Skip to content

Commit

Permalink
Check the X-Telegram-Bot-Api-Secret-Token header on update request to…
Browse files Browse the repository at this point in the history 
… the webhook
  • Loading branch information
@antimech
antimech committed Oct 20, 2023
1 parent 729ccdf commit ebe25ee
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions src/TelegramDriver.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,12 @@ public function buildPayload(Request $request)
$this->event = Collection::make($message);
$this->config = Collection::make($this->config->get('telegram'));
$this->queryParameters = Collection::make($request->query);

$token = $request->headers->get('X-Telegram-Bot-Api-Secret-Token');

if ($token !== str_replace(':', '_', $this->config->get('token'))) {
throw new \Exception('Token mismatch!');
}
}

/**
Expand Down

0 comments on commit ebe25ee

Please sign in to comment.