Merge branch 'BATON-FIX-005-backend_dev'

2026-03-21 09:24:31 +02:00 · 2026-03-21 09:24:31 +02:00 · 177a0d80dd
commit 177a0d80dd
parent 2ab5e9ab54 85d156e9be
1 changed files with 19 additions and 1 deletions
--- a/backend/telegram.py
+++ b/backend/telegram.py
@ -11,9 +11,21 @@ from backend import config, db

 logger = logging.getLogger(__name__)

+# Suppress httpx/httpcore transport-level logging to prevent BOT_TOKEN URL leakage.
+# httpx logs request URLs (which embed the token) at DEBUG/INFO level depending on version.
+logging.getLogger("httpx").setLevel(logging.WARNING)
+logging.getLogger("httpcore").setLevel(logging.WARNING)
+
 _TELEGRAM_API = "https://api.telegram.org/bot{token}/{method}"


+def _mask_token(token: str) -> str:
+    """Return a safe representation of the bot token for logging."""
+    if not token or len(token) < 4:
+        return "***REDACTED***"
+    return f"***{token[-4:]}"
+
+
 async def validate_bot_token() -> bool:
    """Validate BOT_TOKEN by calling getMe. Logs ERROR if invalid. Never raises."""
    url = _TELEGRAM_API.format(token=config.BOT_TOKEN, method="getMe")
@ -29,7 +41,13 @@ async def validate_bot_token() -> bool:
            )
            return False
        except Exception as exc:
-            logger.error("BOT_TOKEN validation failed (network): %s", exc)
+            # Do not log `exc` directly — it may contain the API URL with the token
+            # embedded (httpx includes request URL in some exception types/versions).
+            logger.error(
+                "BOT_TOKEN validation failed (network error): %s — token ends with %s",
+                type(exc).__name__,
+                _mask_token(config.BOT_TOKEN),
+            )
            return False