When signal has geo, show clickable Google Maps link instead of raw
coordinates. Without geo, show "Гео нету". Added parse_mode=HTML
to send_message for link rendering.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Login now requires login/email + password verified against DB via
/api/auth/login. Only approved registrations can access the app.
Signal endpoint accepts JWT Bearer tokens alongside legacy api_key auth.
Old UUID-only registration flow removed from frontend.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Дублирует аналогичный fix в telegram.py — httpcore тоже логирует
URLs с BOT_TOKEN на transport уровне. Синхронизировано с ручным
патчем на сервере.
Refs: #1303, #1309
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1. .pre-commit-config.yaml — local pygrep hook блокирует коммиты
с токенами формата \d{9,10}:AA[A-Za-z0-9_-]{35} (Telegram bot tokens).
Проверено: срабатывает на токен, пропускает чистые файлы.
2. backend/telegram.py — три функции (send_registration_notification,
answer_callback_query, edit_message_text) логировали exc напрямую,
что раскрывало BOT_TOKEN в URL httpx-исключений в journalctl.
Заменено на type(exc).__name__ — только тип ошибки, без URL.
Refs: #1303, #1309, #1283
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add logging.getLogger("httpx/httpcore").setLevel(WARNING) to prevent
token-embedded API URLs from leaking through transport-level loggers
- Add _mask_token() helper showing only last 4 chars of token
- Fix validate_bot_token() exception handler: log exc type + masked token
instead of raw exc which may contain the full URL in some httpx versions
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add validate_bot_token() to backend/telegram.py: calls getMe on startup,
logs ERROR if token is invalid (never raises per #1215 contract)
- Call validate_bot_token() in lifespan() after db.init_db() for early detection
- Update conftest.py make_app_client() to mock getMe endpoint
- Add 3 tests for validate_bot_token (200, 401, network error cases)
Root cause: CHAT_ID=5190015988 (positive) was wrong — fixed to -5190015988
on server per decision #1212. Group "Big Red Button" confirmed via getChat.
Service restarted.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
`async with await _get_conn()` запускал тред дважды: первый раз внутри
`_get_conn` через `await aiosqlite.connect()`, второй раз в `__aenter__`
через `await self`. Преобразован в `@asynccontextmanager` с `yield` и
`finally: conn.close()`. Все вызывающие места обновлены. Тест
`test_init_db_synchronous` обновлён под новый API.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
