2019-04-09 11:41:38 +00:00
|
|
|
bashbot
|
|
|
|
-------
|
|
|
|
|
|
|
|
A Telegram bot written in bash.
|
|
|
|
|
|
|
|
Depends on http://github.com/tmux/tmux[tmux]. Uses
|
|
|
|
http://github.com/dominictarr/JSON.sh[JSON.sh].
|
|
|
|
|
2019-04-14 21:05:43 +00:00
|
|
|
For full UTF-8 support you need
|
|
|
|
link:doc/4_expert.md#UTF-8-Support[python on your system] (optional).
|
2019-04-13 12:50:53 +00:00
|
|
|
|
2019-04-09 11:41:38 +00:00
|
|
|
Written by Drew (@topkecleon), Daniil Gentili (@danogentili), and Kay M
|
|
|
|
(@gnadelwartz).
|
|
|
|
|
|
|
|
Contributions by JuanPotato, BigNerd95, TiagoDanin, and iicc1.
|
|
|
|
|
2019-04-12 11:14:33 +00:00
|
|
|
https://github.com/topkecleon/telegram-bot-bash/releases[Download latest
|
|
|
|
release from github]
|
2019-04-09 11:41:38 +00:00
|
|
|
|
|
|
|
Released to the public domain wherever applicable. Elsewhere, consider
|
|
|
|
it released under the http://www.wtfpl.net/txt/copying/[WTFPLv2].
|
|
|
|
|
|
|
|
Install bashbot
|
|
|
|
~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
1. Go to the directory you want to install bashbot, e.g.
|
|
|
|
* your $HOME directory (install and run with your user-ID)
|
|
|
|
* /usr/local if you want to run as service
|
2019-04-16 11:29:49 +00:00
|
|
|
2. Clone the repository:
|
2019-04-09 11:41:38 +00:00
|
|
|
+
|
|
|
|
....
|
|
|
|
git clone --recursive https://github.com/topkecleon/telegram-bot-bash
|
|
|
|
....
|
2019-04-16 11:29:49 +00:00
|
|
|
3. Change to directory `telegram-bot.bash`, run `./bashbot.sh init` and
|
2019-04-09 11:41:38 +00:00
|
|
|
follow the instructions. At this stage you are asked for your Bots token
|
|
|
|
given by botfather.
|
|
|
|
|
2019-04-12 11:14:33 +00:00
|
|
|
Update bashbot
|
|
|
|
~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
https://github.com/topkecleon/telegram-bot-bash/releases[Download latest
|
2019-04-16 11:29:49 +00:00
|
|
|
update zip from github], extract all files and copy them to your bashbot
|
|
|
|
dir. Now run `sudo ./bashbot.sh init` to setup your environment for the
|
|
|
|
new release.
|
2019-04-12 11:14:33 +00:00
|
|
|
|
2019-04-09 11:41:38 +00:00
|
|
|
Getting started
|
|
|
|
~~~~~~~~~~~~~~~
|
|
|
|
|
2019-04-16 11:29:49 +00:00
|
|
|
* link:doc/1_firstbot.md[Create Telegram Bot with botfather]
|
|
|
|
* link:doc/2_usage.md[Getting Started]
|
|
|
|
** Managing your Bot
|
|
|
|
** Recieve data
|
|
|
|
** Send Messages
|
|
|
|
** Send files, location etc.
|
2019-04-11 08:02:52 +00:00
|
|
|
* link:doc/3_advanced.md[Advanced Features]
|
2019-04-16 11:29:49 +00:00
|
|
|
** Access Control
|
|
|
|
** Interactive Chats
|
|
|
|
** Background Jobs
|
|
|
|
** Inline queries
|
2019-04-09 11:41:38 +00:00
|
|
|
* link:doc/4_expert.md[Expert Use]
|
2019-04-16 11:29:49 +00:00
|
|
|
** Handling UTF-8
|
|
|
|
** Run as other user or system service
|
|
|
|
** Scedule bashbot from Cron
|
2019-04-11 08:02:52 +00:00
|
|
|
* link:doc/5_practice.md[Best Practices]
|
2019-04-16 11:29:49 +00:00
|
|
|
** Customizing commands.sh
|
|
|
|
** Seperate Bot logic from command
|
|
|
|
** Test your Bot with shellcheck
|
2019-04-15 19:06:29 +00:00
|
|
|
* link:doc/6_reference.md[Bashbot functions reference]
|
|
|
|
|
|
|
|
Note on Keyboards
|
|
|
|
~~~~~~~~~~~~~~~~~
|
|
|
|
|
2019-04-16 11:29:49 +00:00
|
|
|
To make use of Keyboards easier the keybord format for `send_keyboard`
|
|
|
|
and `send_message "mykeyboardstartshere ..."` was changed. Keybords are
|
|
|
|
now defined in an JSON Array notation e.g. "[ \"yes\" , \"no\" ]". This
|
|
|
|
has the advantage that you can create any type of keyboard supported by
|
|
|
|
Telegram. *This is an incompatible change for keyboards used in older
|
|
|
|
bashbot versions.*
|
2019-04-15 19:06:29 +00:00
|
|
|
|
|
|
|
_Example Keyboards_:
|
|
|
|
|
2019-04-16 11:29:49 +00:00
|
|
|
* yes no in one row
|
|
|
|
** OLD format: "yes" "no" (two strings)
|
|
|
|
** NEW format: "[ \"yes\" , \"no\" ]" (string containing an array)
|
|
|
|
* new keybord layouts, no possible with old format:
|
|
|
|
** Yes No in two rows: "[ \"yes\" ] , [ \"no\" ]"
|
|
|
|
** numpad style keyboard: "[ \"1\" , \"2\" , \"3\" ] , [ \"4\" , \"5\" ,
|
|
|
|
\"6\" ] , [ \"7\" , \"8\" , \"9\" ] , [ \"0\" ]"
|
2019-04-09 11:41:38 +00:00
|
|
|
|
|
|
|
Security Considerations
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
2019-04-16 14:45:26 +00:00
|
|
|
Running a Telegram Bot means it is connected to the public and you never
|
2019-04-09 11:41:38 +00:00
|
|
|
know whats send to your Bot.
|
|
|
|
|
|
|
|
Bash scripts in general are not designed to be bullet proof, so consider
|
|
|
|
this Bot as a proof of concept. More concret examples of security
|
2019-04-16 14:45:26 +00:00
|
|
|
problems are bash's 'quoting hell' and globbing.
|
2019-04-09 11:41:38 +00:00
|
|
|
https://unix.stackexchange.com/questions/171346/security-implications-of-forgetting-to-quote-a-variable-in-bash-posix-shells[Implications
|
|
|
|
of wrong quoting]
|
|
|
|
|
2019-04-16 11:29:49 +00:00
|
|
|
Whenever you are processing input from from untrusted sources (messages,
|
|
|
|
files, network) you must be as carefull as possible, e.g. disable
|
|
|
|
globbing (set -f) and quote everthing.
|
2019-04-09 11:41:38 +00:00
|
|
|
|
2019-04-16 11:29:49 +00:00
|
|
|
A powerful tool to improve your scripts robustness is `shellcheck`. You
|
|
|
|
can https://www.shellcheck.net/[use it online] or
|
|
|
|
https://github.com/koalaman/shellcheck#installing[install shellcheck
|
|
|
|
locally]. All bashbot scripts are checked by shellcheck.
|
2019-04-09 11:41:38 +00:00
|
|
|
|
|
|
|
Run your Bot as a restricted user
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
|
2019-04-16 11:29:49 +00:00
|
|
|
*It's important to run your bot as a user, with almost no access
|
|
|
|
rights.*
|
2019-04-09 11:41:38 +00:00
|
|
|
|
2019-04-16 14:45:26 +00:00
|
|
|
All files your Bot have write access to are in danger to be
|
2019-04-16 11:29:49 +00:00
|
|
|
overwritten/deleted if your bot is hacked. For the same reason ervery
|
|
|
|
file your Bot can read is in danger of being disclosed. So please
|
|
|
|
restict your Bots access rigths to the absolute minimum.
|
|
|
|
|
|
|
|
*Never run your Bot as root, this is the most dangerous you can do!*
|
2019-04-16 14:45:26 +00:00
|
|
|
Usually the user 'nobody' has almost no rights on Unix/Linux systems.
|
2019-04-09 11:41:38 +00:00
|
|
|
See Expert use on how to run your Bot as an other user.
|
|
|
|
|
|
|
|
Secure your Bot installation
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
|
2019-04-16 11:29:49 +00:00
|
|
|
*Your Bot configuration should not be readable from other users.* If
|
|
|
|
someone can read your Bots token he can act as your Bot and has access
|
2019-04-16 14:45:26 +00:00
|
|
|
to all chats you Bot is in!
|
2019-04-16 11:29:49 +00:00
|
|
|
|
|
|
|
Everyone with read access to your Bot files can extract your Bots data.
|
2019-04-09 11:41:38 +00:00
|
|
|
Especially your Bot Token in `token` must be protected against other
|
|
|
|
users. No one exept you should have write access to the Bot files. The
|
2019-04-16 11:29:49 +00:00
|
|
|
Bot must be restricted to have write access to `count` and
|
|
|
|
`tmp-bot-bash` only, all other files should be write protected.
|
2019-04-09 11:41:38 +00:00
|
|
|
|
2019-04-16 11:29:49 +00:00
|
|
|
To set access rights for your telegram-bot-bash directory to reasonable
|
|
|
|
default values you must run `sudo ./bashbot.sh init` after every update
|
|
|
|
or change to your installation directory.
|
2019-04-09 11:41:38 +00:00
|
|
|
|
|
|
|
Is this Bot insecure?
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
|
2019-04-16 11:29:49 +00:00
|
|
|
Bashbot is no more (in)secure as any other Bot written in any other
|
2019-04-16 14:45:26 +00:00
|
|
|
language. But since YOU are responsible for your bots commands and run
|
|
|
|
the Bot, you should know about the implications ...
|
2019-04-09 11:41:38 +00:00
|
|
|
|
|
|
|
That's it!
|
|
|
|
~~~~~~~~~~
|
|
|
|
|
|
|
|
If you feel that there's something missing or if you found a bug, feel
|
|
|
|
free to submit a pull request!
|
|
|
|
|
2019-04-16 14:45:26 +00:00
|
|
|
latexmath:[\[VERSION\]] v0.60-rc2-4-g1bf26b9
|
2019-04-15 19:06:29 +00:00
|
|
|
++++++++++++++++++++++++++++++++++++++++++++
|