f4e0808a87
Previously, the botserver would accept any message sent to it. This was a security hazard, since an attacker could impersonate arbitrary users with arbitrary messages. We only want the Zulip instance where a bot is registered to be able to send out messages for that bot. To do this, this commits adds a check for the security token associated with each outgoing webhook bot. For each bot, its token is stored in the botserverrc file. The server sends the token along with each message. |
||
|---|---|---|
| .. | ||
| tests | ||
| zulip_botserver | ||
| README.md | ||
| setup.py | ||
| zulip-botserver-supervisord.conf | ||
zulip-bot-server --config-file <path to botserverrc> --hostname <address> --port <port>
Example: zulip-bot-server --config-file ~/botserverrc
This program loads the bot configurations from the config file (botserverrc here) and loads the bot modules. It then starts the server and fetches the requests to the above loaded modules and returns the success/failure result.
Please make sure you have a current botserverrc file with the configurations of the required bots. Hostname and Port are optional arguments. Default hostname is 127.0.0.1 and default port is 5002.