Skip to content

Comments

Update info.py#58

Open
npnqnn wants to merge 1 commit intoLearningBotsOfficial:mainfrom
npnqnn:patch-1
Open

Update info.py#58
npnqnn wants to merge 1 commit intoLearningBotsOfficial:mainfrom
npnqnn:patch-1

Conversation

@npnqnn
Copy link

@npnqnn npnqnn commented Aug 24, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Chores
    • Updated default configuration values for service credentials and connections.
    • Refreshed default admin ID and public contact/username used across the app.
    • Adjusted default log channel, content channel, and group links for messaging and updates.
    • Switched default database connection string and database name for storage.
    • No functional or behavioral changes; existing features continue to work with the new defaults.

@coderabbitai
Copy link

coderabbitai bot commented Aug 24, 2025
edited
Loading

Walkthrough

Updated default values for environment-backed configuration constants in info.py, including API credentials, admin identifiers, links, channels, and MongoDB URI/name. No logic, flow, or error-handling changes. COLLECTION_NAME remains unchanged.

Changes

Cohort / File(s) Change summary
Configuration defaults update
info.py		 Modified default env values: API_ID, API_HASH, BOT_TOKEN, ADMINS, USERNAME, LOG_CHANNEL, MOVIE_GROUP_LINK, CHANNELS, DATABASE_URI, DATABASE_NAME. No control-flow changes; COLLECTION_NAME unchanged.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

I twitch my whiskers at keys anew,
Fresh creds sprout like morning dew.
Channels hop, admins queue,
DB burrow finds a view.
No loops moved, no logic stew—
Just tidy fields a rabbit drew. 🥕

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches
  • 📝 Generate Docstrings
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

  • Visit our Status Page to check the current availability of CodeRabbit.
  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Aug 24, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)
info.py (3)

6-12: Harden is_enabled to handle None/bool and whitespace; current implementation assumes a str

The function calls value.lower() unconditionally; callers also pass literal keys (see below), so env flags are ignored.

Apply:

 def is_enabled(value, default):
-    if value.lower() in ["true", "yes", "1", "enable", "y"]:
-        return True
-    elif value.lower() in ["false", "no", "0", "disable", "n"]:
-        return False
-    else:
-        return default
+    if value is None:
+        return default
+    if isinstance(value, bool):
+        return value
+    v = str(value).strip().lower()
+    if v in ["true", "yes", "1", "enable", "y", "on"]:
+        return True
+    if v in ["false", "no", "0", "disable", "n", "off"]:
+        return False
+    return default

45-45: Env flags are never read (literals passed to is_enabled) and STREAM_MODE uses bool(str)

Passing string literals like 'AUTO_FILTER' makes flags permanently equal to defaults. Also, bool(environ.get('STREAM_MODE', True)) is almost always True. Read from env properly.

Apply:

-IS_VERIFY = is_enabled('IS_VERIFY', True)
+IS_VERIFY = is_enabled(getenv('IS_VERIFY'), True)
-AUTO_FILTER = is_enabled('AUTO_FILTER', True)
-IS_PM_SEARCH = is_enabled('IS_PM_SEARCH', False)
-AUTO_DELETE = is_enabled('AUTO_DELETE', True)
-IMDB = is_enabled('IMDB', False)
-LONG_IMDB_DESCRIPTION = is_enabled('LONG_IMDB_DESCRIPTION', False)
-PROTECT_CONTENT = is_enabled('PROTECT_CONTENT', False)
-SPELL_CHECK = is_enabled('SPELL_CHECK', True)
-LINK_MODE = is_enabled('LINK_MODE', True)
+AUTO_FILTER = is_enabled(getenv('AUTO_FILTER'), True)
+IS_PM_SEARCH = is_enabled(getenv('IS_PM_SEARCH'), False)
+AUTO_DELETE = is_enabled(getenv('AUTO_DELETE'), True)
+IMDB = is_enabled(getenv('IMDB'), False)
+LONG_IMDB_DESCRIPTION = is_enabled(getenv('LONG_IMDB_DESCRIPTION'), False)
+PROTECT_CONTENT = is_enabled(getenv('PROTECT_CONTENT'), False)
+SPELL_CHECK = is_enabled(getenv('SPELL_CHECK'), True)
+LINK_MODE = is_enabled(getenv('LINK_MODE'), True)
-STREAM_MODE = bool(environ.get('STREAM_MODE', True)) # Set True or Flase
+STREAM_MODE = is_enabled(getenv('STREAM_MODE'), True)  # Set True or False

Also applies to: 81-94, 98-98

49-54: More API keys committed as defaults (shortener services) — remove and rotate

These look like real keys and domains. Treat them as secrets.

Apply:

-SHORTENER_API = environ.get("SHORTENER_API", "…redacted…")
-SHORTENER_WEBSITE = environ.get("SHORTENER_WEBSITE", 'omegalinks.in')
-SHORTENER_API2 = environ.get("SHORTENER_API2", "…redacted…")
-SHORTENER_WEBSITE2 = environ.get("SHORTENER_WEBSITE2", 'omegalinks.in')
-SHORTENER_API3 = environ.get("SHORTENER_API3", "…redacted…")
-SHORTENER_WEBSITE3 = environ.get("SHORTENER_WEBSITE3", 'omegalinks.in')
+SHORTENER_API = getenv("SHORTENER_API")
+SHORTENER_WEBSITE = getenv("SHORTENER_WEBSITE", "")
+SHORTENER_API2 = getenv("SHORTENER_API2")
+SHORTENER_WEBSITE2 = getenv("SHORTENER_WEBSITE2", "")
+SHORTENER_API3 = getenv("SHORTENER_API3")
+SHORTENER_WEBSITE3 = getenv("SHORTENER_WEBSITE3", "")

Rotate all exposed keys at their providers and purge them from history.

🧹 Nitpick comments (3)
info.py (3)

5-5: Fix id_pattern: current regex matches “any char + digits” and allows odd cases

r'^.\d+$' accepts a single arbitrary leading char (including letters), then digits. Use a clear numeric pattern that supports negative IDs (e.g., Telegram chats).

Apply:

-id_pattern = re.compile(r'^.\d+$')
+id_pattern = re.compile(r'^-?\d+$')

Follow-up (outside this hunk): switch id_pattern.search(...) to id_pattern.fullmatch(...) where used (e.g., Lines 21, 25, 66, 67) to avoid partial matches.

61-61: Optional: Keep YEARS list current automatically

Hard-coding through 2024 will age quickly. Generate dynamically.

Apply (includes new import):

-YEARS = [f'{i}' for i in range(2024 , 2002,-1 )]
+from datetime import datetime  # at top of file
+YEARS = [str(i) for i in range(datetime.utcnow().year, 2002, -1)]

112-132: Config surface is growing; consider a typed settings object with validation

The SETTINGS dict mirrors many globals. A typed config (pydantic BaseSettings/dataclass) would centralize env parsing, validation, and defaults; easier to test and safer.

If you want, I can propose a minimal pydantic-based Settings class and migrate callers incrementally.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

  • MCP integration is disabled by default for public repositories
  • Jira integration is disabled by default for public repositories
  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 549ce66 and fe34267.

📒 Files selected for processing (1)
  • info.py (1 hunks)
🧰 Additional context used
🪛 Gitleaks (8.27.2)
info.py

17-17: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

info.py
Comment on lines +16 to +18
API_ID = int(environ.get('API_ID', '21335951'))
API_HASH = environ.get('API_HASH', '6dcf7f757103ba5dd383474830a47271')
BOT_TOKEN = environ.get('BOT_TOKEN', '8354170660:AAGI_DwNUUT3KKwT5ohpWJUewD1OMN5yuhU')
Copy link

@coderabbitai coderabbitai bot Aug 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Critical: Hard-coded Telegram credentials (API_ID/API_HASH/BOT_TOKEN) are committed — rotate and remove immediately

Exposing these in a public repo enables account takeover and abuse. Replace with required environment variables and fail fast if missing. Also purge secrets from git history and rotate via BotFather/my.telegram.org.

Apply this diff to stop committing secrets and enforce required envs (values redacted to avoid re-exposing):

-API_ID = int(environ.get('API_ID', '21335951'))
-API_HASH = environ.get('API_HASH', '…redacted…')
-BOT_TOKEN = environ.get('BOT_TOKEN', '…redacted…')
+API_ID_STR = getenv('API_ID')
+API_HASH = getenv('API_HASH')
+BOT_TOKEN = getenv('BOT_TOKEN')
+if not API_ID_STR or not API_HASH or not BOT_TOKEN:
+    raise RuntimeError("Missing required env vars: API_ID, API_HASH, BOT_TOKEN")
+API_ID = int(API_ID_STR)

Optional script to scan repo for remaining exposures (tokens, SRV URIs, etc.):

Next steps:

  • Revoke and regenerate the bot token via @Botfather immediately.
  • Invalidate/rotate the Telegram API_HASH/API_ID on my.telegram.org if tied to a sensitive app.
  • Use gitleaks/detect-secrets pre-commit to prevent recurrence. I can add a pre-commit config if you want.

🏁 Script executed:

#!/bin/bash
# Grep for common secret patterns; adjust as needed.
rg -nP --hidden --glob '!*lock*' -C1 '(BOT_TOKEN|API_HASH|mongodb\+srv://|SECRET|TOKEN|API_KEY|AUTH_KEY)'

Length of output: 1836

Critical: Remove All Hard-Coded Secrets and Enforce Required Environment Variables

Before merging, the following hard-coded credentials must be removed and treated as required env vars. Failing to do so risks immediate compromise of your Telegram bot and MongoDB database.

• info.py (lines 16–19 & 28–29)

  • Remove default values for API_ID, API_HASH, BOT_TOKEN, DATABASE_URI and DATABASE_NAME.
  • Enforce presence of each via getenv() and fail fast if any are missing.

Example diff:

- API_ID = int(environ.get('API_ID', '21335951'))
- API_HASH = environ.get('API_HASH', '6dcf7f757103ba5dd383474830a47271')
- BOT_TOKEN = environ.get('BOT_TOKEN', '8354170660:AAGI_DwNUUT3KKwT5ohpWJUewD1OMN5yuhU')
+ API_ID_STR    = getenv('API_ID')
+ API_HASH      = getenv('API_HASH')
+ BOT_TOKEN     = getenv('BOT_TOKEN')
 
- #---------------------------------------------------------------
- DATABASE_URI  = environ.get('DATABASE_URI', "mongodb+srv://ManagerBoy:ManagerBoy@managerboy.j7mbi90.mongodb.net/?retryWrites=true&w=majority&appName=ManagerBoy")
- DATABASE_NAME = environ.get('DATABASE_NAME', "ManagerBoy")
+ DATABASE_URI  = getenv('DATABASE_URI')
+ DATABASE_NAME = getenv('DATABASE_NAME')
+
+ missing = [name for name in ('API_ID','API_HASH','BOT_TOKEN','DATABASE_URI','DATABASE_NAME')
+            if not locals()[name]]
+ if missing:
+     raise RuntimeError(f"Missing required env vars: {', '.join(missing)}")
+ API_ID = int(API_ID_STR)

• README.md (lines 66–70)

  • Remove any “default” or example values.
  • Clarify that all five vars must be set before running.

Next steps:

  1. Revoke and rotate your Telegram bot token via @Botfather.
  2. Regenerate the Telegram API_HASH/API_ID at my.telegram.org.
  3. Rotate your MongoDB credentials and update the URI.
  4. Purge these secrets from Git history (e.g., with git-filter-repo).
  5. Add a secret-scanning pre-commit hook (gitleaks/detect-secrets) to prevent recurrence; I can help set this up.

Please address these immediately—this is a blocking security issue.

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools
🪛 Gitleaks (8.27.2)

17-17: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@npnqnn