fix(sec): санитизация Telegram-ошибок, SSRF-guard Webhook, чистка логов test-канала, go mod tidy, histogram-бакеты

This commit is contained in:
2026-07-04 13:40:29 +07:00
parent 5a2903ca1e
commit 29f448d4b5
8 changed files with 197 additions and 6 deletions
+5 -1
View File
@@ -225,7 +225,11 @@ func (a *API) handleTestChannel(w http.ResponseWriter, r *http.Request) {
secret = string(dec)
}
if err := a.Dispatch.SendTest(r.Context(), ch.Type, ch.Config, secret); err != nil {
log.Printf("api: test channel %s failed: %v", cid, err)
// Defense-in-depth: notify implementations sanitize errors before
// returning them (no secret/URL material), but this log deliberately
// omits the raw error (%v) anyway so a lower-layer regression can
// never leak a bot token or webhook URL into logs.
log.Printf("api: test channel %s failed", cid)
writeErr(w, http.StatusBadGateway, "channel test failed")
return
}