test #62
Open
test #62
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…668828 Fix Application Startup Errors
…668828 fix: Resolve multiple startup and runtime errors
…668828 fix: Resolve multiple startup and runtime errors
…668828 fix: Resolve multiple startup and runtime errors
Fixes a 'utf-8' codec error when adding servers with passwords by correctly encoding encrypted secrets to Base64 before database storage. Resolves an issue where the bot would become unresponsive after this error by ensuring the ConversationHandler terminates correctly. The encrypted bytes are now stored as a safe ASCII string, preventing data corruption. The server-add conversation flow is now more robust and correctly handles exceptions without leaving the bot in a stuck state.
…72708733 Fix Server Addition Crash and Unresponsiveness
This commit introduces a centralized, robust message parsing system to fix all `telegram.error.BadRequest: Can't parse entities` errors. Key changes: - Centralized `_safe_send_message` and `_safe_edit_message_text` helper functions in `src/main.py` to handle all message sending and editing. - These functions now automatically apply language-aware Markdown/HTML escaping to all outgoing text, preventing parsing errors. - Refactored the entire `src/main.py` codebase to exclusively use these safe helper functions, eliminating all direct calls to `send_message`, `reply_text`, and `edit_message_text`. - Fixed multiple issues in the test suite (`tests/test_bot_commands.py`) related to improper mocking and database setup, ensuring the tests are reliable and pass consistently. - Added the missing `__init__` method to the `MessageBuilder` class in `src/parse_mode.py`. This change establishes a "pit of success" pattern for sending messages, making the safe, escaped-by-default method the easiest and only way to communicate with the user, thus preventing an entire class of bugs.
…17333129277 Implement Project-Wide Robust Message Parsing
…e bug This commit addresses two critical issues: 1. **`telegram.error.BadRequest: Can't parse entities`:** Implements a project-wide solution by creating centralized `_safe_send_message` and `_safe_edit_message_text` helper functions. These functions automatically apply MarkdownV2 escaping to all outgoing text, preventing parsing errors caused by special characters. The entire `main.py` has been refactored to use these safe wrappers. 2. **`AttributeError: 'Message' object has no attribute 'send_message'`:** Fixes a regression introduced during the initial refactoring. All calls to the safe sending functions have been corrected to target the `update.message.chat` object instead of `update.message`, resolving the `AttributeError`. Additionally, this change improves the reliability of the test suite by ensuring the test database is correctly initialized and cleaned up for each test run.
…17333129277 fix(telegram): implement robust markdown escaping and fix send_messag…
This commit addresses three critical issues: - Fixes broken text formatting by correctly applying Markdown escaping. - Ensures user language preferences are persistent across bot restarts. - Resolves a connection timeout on the /dashboard command by running database queries asynchronously. Additionally, this commit removes out-of-scope code, cleans up duplicated functions, and restores the correct project structure.
This commit introduces a comprehensive set of security enhancements and bug fixes. Security Hardening: - Implements a key rotation mechanism with versioning, allowing administrators to rotate encryption keys without data loss. A new `scripts/rotate_key.py` script is provided for this purpose. - Creates a `SECURITY.md` file to explicitly document the project's threat model, key management procedures, and operator responsibilities. - Justifies the continued use of Fernet as a secure and maintainable choice for the project's needs. Bug Fixes: - Resolves text formatting errors by removing hardcoded markdown from translations and applying formatting programmatically with the `MessageBuilder`. - Fixes the `/dashboard` command timeout by executing all database queries asynchronously in a separate thread. - Ensures user language preferences are persistent across bot restarts by pre-loading them into a cache on startup. This commit also restores the database functions that were accidentally deleted in a previous step, ensuring the `/dashboard` is fully functional.
…057395 Fix multiple bugs and improve stability
This commit resolves critical user-reported bugs, hardens the entire UI rendering layer, and implements significant security enhancements. **Bug Fixes:** - **Dashboard Timeout:** The `/dashboard` command no longer times out. All synchronous database calls have been refactored to run in a separate thread using `asyncio.to_thread` and `asyncio.gather`, preventing the event loop from being blocked. - **Language Persistence:** User language preferences are now correctly persisted across bot restarts. A new `load_languages_into_cache` function is called on startup to load all user language settings from the database into an in-memory cache. - **Text Formatting:** All hardcoded markdown has been removed from localization files. The main menu and other UI components now use the `MessageBuilder` class to programmatically and safely construct formatted messages, resolving parsing errors. **UI Hardening:** - Created new centralized, fail-safe rendering functions (`_send_message_safely` and `_edit_message_safely`) in `src/main.py`. - These functions automatically escape text by default to prevent Telegram parsing errors, and provide a `preformatted` flag for trusted, pre-formatted content (e.g., from `MessageBuilder`). - They include a fallback mechanism that retries sending a message as plain text if a parsing error occurs. - Performed a comprehensive refactor of the entire `src/main.py` file to replace every direct call to the Telegram API (`send_message`, `edit_message_text`, `reply_text`) with these new hardened functions, ensuring 100% of the UI is protected. **Security Enhancements:** - **Key Rotation:** Implemented a key versioning system in `src/security.py`. Ciphertext is now prefixed with the key version, and the key file is a versioned JSON document. This allows for seamless key rotation without requiring a full data re-encryption or causing data loss. - **Key Rotation Script:** Created a new script, `scripts/rotate_key.py`, to allow administrators to securely generate a new primary encryption key and re-encrypt all secrets in the database. - **Security Documentation:** Added a `SECURITY.md` file that explicitly documents the project's threat model, cryptographic choices (justifying the continued use of Fernet), key management procedures, and operator responsibilities. This comprehensive set of changes significantly improves the bot's stability, reliability, and security posture, directly addressing all user-reported issues and hardening the application for production use.
…057395 fix: Comprehensive UI, Security, and Bug Fixes
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
فثسف