search

Helixform / TeleGPT

An out-of-box ChatGPT bot for Telegram.
https://icystudio.github.io/TeleGPT/telegpt_core
MIT License
236 stars 15 forks source link

[Question] What if user has no name? #9

Open JokerQyou opened 1 year ago

JokerQyou commented 1 year ago

Username is optional on Telegram. So if a user has no username, it's impossible to manage - you can't set him as admin, or dynamically add / delete him.

unixzii commented 1 year ago

Hi @JokerQyou, this is a known issue found at the early-stage of the development. For security considerations, we will not support changing the first admin user at run time. However, using username is not that good as well, because users may change their usernames anytime.

We are planning to use user_id to identify a user, it will be an option addition to the username.

t4nature commented 7 months ago

I have an idea: After running the bot executable file, make the bot temporarily unusable by anyone and have no administrators assigned. At this time, a link like 'https://t.me/botname_bot?start=token' will be displayed in the terminal where the bot executable is run. This guides users to use their own Telegram account to open it for 'bot recognition.' The token, randomly generated on the first run, is long enough to ensure security.

Furthermore, after the 'recognition,' a password can be generated and sent to the user via a message with a copy feature. This password is used to encrypt local sensitive data, such as the OpenAI token and the Telegram bot token, and also serves as the database password. When rerunning the bot executable, it will require entering the password, similar to a Linux login (I am aware that sending the password in plain text to the user seems insecure. However, most people are actually lazy; if it's not done this way, they might set weak passwords or even no password at all. Security-conscious users can also delete the password, store it elsewhere, and figure out more secure implementations on their own).

unixzii commented 7 months ago

It sounds like a good idea. Thanks for the advice, @t4nature. I think we can do it step-by-step, starting from admin recognition. As for the encryption of database, we may need further consideration before implementing it.

I wonder if you'd be interested to add the admin recognition based on your proposal?

t4nature commented 7 months ago

It sounds like a good idea. Thanks for the advice, @t4nature. I think we can do it step-by-step, starting from admin recognition. As for the encryption of database, we may need further consideration before implementing it.

I wonder if you'd be interested to add the admin recognition based on your proposal?

Yes, I plan to write a lib crate.