Refactor configuration and enhance Telegram initData validation
- Improved formatting and readability in config.py and other files by adding line breaks. - Introduced INIT_DATA_MAX_AGE_SECONDS to enforce replay protection for Telegram initData. - Updated validate_init_data function to include max_age_seconds parameter for validation. - Enhanced API to reject old initData based on the new max_age_seconds setting. - Added tests for auth_date expiry and validation of initData in test_telegram_auth.py. - Updated README with details on the new INIT_DATA_MAX_AGE_SECONDS configuration.
This commit is contained in:
3
main.py
3
main.py
@@ -1,4 +1,5 @@
|
||||
"""Single entry point: build Application, run HTTP server + polling. Migrations run in Docker entrypoint."""
|
||||
|
||||
import asyncio
|
||||
import logging
|
||||
import threading
|
||||
@@ -18,6 +19,7 @@ logger = logging.getLogger(__name__)
|
||||
def _run_uvicorn(web_app, port: int) -> None:
|
||||
"""Run uvicorn in a dedicated thread with its own event loop."""
|
||||
import uvicorn
|
||||
|
||||
loop = asyncio.new_event_loop()
|
||||
asyncio.set_event_loop(loop)
|
||||
server = uvicorn.Server(
|
||||
@@ -31,6 +33,7 @@ def main() -> None:
|
||||
register_handlers(app)
|
||||
|
||||
from api.app import app as web_app
|
||||
|
||||
t = threading.Thread(
|
||||
target=_run_uvicorn,
|
||||
args=(web_app, config.HTTP_PORT),
|
||||
|
||||
Reference in New Issue
Block a user