commit cba6d79c58114e1f580a7ec5dee07d25da0902d8
parent dd7fe501df8199db316af3f1f830870376ff854e
Author: Nathaniel Chappelle <nathaniel@chappelle.dev>
Date: Thu, 5 Feb 2026 22:00:57 -0800
adding auth via user-id
Diffstat:
1 file changed, 35 insertions(+), 0 deletions(-)
diff --git a/listen-page-bot/bot.py b/listen-page-bot/bot.py
@@ -14,6 +14,10 @@ REPO_PATH = os.getenv("REPO_PATH")
MD_FILE_PATH = os.path.join(REPO_PATH, "content/listen.md")
IMG_DIR = os.path.join(REPO_PATH, "content/assets/covers")
MAX_SONGS = 9
+OWNER_ID = int(os.getenv("BOT_OWNER_ID", "0"))
+
+if OWNER_ID == 0:
+ raise RuntimeError("BOT_OWNER_ID not set")
# Conversation states
TITLE, ARTIST, LINK, COVER = range(4)
@@ -24,25 +28,45 @@ sys.stderr = sys.stdout
print("--- Bot started ---")
async def start(update: Update, context: ContextTypes.DEFAULT_TYPE):
+ if not await is_authorized(update):
+ await update.message.reply_text("Unauthorized.")
+ return ConversationHandler.END
+
await update.message.reply_text("Let's add a new song! What is the Song Title?")
return TITLE
async def get_title(update: Update, context: ContextTypes.DEFAULT_TYPE):
+ if not await is_authorized(update):
+ await update.message.reply_text("Unauthorized.")
+ return ConversationHandler.END
+
context.user_data['title'] = update.message.text
await update.message.reply_text(f"Artist for '{update.message.text}'?")
return ARTIST
async def get_artist(update: Update, context: ContextTypes.DEFAULT_TYPE):
+ if not await is_authorized(update):
+ await update.message.reply_text("Unauthorized.")
+ return ConversationHandler.END
+
context.user_data['artist'] = update.message.text
await update.message.reply_text("Paste the YouTube Music link:")
return LINK
async def get_link(update: Update, context: ContextTypes.DEFAULT_TYPE):
+ if not await is_authorized(update):
+ await update.message.reply_text("Unauthorized.")
+ return ConversationHandler.END
+
context.user_data['link'] = update.message.text
await update.message.reply_text("Finally, send the Album Cover image.")
return COVER
async def get_cover(update: Update, context: ContextTypes.DEFAULT_TYPE):
+ if not await is_authorized(update):
+ await update.message.reply_text("Unauthorized.")
+ return ConversationHandler.END
+
# Get the highest resolution photo
photo_file = await update.message.photo[-1].get_file()
@@ -111,6 +135,17 @@ def update_markdown(title, artist, link, img_url):
with open(MD_FILE_PATH, 'wb') as f:
frontmatter.dump(post, f)
+async def is_authorized(update):
+ user = update.effective_user
+ if not user:
+ return False
+
+ if user.id != OWNER_ID:
+ print(f"Unauthorized access attempt from {user.id}")
+ return False
+
+ return True
+
def run_local_deploy(repo_path):
try:
# 1. Git Add & Commit
