Open t3hk0d3 opened 3 months ago
The code responsible for oak is here: https://github.com/grammyjs/grammY/blob/fa10509af2d2daf7f3070024785bbc6d334eae17/src/convenience/frameworks.ts#L467-L481 Are you able to fix this?
I've got an idea how to fix it. I'll try fixing when i'll get some spare time.
Thank you!
I noticed a crash when sending a POST request with an empty body to the webhook using Hono. I figured out it was due to an uncaught exception from a promise. As a test, changing the code as follows resolves the crash:
update: (async () => {
try {
return await c.req.json();
} catch (error) {
return {} as any;
}
})(),
Such a request would likely be refused due to the header !== token
check (assuming the secret is set correctly) before reaching await update, but this can't happen since the update promise throws before that.
I believe this issue could be widespread, as we've observed it in two frameworks already.
A potential solution is changing the order in which webhookCallback handles promises:
const { update, respond, unauthorized, end, handlerReturn, header } =
server(...args);
const receivedUpdate = await update;
// ...
await timeoutIfNecessary(
bot.handleUpdate(receivedUpdate, webhookReplyEnvelope),
typeof timeout === 'function' ? () => timeout(...args) : timeout,
ms
);
This should fix the error for all frameworks.
If somebody occasionally do an GET request to webhook endpoint it will result in entire server crashing.
See also https://github.com/oakserver/oak/issues/661