Closed gmag11 closed 1 week ago
Thanks for reporting, I was surprised when I saw the diff as I can't remember having done that... will fix it asap
Think about the possible bot token leak. Maybe this can be activated with a checkbox in node config.
What is getFile supposed to do? I mean, getFile implementation in node-contrib-telegram-bot just returns file path what is useless if you don't have the token to build the absolute url.
getFileLink function does exactly that. Telegram API is confusing sometimes 😄
@gmag11 getFileLink is only syntactical sugar: it calls getFile and creates a full url from the relative path. I will replace getFile with getFileLink.
About leaking the bot token: before sending this output to some public server you need to remove that link.
After https://github.com/windkh/node-red-contrib-telegrambot/commit/13ae259da9b0e423c8c63753a5457758a134b729
getFile
function does not work as expected.There is a type here: https://github.com/windkh/node-red-contrib-telegrambot/blob/a94350505117326967ab95d0887ddb382db7d88b/telegrambot/99-telegrambot.js#L2163
Code looks for
msg.payload.getfile
but the tries to usemsg.payload.getFile
.Besides, the code that gets full file url has been dropped.
I have two proposals for a PR:
file_url
to currentpayload.content
like this:getFileLink
. So thatpayload.content
has only the link:First option may leak bot token if output is fed to a public service.
Link may be built externally by using
file_path
but it needs bot token, that is only available in configuration node.Let me know if there is another alternative.