Hide bot token in exception messages

for security reasons
baderouaich · Feb 24, 2024 · 068e8fb · 068e8fb
1 parent f89ddea
commit 068e8fb
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 1 deletion.
diff --git a/include/tgbotxx/Api.hpp b/include/tgbotxx/Api.hpp
@@ -62,6 +62,7 @@ namespace tgbotxx {
       cpr::Timeout m_uploadFilesTimeout = DEFAULT_UPLOAD_FILES_TIMEOUT;     /// Api files upload timeout
       cpr::Timeout m_downloadFilesTimeout = DEFAULT_DOWNLOAD_FILES_TIMEOUT; /// Api files download timeout
 
+      friend class Bot;
     public:
       /// @brief Constructs Api object.
       /// @param token Bot Token from FatherBot.

diff --git a/src/Api.cpp b/src/Api.cpp
@@ -1,5 +1,6 @@
 #include <chrono>
 #include <tgbotxx/Api.hpp>
+#include <tgbotxx/Bot.hpp>
 #include <tgbotxx/Exception.hpp>
 /// Objects
 #include <tgbotxx/objects/Animation.hpp>

diff --git a/src/Bot.cpp b/src/Bot.cpp
@@ -29,7 +29,9 @@ void Bot::start() {
       m_updates = m_api->getUpdates(/*offset=*/m_lastUpdateId);
     } catch (const std::exception& err) {
       /// Callback -> onLongPollError
-      this->onLongPollError(err.what());
+      std::string errStr = err.what();
+      StringUtils::replace(errStr, m_api->m_token, "***HIDDEN_BOT_TOKEN***"); // Hide bot token in the exception message for security reasons
+      this->onLongPollError(errStr);
       continue;
     } catch (...) {
       /// Callback -> onLongPollError