telegram-hcaptcha-bot

Workflow

Screenshots

| Landing page | Verified | Failed to verify | |:-------------:|:-------------:|:-----:| | | | |

How everything is connected

Setup:

1. Create your telegram bot (please check section below).
2. Signup to hCaptcha to get your site key and secret (please check section below) .
3. Install dependencies: pipenv install --dev (make sure to have pipenv installed).
4. Copy .env.sample to .env and add: TELEGRAM_USERNAME, TELEGRAM_TOKEN, HCAPTCHA_SECRET and HCAPTCHA_SITE_KEY.

Where to get HCAPTCHA_SECRET & HCAPTCHA_SITE_KEY

1. Signup to hCaptcha.
2. To get HCAPTCHA_SECRET: go the Settings tab.
3. To get HCAPTCHA_SITE_KEY: go to Sites tab and create a new site key.

Run application locally

shell cd app && FLASK_APP=wsgi.py FLASK_DEBUG=1 python3 -m flask run

Running the app inside docker container:

```bash

start

docker-compose up

stop

docker-compose down ```

Run on heroku

Incase you need to run your the application on heroku:

1. heroku create <dev_instance_name> --remote development
2. Add APP_URL with your dev instance link

Signup for a new Telegram bot

1. Create a new bot on telegram and note the secret token and the bot username: Creating a new bot - Telegram documentation
2. Create a new account on hCaptcha and note the sitekey and the secret token
3. Invite the bot to your Telegram channel and set it as admin

Run tests

1. pipenv run python -m pytest
2. With coverage:
3. pipenv run coverage run --include="app/*" -m pytest
4. Show report: pipenv run coverage report -m or as html: pipenv run coverage html && open htmlcov/index.html
5. Run single test method: e.g. python -m pytest app/tests/test_bot.py -k 'test_is_verified'
6. Rung single test with ipdb breakpoint: python -m pytest -s app/tests/bot_handlers/test_handle_invitation.py

Deploying

How to deploy automatically

Staging

Simply merge all your changes to staging branch, and it will be deployed to the staging heroku on successful builds and tests passing in github.

Production

Merge all your changes to master and it will be deployed to the prod environment.

How to deploy manually

• Check the "Setup" section above and make sure that tests passes locally.

• If using the herkou cli approach, be sure to run this first:

  • heroku login

• Make sure you've already remote tracking for your target env (one of):

  • git remote add <env> https://git.heroku.com/<app>.git
  • heroku git:remote -a staging-hcaptcha-telegram-bot
  • heroku git:remote -a prod-hcaptcha-telegram-bot
    • If using the heroku command, you may want to rename the envs appropriately as they will all be called heroku
    • git remote rename heroku staging

• Deploy code changes:

  • git push <env> your_dev_branch:master (push specified branch)
  • git push staging master:master (push master from origin to staging remote master)

• Run DB migrations:

  • heroku run "python manage.py db upgrade -d app/migrations/" --remote <env>

• If DB migration was needed you may need to manually start up the app:

  • heroku run web --remote <env> (start up app inline)
  • heroku ps:scale web=1 --remote <env> (start up more instances of the app)

Environments

• Prod:
  • Bot name: hCaptchaBot
  • URL: https://prod-hcaptcha-telegram-bot.herokuapp.com/
• Staging:
  • Bot name: yellow_tg_bot
  • URL: https://staging-hcaptcha-telegram-bot.herokuapp.com/

Troubleshooting

• Check logs on heroku: heroku logs --tail --remote <env>
• The bot must be in a supergroup and the bot must be have admin permissions.

Issues

Bump certifi from 2020.12.5 to 2022.12.7

opened on 2022-12-08 07:48:11 by dependabot[bot]

Bumps certifi from 2020.12.5 to 2022.12.7.

Commits

• 9e9e840 2022.12.07
• b81bdb2 2022.09.24
• 939a28f 2022.09.14
• aca828a 2022.06.15.2
• de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ...
• b8eb5e9 2022.06.15.1
• 47fb7ab Fix deprecation warning on Python 3.11 (#199)
• b0b48e0 fixes #198 -- update link in license
• 9d514b4 2022.06.15
• 4151e88 Add py.typed to MANIFEST.in to package in sdist (#196)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hCaptcha/telegram-bot/network/alerts).

Bump mako from 1.1.4 to 1.2.2

opened on 2022-09-16 18:35:25 by dependabot[bot]

Bumps mako from 1.1.4 to 1.2.2.

Release notes

Sourced from mako's releases.

1.2.2

Released: Mon Aug 29 2022

bug

• [bug] [lexer] Fixed issue in lexer where the regexp used to match tags would not correctly interpret quoted sections individually. While this parsing issue still produced the same expected tag structure later on, the mis-handling of quoted sections was also subject to a regexp crash if a tag had a large number of quotes within its quoted sections.

  References: #366

1.2.1

Released: Thu Jun 30 2022

bug

• [bug] [tests] Various fixes to the test suite in the area of exception message rendering to accommodate for variability in Python versions as well as Pygments.

  References: #360

misc

• [performance] Optimized some codepaths within the lexer/Python code generation process, improving performance for generation of templates prior to their being cached. Pull request courtesy Takuto Ikuta.

  References: #361

1.2.0

Released: Thu Mar 10 2022

changed

• [changed] [py3k] Corrected "universal wheel" directive in setup.cfg so that building a wheel does not target Python 2.

  References: #351

• [changed] [py3k] The bytestring_passthrough template argument is removed, as this flag only applied to Python 2.

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hCaptcha/telegram-bot/network/alerts).

Bump ipython from 7.21.0 to 7.31.1

opened on 2022-01-21 19:36:24 by dependabot[bot]

Bumps ipython from 7.21.0 to 7.31.1.

Commits

• e321e76 release 7.31.1
• 67ca2b3 Merge pull request from GHSA-pq7m-3gw7-gq5x
• 2794330 back to dev
• be343e7 release 7.31.0
• 0fcf2c4 Merge pull request #13428 from meeseeksmachine/auto-backport-of-pr-13427-on-7.x
• b8db9b1 Backport PR #13427: wn 731
• 7f253dc Merge pull request #13412 from bnavigator/backport-inspect
• 4f26796 fix xxlimited_35 import name
• 77ca4a6 don't run nose-based iptest on py310, only pytest
• 533e509 back to decorator skip
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hCaptcha/telegram-bot/network/alerts).

Error during deployment

opened on 2021-02-11 13:54:15 by reejit

Hello there When I want to deploy the bot I get error two instances are running at same movement please help me with it!

Close hanging transactions

opened on 2020-10-29 23:07:10 by gaieges

Few places where we leave open many connections to the db as indicated by:

$ heroku pg:ps --remote staging pid | state | source | username | running_for | transaction_start | waiting | query -------+---------------------+--------+----------------+-----------------+-------------------------------+---------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 31479 | idle in transaction | | keoguvuxlyqnts | 00:18:13.381006 | 2020-10-29 22:47:14.225349+00 | t | SELECT messages.id AS messages_id, messages.user_id AS messages_user_id, messages.chat_id AS messages_chat_id, messages.message_id AS messages_message_id, messages.created_date AS messages_created_date + | | | | | | | FROM messages + | | | | | | | WHERE messages.created_date <= '2020-10-29T23:02:16.844205'::timestamp 31478 | idle in transaction | | keoguvuxlyqnts | 00:18:13.585231 | 2020-10-29 22:47:14.021124+00 | t | SELECT messages.id AS messages_id, messages.user_id AS messages_user_id, messages.chat_id AS messages_chat_id, messages.message_id AS messages_message_id, messages.created_date AS messages_created_date + | | | | | | | FROM messages + | | | | | | | WHERE messages.created_date <= '2020-10-29T23:02:16.677969'::timestamp 19092 | idle in transaction | | keoguvuxlyqnts | 05:22:02.090353 | 2020-10-29 17:43:25.516002+00 | t | SELECT messages.id AS messages_id, messages.user_id AS messages_user_id, messages.chat_id AS messages_chat_id, messages.message_id AS messages_message_id, messages.created_date AS messages_created_date + | | | | | | | FROM messages + | | | | | | | WHERE messages.created_date <= '2020-10-29T23:01:51.706861'::timestamp 26644 | idle in transaction | | keoguvuxlyqnts | 00:49:48.350257 | 2020-10-29 22:15:39.256098+00 | t | SELECT messages.id AS messages_id, messages.user_id AS messages_user_id, messages.chat_id AS messages_chat_id, messages.message_id AS messages_message_id, messages.created_date AS messages_created_date + | | | | | | | FROM messages + | | | | | | | WHERE messages.created_date <= '2020-10-29T23:00:42.551756'::timestamp 4304 | idle in transaction | | keoguvuxlyqnts | 03:08:25.218032 | 2020-10-29 19:57:02.388323+00 | t | SELECT messages.id AS messages_id, messages.user_id AS messages_user_id, messages.chat_id AS messages_chat_id, messages.message_id AS messages_message_id, messages.created_date AS messages_created_date + | | | | | | | FROM messages + | | | | | | | WHERE messages.created_date <= '2020-10-29T23:00:16.607548'::timestamp 31140 | idle in transaction | | keoguvuxlyqnts | 00:20:27.888331 | 2020-10-29 22:44:59.718024+00 | t | SELECT channels.id AS channels_id, channels.chat_id AS channels_chat_id, channels.restrict AS channels_restrict, channels.name AS channels_name + | | | | | | | FROM channels + | | | | | | | WHERE channels.chat_id = '1108918469'

Exceptions should also report something to the user, rather than just not responding

opened on 2020-10-22 19:03:22 by gaieges

At least say something like "we encountered an error processing this request" to indicate to look at the logs