feat: add ALLOWED_USERNAMES env for telegram bot

Adds ALLOWED_USERNAMES environment variable to restrict
telegram bot usage to specific usernames. Also moves
supervisor config files to /etc.

Author: hu3rror

.env.example

@@ -7,4 +7,5 @@ LITESTREAM_REPLICA_PATH=memos_prod.db
 # For Memogram
 BOT_TOKEN=your_telegram_bot_token # you can get it from @BotFather
 MEMOS_TOKEN=your_memos_token # you can get it from your memos account settings
-TG_ID=your_telegram_user_id # you can get it from @userinfobot
+TG_ID=your_telegram_user_id # you can get it from @userinfobot
+ALLOWED_USERNAMES=your_telegram_username # leave empty or remove the variable to allow all telegram users, Usernames must not include the @ symbol

Dockerfile

@@ -26,18 +26,20 @@ COPY --from=memos_package /usr/local/memos/memos /usr/local/memos/
 RUN mkdir -p /var/opt/memos
 VOLUME /var/opt/memos
 
-# Copy litestream configuration file to /etc/
+# Copy litestream configuration file
 COPY etc/litestream.yml /etc/litestream.yml
 
-# Copy startup script and supervisor config
+# Copy supervisor configuration files
+COPY etc/supervisord.conf /etc/supervisord.conf
+COPY etc/memos_service.conf /etc/supervisord/conf.d/memos_service.conf
+COPY etc/memogram_service.conf /usr/local/memos/memogram_service.conf
+
+# Copy startup script
 COPY scripts/run.sh /usr/local/memos/run.sh
-COPY scripts/supervisord.conf /etc/supervisord.conf
-COPY scripts/conf.d/memos_service.conf /etc/supervisord/conf.d/memos_service.conf
-COPY scripts/conf.d/memogram_service.conf /usr/local/memos/memogram_service.conf
-# We will create two small helper scripts for supervisor
 COPY scripts/start_memos_service.sh /usr/local/memos/start_memos_service.sh
 COPY scripts/start_memogram_service.sh /usr/local/memos/start_memogram_service.sh
 
+# Make scripts executable
 RUN chmod +x /usr/local/memos/run.sh \
     && chmod +x /usr/local/memos/start_memos_service.sh \
     && chmod +x /usr/local/memos/start_memogram_service.sh
@@ -61,6 +63,7 @@ ENV MEMOS_PORT="5230"
 ENV MEMOS_MODE="prod"
 ENV SERVER_ADDR=dns:localhost:${MEMOS_PORT}
 ENV DB_PATH="/var/opt/memos/memos_prod.db"
+ENV ALLOWED_USERNAMES=""
 
 # Expose port
 EXPOSE ${MEMOS_PORT}

README.md

@@ -103,6 +103,7 @@ ghcr.io/hu3rror/memos-litestream:stable # Tag is `stable` or use official image
 - `BOT_TOKEN`: Your Telegram BOT token, only for `stable-memogram` image. Official project: [usememos/telegram-integration](https://github.com/usememos/telegram-integration)
 - `MEMOS_TOKEN`: Memos API token for Memogram to use.  If not set, Memogram will attempt to use the first admin user's token.
 - `TG_ID`: Telegram User ID that will be allowed to use the bot.
+- `ALLOWED_USERNAMES`: Allows you to restrict bot usage to specific Telegram users. When set, only users with usernames in this list will be able to interact with the bot (Usernames must not include the @ symbol). Leave empty or remove the variable if you want to allow all users. 
 
 And for more information about litestream, see [https://litestream.io/getting-started/](https://litestream.io/getting-started/)
 

README_zh-CN.md

@@ -103,6 +103,7 @@ ghcr.io/hu3rror/memos-litestream:stable # 标签为 stable 或直接使用 neosm
 - `BOT_TOKEN`：你的 Telegram BOT token (仅限 `stable-memogram` 镜像使用)，官方项目：https://github.com/usememos/telegram-integration
 - `MEMOS_TOKEN`: Memos API token，供 Memogram 使用。 如果未设置，Memogram 将尝试使用第一个管理员用户的 token。
 - `TG_ID`: Telegram 用户 ID，允许使用该 Bot。
+- `ALLOWED_USERNAMES`: 允许您将机器人使用权限限制给特定的Telegram用户。设置后，只有用户名在此列表中的用户才能与机器人交互（用户名不得包含@符号）。如需允许所有用户使用，请留空或删除该变量。
 
 有关 litestream 的更多信息，请参阅 https://litestream.io/getting-started/
 

docker-compose.yml

@@ -17,5 +17,6 @@ services:
       - LITESTREAM_ACCESS_KEY_ID=000000001a2b3c40000000001  # Your s3/b2 access-key-id
       - LITESTREAM_SECRET_ACCESS_KEY=K000ABCDEFGHiJkLmNoPqRsTuVwXyZ0  # Your s3/b2 secret-access-key
       - BOT_TOKEN=0000000000000000000000000000000000000000  # Your telegram bot token (only for ghcr.io/hu3rror/memos-litestream:stable-memogram)
+      - ALLOWED_USERNAMES=your_telegram_username # leave empty or remove the variable to allow all telegram users, Usernames must not include the @ symbol
     # env_file:
     #   - .env

scripts/conf.d/memogram_service.conf etc/memogram_service.confscripts/conf.d/memogram_service.conf renamed to etc/memogram_service.conf

@@ -13,4 +13,5 @@ environment=
     MEMOS_PORT="%(ENV_MEMOS_PORT)s",
     MEMOS_TOKEN="%(ENV_MEMOS_TOKEN)s",
     TG_ID="%(ENV_TG_ID)s",
+    ALLOWED_USERNAMES="%(ENV_ALLOWED_USERNAMES)s",
     TZ="%(ENV_TZ)s"