From edc3c291f37e23b74a9ef023f879151fcc8333b8 Mon Sep 17 00:00:00 2001
From: Dmitry Verkhoturov <paskal.07@gmail.com>
Date: Mon, 24 May 2021 18:49:31 +0200
Subject: [PATCH] add telegram auth backend support

---
 README.md                      |  9 ++++++++-
 backend/app/cmd/server.go      | 14 ++++++++++++++
 backend/app/cmd/server_test.go |  5 +++--
 compose-dev-backend.yml        |  1 +
 4 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 8d4befd8b2..ef6ba7286d 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@
 
 Remark42 is a self-hosted, lightweight, and simple (yet functional) comment engine, which doesn't spy on users. It can be embedded into blogs, articles or any other place where readers add comments.
 
-* Social login via Google, Twitter, Facebook, Microsoft, GitHub and Yandex
+* Social login via Google, Twitter, Facebook, Microsoft, GitHub, Yandex and Telegram
 * Login via email
 * Optional anonymous access
 * Multi-level nested comments with both tree and plain presentations
@@ -53,6 +53,7 @@ For admin screenshots see [Admin UI wiki](https://github.com/umputun/remark42/wi
         - [GitHub Auth Provider](#github-auth-provider)
         - [Facebook Auth Provider](#facebook-auth-provider)
         - [Twitter Auth Provider](#twitter-auth-provider)
+        - [Telegram Auth Provider](#telegram-auth-provider)
         - [Yandex Auth Provider](#yandex-auth-provider)
       - [Initial import from Disqus](#initial-import-from-disqus)
       - [Initial import from WordPress](#initial-import-from-wordpress)
@@ -147,6 +148,7 @@ _this is the recommended way to run remark42_
 | auth.github.csec        | AUTH_GITHUB_CSEC        |                          | GitHub OAuth client secret                      |
 | auth.twitter.cid        | AUTH_TWITTER_CID        |                          | Twitter Consumer API Key                        |
 | auth.twitter.csec       | AUTH_TWITTER_CSEC       |                          | Twitter Consumer API Secret key                 |
+| auth.telegram           | AUTH_TELEGRAM           |                          | Enable Telegram auth (telegram.token must be present |
 | auth.yandex.cid         | AUTH_YANDEX_CID         |                          | Yandex OAuth client ID                          |
 | auth.yandex.csec        | AUTH_YANDEX_CSEC        |                          | Yandex OAuth client secret                      |
 | auth.dev                | AUTH_DEV                | `false`                  | local oauth2 server, development mode only      |
@@ -317,6 +319,11 @@ _instructions for google oauth2 setup borrowed from [oauth2_proxy](https://githu
 1.	Under **Key and tokens** take note of the **Consumer API Key** and **Consumer API Secret key**. Those will be used as `AUTH_TWITTER_CID` and
  `AUTH_TWITTER_CSEC`
 
+##### Telegram Auth Provider
+
+1.  Contact [@BotFather](https://t.me/botfather) and follow his instructions to create your own bot (call it, for example, "My site auth bot")
+1.	Write down resulting token as `TELEGRAM_TOKEN` into remark42 config, and also set `AUTH_TELEGRAM` to `true` to enable telegram auth for your users.
+
 ##### Yandex Auth Provider
 
 1.  Create a new **"OAuth App"**: https://oauth.yandex.com/client/new
diff --git a/backend/app/cmd/server.go b/backend/app/cmd/server.go
index a45eb1a6fe..fb415d1179 100644
--- a/backend/app/cmd/server.go
+++ b/backend/app/cmd/server.go
@@ -96,6 +96,7 @@ type ServerCommand struct {
 		Microsoft AuthGroup `group:"microsoft" namespace:"microsoft" env-namespace:"MICROSOFT" description:"Microsoft OAuth"`
 		Yandex    AuthGroup `group:"yandex" namespace:"yandex" env-namespace:"YANDEX" description:"Yandex OAuth"`
 		Twitter   AuthGroup `group:"twitter" namespace:"twitter" env-namespace:"TWITTER" description:"Twitter OAuth"`
+		Telegram  bool      `long:"telegram" env:"TELEGRAM" description:"Enable Telegram auth (using token from telegram.token)"`
 		Dev       bool      `long:"dev" env:"DEV" description:"enable dev (local) oauth2"`
 		Anonymous bool      `long:"anon" env:"ANON" description:"enable anonymous login"`
 		Email     struct {
@@ -751,6 +752,19 @@ func (s *ServerCommand) addAuthProviders(authenticator *auth.Service) error {
 		authenticator.AddProvider("twitter", s.Auth.Twitter.CID, s.Auth.Twitter.CSEC)
 		providers++
 	}
+	if s.Auth.Telegram {
+		authenticator.AddCustomHandler(
+			&provider.TelegramHandler{
+				ProviderName: "telegram",
+				ErrorMsg:     "❌ Invalid auth request. Please try clicking link again.",
+				SuccessMsg:   "✅ You have successfully authenticated!",
+				Telegram:     provider.NewTelegramAPI(s.Telegram.Token, &http.Client{Timeout: s.Telegram.Timeout}),
+				L:            log.Default(),
+				TokenService: authenticator.TokenService(),
+				AvatarSaver:  authenticator.AvatarProxy(),
+			})
+		providers++
+	}
 
 	if s.Auth.Dev {
 		log.Print("[INFO] dev access enabled")
diff --git a/backend/app/cmd/server_test.go b/backend/app/cmd/server_test.go
index e0fa955297..60af207c99 100644
--- a/backend/app/cmd/server_test.go
+++ b/backend/app/cmd/server_test.go
@@ -78,7 +78,7 @@ func TestServerApp_DevMode(t *testing.T) {
 	waitForHTTPServerStart(port)
 
 	providers := app.restSrv.Authenticator.Providers()
-	require.Equal(t, 7+1, len(providers), "extra auth provider")
+	require.Equal(t, 8+1, len(providers), "extra auth provider")
 	assert.Equal(t, "dev", providers[len(providers)-2].Name(), "dev auth provider")
 	// send ping
 	resp, err := http.Get(fmt.Sprintf("http://localhost:%d/api/v1/ping", port))
@@ -105,7 +105,7 @@ func TestServerApp_AnonMode(t *testing.T) {
 	waitForHTTPServerStart(port)
 
 	providers := app.restSrv.Authenticator.Providers()
-	require.Equal(t, 7+1, len(providers), "extra auth provider for anon")
+	require.Equal(t, 8+1, len(providers), "extra auth provider for anon")
 	assert.Equal(t, "anonymous", providers[len(providers)-1].Name(), "anon auth provider")
 
 	// send ping
@@ -666,6 +666,7 @@ func prepServerApp(t *testing.T, fn func(o ServerCommand) ServerCommand) (*serve
 	cmd.Auth.Yandex.CSEC, cmd.Auth.Yandex.CID = "csec", "cid"
 	cmd.Auth.Microsoft.CSEC, cmd.Auth.Microsoft.CID = "csec", "cid"
 	cmd.Auth.Twitter.CSEC, cmd.Auth.Twitter.CID = "csec", "cid"
+	cmd.Auth.Telegram = true
 	cmd.Telegram.Token = "token"
 	cmd.Auth.Email.Enable = true
 	cmd.Auth.Email.MsgTemplate = "testdata/email.tmpl"
diff --git a/compose-dev-backend.yml b/compose-dev-backend.yml
index 02a00d3bbd..f5c9af54f7 100644
--- a/compose-dev-backend.yml
+++ b/compose-dev-backend.yml
@@ -56,6 +56,7 @@ services:
             - ANON_VOTE=true
             - VOTES_IP=true
             - AUTH_EMAIL_ENABLE=true
+            - AUTH_TELEGRAM=true
             - AUTH_ANON=true
             - AUTH_GOOGLE_CID=1111
             - AUTH_GOOGLE_CSEC=1111