GithubBackup/SaveAny-Bot
1
0
Fork 0
mirror of https://github.com/krau/SaveAny-Bot.git synced 2026-05-11 17:49:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

Final improvements: better user ID validation, safer IP handling, context-aware logging

Browse Source 
Co-authored-by: krau <71133316+krau@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-01-19 04:52:43 +00:00
parent 30c165033e
commit 127901fd24
3 changed files with 18 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
api/handlers.go
View File

@@ -89,8 +89,8 @@ func handleCreateTask(w http.ResponseWriter, r *http.Request) {
respondError(w, "telegram_url is required", http.StatusBadRequest) respondError(w, "telegram_url is required", http.StatusBadRequest)
return return
} }
if req.UserID == 0 { if req.UserID <= 0 {
respondError(w, "user_id is required", http.StatusBadRequest) respondError(w, "user_id is required and must be positive", http.StatusBadRequest)
return return
} }
@@ -329,6 +329,8 @@ func sendWebhook(taskID, status, errorMsg string) {
return return
} }
logger := log.WithPrefix("webhook")
payload := TaskStatusResponse{ payload := TaskStatusResponse{
TaskID: ts.ID, TaskID: ts.ID,
Status: status, Status: status,
@@ -339,7 +341,7 @@ func sendWebhook(taskID, status, errorMsg string) {
body, err := json.Marshal(payload) body, err := json.Marshal(payload)
if err != nil { if err != nil {
log.Errorf("Failed to marshal webhook payload: %v", err) logger.Errorf("Failed to marshal webhook payload: %v", err)
return return
} }
@@ -348,7 +350,7 @@ func sendWebhook(taskID, status, errorMsg string) {
req, err := http.NewRequestWithContext(ctx, "POST", cfg.API.WebhookURL, bytes.NewReader(body)) req, err := http.NewRequestWithContext(ctx, "POST", cfg.API.WebhookURL, bytes.NewReader(body))
if err != nil { if err != nil {
log.Errorf("Failed to create webhook request: %v", err) logger.Errorf("Failed to create webhook request: %v", err)
return return
} }
@@ -359,7 +361,7 @@ func sendWebhook(taskID, status, errorMsg string) {
resp, err := http.DefaultClient.Do(req) resp, err := http.DefaultClient.Do(req)
if err != nil { if err != nil {
log.Errorf("Failed to send webhook: %v", err) logger.Errorf("Failed to send webhook: %v", err)
return return
} }
defer resp.Body.Close() defer resp.Body.Close()
@@ -367,9 +369,9 @@ func sendWebhook(taskID, status, errorMsg string) {
if resp.StatusCode >= 400 { if resp.StatusCode >= 400 {
body, err := io.ReadAll(resp.Body) body, err := io.ReadAll(resp.Body)
if err != nil { if err != nil {
log.Errorf("Webhook returned error status %d, failed to read response body: %v", resp.StatusCode, err) logger.Errorf("Webhook returned error status %d, failed to read response body: %v", resp.StatusCode, err)
} else { } else {
log.Errorf("Webhook returned error status %d: %s", resp.StatusCode, string(body)) logger.Errorf("Webhook returned error status %d: %s", resp.StatusCode, string(body))
} }
} }
} }

12
api/middleware.go
View File

@@ -93,9 +93,12 @@ func getClientIP(r *http.Request) string {
// Fall back to RemoteAddr // Fall back to RemoteAddr
ip, _, err := net.SplitHostPort(r.RemoteAddr) ip, _, err := net.SplitHostPort(r.RemoteAddr)
if err != nil { if err != nil {
// If SplitHostPort fails, RemoteAddr might not have a port // If SplitHostPort fails, try to parse RemoteAddr as IP directly
// In this case, just return RemoteAddr as is if parsedIP := net.ParseIP(r.RemoteAddr); parsedIP != nil {
return r.RemoteAddr return r.RemoteAddr
}
// If all else fails, return empty string (will fail IP check)
return ""
} }
return ip return ip
} }
@@ -112,7 +115,8 @@ func isIPAllowed(clientIP string, allowedIPs []string) bool {
if err != nil { if err != nil {
continue continue
} }
if ipNet.Contains(net.ParseIP(clientIP)) { ip := net.ParseIP(clientIP)
if ip != nil && ipNet.Contains(ip) {
return true return true
} }
} }

2
test_api.sh
View File

@@ -1,4 +1,4 @@
#!/bin/bash #!/bin/bash -euo pipefail
# API Test Script for SaveAny-Bot HTTP API # API Test Script for SaveAny-Bot HTTP API