add telegram auth backend support

umputun · May 24, 2021 · a0fc795 · a0fc795
1 parent 6a54ed8
commit a0fc795
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@
 
 Remark42 is a self-hosted, lightweight, and simple (yet functional) comment engine, which doesn't spy on users. It can be embedded into blogs, articles or any other place where readers add comments.
 
-* Social login via Google, Twitter, Facebook, Microsoft, GitHub and Yandex
+* Social login via Google, Twitter, Facebook, Microsoft, GitHub, Yandex and Telegram
 * Login via email
 * Optional anonymous access
 * Multi-level nested comments with both tree and plain presentations
@@ -53,6 +53,7 @@ For admin screenshots see [Admin UI wiki](https://github.com/umputun/remark42/wi
         - [GitHub Auth Provider](#github-auth-provider)
         - [Facebook Auth Provider](#facebook-auth-provider)
         - [Twitter Auth Provider](#twitter-auth-provider)
+        - [Telegram Auth Provider](#telegram-auth-provider)
         - [Yandex Auth Provider](#yandex-auth-provider)
       - [Initial import from Disqus](#initial-import-from-disqus)
       - [Initial import from WordPress](#initial-import-from-wordpress)
@@ -147,6 +148,7 @@ _this is the recommended way to run remark42_
 | auth.github.csec        | AUTH_GITHUB_CSEC        |                          | GitHub OAuth client secret                      |
 | auth.twitter.cid        | AUTH_TWITTER_CID        |                          | Twitter Consumer API Key                        |
 | auth.twitter.csec       | AUTH_TWITTER_CSEC       |                          | Twitter Consumer API Secret key                 |
+| auth.telegram           | AUTH_TELEGRAM           |                          | Enable Telegram auth (telegram.token must be present |
 | auth.yandex.cid         | AUTH_YANDEX_CID         |                          | Yandex OAuth client ID                          |
 | auth.yandex.csec        | AUTH_YANDEX_CSEC        |                          | Yandex OAuth client secret                      |
 | auth.dev                | AUTH_DEV                | `false`                  | local oauth2 server, development mode only      |
@@ -317,6 +319,11 @@ _instructions for google oauth2 setup borrowed from [oauth2_proxy](https://githu
 1.	Under **Key and tokens** take note of the **Consumer API Key** and **Consumer API Secret key**. Those will be used as `AUTH_TWITTER_CID` and
  `AUTH_TWITTER_CSEC`
 
+##### Telegram Auth Provider
+
+1.  Contact [@BotFather](https://t.me/botfather) and follow his instructions to create your own bot (call it, for example, "My site auth bot")
+1.	Write down resulting token as `TELEGRAM_TOKEN` into remark42 config
+
 ##### Yandex Auth Provider
 
 1.  Create a new **"OAuth App"**: https://oauth.yandex.com/client/new

diff --git a/backend/app/cmd/server.go b/backend/app/cmd/server.go
@@ -96,6 +96,7 @@ type ServerCommand struct {
 		Microsoft AuthGroup `group:"microsoft" namespace:"microsoft" env-namespace:"MICROSOFT" description:"Microsoft OAuth"`
 		Yandex    AuthGroup `group:"yandex" namespace:"yandex" env-namespace:"YANDEX" description:"Yandex OAuth"`
 		Twitter   AuthGroup `group:"twitter" namespace:"twitter" env-namespace:"TWITTER" description:"Twitter OAuth"`
+		Telegram  bool      `long:"telegram" env:"TELEGRAM" description:"Enable Telegram auth (using token from telegram.token)"`
 		Dev       bool      `long:"dev" env:"DEV" description:"enable dev (local) oauth2"`
 		Anonymous bool      `long:"anon" env:"ANON" description:"enable anonymous login"`
 		Email     struct {
@@ -740,6 +741,19 @@ func (s *ServerCommand) addAuthProviders(authenticator *auth.Service) error {
 		authenticator.AddProvider("twitter", s.Auth.Twitter.CID, s.Auth.Twitter.CSEC)
 		providers++
 	}
+	if s.Auth.Telegram {
+		authenticator.AddCustomHandler(
+			&provider.TelegramHandler{
+				ProviderName: "telegram",
+				ErrorMsg:     "❌ Invalid auth request. Please try clicking link again.",
+				SuccessMsg:   "✅ You have successfully authenticated!",
+				Telegram:     provider.NewTelegramAPI(s.Telegram.Token, http.DefaultClient),
+				L:            log.Default(),
+				TokenService: authenticator.TokenService(),
+				AvatarSaver:  authenticator.AvatarProxy(),
+			})
+		providers++
+	}
 
 	if s.Auth.Dev {
 		log.Print("[INFO] dev access enabled")

diff --git a/compose-dev-backend.yml b/compose-dev-backend.yml
@@ -56,6 +56,7 @@ services:
             - ANON_VOTE=true
             - VOTES_IP=true
             - AUTH_EMAIL_ENABLE=true
+            - AUTH_TELEGRAM=true
             - AUTH_ANON=true
             - AUTH_GOOGLE_CID=1111
             - AUTH_GOOGLE_CSEC=1111