 changed files with 38 additions and 7 deletions

View File

@ -2,7 +2,12 @@ telegram:
api_id: 0 api_id: 0
api_hash: https://my.telegram.org api_hash: https://my.telegram.org
bot_token: https://t.me/BotFather bot_token: https://t.me/BotFather
# If authorized tokens does not exist, no authorization is required # If authorized tokens and hmac does not exist, no authorization is required
authorized_tokens: authorized_tokens:
- DIi4aXHn440PTPXJE1yVyIoU2L4bLGiyjC1Fd7usKAMZYWVcp5p0P792G4YlbNnIcWCLypXbUFJkVzKqhh0AkJYSWqJbsAy8TjA - DIi4aXHn440PTPXJE1yVyIoU2L4bLGiyjC1Fd7usKAMZYWVcp5p0P792G4YlbNnIcWCLypXbUFJkVzKqhh0AkJYSWqJbsAy8TjA
- RCywhzEkwqWmDjsqhBdNMwO1cQNi72SWsvAKZxdoeFylbioqKCZjEKyjgDXkYn6xeMQLj4dDq6QoonVAU1b1MDyOUX9CvT5W4MP - RCywhzEkwqWmDjsqhBdNMwO1cQNi72SWsvAKZxdoeFylbioqKCZjEKyjgDXkYn6xeMQLj4dDq6QoonVAU1b1MDyOUX9CvT5W4MP
hmac:
- key: QgTz0hoawBdIMUEULxMa0QXHOPjBujO5Vl3Liao87H0687JPDbd6ixB08vWWZOqXpOKv7kcDb1QGkkYeAirlrnvzkC7ZYwN63lR
digest: sha512
- key: ni1KHr52uvpO1tEBFXIYylha2CTfnTafY2b3qE0V7qNMj5eYtSMN0VGnuJHoFxDLSe2lUebyH3d2zA9q5IDfAs9qYWQ27mFV099
digest: sha256

View File

@ -3,6 +3,7 @@ logging.basicConfig(level=logging.INFO)
import os import os
import yaml import yaml
import hmac
from aiohttp import web from aiohttp import web
from telethon import TelegramClient from telethon import TelegramClient
from telethon.utils import _get_file_info from telethon.utils import _get_file_info
@ -13,27 +14,52 @@ with open('config.yaml') as file:
client = TelegramClient('streamtg', config['telegram']['api_id'], config['telegram']['api_hash']) client = TelegramClient('streamtg', config['telegram']['api_id'], config['telegram']['api_hash'])
authorized_tokens = config.get('authorized_tokens') authorized_tokens = config.get('authorized_tokens')
hmacs = [hmac.new(i['key'].encode(), digestmod=i['digest']) for i in config.get('hmac', ())]
port = os.environ.get('PORT', 8080) port = os.environ.get('PORT', 8080)
def verify_token(token):
return token in authorized_tokens
def verify_hmac(hexdigest, chat_id, message_ids):
text = f'{chat_id}|{"|".join(message_ids)}'.encode()
for i in hmacs:
i = i.copy()
i.update(text)
if hmac.compare_digest(hexdigest, i.hexdigest()):
return True
return False
async def handler(request): async def handler(request):
query = request.query query = request.query
if authorized_tokens: token = query.get('token')
if 'token' not in query: hexdigest = query.get('hmac')
return web.Response(status=401, text='Unauthorized') if not token and not hexdigest and (authorized_tokens or hmacs):
if query['token'] not in authorized_tokens: return web.Response(status=401, text='Missing token or hmac')
return web.Response(status=403, text='Forbidden')
if 'chat_id' not in query: if 'chat_id' not in query:
return web.Response(status=400, text='Missing chat_id') return web.Response(status=400, text='Missing chat_id')
chat_id = query['chat_id'] chat_id = query['chat_id']
try: try:
chat_id = int(chat_id) chat_id = int(chat_id)
except ValueError: except ValueError:
pass try:
chat_id = await client.get_peer_id(chat_id)
except BaseException:
if authorized_tokens or hmacs:
logging.exception('Exception occured while getting chat id of %s, returning 403 to hide known chats', chat_id)
return web.Response(status=403, text='Forbidden')
raise
if 'message_id' not in query: if 'message_id' not in query:
return web.Response(status=400, text='Missing message_id') return web.Response(status=400, text='Missing message_id')
message_ids = query.getall('message_id') message_ids = query.getall('message_id')
if any(True for i in message_ids if not i.isnumeric() or i == '0'): if any(True for i in message_ids if not i.isnumeric() or i == '0'):
return web.Response(status=400, text='Invalid message_id') return web.Response(status=400, text='Invalid message_id')
if authorized_tokens or hmacs:
if not token or not verify_token(token):
if hexdigest:
if not verify_hmac(hexdigest, chat_id, message_ids):
return web.Response(status=403, text='Forbidden')
else:
return web.Response(status=403, text='Forbidden')
message_ids = list(map(int, message_ids)) message_ids = list(map(int, message_ids))
messages = await client.get_messages(chat_id, ids=message_ids) messages = await client.get_messages(chat_id, ids=message_ids)
if any(True for i in messages if i is None): if any(True for i in messages if i is None):