This commit adds a complete email authentication flow for the Telegram bot, allowing users to login with email + password instead of web app linking codes. Includes critical bug fixes for Oracle integration. **New Features:** - Email-based 2FA authentication with 6-digit codes sent via SMTP - Backend endpoints: verify-email and login-with-email - ConversationHandler for email authentication flow in Telegram bot - Session token verification to prevent user ID spoofing - Rate limiting (5 attempts per 5 minutes) - Email code expiry (5 minutes) with automatic cleanup **Bug Fixes:** - Fixed Oracle column name: ACTIV → INACTIV (with inverted logic) - Fixed Oracle password verification: verificautilizator returns checksum, not user_id - Fixed username case sensitivity: Oracle usernames must be uppercase - Fixed SMTP connection: use start_tls parameter instead of manual STARTTLS - Added middleware exclusions for public email auth endpoints **Backend Changes:** - Added verify-email endpoint (public) in telegram.py - Added login-with-email endpoint (public) with rate limiting and session verification - Updated middleware exclusions in main.py and auth_middleware_wrapper.py - Added AUTH_SESSION_SECRET configuration for session token signing **Telegram Bot Changes:** - New modules: app/auth/email_auth.py, app/bot/email_handlers.py - New utilities: app/utils/email_service.py (SMTP email sending) - Updated handlers.py: ignore callbacks handled by ConversationHandler - Updated menus.py: show Login button for unauthenticated users - Updated API client: verify_email() and login_with_email() methods - Database: email_auth_codes table with cleanup task **Configuration:** - Added SMTP configuration to telegram-bot .env.example - Added AUTH_SESSION_SECRET to backend .env.example - Updated .gitignore: exclude temporary files (*.pid, *.checksum, test scripts) **Dependencies:** - Added aiosmtplib for async SMTP email sending 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
103 lines
3.7 KiB
Plaintext
103 lines
3.7 KiB
Plaintext
# ============================================================================
|
|
# ROA2WEB Telegram Bot - Environment Configuration
|
|
# ============================================================================
|
|
# Copy this file to .env and fill in your actual values
|
|
# IMPORTANT: Never commit .env file to git!
|
|
|
|
# ============================================================================
|
|
# REQUIRED CONFIGURATION
|
|
# ============================================================================
|
|
|
|
# Telegram Bot Configuration
|
|
# Obtain from @BotFather on Telegram
|
|
TELEGRAM_BOT_TOKEN=your_bot_token_here
|
|
|
|
# Claude Authentication Configuration
|
|
# ============================================================================
|
|
# You have TWO options for Claude authentication:
|
|
#
|
|
# OPTION 1: API Key (pay per token - requires API credits)
|
|
# - Get API key from: https://console.anthropic.com/
|
|
# - Set CLAUDE_API_KEY below
|
|
# - You will be charged per API usage (separate from Claude subscription)
|
|
#
|
|
# OPTION 2: Claude Pro/Max Subscription (RECOMMENDED if you have subscription)
|
|
# - If you have Claude Pro or Claude Max subscription
|
|
# - Run: claude-code login (one-time setup)
|
|
# - Leave CLAUDE_API_KEY empty or commented out
|
|
# - You won't pay extra API credits (uses your existing subscription)
|
|
#
|
|
# For development/local usage: Use Option 2 if you have subscription
|
|
# For Docker/production: Use Option 1 (API key is simpler in containers)
|
|
# ============================================================================
|
|
|
|
# OPTION 1: Set this if using API key
|
|
CLAUDE_API_KEY=
|
|
|
|
# OPTION 2: Leave empty and run "claude-code login" before starting bot
|
|
|
|
# Backend API URL
|
|
# Development: http://localhost:8001
|
|
# Docker: http://roa-backend:8000
|
|
BACKEND_URL=http://roa-backend:8000
|
|
|
|
# ============================================================================
|
|
# EMAIL AUTHENTICATION (SMTP) CONFIGURATION
|
|
# ============================================================================
|
|
# Required for email-based 2FA authentication flow
|
|
# Users can login with email + password instead of web app linking
|
|
|
|
# SMTP Server Configuration
|
|
SMTP_HOST=mail.romfast.ro
|
|
SMTP_PORT=587
|
|
SMTP_USER=ups@romfast.ro
|
|
SMTP_PASSWORD=your_smtp_password_here
|
|
SMTP_FROM_EMAIL=ups@romfast.ro
|
|
SMTP_FROM_NAME=ROA2WEB
|
|
SMTP_USE_TLS=true
|
|
|
|
# Email Sending Settings
|
|
EMAIL_MAX_RETRIES=3
|
|
EMAIL_RETRY_DELAY=2.0
|
|
EMAIL_CODE_EXPIRY_MINUTES=5
|
|
EMAIL_CODE_LENGTH=6
|
|
MAX_EMAIL_ATTEMPTS_PER_HOUR=3
|
|
|
|
# Session Security (must match backend AUTH_SESSION_SECRET)
|
|
# Generate with: python3 -c "import secrets; print(secrets.token_urlsafe(32))"
|
|
AUTH_SESSION_SECRET=your-secure-random-secret-here-min-32-chars
|
|
|
|
# ============================================================================
|
|
# DATABASE CONFIGURATION
|
|
# ============================================================================
|
|
|
|
# SQLite Database Path (STANDALONE)
|
|
# This is where user data, auth codes, and sessions are stored
|
|
# Development: ./data/telegram_bot.db
|
|
# Docker: /app/data/telegram_bot.db
|
|
SQLITE_DB_PATH=/app/data/telegram_bot.db
|
|
|
|
# ============================================================================
|
|
# NETWORKING CONFIGURATION
|
|
# ============================================================================
|
|
|
|
# Internal API Port (for backend to call telegram-bot)
|
|
# This port is used by the backend to save auth codes
|
|
INTERNAL_API_PORT=8002
|
|
|
|
# ============================================================================
|
|
# OPTIONAL CONFIGURATION
|
|
# ============================================================================
|
|
|
|
# Logging Level
|
|
# Options: DEBUG, INFO, WARNING, ERROR, CRITICAL
|
|
LOG_LEVEL=INFO
|
|
|
|
# Sentry DSN for error monitoring (optional)
|
|
# Get from: https://sentry.io/
|
|
SENTRY_DSN=
|
|
|
|
# Environment
|
|
# Options: development, production
|
|
ENVIRONMENT=production
|