fix(markdown): escape access_url to avoid Telegram entity parse error

Author: Mhr1375

bot/handlers/admin.py

@@ -7,6 +7,7 @@
 
 from telegram import Update, InlineKeyboardButton, InlineKeyboardMarkup
 from telegram.ext import ContextTypes, ConversationHandler
+from telegram.helpers import escape_markdown
 from sqlalchemy import select, delete
 from sqlalchemy.orm import selectinload
 
@@ -143,14 +144,18 @@ async def list_servers(update: Update, context: ContextTypes.DEFAULT_TYPE) -> No
         message = "🖥️ **VPN Servers:**\n\n"
         for server in servers:
             status = "🟢 Active" if server.is_active else "🔴 Inactive"
+            escaped_name = escape_markdown(server.name, version=2)
+            escaped_api_url = escape_markdown(server.api_url, version=2)
+            escaped_cert = escape_markdown(server.cert_sha256[:16] + "...", version=2)
+            escaped_created = escape_markdown(server.created_at.strftime('%Y-%m-%d %H:%M'), version=2)
             message += f"**ID:** {server.id}\n"
-            message += f"**Name:** {server.name}\n"
+            message += f"**Name:** {escaped_name}\n"
             message += f"**Status:** {status}\n"
-            message += f"**API URL:** `{server.api_url}`\n"
-            message += f"**Cert SHA256:** `{server.cert_sha256[:16]}...`\n"
-            message += f"**Created:** {server.created_at.strftime('%Y-%m-%d %H:%M')}\n\n"
+            message += f"**API URL:** `{escaped_api_url}`\n"
+            message += f"**Cert SHA256:** `{escaped_cert}`\n"
+            message += f"**Created:** {escaped_created}\n\n"
 
-        await update.message.reply_text(message, parse_mode='Markdown')
+        await update.message.reply_text(message, parse_mode='MarkdownV2')
 
 
 @admin_only
@@ -225,13 +230,17 @@ async def get_cert_sha256(update: Update, context: ContextTypes.DEFAULT_TYPE) ->
             f"Added server {server.name}"
         )
 
+        escaped_name = escape_markdown(server.name, version=2)
+        escaped_api_url = escape_markdown(server.api_url, version=2)
+        escaped_cert = escape_markdown(cert_sha256[:16] + "...", version=2)
+        
         await update.message.reply_text(
-            f"✅ Server added successfully!\n\n"
-            f"**Name:** {server.name}\n"
+            f"✅ Server added successfully\\!\n\n"
+            f"**Name:** {escaped_name}\n"
             f"**ID:** {server.id}\n"
-            f"**API URL:** {server.api_url}\n"
-            f"**Cert SHA256:** {cert_sha256[:16]}...",
-            parse_mode='Markdown'
+            f"**API URL:** {escaped_api_url}\n"
+            f"**Cert SHA256:** {escaped_cert}",
+            parse_mode='MarkdownV2'
         )
 
     # Clear conversation data
@@ -384,9 +393,24 @@ async def handle_approval_callback(update: Update, context: ContextTypes.DEFAULT
 
 async def notify_admin_new_user(context: ContextTypes.DEFAULT_TYPE, user: User) -> None:
     """Notify admin about a new user registration."""
+    # Format user info with escaping for MarkdownV2
+    username_part = f"@{user.username}" if user.username else "No username"
+    name_parts = []
+    if user.first_name:
+        name_parts.append(user.first_name)
+    if user.last_name:
+        name_parts.append(user.last_name)
+    name = " ".join(name_parts) if name_parts else "No name"
+    
+    escaped_username = escape_markdown(username_part, version=2)
+    escaped_name = escape_markdown(name, version=2)
+    escaped_role = escape_markdown(user.role.value, version=2)
+    
+    user_info = f"ID: {user.id}\nUsername: {escaped_username}\nName: {escaped_name}\nRole: {escaped_role}"
+    
     message = (
         f"👤 **New User Registration**\n\n"
-        f"{format_user_info(user)}\n\n"
+        f"{user_info}\n\n"
         f"Please choose an action:"
     )
 
@@ -402,7 +426,7 @@ async def notify_admin_new_user(context: ContextTypes.DEFAULT_TYPE, user: User)
         await context.bot.send_message(
             config.ADMIN_TG_ID,
             message,
-            parse_mode='Markdown',
+            parse_mode='MarkdownV2',
             reply_markup=reply_markup
         )
         logger.info(f"Notified admin about new user {user.id}")

bot/handlers/sales.py

@@ -6,6 +6,7 @@
 
 from telegram import Update, InlineKeyboardButton, InlineKeyboardMarkup
 from telegram.ext import ContextTypes, ConversationHandler
+from telegram.helpers import escape_markdown
 from sqlalchemy import select
 from sqlalchemy.orm import selectinload
 
@@ -235,23 +236,24 @@ async def handle_quota_selection(update: Update, context: ContextTypes.DEFAULT_T
             validity_display = "1 Week" if validity == ValidityPeriod.WEEK.value else "1 Month"
 
             # Send success message with connection details
+            escaped_access_url = escape_markdown(access_url, version=2)
             message = (
-                f"🎉 **VPN Connection Created Successfully!**\n\n"
-                f"🖥️ **Server:** {server.name}\n"
-                f"⏰ **Validity:** {validity_display}\n"
-                f"📊 **Traffic Quota:** {quota}\n"
-                f"⏰ **Expires:** {expires_str}\n\n"
+                f"🎉 **VPN Connection Created Successfully\\!**\n\n"
+                f"🖥️ **Server:** {escape_markdown(server.name, version=2)}\n"
+                f"⏰ **Validity:** {escape_markdown(validity_display, version=2)}\n"
+                f"📊 **Traffic Quota:** {escape_markdown(quota, version=2)}\n"
+                f"⏰ **Expires:** {escape_markdown(expires_str, version=2)}\n\n"
                 f"🔗 **Connection URL:**\n"
-                f"`{access_url}`\n\n"
+                f"`{escaped_access_url}`\n\n"
                 f"📱 **Setup Instructions:**\n"
-                f"1. Install Outline app on your device\n"
-                f"2. Copy the connection URL above\n"
-                f"3. Paste it in the Outline app\n"
-                f"4. Start using your VPN!\n\n"
+                f"1\\. Install Outline app on your device\n"
+                f"2\\. Copy the connection URL above\n"
+                f"3\\. Paste it in the Outline app\n"
+                f"4\\. Start using your VPN\\!\n\n"
                 f"📋 Use /mykeys to view all your connections"
             )
 
-            await query.edit_message_text(message, parse_mode='Markdown')
+            await query.edit_message_text(message, parse_mode='MarkdownV2')
 
     except OutlineAPIError as e:
         logger.error(f"Failed to create VPN key: {e}")
@@ -310,20 +312,27 @@ async def my_keys(update: Update, context: ContextTypes.DEFAULT_TYPE) -> None:
             message += "🟢 **Active Connections:**\n"
             for key in active_keys:
                 expires_str = key.expires_at.strftime("%Y-%m-%d %H:%M")
+                escaped_server_name = escape_markdown(key.server.name, version=2)
+                escaped_quota = escape_markdown(key.traffic_quota, version=2)
+                escaped_expires = escape_markdown(expires_str, version=2)
+                escaped_url_preview = escape_markdown(key.access_url[:50] + "...", version=2)
                 message += (
-                    f"• **{key.server.name}** ({key.traffic_quota})\n"
-                    f"  📅 Expires: {expires_str} UTC\n"
-                    f"  🔗 `{key.access_url[:50]}...`\n\n"
+                    f"• **{escaped_server_name}** \\({escaped_quota}\\)\n"
+                    f"  📅 Expires: {escaped_expires} UTC\n"
+                    f"  🔗 `{escaped_url_preview}`\n\n"
                 )
 
         # Show expired keys
         if expired_keys:
             message += "🔴 **Expired Connections:**\n"
             for key in expired_keys:
                 expires_str = key.expires_at.strftime("%Y-%m-%d %H:%M")
+                escaped_server_name = escape_markdown(key.server.name, version=2)
+                escaped_quota = escape_markdown(key.traffic_quota, version=2)
+                escaped_expires = escape_markdown(expires_str, version=2)
                 message += (
-                    f"• **{key.server.name}** ({key.traffic_quota})\n"
-                    f"  📅 Expired: {expires_str} UTC\n\n"
+                    f"• **{escaped_server_name}** \\({escaped_quota}\\)\n"
+                    f"  📅 Expired: {escaped_expires} UTC\n\n"
                 )
 
         # Show disabled keys
@@ -332,15 +341,19 @@ async def my_keys(update: Update, context: ContextTypes.DEFAULT_TYPE) -> None:
             for key in disabled_keys:
                 disabled_str = key.disabled_at.strftime("%Y-%m-%d %H:%M")
                 reason = key.disabled_reason or "Unknown"
+                escaped_server_name = escape_markdown(key.server.name, version=2)
+                escaped_quota = escape_markdown(key.traffic_quota, version=2)
+                escaped_disabled = escape_markdown(disabled_str, version=2)
+                escaped_reason = escape_markdown(reason, version=2)
                 message += (
-                    f"• **{key.server.name}** ({key.traffic_quota})\n"
-                    f"  🚫 Disabled: {disabled_str} UTC\n"
-                    f"  📝 Reason: {reason}\n\n"
+                    f"• **{escaped_server_name}** \\({escaped_quota}\\)\n"
+                    f"  🚫 Disabled: {escaped_disabled} UTC\n"
+                    f"  📝 Reason: {escaped_reason}\n\n"
                 )
 
         message += f"📊 **Summary:** {len(active_keys)} active, {len(expired_keys)} expired, {len(disabled_keys)} disabled"
 
-        await update.message.reply_text(message, parse_mode='Markdown')
+        await update.message.reply_text(message, parse_mode='MarkdownV2')
 
 
 async def help_command(update: Update, context: ContextTypes.DEFAULT_TYPE) -> None:

bot/scheduler.py

@@ -9,6 +9,7 @@
 from sqlalchemy import select
 from sqlalchemy.orm import selectinload
 from telegram.ext import Application
+from telegram.helpers import escape_markdown
 
 from .database import get_db_session
 from .models import AccessKey
@@ -142,18 +143,23 @@ async def _notify_user_key_expired(self, key: AccessKey) -> None:
             key: Expired access key
         """
         try:
+            expires_str = key.expires_at.strftime('%Y-%m-%d %H:%M UTC')
+            escaped_server_name = escape_markdown(key.server.name, version=2)
+            escaped_quota = escape_markdown(key.traffic_quota, version=2)
+            escaped_expires = escape_markdown(expires_str, version=2)
+            
             message = (
                 f"⏰ **VPN Connection Expired**\n\n"
-                f"Your VPN connection to **{key.server.name}** has expired and been disabled.\n\n"
-                f"📊 **Traffic Quota:** {key.traffic_quota}\n"
-                f"📅 **Expired on:** {key.expires_at.strftime('%Y-%m-%d %H:%M UTC')}\n\n"
+                f"Your VPN connection to **{escaped_server_name}** has expired and been disabled\\.\n\n"
+                f"📊 **Traffic Quota:** {escaped_quota}\n"
+                f"📅 **Expired on:** {escaped_expires}\n\n"
                 f"🔑 Use /new to create a new VPN connection"
             )
 
             await self.telegram_app.bot.send_message(
                 key.owner_id,
                 message,
-                parse_mode='Markdown'
+                parse_mode='MarkdownV2'
             )
 
             logger.info(f"Notified user {key.owner_id} about expired key {key.id}")