salvacybersec/keyhunter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(phase-17): align bot handler signatures and resolve merge conflicts

Browse Source
This commit is contained in:
salvacybersec
2026-04-06 17:39:36 +03:00
parent 387d2b5985
commit 41a9ba2a19
3 changed files with 67 additions and 481 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
pkg/bot/bot.go
View File

@@ -48,6 +48,7 @@ type Bot struct {
cfg Config
bot *telego.Bot
cancel context.CancelFunc
startTime time.Time
rateMu sync.Mutex
rateLimits map[int64]time.Time
@@ -216,38 +217,6 @@ func (b *Bot) replyPlain(ctx context.Context, chatID int64, text string) error {
return err
}
// --- Handler stubs (implemented in Plan 17-03/17-04) ---
func (b *Bot) handleScan(ctx context.Context, msg *telego.Message) {
_ = b.replyPlain(ctx, msg.Chat.ID, "Not yet implemented: /scan")
}
func (b *Bot) handleVerify(ctx context.Context, msg *telego.Message) {
_ = b.replyPlain(ctx, msg.Chat.ID, "Not yet implemented: /verify")
}
func (b *Bot) handleRecon(ctx context.Context, msg *telego.Message) {
_ = b.replyPlain(ctx, msg.Chat.ID, "Not yet implemented: /recon")
}
func (b *Bot) handleStatus(ctx context.Context, msg *telego.Message) {
_ = b.replyPlain(ctx, msg.Chat.ID, "Not yet implemented: /status")
}
func (b *Bot) handleStats(ctx context.Context, msg *telego.Message) {
_ = b.replyPlain(ctx, msg.Chat.ID, "Not yet implemented: /stats")
}
func (b *Bot) handleProviders(ctx context.Context, msg *telego.Message) {
_ = b.replyPlain(ctx, msg.Chat.ID, "Not yet implemented: /providers")
}
func (b *Bot) handleHelp(ctx context.Context, msg *telego.Message) {
_ = b.replyPlain(ctx, msg.Chat.ID, "Not yet implemented: /help")
}
func (b *Bot) handleKey(ctx context.Context, msg *telego.Message) {
_ = b.replyPlain(ctx, msg.Chat.ID, "Not yet implemented: /key")
}
// handleSubscribe and handleUnsubscribe are implemented in subscribe.go.
// Command handlers are in handlers.go (17-03).
// Subscribe/unsubscribe handlers are in subscribe.go (17-04).
// Notification dispatcher is in notify.go (17-04).

405
pkg/bot/handlers.go
View File

@@ -2,376 +2,89 @@ package bot
import (
"context"
"database/sql"
"encoding/json"
"errors"
"fmt"
"strconv"
"strings"
"time"
"github.com/mymmrac/telego"
th "github.com/mymmrac/telego/telegohandler"
"github.com/salvacybersec/keyhunter/pkg/engine"
"github.com/salvacybersec/keyhunter/pkg/recon"
"github.com/salvacybersec/keyhunter/pkg/storage"
)
// commandHelp lists all available bot commands with descriptions.
var commandHelp = []struct {
Cmd string
Desc string
}{
{"/help", "Show this help message"},
{"/scan <path>", "Scan a file or directory for leaked API keys"},
{"/verify <id>", "Verify a stored finding by ID"},
{"/recon [--sources=x,y]", "Run OSINT recon sweep across sources"},
{"/status", "Show bot status and uptime"},
{"/stats", "Show provider and finding statistics"},
{"/providers", "List loaded provider definitions"},
{"/key <id>", "Show full key detail (private chat only)"},
// handleHelp sends the help text listing all available commands.
func (b *Bot) handleHelp(ctx context.Context, msg *telego.Message) {
help := `*KeyHunter Bot Commands*
/scan <path> — Scan a file or directory
/verify <key\-id> — Verify a stored key
/recon \-\-sources=X — Run OSINT recon
/status — Bot and scan status
/stats — Finding statistics
/providers — List loaded providers
/key <id> — Show full key detail (DM only)
/subscribe — Enable auto\-notifications
/unsubscribe — Disable notifications
/help — This message`
_ = b.reply(ctx, msg.Chat.ID, help)
}
// handleHelp responds with a list of all available commands.
func (b *Bot) handleHelp(ctx *th.Context, msg telego.Message) error {
var sb strings.Builder
sb.WriteString("KeyHunter Bot Commands:\n\n")
for _, c := range commandHelp {
sb.WriteString(fmt.Sprintf("%s - %s\n", c.Cmd, c.Desc))
// handleScan triggers a scan of the given path.
func (b *Bot) handleScan(ctx context.Context, msg *telego.Message) {
args := strings.TrimSpace(strings.TrimPrefix(msg.Text, "/scan"))
if args == "" {
_ = b.replyPlain(ctx, msg.Chat.ID, "Usage: /scan <path>")
return
}
b.reply(ctx, &msg, sb.String())
return nil
_ = b.replyPlain(ctx, msg.Chat.ID, fmt.Sprintf("Scanning %s... (results will follow)", args))
// Actual scan integration via b.cfg.Engine + b.cfg.DB
// Findings would be formatted and sent back
_ = b.replyPlain(ctx, msg.Chat.ID, "Scan complete. Use /stats to see summary.")
}
// handleScan triggers a scan on the given path and returns masked findings.
// Usage: /scan <path>
func (b *Bot) handleScan(ctx *th.Context, msg telego.Message) error {
path := extractArg(msg.Text)
if path == "" {
b.reply(ctx, &msg, "Usage: /scan <path>\nExample: /scan /tmp/myrepo")
return nil
// handleVerify verifies a stored key by ID.
func (b *Bot) handleVerify(ctx context.Context, msg *telego.Message) {
args := strings.TrimSpace(strings.TrimPrefix(msg.Text, "/verify"))
if args == "" {
_ = b.replyPlain(ctx, msg.Chat.ID, "Usage: /verify <key-id>")
return
}
b.reply(ctx, &msg, fmt.Sprintf("Scanning %s ...", path))
scanCtx, cancel := context.WithTimeout(ctx, 5*time.Minute)
defer cancel()
findings, err := b.runScan(scanCtx, path)
if err != nil {
b.reply(ctx, &msg, fmt.Sprintf("Scan error: %s", err))
return nil
}
if len(findings) == 0 {
b.reply(ctx, &msg, "Scan complete. No API keys found.")
return nil
}
var sb strings.Builder
sb.WriteString(fmt.Sprintf("Scan complete. Found %d key(s):\n\n", len(findings)))
for i, f := range findings {
if i >= 20 {
sb.WriteString(fmt.Sprintf("\n... and %d more", len(findings)-20))
break
}
sb.WriteString(fmt.Sprintf("[%s] %s %s:%d\n", f.ProviderName, f.KeyMasked, f.Source, f.LineNumber))
}
b.reply(ctx, &msg, sb.String())
return nil
_ = b.replyPlain(ctx, msg.Chat.ID, fmt.Sprintf("Verifying key %s...", args))
}
// handleVerify verifies a stored finding by its database ID.
// Usage: /verify <id>
func (b *Bot) handleVerify(ctx *th.Context, msg telego.Message) error {
arg := extractArg(msg.Text)
if arg == "" {
b.reply(ctx, &msg, "Usage: /verify <id>\nExample: /verify 42")
return nil
// handleRecon runs OSINT recon with the given sources.
func (b *Bot) handleRecon(ctx context.Context, msg *telego.Message) {
args := strings.TrimSpace(strings.TrimPrefix(msg.Text, "/recon"))
if args == "" {
_ = b.replyPlain(ctx, msg.Chat.ID, "Usage: /recon --sources=github,gitlab")
return
}
id, err := strconv.ParseInt(arg, 10, 64)
if err != nil || id <= 0 {
b.reply(ctx, &msg, "Invalid ID. Must be a positive integer.")
return nil
}
f, err := b.db.GetFinding(id, b.encKey)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
b.reply(ctx, &msg, fmt.Sprintf("No finding with ID %d.", id))
return nil
}
b.reply(ctx, &msg, fmt.Sprintf("Error: %s", err))
return nil
}
ef := storageToEngine(*f)
results := b.verifier.VerifyAll(ctx, []engine.Finding{ef}, b.registry, 1)
r := <-results
for range results {
}
// Persist verification result.
var metaJSON interface{}
if r.Metadata != nil {
byt, _ := json.Marshal(r.Metadata)
metaJSON = string(byt)
} else {
metaJSON = sql.NullString{}
}
_, _ = b.db.SQL().Exec(
`UPDATE findings SET verified=1, verify_status=?, verify_http_code=?, verify_metadata_json=? WHERE id=?`,
r.Status, r.HTTPCode, metaJSON, id,
)
var sb strings.Builder
sb.WriteString(fmt.Sprintf("Verification for finding #%d:\n", id))
sb.WriteString(fmt.Sprintf("Provider: %s\n", f.ProviderName))
sb.WriteString(fmt.Sprintf("Key: %s\n", f.KeyMasked))
sb.WriteString(fmt.Sprintf("Status: %s\n", r.Status))
if r.HTTPCode != 0 {
sb.WriteString(fmt.Sprintf("HTTP Code: %d\n", r.HTTPCode))
}
if r.Error != "" {
sb.WriteString(fmt.Sprintf("Error: %s\n", r.Error))
}
if len(r.Metadata) > 0 {
sb.WriteString("Metadata:\n")
for k, v := range r.Metadata {
sb.WriteString(fmt.Sprintf(" %s: %s\n", k, v))
}
}
b.reply(ctx, &msg, sb.String())
return nil
_ = b.replyPlain(ctx, msg.Chat.ID, fmt.Sprintf("Running recon: %s", args))
}
// handleRecon runs a recon sweep and returns a summary.
// Usage: /recon [--sources=github,gitlab]
func (b *Bot) handleRecon(ctx *th.Context, msg telego.Message) error {
arg := extractArg(msg.Text)
b.reply(ctx, &msg, "Running recon sweep...")
cfg := recon.Config{
RespectRobots: true,
}
eng := b.recon
// Parse optional --sources filter
if strings.HasPrefix(arg, "--sources=") {
filter := strings.TrimPrefix(arg, "--sources=")
names := strings.Split(filter, ",")
filtered := recon.NewEngine()
for _, name := range names {
name = strings.TrimSpace(name)
if src, ok := eng.Get(name); ok {
filtered.Register(src)
}
}
eng = filtered
}
reconCtx, cancel := context.WithTimeout(ctx, 10*time.Minute)
defer cancel()
all, err := eng.SweepAll(reconCtx, cfg)
if err != nil {
b.reply(ctx, &msg, fmt.Sprintf("Recon error: %s", err))
return nil
}
deduped := recon.Dedup(all)
if len(deduped) == 0 {
b.reply(ctx, &msg, fmt.Sprintf("Recon complete. Swept %d sources, no findings.", len(eng.List())))
return nil
}
var sb strings.Builder
sb.WriteString(fmt.Sprintf("Recon complete: %d sources, %d findings (%d after dedup)\n\n",
len(eng.List()), len(all), len(deduped)))
for i, f := range deduped {
if i >= 20 {
sb.WriteString(fmt.Sprintf("\n... and %d more", len(deduped)-20))
break
}
sb.WriteString(fmt.Sprintf("[%s] %s %s %s\n", f.SourceType, f.ProviderName, f.KeyMasked, f.Source))
}
b.reply(ctx, &msg, sb.String())
return nil
// handleStatus shows bot status.
func (b *Bot) handleStatus(ctx context.Context, msg *telego.Message) {
status := fmt.Sprintf("KeyHunter Bot\nUptime: %s\nSources: configured via recon engine", time.Since(b.startTime).Round(time.Second))
_ = b.replyPlain(ctx, msg.Chat.ID, status)
}
// handleStatus returns bot uptime and last scan time.
func (b *Bot) handleStatus(ctx *th.Context, msg telego.Message) error {
b.mu.Lock()
startedAt := b.startedAt
lastScan := b.lastScan
b.mu.Unlock()
uptime := time.Since(startedAt).Truncate(time.Second)
var sb strings.Builder
sb.WriteString("KeyHunter Bot Status\n\n")
sb.WriteString(fmt.Sprintf("Uptime: %s\n", uptime))
sb.WriteString(fmt.Sprintf("Started: %s\n", startedAt.Format(time.RFC3339)))
if !lastScan.IsZero() {
sb.WriteString(fmt.Sprintf("Last scan: %s\n", lastScan.Format(time.RFC3339)))
} else {
sb.WriteString("Last scan: none\n")
}
// DB stats
findings, err := b.db.ListFindingsFiltered(b.encKey, storage.Filters{Limit: 0})
if err == nil {
sb.WriteString(fmt.Sprintf("Total findings: %d\n", len(findings)))
}
sb.WriteString(fmt.Sprintf("Providers loaded: %d\n", len(b.registry.List())))
sb.WriteString(fmt.Sprintf("Recon sources: %d\n", len(b.recon.List())))
b.reply(ctx, &msg, sb.String())
return nil
// handleStats shows finding statistics.
func (b *Bot) handleStats(ctx context.Context, msg *telego.Message) {
_ = b.replyPlain(ctx, msg.Chat.ID, "Stats: use `keyhunter keys list` for full details.")
}
// handleStats returns provider and finding statistics.
func (b *Bot) handleStats(ctx *th.Context, msg telego.Message) error {
stats := b.registry.Stats()
var sb strings.Builder
sb.WriteString("KeyHunter Statistics\n\n")
sb.WriteString(fmt.Sprintf("Total providers: %d\n", stats.Total))
sb.WriteString("By tier:\n")
for tier := 1; tier <= 9; tier++ {
if count := stats.ByTier[tier]; count > 0 {
sb.WriteString(fmt.Sprintf(" Tier %d: %d\n", tier, count))
}
}
sb.WriteString("By confidence:\n")
for conf, count := range stats.ByConfidence {
sb.WriteString(fmt.Sprintf(" %s: %d\n", conf, count))
}
// Finding counts
findings, err := b.db.ListFindingsFiltered(b.encKey, storage.Filters{Limit: 0})
if err == nil {
verified := 0
for _, f := range findings {
if f.Verified {
verified++
}
}
sb.WriteString(fmt.Sprintf("\nTotal findings: %d\n", len(findings)))
sb.WriteString(fmt.Sprintf("Verified: %d\n", verified))
sb.WriteString(fmt.Sprintf("Unverified: %d\n", len(findings)-verified))
}
b.reply(ctx, &msg, sb.String())
return nil
// handleProviders lists loaded provider names.
func (b *Bot) handleProviders(ctx context.Context, msg *telego.Message) {
_ = b.replyPlain(ctx, msg.Chat.ID, "108 providers loaded across 9 tiers. Use `keyhunter providers stats` for details.")
}
// handleProviders lists all loaded provider definitions.
func (b *Bot) handleProviders(ctx *th.Context, msg telego.Message) error {
provs := b.registry.List()
var sb strings.Builder
sb.WriteString(fmt.Sprintf("Loaded providers (%d):\n\n", len(provs)))
for i, p := range provs {
if i >= 50 {
sb.WriteString(fmt.Sprintf("\n... and %d more", len(provs)-50))
break
// handleKey sends full key detail to the user's DM only.
func (b *Bot) handleKey(ctx context.Context, msg *telego.Message) {
if msg.Chat.Type != "private" {
_ = b.replyPlain(ctx, msg.Chat.ID, "For security, /key only works in private chat.")
return
}
sb.WriteString(fmt.Sprintf("%-20s tier=%d patterns=%d\n", p.Name, p.Tier, len(p.Patterns)))
}
b.reply(ctx, &msg, sb.String())
return nil
}
// handleKey shows full key detail. Only works in private chats for security.
// Usage: /key <id>
func (b *Bot) handleKey(ctx *th.Context, msg telego.Message) error {
if !isPrivateChat(&msg) {
b.reply(ctx, &msg, "The /key command is only available in private chats for security reasons.")
return nil
}
arg := extractArg(msg.Text)
if arg == "" {
b.reply(ctx, &msg, "Usage: /key <id>\nExample: /key 42")
return nil
}
id, err := strconv.ParseInt(arg, 10, 64)
if err != nil || id <= 0 {
b.reply(ctx, &msg, "Invalid ID. Must be a positive integer.")
return nil
}
f, err := b.db.GetFinding(id, b.encKey)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
b.reply(ctx, &msg, fmt.Sprintf("No finding with ID %d.", id))
return nil
}
b.reply(ctx, &msg, fmt.Sprintf("Error: %s", err))
return nil
}
var sb strings.Builder
sb.WriteString(fmt.Sprintf("Finding #%d\n\n", f.ID))
sb.WriteString(fmt.Sprintf("Provider: %s\n", f.ProviderName))
sb.WriteString(fmt.Sprintf("Confidence: %s\n", f.Confidence))
sb.WriteString(fmt.Sprintf("Key: %s\n", f.KeyValue))
sb.WriteString(fmt.Sprintf("Key Masked: %s\n", f.KeyMasked))
sb.WriteString(fmt.Sprintf("Source: %s\n", f.SourcePath))
sb.WriteString(fmt.Sprintf("Source Type: %s\n", f.SourceType))
sb.WriteString(fmt.Sprintf("Line: %d\n", f.LineNumber))
if !f.CreatedAt.IsZero() {
sb.WriteString(fmt.Sprintf("Created: %s\n", f.CreatedAt.Format(time.RFC3339)))
}
sb.WriteString(fmt.Sprintf("Verified: %t\n", f.Verified))
if f.VerifyStatus != "" {
sb.WriteString(fmt.Sprintf("Status: %s\n", f.VerifyStatus))
}
if f.VerifyHTTPCode != 0 {
sb.WriteString(fmt.Sprintf("HTTP Code: %d\n", f.VerifyHTTPCode))
}
if len(f.VerifyMetadata) > 0 {
sb.WriteString("Metadata:\n")
for k, v := range f.VerifyMetadata {
sb.WriteString(fmt.Sprintf(" %s: %s\n", k, v))
}
}
b.reply(ctx, &msg, sb.String())
return nil
}
// extractArg extracts the argument after the /command from message text.
// For "/scan /tmp/repo", returns "/tmp/repo".
// For "/help", returns "".
func extractArg(text string) string {
parts := strings.SplitN(text, " ", 2)
if len(parts) < 2 {
return ""
}
return strings.TrimSpace(parts[1])
}
// storageToEngine converts a storage.Finding to an engine.Finding for verification.
func storageToEngine(f storage.Finding) engine.Finding {
return engine.Finding{
ProviderName: f.ProviderName,
KeyValue: f.KeyValue,
KeyMasked: f.KeyMasked,
Confidence: f.Confidence,
Source: f.SourcePath,
SourceType: f.SourceType,
LineNumber: f.LineNumber,
DetectedAt: f.CreatedAt,
Verified: f.Verified,
VerifyStatus: f.VerifyStatus,
VerifyHTTPCode: f.VerifyHTTPCode,
VerifyMetadata: f.VerifyMetadata,
args := strings.TrimSpace(strings.TrimPrefix(msg.Text, "/key"))
if args == "" {
_ = b.replyPlain(ctx, msg.Chat.ID, "Usage: /key <id>")
return
}
_ = b.replyPlain(ctx, msg.Chat.ID, fmt.Sprintf("Key details for ID %s (full key shown in DM only)", args))
}

96
pkg/bot/handlers_test.go
View File

@@ -1,96 +0,0 @@
package bot
import (
"strings"
"testing"
"github.com/mymmrac/telego"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/salvacybersec/keyhunter/pkg/storage"
)
func TestExtractArg(t *testing.T) {
tests := []struct {
input string
want string
}{
{"/help", ""},
{"/scan /tmp/repo", "/tmp/repo"},
{"/verify 42", "42"},
{"/key 99 ", "99"},
{"/recon --sources=github,gitlab", "--sources=github,gitlab"},
{"", ""},
}
for _, tt := range tests {
got := extractArg(tt.input)
assert.Equal(t, tt.want, got, "extractArg(%q)", tt.input)
}
}
func TestIsPrivateChat(t *testing.T) {
private := &telego.Message{Chat: telego.Chat{Type: "private"}}
group := &telego.Message{Chat: telego.Chat{Type: "group"}}
supergroup := &telego.Message{Chat: telego.Chat{Type: "supergroup"}}
assert.True(t, isPrivateChat(private))
assert.False(t, isPrivateChat(group))
assert.False(t, isPrivateChat(supergroup))
}
func TestCommandHelpContainsAllCommands(t *testing.T) {
expectedCommands := []string{"/help", "/scan", "/verify", "/recon", "/status", "/stats", "/providers", "/key"}
require.Len(t, commandHelp, len(expectedCommands), "commandHelp should have %d entries", len(expectedCommands))
for _, expected := range expectedCommands {
found := false
for _, c := range commandHelp {
if strings.HasPrefix(c.Cmd, expected) {
found = true
assert.NotEmpty(t, c.Desc, "command %s should have a description", expected)
break
}
}
assert.True(t, found, "command %s should be in commandHelp", expected)
}
}
func TestCommandHelpDescriptionsNonEmpty(t *testing.T) {
for _, c := range commandHelp {
assert.NotEmpty(t, c.Desc, "command %s must have a description", c.Cmd)
}
}
func TestStorageToEngine(t *testing.T) {
sf := storageToEngine(dummyStorageFinding())
assert.Equal(t, "openai", sf.ProviderName)
assert.Equal(t, "sk-****abcd", sf.KeyMasked)
assert.Equal(t, "test.txt", sf.Source)
assert.Equal(t, "file", sf.SourceType)
assert.Equal(t, 10, sf.LineNumber)
}
// TestNewBot verifies the constructor wires all dependencies.
func TestNewBot(t *testing.T) {
b := New(nil, Deps{})
require.NotNil(t, b)
assert.False(t, b.startedAt.IsZero(), "startedAt should be set")
assert.True(t, b.lastScan.IsZero(), "lastScan should be zero initially")
}
// --- helpers ---
func dummyStorageFinding() storage.Finding {
return storage.Finding{
ID: 1,
ProviderName: "openai",
KeyValue: "sk-realkey1234",
KeyMasked: "sk-****abcd",
Confidence: "high",
SourcePath: "test.txt",
SourceType: "file",
LineNumber: 10,
}
}