h-ui icon indicating copy to clipboard operation
h-ui copied to clipboard
verified publisher icon jonssonyan

Telegram login hardening: 2FA lockout, DNS override, JWT warning, timeouts

Open denis-kudelin opened this issue 4 months ago • 0 comments

Summary

  • Login: on Telegram reminder failure return 503 with code=tg_unavailable when 2FA is enabled; otherwise set jwt.telegram_warning=true. Add warnings via logrus. (controller/account.go, model/vo/jwt.go)
  • Telegram service: validate configs with detailed logs; use HTTP client with timeouts; optional DNS override via TELEGRAM_DNS_SERVERS; add time-bounded GetMe/SendWithMessage; return wrapped errors; expose function vars for tests. (service/telegram.go)
  • Config: add TELEGRAM_DNS_SERVERS, TELEGRAM_2FA_ENABLE. (model/constant/config.go)
  • DAO: guard nil sqlite handle in GetConfig. (dao/config.go)
  • Tests: add TestLoginTelegramFailure to assert telegram_warning. (controller/login_test.go)
  • Build: bump to Go 1.21 and update x/crypto, x/net, x/sys. (go.mod/go.sum)
  • Docs: README notes on internal DNS behavior.

denis-kudelin avatar Aug 14 '25 18:08 denis-kudelin