restrict WebHook server on path

[vitaB]

At the moment it possible to call the Webhook server with any path. As long as the host:port is correct, any message/command will be handled. But I want to make sure that the bot can only be called by the telegram server.

The telegram bot quide recommend to listen on a path which contains the token. So my simple approach would be just to check that in the Jetty Handler implementation.

server.handler = object : AbstractHandler() {
            override fun handle(target: String, baseRequest: Request, request: HttpServletRequest, response: HttpServletResponse) {
                if(request.pathInfo.startsWith("/$token")) {
                    val content = request.inputStream?.bufferedReader()?.readText()
                    val updates = gson.fromJson<Update>(content, Update::class.java)
                    onUpdate(updates)
                    baseRequest.isHandled = true
                }
            }
        }

Maybe you have a better idea.

[elbekD]

Hi @vitaB! Checkout 1.2.2 version upd: checkout 1.2.3 - added useTokenBasedPathSpec to webhook bot option params. set it to true in order to enable token based request path.