Arnike/duty-teller
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 14 Wiki Activity

Enhance API and configuration for Telegram miniapp

Browse Source 
- Added support for CORS origins and a new environment variable for miniapp access control.
- Implemented date validation for API requests to ensure correct date formats.
- Updated FastAPI app to allow access without Telegram initData for local development.
- Enhanced error handling and logging for better debugging.
- Added tests for API functionality and Telegram initData validation.
- Updated README with new environment variable details and testing instructions.
- Modified Docker and Git ignore files to include additional directories and files.
This commit is contained in:
Nikolay Tatarinov
2026-02-17 17:21:35 +03:00
parent 7cdf1edc34
commit 5dc8c8f255
19 changed files with 447 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
README.md
View File

@@ -36,6 +36,12 @@ A minimal Telegram bot boilerplate using [python-telegram-bot](https://github.co
5. **Miniapp access (calendar)**
To allow access to the calendar miniapp, set `ALLOWED_USERNAMES` to a comma-separated list of Telegram usernames (without `@`). Users in `ADMIN_USERNAMES` also have access; the admin role is reserved for future bot commands and API features. If both are empty, no one can open the calendar.
6. **Optional env**
- `DATABASE_URL` DB connection (default: `sqlite:///data/duty_teller.db`).
- `MINI_APP_BASE_URL` Base URL of the miniapp (for documentation / CORS).
- `MINI_APP_SKIP_AUTH` Set to `1` to allow `/api/duties` without Telegram initData (dev only; insecure).
- `CORS_ORIGINS` Comma-separated allowed origins for CORS, or leave unset for `*`.
## Run
```bash
@@ -62,9 +68,24 @@ Ensure `.env` exists (e.g. `cp .env.example .env`) and contains `BOT_TOKEN`.
## Project layout
- `main.py` Builds the `Application`, registers handlers, runs polling.
- `config.py` Loads `BOT_TOKEN`, `ALLOWED_USERNAMES`, `ADMIN_USERNAMES` from env; exits if `BOT_TOKEN` is missing.
- `main.py` Builds the `Application`, registers handlers, runs polling and FastAPI in a thread.
- `config.py` Loads `BOT_TOKEN`, `DATABASE_URL`, `ALLOWED_USERNAMES`, `ADMIN_USERNAMES`, `CORS_ORIGINS`, etc. from env; exits if `BOT_TOKEN` is missing.
- `api/` FastAPI app (`/api/duties`), Telegram initData validation, static webapp mount.
- `db/` SQLAlchemy models, session, repository, schemas.
- `alembic/` Migrations (use `config.DATABASE_URL`).
- `handlers/` Command and error handlers; add new handlers here.
- `requirements.txt` Pinned dependencies (PTB with job-queue, python-dotenv).
- `webapp/` Miniapp UI (calendar, duty list); served at `/app`.
- `requirements.txt` Pinned dependencies (PTB, FastAPI, SQLAlchemy, Alembic, etc.).
To add commands, define async handlers in `handlers/commands.py` (or a new module) and register them in `handlers/__init__.py`.
## Tests
Install dev dependencies and run pytest:
```bash
pip install -r requirements-dev.txt
pytest
```
Tests cover `api/telegram_auth` (validate_init_data), `config` (is_admin, can_access_miniapp), and the API (date validation, 403/200 with mocked auth).