GithubBackup/SaveAny-Bot
1
0
Fork 0
mirror of https://github.com/krau/SaveAny-Bot.git synced 2026-05-11 18:59:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix security issues: sanitize error messages and fix test port

Browse Source 
Co-authored-by: krau <71133316+krau@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-01-19 04:49:03 +00:00
parent 7b0142ef82
commit 9dcb5201e1
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
api/handlers.go
View File

@@ -104,7 +104,7 @@ func handleCreateTask(w http.ResponseWriter, r *http.Request) {
stor, err = storage.GetStorageByUserIDAndName(r.Context(), req.UserID, req.StorageName) stor, err = storage.GetStorageByUserIDAndName(r.Context(), req.UserID, req.StorageName)
if err != nil { if err != nil {
logger.Errorf("Failed to get storage: %v", err) logger.Errorf("Failed to get storage: %v", err)
respondError(w, fmt.Sprintf("storage not found: %v", err), http.StatusBadRequest) respondError(w, "storage not found", http.StatusBadRequest)
return return
} }
} else { } else {
@@ -127,7 +127,7 @@ func handleCreateTask(w http.ResponseWriter, r *http.Request) {
chatID, msgID, err := tgutil.ParseMessageLink(botCtx, req.TelegramURL) chatID, msgID, err := tgutil.ParseMessageLink(botCtx, req.TelegramURL)
if err != nil { if err != nil {
logger.Errorf("Failed to parse Telegram URL: %v", err) logger.Errorf("Failed to parse Telegram URL: %v", err)
respondError(w, fmt.Sprintf("invalid telegram URL: %v", err), http.StatusBadRequest) respondError(w, "invalid telegram URL format", http.StatusBadRequest)
return return
} }
@@ -135,7 +135,7 @@ func handleCreateTask(w http.ResponseWriter, r *http.Request) {
msg, err := tgutil.GetMessageByID(botCtx, chatID, msgID) msg, err := tgutil.GetMessageByID(botCtx, chatID, msgID)
if err != nil { if err != nil {
logger.Errorf("Failed to get message: %v", err) logger.Errorf("Failed to get message: %v", err)
respondError(w, fmt.Sprintf("failed to get telegram message: %v", err), http.StatusInternalServerError) respondError(w, "failed to retrieve message", http.StatusBadRequest)
return return
} }
@@ -150,7 +150,7 @@ func handleCreateTask(w http.ResponseWriter, r *http.Request) {
tgFile, err := tfile.FromMediaMessage(media, botCtx.Raw, msg) tgFile, err := tfile.FromMediaMessage(media, botCtx.Raw, msg)
if err != nil { if err != nil {
logger.Errorf("Failed to create TGFile: %v", err) logger.Errorf("Failed to create TGFile: %v", err)
respondError(w, fmt.Sprintf("failed to create file from message: %v", err), http.StatusBadRequest) respondError(w, "invalid message format", http.StatusBadRequest)
return return
} }

2
test_api.sh
View File

@@ -2,7 +2,7 @@
# API Test Script for SaveAny-Bot HTTP API # API Test Script for SaveAny-Bot HTTP API
API_URL="http://localhost:18080" API_URL="http://localhost:8080"
TOKEN="test-token-12345" TOKEN="test-token-12345"
HEADERS=(-H "Authorization: Bearer ${TOKEN}" -H "Content-Type: application/json") HEADERS=(-H "Authorization: Bearer ${TOKEN}" -H "Content-Type: application/json")