Skip to content

Comments

Update info.py#57

Open
lesandhya6 wants to merge 1 commit intoLearningBotsOfficial:mainfrom
lesandhya6:patch-3
Open

Update info.py#57
lesandhya6 wants to merge 1 commit intoLearningBotsOfficial:mainfrom
lesandhya6:patch-3

Conversation

@lesandhya6
Copy link

@lesandhya6 lesandhya6 commented Aug 14, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • New Features

    • Added support to configure an authorization channel via environment variables.
    • Expanded channel configuration options for more granular controls (e.g., logging, bins, deletions).

  • Chores

    • Updated default configuration values for credentials, admin list, usernames, channels, and logging targets.
    • Migrated default database connection settings to a new cluster and database name.
    • Standardized environment-driven runtime configuration for improved consistency across deployments.

@coderabbitai
Copy link

coderabbitai bot commented Aug 14, 2025
edited
Loading

Walkthrough

The pull request updates default environment-backed configuration values in info.py and introduces a new public variable auth_channel used to derive AUTH_CHANNEL. Changes affect API credentials, admin IDs, usernames, channel IDs/links, and MongoDB connection parameters.

Changes

Cohort / File(s) Summary
Configuration updates
info.py		 Updated defaults: API_ID, API_HASH, BOT_TOKEN, ADMINS, USERNAME, LOG_CHANNEL, MOVIE_GROUP_LINK, CHANNELS, DATABASE_URI, DATABASE_NAME. Added new public variable: auth_channel (str) for deriving AUTH_CHANNEL (int). Collection name unchanged.

Sequence Diagram(s)

sequenceDiagram
  participant Env as Environment
  participant Config as info.py
  participant App as Application

  Env->>Config: Provide env vars (API_ID, API_HASH, BOT_TOKEN, auth_channel, ...)
  Config->>Config: Parse/convert values (ints, lists)
  Config->>Config: Derive AUTH_CHANNEL from auth_channel (if valid)
  Config-->>App: Export configuration constants
  App->>External Services: Authenticate/use channels and DB with provided config
Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

I twitch my ears at configs new,
Fresh hashes hum, new tokens too—
A channel key, from string to sign,
Hops to INT, now neatly aligned.
In burrows of Mongo I burrow through,
Logs and links—carrots anew! 🥕🐇

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches
  • 📝 Generate Docstrings
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

  • Visit our Status Page to check the current availability of CodeRabbit.
  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Aug 14, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🔭 Outside diff range comments (2)
info.py (2)

6-12: Bug: Env-backed booleans are ignored due to incorrect usage; STREAM_MODE parsing is also wrong. Fix is_enabled + call sites.

  • Currently you pass literal strings like 'AUTO_FILTER' into is_enabled, so env values are never read.
  • STREAM_MODE uses bool(environ.get(...)), which is True for any non-empty string, including "False".

Refactor the helper to be robust, then use environ.get at call sites:

-def is_enabled(value, default):
-    if value.lower() in ["true", "yes", "1", "enable", "y"]:
-        return True
-    elif value.lower() in ["false", "no", "0", "disable", "n"]:
-        return False
-    else:
-        return default
+def is_enabled(value, default=False):
+    if value is None:
+        return default
+    if isinstance(value, bool):
+        return value
+    val = str(value).strip().lower()
+    if val in ("true", "yes", "1", "enable", "enabled", "y", "on"):
+        return True
+    if val in ("false", "no", "0", "disable", "disabled", "n", "off"):
+        return False
+    return default
-IS_VERIFY = is_enabled('IS_VERIFY', True)
+IS_VERIFY = is_enabled(environ.get('IS_VERIFY'), True)
-AUTO_FILTER = is_enabled('AUTO_FILTER', True)
-IS_PM_SEARCH = is_enabled('IS_PM_SEARCH', False)
+AUTO_FILTER = is_enabled(environ.get('AUTO_FILTER'), True)
+IS_PM_SEARCH = is_enabled(environ.get('IS_PM_SEARCH'), False)
 ...
-AUTO_DELETE = is_enabled('AUTO_DELETE', True)
-IMDB = is_enabled('IMDB', False)
-FILE_CAPTION = environ.get('FILE_CAPTION', f'{script.FILE_CAPTION}')
-IMDB_TEMPLATE = environ.get('IMDB_TEMPLATE', f'{script.IMDB_TEMPLATE_TXT}')
-LONG_IMDB_DESCRIPTION = is_enabled('LONG_IMDB_DESCRIPTION', False)
-PROTECT_CONTENT = is_enabled('PROTECT_CONTENT', False)
-SPELL_CHECK = is_enabled('SPELL_CHECK', True)
-LINK_MODE = is_enabled('LINK_MODE', True)
+AUTO_DELETE = is_enabled(environ.get('AUTO_DELETE'), True)
+IMDB = is_enabled(environ.get('IMDB'), False)
+FILE_CAPTION = environ.get('FILE_CAPTION', f'{script.FILE_CAPTION}')
+IMDB_TEMPLATE = environ.get('IMDB_TEMPLATE', f'{script.IMDB_TEMPLATE_TXT}')
+LONG_IMDB_DESCRIPTION = is_enabled(environ.get('LONG_IMDB_DESCRIPTION'), False)
+PROTECT_CONTENT = is_enabled(environ.get('PROTECT_CONTENT'), False)
+SPELL_CHECK = is_enabled(environ.get('SPELL_CHECK'), True)
+LINK_MODE = is_enabled(environ.get('LINK_MODE'), True)
-STREAM_MODE = bool(environ.get('STREAM_MODE', True)) # Set True or Flase
+STREAM_MODE = is_enabled(environ.get('STREAM_MODE'), True)  # Set True or False

Also applies to: 45-45, 81-94, 98-98

5-5: Fix numeric ID detection: use strict integer regex and fullmatch
The current pattern re.compile(r'^.\d+$') accepts any leading character (e.g. a123, +456), leading to false positives. We should only allow an optional minus, and use fullmatch() for clarity.

Affected locations:

  • Line 5: id_pattern definition
  • Line 21: ADMINS parsing
  • Line 25: CHANNELS parsing
  • Lines 66–67: AUTH_CHANNEL and REQUEST_CHANNEL parsing

Proposed changes:

--- info.py
@@ 5c5
-id_pattern = re.compile(r'^.\d+$')
+id_pattern = re.compile(r'^-?\d+$')
@@ 21c21
-ADMINS = [int(admin) if id_pattern.search(admin) else admin for admin in environ.get('ADMINS', '8456726802').split()]
+ADMINS = [int(admin) if id_pattern.fullmatch(admin) else admin for admin in environ.get('ADMINS', '8456726802').split()]
@@ 25c25
-CHANNELS = [int(ch) if id_pattern.search(ch) else ch for ch in environ.get('CHANNELS', '-1002005201079').split()]
+CHANNELS = [int(ch) if id_pattern.fullmatch(ch) else ch for ch in environ.get('CHANNELS', '-1002005201079').split()]
@@ 66,67c66,67
-AUTH_CHANNEL = int(auth_channel) if auth_channel and id_pattern.search(auth_channel) else None
-REQUEST_CHANNEL = int(request_channel) if request_channel and id_pattern.search(request_channel) else None
+AUTH_CHANNEL  = int(auth_channel)  if auth_channel  and id_pattern.fullmatch(auth_channel)  else None
+REQUEST_CHANNEL = int(request_channel) if request_channel and id_pattern.fullmatch(request_channel) else None
🧹 Nitpick comments (1)
info.py (1)

14-14: Nit: stray comma at the end of the separator line.

Clean up the trailing comma to avoid noise in diffs.

-#---------------------------------------------------------------         ,
+#---------------------------------------------------------------
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

  • MCP integration is disabled by default for public repositories
  • Jira integration is disabled by default for public repositories
  • Linear integration is disabled by default for public repositories

You can enable these settings in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 549ce66 and b96a0b7.

📒 Files selected for processing (1)
  • info.py (1 hunks)
🧰 Additional context used
🪛 Gitleaks (8.27.2)
info.py

17-17: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🔇 Additional comments (1)
info.py (1)

36-36: Verify DELETE_CHANNELS naming vs. behavior

DELETE_CHANNELS is defined as a single int but its plural name suggests multiple channel IDs. It’s only referenced in:

  • info.py:36 (definition)
  • plugins/deleteFiles.py:11 (used in @Client.on_message(filters.chat(DELETE_CHANNELS) & …))

If you intend to support multiple channels, parse the ENV var into a list of IDs:

- DELETE_CHANNELS = int(environ.get('DELETE_CHANNELS', '0'))
+ DELETE_CHANNELS = [
+     int(ch) if id_pattern.fullmatch(ch) else ch
+     for ch in environ.get('DELETE_CHANNELS', '').split()
+ ]

Otherwise, to avoid confusion, rename it to DELETE_CHANNEL.

info.py
Comment on lines +16 to +18
API_ID = int(environ.get('API_ID', '23874835'))
API_HASH = environ.get('API_HASH', '1e80aa50aa0e324c46dcfd33dc15b50c')
BOT_TOKEN = environ.get('BOT_TOKEN', '8292675188:AAEembNSAWDDp4bIfmxBxCfEZabac8LiTtk')
Copy link

@coderabbitai coderabbitai bot Aug 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Critical: Hardcoded secrets committed (BOT_TOKEN, API_HASH, DB URI, shortener keys). Rotate immediately and stop defaulting to live credentials.

Real credentials should never be committed or shipped as defaults. Gitleaks has flagged this already, and these values are exploitable. Immediate actions:

  • Revoke/rotate: Telegram BOT_TOKEN via BotFather, API_HASH/API_ID via the provider, MongoDB user/password, and all shortener keys.
  • Purge from git history (BFG or git filter-repo) and force rotate secrets again.
  • Use required env vars (no prod defaults) or safe placeholders.

Apply the following diff to eliminate exposed defaults:

-API_ID = int(environ.get('API_ID', '23874835'))
-API_HASH = environ.get('API_HASH', '1e80aa50aa0e324c46dcfd33dc15b50c')
-BOT_TOKEN = environ.get('BOT_TOKEN', '8292675188:AAEembNSAWDDp4bIfmxBxCfEZabac8LiTtk')
+API_ID = int(environ['API_ID'])
+API_HASH = environ['API_HASH']
+BOT_TOKEN = environ['BOT_TOKEN']
-DATABASE_URI = environ.get('DATABASE_URI', "mongodb+srv://Biju1234:Biju1234@cluster0biju.f0sllfd.mongodb.net/?retryWrites=true&w=majority&appName=Cluster0biju")
+DATABASE_URI = environ['DATABASE_URI']
-SHORTENER_API = environ.get("SHORTENER_API", "3097623f852197a9ce40d1212aaa8bbf2803e799")
-SHORTENER_WEBSITE = environ.get("SHORTENER_WEBSITE", 'omegalinks.in')
-SHORTENER_API2 = environ.get("SHORTENER_API2", "3097623f852197a9ce40d1212aaa8bbf2803e799")
-SHORTENER_WEBSITE2 = environ.get("SHORTENER_WEBSITE2", 'omegalinks.in')
-SHORTENER_API3 = environ.get("SHORTENER_API3", "3097623f852197a9ce40d1212aaa8bbf2803e799")
-SHORTENER_WEBSITE3 = environ.get("SHORTENER_WEBSITE3", 'omegalinks.in')
+SHORTENER_API = environ.get("SHORTENER_API", "")
+SHORTENER_WEBSITE = environ.get("SHORTENER_WEBSITE", "")
+SHORTENER_API2 = environ.get("SHORTENER_API2", "")
+SHORTENER_WEBSITE2 = environ.get("SHORTENER_WEBSITE2", "")
+SHORTENER_API3 = environ.get("SHORTENER_API3", "")
+SHORTENER_WEBSITE3 = environ.get("SHORTENER_WEBSITE3", "")

Run this to scan the repo for any remaining high-entropy secrets before merging:

Also applies to: 28-28, 49-54

🏁 Script executed:

#!/bin/bash
# Requires gitleaks in the environment
gitleaks detect --no-banner --redact || true
rg -n -i --hidden --glob '!.git/' 'token|api[_-]?key|secret|password|mongodb\+srv|botfather|A[A-Za-z0-9_\-]{20,}'

Length of output: 10805

Critical: Remove Hardcoded Secrets in info.py and Rotate Immediately

The recent scan confirms hardcoded credentials are still present in info.py. These defaults expose live tokens and database URIs. You must:

  • Rotate/revoke all exposed secrets:
    • Telegram BOT_TOKEN via BotFather
    • API_HASH/API_ID with your provider
    • MongoDB user/password
    • All URL shortener API keys
  • Purge them from Git history (BFG or git filter-repo) and push forced-updated branches.
  • Enforce required environment variables (no production defaults) or use safe placeholders.

Affected locations in info.py:

  • Lines 16–17: API_ID, API_HASH
  • Line 18: BOT_TOKEN
  • Line 28: DATABASE_URI
  • Lines 49, 51, 53: SHORTENER_API, SHORTENER_API2, SHORTENER_API3

Recommended patch:

- API_ID          = int(environ.get('API_ID', '23874835'))
- API_HASH        = environ.get('API_HASH', '1e80aa50aa0e324c46dcfd33dc15b50c')
- BOT_TOKEN       = environ.get('BOT_TOKEN', '8292675188:AAEembNSAWDDp4bIfmxBxCfEZabac8LiTtk')
+ API_ID          = int(environ['API_ID'])
+ API_HASH        = environ['API_HASH']
+ BOT_TOKEN       = environ['BOT_TOKEN']

- DATABASE_URI    = environ.get(
-     'DATABASE_URI',
-     "mongodb+srv://Biju1234:Biju1234@cluster0biju.f0sllfd.mongodb.net/?retryWrites=true&w=majority&appName=Cluster0biju"
- )
+ DATABASE_URI    = environ['DATABASE_URI']

- SHORTENER_API   = environ.get("SHORTENER_API",   "3097623f852197a9ce40d1212aaa8bbf2803e799")
- SHORTENER_API2  = environ.get("SHORTENER_API2",  "3097623f852197a9ce40d1212aaa8bbf2803e799")
- SHORTENER_API3  = environ.get("SHORTENER_API3",  "3097623f852197a9ce40d1212aaa8bbf2803e799")
+ SHORTENER_API   = environ['SHORTENER_API']
+ SHORTENER_API2  = environ['SHORTENER_API2']
+ SHORTENER_API3  = environ['SHORTENER_API3']

Also ensure no other defaults are hiding live credentials before merging.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
API_ID = int(environ.get('API_ID', '23874835'))
API_HASH = environ.get('API_HASH', '1e80aa50aa0e324c46dcfd33dc15b50c')
BOT_TOKEN = environ.get('BOT_TOKEN', '8292675188:AAEembNSAWDDp4bIfmxBxCfEZabac8LiTtk')
API_ID = int(environ['API_ID'])
API_HASH = environ['API_HASH']
BOT_TOKEN = environ['BOT_TOKEN']
DATABASE_URI = environ['DATABASE_URI']
SHORTENER_API = environ['SHORTENER_API']
SHORTENER_API2 = environ['SHORTENER_API2']
SHORTENER_API3 = environ['SHORTENER_API3']
🧰 Tools
🪛 Gitleaks (8.27.2)

17-17: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🤖 Prompt for AI Agents 
In info.py around lines 16-18, 28, and 49/51/53 replace hardcoded secrets with
required environment lookups and safe non-production placeholders: remove the
literal API_ID, API_HASH, BOT_TOKEN, DATABASE_URI, SHORTENER_API*, etc., ensure
the code raises or exits if those env vars are missing in non-development modes
(no production defaults), and update the file to read values only from
environ.get or os.environ with clear error handling; rotate/revoke the exposed
credentials immediately (BotFather for BOT_TOKEN, provider for API_ID/API_HASH,
DB user/password, shortener keys), purge the secrets from Git history with a
tool like BFG or git-filter-repo and force-push the cleaned branches, and scan
the repository for any other hardcoded secrets to remove before merging.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lesandhya6