refactor: per-subscriber KV keys, HMAC verification, cron trigger

Major refactor addressing scalability, security, and reliability: - KV schema: single-key → per-subscriber keys (sub:{chatId}:{threadId}) eliminates read-modify-write race conditions - Component-specific subscriptions: /subscribe component <name> - HMAC-SHA256 webhook verification with URL secret fallback - Cron trigger (every 5 min) polls status.claude.com as safety net - Shared telegram-api.js module (DRY fix) - Error logging in all catch blocks - Migration endpoint for existing subscribers - Setup moved to standalone script (scripts/setup-bot.js) - Removed setup HTTP route to reduce attack surface
2026-04-17 13:21:01 +00:00 · 2026-04-09 00:43:07 +07:00
parent 30ffaae612
commit b728ae7d38
12 changed files with 443 additions and 117 deletions
--- a/wrangler.jsonc
+++ b/wrangler.jsonc
@@ -23,8 +23,12 @@
 				"max_retries": 3
 			}
 		]
+	},
+	"triggers": {
+		"crons": ["*/5 * * * *"]
 	}
 	// Secrets (set via `wrangler secret put`):
 	// BOT_TOKEN - Telegram bot token
 	// WEBHOOK_SECRET - Statuspage webhook URL secret
+	// STATUSPAGE_HMAC_KEY - HMAC key from Statuspage webhook settings (optional)
 }