Urgent Security Issue - Telegram Token Exposure in Code

[smrrazavian]

Issue Description

In the file 01.py, specifically on line 34, your Telegram token is hardcoded directly into the source code. This practice makes the token vulnerable to potential attackers and unauthorized access, compromising the security of your Telegram bot and the sensitive information it manages.

Suggested Solution

To mitigate this security risk, I propose adopting a more secure approach by utilizing the python-dotenv package to manage your sensitive configuration data. This will involve creating an environment file (.env) to securely store your Telegram token, separate from the source code.

Steps to Implement

1. Install python-dotenv: Begin by installing the python-dotenv package using the following command:

   
   pip install python-dotenv

2. Create .env File: In the root directory of our project, create a file named .env and add the following line:

   TELEGRAM_TOKEN=your_telegram_token_here

3. Update Codebase: Replace the hardcoded token on line 34 of 01.py with the following code to access the token from the environment variable:

   
   import os
   from dotenv import load_dotenv
   
   load_dotenv()
   
   TELEGRAM_TOKEN = os.getenv("TELEGRAM_TOKEN")

[karoakhgar003]

The Bot token is not valid sir. Thank you for reviewing.