tiennm99/store-scraper-bot
1
0
Fork 0
mirror of https://github.com/tiennm99/store-scraper-bot.git synced 2026-05-27 22:26:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: gate /rawappleapp + /rawgoogleapp on authorizeGroup

Browse Source 
Match the auth check used by every other command. Without it,
any chat that knows the bot username could dump arbitrary
App Store / Play Store JSON.
This commit is contained in:
tiennm99
2026-05-09 23:01:19 +07:00
parent 0f0f9b93f3
commit 4fe4a781e0
3 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/bot/bot.js
+2 -2
View File
@@ -67,8 +67,8 @@ export function createBot(config, store, appleScraper, googleScraper) {
listapp: createListAppCommand(store),
checkapp: createCheckAppCommand(config, store, appleScraper, googleScraper),
checkappscore: createCheckAppScoresCommand(store, appleScraper, googleScraper),
rawappleapp: createRawAppleAppCommand(appleScraper),
rawgoogleapp: createRawGoogleAppCommand(googleScraper),
rawappleapp: createRawAppleAppCommand(store, appleScraper),
rawgoogleapp: createRawGoogleAppCommand(store, googleScraper),
};
return { sender, commands, api };
src/bot/commands/raw-apple-app.js
+3 -1
View File
@@ -1,8 +1,10 @@
import { buildAppleRequestByBundleId, buildAppleRequestByTrackId } from '../../api/apple-scraper.js';
import { authorizeGroup } from './command-utils.js';
// /rawappleapp <id|appId> [country=vn] — sends raw upstream JSON as a document.
export function createRawAppleAppCommand(appleScraper) {
export function createRawAppleAppCommand(store, appleScraper) {
return async (msg, sender, args) => {
if (!(await authorizeGroup(msg.chat.id, store, sender))) return;
if (args.length < 1 || args.length > 2) {
await sender.sendMessage(msg.chat.id, 'Invalid arguments');
return;
src/bot/commands/raw-google-app.js
+3 -1
View File
@@ -1,8 +1,10 @@
import { buildGoogleRequest } from '../../api/google-scraper.js';
import { authorizeGroup } from './command-utils.js';
// /rawgoogleapp <appId> [country=vn]
export function createRawGoogleAppCommand(googleScraper) {
export function createRawGoogleAppCommand(store, googleScraper) {
return async (msg, sender, args) => {
if (!(await authorizeGroup(msg.chat.id, store, sender))) return;
if (args.length < 1 || args.length > 2) {
await sender.sendMessage(msg.chat.id, 'Invalid arguments');
return;