Merge branch 'feature/inline-keyboards'

Author: pietroalbini

botogram/__init__.py

@@ -34,6 +34,7 @@
 from .runner import run
 from .objects import *
 from .utils import usernames_in
+from .callbacks import Buttons, ButtonsRow
 
 
 # This code will simulate the Windows' multiprocessing behavior if the

botogram/api.py

@@ -182,3 +182,7 @@ def file_content(self, path):
         response = requests.get(url)
 
         return response.content
+
+    @property
+    def token(self):
+        return self._api_key

botogram/bot.py

@@ -25,6 +25,7 @@
 import requests.exceptions
 
 from . import api
+from . import callbacks
 from . import objects
 from . import runner
 from . import defaults
@@ -54,6 +55,8 @@ def __init__(self, api_connection):
 
         self.process_backlog = False
 
+        self.validate_callback_signatures = True
+
         self._lang = ""
         self._lang_inst = None
 
@@ -87,6 +90,7 @@ def __init__(self, api_connection):
                                        messages.process_channel_post)
         self.register_update_processor("edited_channel_post",
                                        messages.process_channel_post_edited)
+        self.register_update_processor("callback_query", callbacks.process)
 
         self._bot_id = str(uuid.uuid4())
 
@@ -117,6 +121,13 @@ def __reduce__(self):
         return object.__reduce__(self)
 
     def __setattr__(self, name, value):
+        # Warn about disabled callback validation
+        if name == "validate_callback_signatures" and not value:
+            self.logger.warn("Your code disabled signature validation for "
+                             "callbacks!")
+            self.logger.warn("This can cause security issues. Please enable "
+                             "it again.")
+
         # Use the standard __setattr__
         return object.__setattr__(self, name, value)
 
@@ -178,6 +189,13 @@ def __(func):
             return func
         return __
 
+    def callback(self, name):
+        """Register a new callback"""
+        def __(func):
+            self._main_component.add_callback(name, func)
+            return func
+        return __
+
     def timer(self, interval):
         """Register a new timer"""
         def __(func):
@@ -234,8 +252,10 @@ def run(self, workers=2):
     def register_update_processor(self, kind, processor):
         """Register a new update processor"""
         if kind in self._update_processors:
-            raise NameError("An update processor for \"%s\" updates is "
-                            "already registered" % kind)
+            self.logger.warn("Your code replaced the default update processor "
+                             "for '%s'!" % kind)
+            self.logger.warn("If you want botogram to handle those updates "
+                             "natively remove your processor.")
 
         self._update_processors[kind] = processor
 
@@ -247,6 +267,7 @@ def freeze(self):
         return frozenbot.FrozenBot(self.api, self.about, self.owner,
                                    self._hide_commands, self.before_help,
                                    self.after_help, self.link_preview_in_help,
+                                   self.validate_callback_signatures,
                                    self.process_backlog, self.lang,
                                    self.itself, self._commands_re,
                                    self._commands, chains, self._scheduler,

botogram/callbacks.py

@@ -0,0 +1,189 @@
+# Copyright (c) 2015-2017 The Botogram Authors (see AUTHORS)
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+#   The above copyright notice and this permission notice shall be included in
+#   all copies or substantial portions of the Software.
+#
+#   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+#   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+#   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+#   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+#   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+#   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+
+import base64
+import binascii
+import hashlib
+
+from . import crypto
+from .context import ctx
+
+
+DIGEST = hashlib.md5
+DIGEST_LEN = 16
+
+
+class ButtonsRow:
+    """A row of an inline keyboard"""
+
+    def __init__(self):
+        self._content = []
+
+    def url(self, label, url):
+        """Open an URL when the button is pressed"""
+        self._content.append({"text": label, "url": url})
+
+    def callback(self, label, callback, data=None):
+        """Trigger a callback when the button is pressed"""
+        def generate_callback_data():
+            c = ctx()
+
+            name = "%s:%s" % (c.component_name(), callback)
+            return get_callback_data(c.bot, c.chat(), name, data)
+
+        self._content.append({
+            "text": label,
+            "callback_data": generate_callback_data,
+        })
+
+    def switch_inline_query(self, label, query="", current_chat=False):
+        """Switch the user to this bot's inline query"""
+        if current_chat:
+            self._content.append({
+                "text": label,
+                "switch_inline_query_current_chat": query,
+            })
+        else:
+            self._content.append({
+                "text": label,
+                "switch_inline_query": query,
+            })
+
+    def _get_content(self):
+        """Get the content of this row"""
+        for item in self._content:
+            new = item.copy()
+
+            # Replace any callable with its value
+            # This allows to dynamically generate field values
+            for key, value in new.items():
+                if callable(value):
+                    new[key] = value()
+
+            yield new
+
+
+class Buttons:
+    """Factory for inline keyboards"""
+
+    def __init__(self):
+        self._rows = {}
+
+    def __getitem__(self, index):
+        if index not in self._rows:
+            self._rows[index] = ButtonsRow()
+        return self._rows[index]
+
+    def _serialize_attachment(self):
+        rows = [
+            list(row._get_content()) for i, row in sorted(
+                tuple(self._rows.items()), key=lambda i: i[0]
+            )
+        ]
+
+        return {"inline_keyboard": rows}
+
+
+def parse_callback_data(bot, chat, raw):
+    """Parse the callback data generated by botogram and return it"""
+    raw = raw.encode("utf-8")
+
+    if len(raw) < 32:
+        raise crypto.TamperedMessageError
+
+    try:
+        prelude = base64.b64decode(raw[:32])
+    except binascii.Error:
+        raise crypto.TamperedMessageError
+
+    signature = prelude[:16]
+    name = prelude[16:]
+    data = raw[32:]
+
+    # Don't check the signature if the user explicitly disabled the check
+    if bot.validate_callback_signatures:
+        correct = get_signature(bot, chat, name, data)
+        if not crypto.compare(correct, signature):
+            raise crypto.TamperedMessageError
+
+    if data:
+        return name, data.decode("utf-8")
+    else:
+        return name, None
+
+
+def get_callback_data(bot, chat, name, data=None):
+    """Get the callback data for the provided name and data"""
+    name = hashed_callback_name(name)
+
+    if data is None:
+        data = ""
+    data = data.encode("utf-8")
+
+    if len(data) > 32:
+        raise ValueError(
+            "The provided data is too big (%s bytes), try to reduce it to "
+            "32 bytes" % len(data)
+        )
+
+    # Get the signature of the hook name and data
+    signature = get_signature(bot, chat, name, data)
+
+    # Base64 the signature and the hook name together to save space
+    return (base64.b64encode(signature + name) + data).decode("utf-8")
+
+
+def get_signature(bot, chat, name, data):
+    """Generate a signature for the provided information"""
+    chat_id = str(chat.id).encode("utf-8")
+    return crypto.get_hmac(bot, name + b'\0' + chat_id + b'\0' + data)
+
+
+def hashed_callback_name(name):
+    """Get the hashed name of a callback"""
+    # Get only the first 8 bytes of the hash to fit it into the payload
+    return DIGEST(name.encode("utf-8")).digest()[:8]
+
+
+def process(bot, chains, update):
+    """Process a callback sent to the bot"""
+    chat = update.callback_query.message.chat
+    raw = update.callback_query._data
+
+    try:
+        name, data = parse_callback_data(bot, chat, raw)
+    except crypto.TamperedMessageError:
+        bot.logger.warn(
+            "The user tampered with the #%s update's data. Skipped it."
+            % update.update_id
+        )
+        return
+
+    for hook in chains["callbacks"]:
+        bot.logger.debug("Processing update #%s with the hook %s" %
+                         (update.update_id, hook.name))
+
+        result = hook.call(bot, update, name, data)
+        if result is True:
+            bot.logger.debug("Update #%s was just processed by the %s hook" %
+                             (update.update_id, hook.name))
+            return
+
+    bot.logger.debug("No hook actually processed the #%s update." %
+                     update.update_id)

botogram/components.py

@@ -37,6 +37,7 @@ def __new__(cls, *args, **kwargs):
         self = super(Component, cls).__new__(cls)
 
         self.__commands = {}
+        self.__callbacks = {}
         self.__processors = []
         self.__no_commands = []
         self.__before_processors = []
@@ -132,6 +133,19 @@ def add_command(self, name, func, hidden=False, order=0, _from_main=False):
         command = commands.Command(hook)
         self.__commands[name] = command
 
+    def add_callback(self, name, func):
+        """Add a new callback"""
+        if name in self.__callbacks:
+            raise NameError("The callback %s already exists" % name)
+
+        if not callable(func):
+            raise ValueError("A callback must be callable")
+
+        hook = hooks.CallbackHook(func, self, {
+            "name": name,
+        })
+        self.__callbacks[name] = hook
+
     def add_timer(self, interval, func):
         """Register a new timer"""
         if not callable(func):
@@ -212,7 +226,11 @@ def _get_chains(self):
             "chat_unavalable_hooks": [self.__chat_unavailable_hooks],
             "messages_edited": [self.__messages_edited_hooks],
             "channel_post": [self.__channel_post_hooks],
-            "channel_post_edited": [self.__channel_post_edited_hooks]
+            "channel_post_edited": [self.__channel_post_edited_hooks],
+            "callbacks": [[
+                self.__callbacks[name]
+                for name in sorted(self.__callbacks.keys())
+            ]],
         }
 
     def _get_commands(self):

botogram/context.py

@@ -0,0 +1,59 @@
+# Copyright (c) 2015-2017 The Botogram Authors (see AUTHORS)
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+#   The above copyright notice and this permission notice shall be included in
+#   all copies or substantial portions of the Software.
+#
+#   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+#   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+#   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+#   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+#   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+#   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+#   DEALINGS IN THE SOFTWARE.
+
+import threading
+
+
+_local = threading.local()
+_local._botogram_context = []
+
+
+class Context:
+    """Context of an hook call"""
+
+    def __init__(self, bot, hook, update):
+        self.bot = bot
+        self.hook = hook
+        self.update = update
+
+    def __enter__(self):
+        _local._botogram_context.append(self)
+
+    def __exit__(self, *_):
+        _local._botogram_context.pop()
+
+    def bot_username(self):
+        """Get the username of the bot"""
+        return self.bot.itself.username
+
+    def component_name(self):
+        """Get the name of the current component"""
+        return self.hook.component.component_name
+
+    def chat(self):
+        """Get the current chat"""
+        if self.update:
+            return self.update.chat()
+
+
+def ctx():
+    """Get the current context"""
+    if _local._botogram_context:
+        return _local._botogram_context[-1]