38 lines
1.8 KiB
Perl
38 lines
1.8 KiB
Perl
package Mnemosyne::Webhook;
|
|
use strict;
|
|
use warnings;
|
|
|
|
# Mojolicious controller / update router for inbound Telegram webhook POSTs.
|
|
#
|
|
# Security gates (must run in this order before any processing):
|
|
# 1. Validate X-Telegram-Bot-Api-Secret-Token header matches config.
|
|
# Reject with 403 (not 200) — this is not a Telegram client, it's a rogue POST.
|
|
# 2. Validate chat_id is in the allowed_chat_ids whitelist.
|
|
# Respond 200 (so Telegram stops retrying) but do not process the update.
|
|
#
|
|
# Update types handled:
|
|
# TODO: handle_message($update, $db, $config, $telegram)
|
|
# — routes slash commands: /today /glance /list /add /done /edit /disable /delete
|
|
# /settime /help; plus free-text during multi-step flows (e.g. /add wizard)
|
|
#
|
|
# TODO: handle_callback_query($update, $db, $config, $telegram)
|
|
# — handles Mark Done and Undo button taps; calls answerCallbackQuery immediately
|
|
# then does DB work + message edit; idempotent (tolerate Telegram redelivery)
|
|
#
|
|
# Command handlers (each returns a Telegram reply or edits the original message):
|
|
# TODO: cmd_today($chat_id, $db, $config, $telegram)
|
|
# TODO: cmd_list($chat_id, $args, $db, $config, $telegram)
|
|
# TODO: cmd_add($chat_id, $args, $db, $config, $telegram) — starts guided flow
|
|
# TODO: cmd_done($chat_id, $args, $db, $config, $telegram)
|
|
# TODO: cmd_edit($chat_id, $args, $db, $config, $telegram)
|
|
# TODO: cmd_disable($chat_id, $args, $db, $config, $telegram)
|
|
# TODO: cmd_delete($chat_id, $args, $db, $config, $telegram) — confirmation required
|
|
# TODO: cmd_settime($chat_id, $args, $db, $config, $telegram)
|
|
# TODO: cmd_help($chat_id, $telegram)
|
|
#
|
|
# Conversation state for multi-step flows (e.g. /add wizard):
|
|
# TODO: decide and document storage mechanism (in-memory hash keyed by chat_id,
|
|
# or a small 'sessions' table in SQLite for persistence across restarts)
|
|
|
|
1;
|