Skip to content

Update send-text-message-or-reply.mjs #18775

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update send-text-message-or-reply.mjs #18775

wants to merge 1 commit into from

Conversation

hapinessmaker47-dev
Copy link

@hapinessmaker47-dev hapinessmaker47-dev commented Oct 15, 2025
edited by coderabbitai bot
Loading

WHY

Summary by CodeRabbit

  • Bug Fixes

    • Improved reliability of sending Telegram text messages and replies.
    • Provides clearer error responses when message delivery fails.

  • Enhancements

    • Accepts broader input: if no text is provided, the request body is sent as a serialized message.
    • Faster, more consistent delivery via streamlined request handling.

  • Refactor

    • Simplified the message-sending flow to reduce complexity and improve maintainability.

@adolfo-pd adolfo-pd added the User submitted Submitted by a user label Oct 15, 2025
@vercel Vercel
Copy link

vercel bot commented Oct 15, 2025

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Preview Comments Updated (UTC)
pipedream-docs-redirect-do-not-edit Ignored Ignored Oct 15, 2025 11:28pm

@pipedream-component-development
Copy link
Collaborator

Thank you so much for submitting this! We've added it to our backlog to review, and our team has been notified.

@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Oct 15, 2025
edited
Loading

Walkthrough

Rewrote the Telegram send-text-message-or-reply action from a metadata-based export to an async function that posts directly to Telegram’s sendMessage API via axios. The function extracts text from event.body, uses hardcoded token and chat_id, and returns API data or an error object.

Changes

Cohort / File(s) Summary
Telegram send message action refactor
components/telegram_bot_api/actions/send-text-message-or-reply/send-text-message-or-reply.mjs		 Converted default export from action object to async function(event). Removed props and internal Telegram wiring. Added axios POST to Telegram sendMessage with hardcoded token/chat\_id. Extracts message from event.body.text or stringified body. Returns response.data or { error }.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant C as Caller
  participant F as sendTextMessageOrReply(event)
  participant T as Telegram API (sendMessage)

  rect rgb(240,248,255)
    note over F: Extract message from event.body
    C->>F: event
    F->>T: POST /bot{token}/sendMessage<br/>chat_id, text
  end

  alt Success
    T-->>F: 200 OK + data
    F-->>C: response.data
  else Error
    T-->>F: Error
    F-->>C: { error: error.message }
  end
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

I thump my paws, messages fly,
Through wires I hop, to Telegram’s sky.
An async leap, with axios in tow,
I nibble the payload, then off it goes.
If errors appear, I twitch and retry—
Carrots crossed, the chats reply! 🥕✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)
Check name Status Explanation Resolution
Description Check ⚠️ Warning The PR description only includes the template heading “## WHY” with a placeholder comment and lacks any explanation of the motivation, context, or benefits of the change. Please fill out the “## WHY” section by explaining the reasons for this refactor, the problems it solves, and any relevant context or design decisions to help reviewers understand the intent.
Title Check ❓ Inconclusive The title “Update send-text-message-or-reply.mjs” simply notes a file change without summarizing the core refactor or intent of the PR, making it too generic for someone scanning history to understand the primary change. Consider updating the title to briefly describe the main change, such as “Refactor send-text-message-or-reply action to use async HTTP call via axios” to convey the purpose and scope of the update.
✅ Passed checks (1 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@pipedream-component-development
Copy link
Collaborator

Thanks for submitting this PR! When we review PRs, we follow the Pipedream component guidelines. If you're not familiar, here's a quick checklist:

coderabbitai[bot]
coderabbitai bot reviewed Oct 15, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ac0a58c and 09a223e.

📒 Files selected for processing (1)
  • components/telegram_bot_api/actions/send-text-message-or-reply/send-text-message-or-reply.mjs (1 hunks)
🧰 Additional context used
🪛 Gitleaks (8.28.0)
components/telegram_bot_api/actions/send-text-message-or-reply/send-text-message-or-reply.mjs

[high] 4-4: Detected a Telegram Bot API Token, risking unauthorized bot operations and message interception on Telegram.

(telegram-bot-api-token)

components/telegram_bot_api/actions/send-text-message-or-reply/send-text-message-or-reply.mjs
Comment on lines +3 to +22
export default async function(event) {
const telegramToken = "8469316973:AAHawOsGOdQ1alVIPy8FpUW3yN-GoJbpcK4";
const chatId = "8409601106";

// الرسالة اللي جت من TradingView
const message = event.body.text || JSON.stringify(event.body);

const url = `https://api.telegram.org/bot${telegramToken}/sendMessage`;

try {
const response = await axios.post(url, {
chat_id: chatId,
text: message,
parse_mode: "Markdown"
});
// eslint-disable-next-line multiline-ternary
$.export("$summary", `Successfully sent a ${this.reply_to_message_id ? "reply" : "text message"} to chat, "${this.chatId}"`);
return resp;
},
};
return response.data;
} catch (error) {
return { error: error.message };
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Restore the Pipedream component export.

This file must export the Pipedream action/component object (name, props, run, etc.). Replacing it with a bare async function removes the metadata and breaks runtime execution + UI integration, so the action will fail to load. Please revert to the component export structure and reapply any logic inside the run method instead.

🧰 Tools
🪛 Gitleaks (8.28.0)

[high] 4-4: Detected a Telegram Bot API Token, risking unauthorized bot operations and message interception on Telegram.

(telegram-bot-api-token)

components/telegram_bot_api/actions/send-text-message-or-reply/send-text-message-or-reply.mjs
Comment on lines +4 to +5
const telegramToken = "8469316973:AAHawOsGOdQ1alVIPy8FpUW3yN-GoJbpcK4";
const chatId = "8409601106";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Remove hardcoded Telegram credentials.

A real bot token (and chat ID) is embedded in source. That leaks control of the bot, violates our secret-handling policy, and was flagged by gitleaks. Retrieve the token/chat ID from a prop or managed auth (e.g. auth/props) and scrub the committed secret immediately (revoke the token on Telegram).

🧰 Tools
🪛 Gitleaks (8.28.0)

[high] 4-4: Detected a Telegram Bot API Token, risking unauthorized bot operations and message interception on Telegram.

(telegram-bot-api-token)

🤖 Prompt for AI Agents 
In
components/telegram_bot_api/actions/send-text-message-or-reply/send-text-message-or-reply.mjs
around lines 4 to 5, remove the hardcoded Telegram bot token and chat ID and
instead read them from a secure source (preferably injected via props or an auth
object, or environment variables) with validation and clear error handling when
missing; ensure the implementation never logs or commits the raw secret, update
callers to pass the token/chatId through props/auth, and revoke the embedded
token in Telegram immediately to scrub the secret from production.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

User submitted Submitted by a user

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hapinessmaker47-dev @pipedream-component-development @adolfo-pd