Webhook secret_token verification

[kshnurov]

Webhook may have a secret_token set, which will be sent in a X-Telegram-Bot-Api-Secret-Token header and could be verified.
Didn't find a default functionality for that, tried to add a before_action, but it fails with undefined local variable or method 'request' for #<Telegram::WebhookController:0x0000000011acd8>.

Am I missing something? How do I access request headers?
I guess the only way is to override middleware?

[printercu]

Yes, it doesn't support token verification at the moment. As a workaround you can have something like this

Telegram::Bot::Middleware.prepend(Module.new do
  def call(env)
    verify_token(env)
    super
  end
end)

[kshnurov]

@printercu thank you! I'd like to avoid monkey-patching, is there a specific reason why the request is not passed down to a controller's dispatch and not set there?

[printercu]

Because it's not available in the poller mode. Maybe it makes sense to pass it in the webhook mode and set to nil in the poller mode.

[kshnurov]

@printercu definitely.