search

aahnik / run-py-bot

A telegram bot that runs python code. Evaluate pythonic expressions on the go, right from your chat.
MIT License
50 stars 36 forks source link

Preprocessor feature for imports #10

Closed gabrielesilinic closed 4 years ago

gabrielesilinic commented 4 years ago

Preprocessor feature for imports

this feature allow some imports according to: 1) IMPORTS_MAP that has "whitelisted" imports 2) IMP_TOKEN preprocessor token now #:> it replaces lines, nothing more nothing less

Preprocessor demo:

before preprocessor:

#:>imp-time
#:>dafsgdffdsdg
#:>imp-this
#:>imp-sys
print(time.time())

after preprocessor:

import time
#:>dafsgdffdsdg
import this
#:>imp-sys
print(time.time())

NOTES: sys is not whitelisted as import nor as "imp-sys" dafsgdffdsdg is not an avabile preprocessor directive

WARNING ⚠ the added modules they shouldn't have any access to files but please recheck anyway

aahnik commented 4 years ago

I am rewriting the bot completely using telethon ( or may be aiogram ), aiohttp, and rextester API.

My future version will ( wait for at least 2 days )

What is non-blocking ?

_Take the example of the versions less than 0.1.0: Suppose you give an infinite loop. It will block the bot for 6s. Suppose I give a simple calculation during this time, the bot will do it only after 6s.

_In the new versions ( 0.1.0+) You can execute code that takes a longer time, till the rextester limit. You give a long calculation, the bot will not get blocked. In the meantime, it can do calculations by other people.

gabrielesilinic commented 4 years ago

I am rewriting the bot completely using telethon, aiohttp, and rextester API.

My future version will ( wait for at least 2 days )

  • support all imports
  • support file handling as well.
  • can execute code longer than 6s
  • code execution will not eat server CPU
  • will be much faster
  • no polling or webhook, no bot API, directly connect with telegram server
  • There will be no ban and code execution will be non-blocking.
  • faster response inline
  • statistics of code

What is non-blocking ?

Take the example of the current version: Suppose you give an infinite loop. It will block the bot for 6s. Suppose I give a simple calculation during this time, the bot will do it only after 6s.

In the new version: You can execute code that takes a longer time, till the rextester limit. You give a long calculation, the bot will not get blocked. In the meantime, it can do calculations by other people.

Concerns: 1) responsability concerns, if someone is hacking the NASA by using your bot you will be the guy under interrogation first, and we don't know if they can find the real hacker 2) design concerns, as far as i know the mtproto is used only by clients and not the bots, you are building a userbot and no one needs something like this, you should just convert this one to a webapp to add the webhook support 3) compatibility, because someone may want to run something like this on his PC or some weird condition you should put this as/in a legacy repo or add a config for legacy mode but let them use anyway, is a waste of really good code otherwise to me (not my code, i have done just 2 pull requests)

aahnik commented 4 years ago

Concerns:

Thanks a lot for raising some valid points

  1. responsability concerns, if someone is hacking the NASA by using your bot you will be the guy under interrogation first, and we don't know if they can find the real hacker

The code will be executed by rextester, not by my server. So how is my server responsible ? If someone does a bad thing using an online ide, is the company making the ide responsible ? Not at all !!

  1. design concerns, as far as i know the mtproto is used only by clients and not the bots, you are building a userbot and no one needs something like this, you should just convert this one to a webapp to add the webhook support

You can make normal bots also using telethon( by signing in into a bot account ). Read this for more info HTTP Bot API vs MTProto.

MTProto clients (like Telethon) connect directly to Telegram’s servers, which means there is no HTTP connection, no “polling” or “web hooks”. This means less overhead, since the protocol used between you and the server is much more compact than HTTP requests with responses in wasteful JSON. — Telethon Docs

This one feature really attracts me towards telethon. Earlier I used to oppose telethon thinking it is too complex.

I am also exploring aiogram which supports asynchronous, but connects via bot api.

  1. compatibility, because someone may want to run something like this on his PC or some weird condition you should put this as/in a legacy repo or add a config for legacy mode but let them use anyway

If someone wants to run old code, they can clone the git repo, and switch to an older release.

, is a waste of really good code otherwise to me (not my code, i have done just 2 pull requests)

Nothing is wasted. It is more about the learning experience. The effort never goes to waste.

If you see the releases of any famous repos in github, you will find nearly equal no of lines of deletion as of addition. ( go to the Insights tab, and click Code Frequency )

Some examples:

Telethon

image

Python telegram bot

image

Bootstrap ( 145 k stars )

image

So deleting old code is pretty common :joy:

aahnik commented 4 years ago

i am merging your pr. and creating a new release. But this will get overridden by future releases

aahnik commented 4 years ago

@all-contributors add @gabrielesilinic for code

allcontributors[bot] commented 4 years ago

@aahnik

I've put up a pull request to add @gabrielesilinic! :tada: