Fix issue where backend cannot communicate with Telegram bot service to save
authentication codes during account linking flow. This caused "link invalid or
expired" errors when users tried to link Telegram accounts.
Changes:
- Add TELEGRAM_BOT_INTERNAL_API environment variable to backend .env.example
(defaults to http://localhost:8002 for local/Windows deployments)
- Update CLAUDE.md with Telegram Bot integration requirements for Windows
- Add comprehensive troubleshooting guide for Windows deployment at
deployment/windows/docs/TELEGRAM_BOT_TROUBLESHOOTING.md
The troubleshooting guide includes:
- Diagnostic steps to verify service health and connectivity
- Common issues and solutions (port conflicts, firewall, wrong bot token)
- PowerShell commands for Windows Server administration
- Verification steps for end-to-end testing
This ensures proper backend-to-telegram-bot communication for the auth code
linking workflow in production Windows deployments.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Issues fixed:
1. Build-Frontend.ps1: Add verification that requirements.txt is included in deployment package
- Prevents incomplete packages that cause ModuleNotFoundError on server
- Throws error if critical files are missing before package is transferred
2. Deploy-ROA2WEB.ps1: Auto-detect first deployment and force install dependencies
- Automatically sets ForceInstallDependencies=true on first deployment
- Add -ForceInstallDependencies parameter for manual override
- Better error handling and validation for pip install
- Shows clear error messages with manual recovery instructions
This fixes the "ModuleNotFoundError: No module named 'httpx'" error that occurred
when deploying to Windows Server without explicitly forcing dependency installation.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
This commit fixes overly broad .gitignore patterns that were excluding
important source code files from version control. Previously, wildcard
patterns like *auth*, *token*, *secret*, *connection*, and *credential*
were excluding ALL files containing these words, including critical
application code.
Changes:
- Updated .gitignore with specific patterns for sensitive config files
(*.json, *.txt, *.yml, *.yaml extensions only)
- Removed broad wildcards that excluded source code files
Added missing source files:
- shared/auth/ (9 files): Complete authentication system
- JWT handler, middleware, auth service, models, routes
- reports-app/backend/app/routers/auth.py: Authentication API router
- reports-app/backend/app/auth_middleware_wrapper.py: Middleware wrapper
- reports-app/frontend/src/stores/auth.js: Vue.js auth store
- reports-app/frontend/tests/: E2E tests and fixtures for auth
- reports-app/telegram-bot/app/auth/: Telegram auth linking module
- deployment/windows/scripts/Setup-ClaudeAuth.ps1: Windows deployment script
- security/secrets_scanner.py: Security scanning utility
These files are essential for the application to function and should
have been included in the initial commit.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>