diff --git a/.gitignore b/.gitignore index 4296bd9..719205a 100644 --- a/.gitignore +++ b/.gitignore @@ -17,6 +17,9 @@ output/html/ # Local Chrome profile (contains cookies, logins — never commit) .chrome/ +# Regenerated Telegram session strings (per-account, per-device secrets) +.secrets/ + # Telegram fetch outputs — per-machine cursor + per-run scratch tracking/telegram_state.json tracking/telegram_inbox.json diff --git a/.mcp.json b/.mcp.json index 7ca1820..07a2bca 100644 --- a/.mcp.json +++ b/.mcp.json @@ -17,22 +17,18 @@ } }, "telegram-usulpro": { - "command": "/projects/my-utils/telegram/.venv/bin/telegram-mcp", - "args": [], - "env": { - "TELEGRAM_API_ID": "30708025", - "TELEGRAM_API_HASH": "1de1cfbec7f43f460b4400f72b3093c6", - "TELEGRAM_SESSION_STRING": "1ApWapzMBuy6zzXtKHk9qipYPfDHEZOowyn2NukLpKpbRyNggosUMunnjUA7EJTHuwCcf2EWn4Wk6ezjYw8zfczt-nGo4nbQay4a3IfnjHj1byv8sIwIbLqyJzeWlvOU2eO3d9l-5Ys-MY3DbpHC4QaU6MrdizJsxW52hghF8bLUyQ5xw15Ih91X03xG-5XMCeFscwStp2Be8bZgQV1JhiyImufneFt6Z1DjibTnn8U4uYXVG2jd1AmrFna7seGpFBy7vbV4QPjxcYiaOWO_qXH0TSxTHTHmLPK6FAHfkq1L-q5MXlEHIrB4nNeUKKX48gdxW662aYPsH1Audb6-oB8TkycRZbls=" - } + "command": "bash", + "args": [ + "/home/usul/workspace/projects/cv-2026/scripts/telegram-mcp.sh", + "usulsu" + ] }, "telegram-helper": { - "command": "/projects/my-utils/telegram/.venv/bin/telegram-mcp", - "args": [], - "env": { - "TELEGRAM_API_ID": "30708025", - "TELEGRAM_API_HASH": "1de1cfbec7f43f460b4400f72b3093c6", - "TELEGRAM_SESSION_STRING": "1BVtsOJsBu0I61cjJwTKtmzz5BJOz53W5nvAo_aZJvpCl86hUC1zx-CVnYA4QOZ7ZULL3mNG3xg9uvZD7htcSP8QvH7U9VvkZspLT8ygEAX4pu9KJ-shhjYFCWQBDOsOujlOcGBVaVEBDBLMSIEmU7zfg-zhyTOlZ4M3OOfOQqs8nV9BlELaOTsaHwzU3OscKSwBGjewHcTvqCksp9JXFLOda9gMOBVV_Z65dCg9ovwKKOKSUNiIc3zC3f2UkZTq82hkObrhLewjI2Mue4fIEdCY0ziBkjBVTiPi40-wvv5eWopOcnf112Q5ansYoba3rY5ItQZhn7UDKfZk8-EDhnin8tUFSahs=" - } + "command": "bash", + "args": [ + "/home/usul/workspace/projects/cv-2026/scripts/telegram-mcp.sh", + "helper" + ] } } } diff --git a/package.json b/package.json index ee8ccf7..6036eda 100644 --- a/package.json +++ b/package.json @@ -7,7 +7,8 @@ "scripts": { "pdf": "node scripts/generate-pdf.mjs", "chrome": "bash scripts/launch-chrome.sh &", - "tg:session": "bash scripts/regen_telegram_session.sh" + "tg:session:usulsu": "bash scripts/regen_telegram_session.sh usulsu", + "tg:session:helper": "bash scripts/regen_telegram_session.sh helper" }, "dependencies": { "puppeteer": "^24.37.3" diff --git a/scripts/regen_telegram_session.sh b/scripts/regen_telegram_session.sh index 155944e..910bbec 100755 --- a/scripts/regen_telegram_session.sh +++ b/scripts/regen_telegram_session.sh @@ -1,44 +1,82 @@ #!/usr/bin/env bash -# Regenerate a Telegram session string. -# Reads TELEGRAM_API_ID / TELEGRAM_API_HASH from the project .env, -# then runs the generator from the telegram-mcp install. +# Regenerate a Telegram session string for ONE account, save it to a fixed-name +# temp file under .secrets/, and upsert it into the project .env so the MCP +# server (via scripts/telegram-mcp.sh) and the direct Telethon scripts pick it up. +# +# Why per-account strings: one Telegram authorization (auth_key / session string) +# must be used from ONE source. Sharing a single string across two devices/IPs +# makes Telegram permanently revoke the key. Each device/account gets its own. # # Usage: -# bash scripts/regen_telegram_session.sh # regenerate usulsu (main) -# bash scripts/regen_telegram_session.sh helper # regenerate samuishechka +# bash scripts/regen_telegram_session.sh usulsu # main account -> TELEGRAM_SESSION_STRING +# bash scripts/regen_telegram_session.sh helper # samuishechka -> TELEGRAM_SESSION_STRING_HELPER +# or via npm: +# pnpm tg:session:usulsu +# pnpm tg:session:helper # -# After running, paste the printed session string into the project .env: -# usulsu → TELEGRAM_SESSION_STRING=... -# helper → TELEGRAM_SESSION_STRING_HELPER=... +# At the generator prompts: +# - "Account label" -> just press Enter +# - "update your .env? (y/N)" -> answer N (this script writes .env itself) set -euo pipefail -ACCOUNT="${1:-}" # "helper" for samuishechka, empty for usulsu +ACCOUNT="${1:-}" +case "$ACCOUNT" in + usulsu) ENV_VAR="TELEGRAM_SESSION_STRING" ;; + helper) ENV_VAR="TELEGRAM_SESSION_STRING_HELPER" ;; + *) echo "usage: $0 " >&2; exit 1 ;; +esac PROJECT_ROOT="$(cd "$(dirname "$0")/.." && pwd)" -TELEGRAM_DIR="/projects/my-utils/telegram" - -if [ ! -f "$PROJECT_ROOT/.env" ]; then - echo "missing $PROJECT_ROOT/.env" >&2 - exit 1 -fi - -set -a -. "$PROJECT_ROOT/.env" -set +a +TELEGRAM_DIR="${TELEGRAM_MCP_DIR:-/home/usul/workspace/projects/my-utils/telegram}" +ENV_FILE="$PROJECT_ROOT/.env" +SECRETS_DIR="$PROJECT_ROOT/.secrets" +OUT_FILE="$SECRETS_DIR/session_${ACCOUNT}.txt" +[ -f "$ENV_FILE" ] || { echo "missing $ENV_FILE" >&2; exit 1; } +set -a; . "$ENV_FILE"; set +a if [ -z "${TELEGRAM_API_ID:-}" ] || [ -z "${TELEGRAM_API_HASH:-}" ]; then - echo "TELEGRAM_API_ID / TELEGRAM_API_HASH missing in $PROJECT_ROOT/.env" >&2 + echo "TELEGRAM_API_ID / TELEGRAM_API_HASH missing in $ENV_FILE" >&2 exit 1 fi +[ -x "$TELEGRAM_DIR/.venv/bin/python" ] || { + echo "generator not found at $TELEGRAM_DIR/.venv/bin/python" >&2 + echo "set TELEGRAM_MCP_DIR to your telegram-mcp checkout" >&2; exit 1; } -if [ "$ACCOUNT" = "helper" ]; then - echo "Regenerating session for samuishechka (helper account)." - echo "When prompted for label, enter: helper" -else - echo "Regenerating session for usulsu (main account)." - echo "When prompted for label, leave empty (press Enter)." -fi +mkdir -p "$SECRETS_DIR" +tmp="$(mktemp)"; trap 'rm -f "$tmp"' EXIT + +echo ">> Regenerating Telegram session for: $ACCOUNT (-> $ENV_VAR)" +echo ">> Sign in with the '$ACCOUNT' account when scanning the QR code." +echo ">> At 'Account label' press Enter; at 'update .env' answer N." echo "" -cd "$TELEGRAM_DIR" -exec .venv/bin/python session_string_generator.py --qr "$@" +# Run the generator unbuffered; show output live AND capture it to $tmp. +( cd "$TELEGRAM_DIR" \ + && TELEGRAM_API_ID="$TELEGRAM_API_ID" TELEGRAM_API_HASH="$TELEGRAM_API_HASH" \ + .venv/bin/python -u session_string_generator.py --qr ) 2>&1 | tee "$tmp" + +# Extract the session string: first non-empty line after the header marker. +SESSION="$(awk '/----- Your Session String -----/{f=1; next} f && NF {print $1; exit}' "$tmp")" +if [ -z "$SESSION" ]; then + echo "!! Could not capture a session string from the generator output." >&2 + echo "!! Nothing written. Re-run and complete the login." >&2 + exit 1 +fi + +# Save to the fixed temp file (owner-only). +umask 077 +printf '%s\n' "$SESSION" > "$OUT_FILE" +echo "" +echo ">> Saved session string -> $OUT_FILE" + +# Upsert ENV_VAR into .env (replace the existing line or append). +if grep -q "^${ENV_VAR}=" "$ENV_FILE"; then + awk -v k="$ENV_VAR" -v v="$SESSION" \ + '$0 ~ "^" k "=" {print k "=" v; done=1; next} {print} + END{if(!done) print k "=" v}' "$ENV_FILE" > "$tmp" + cat "$tmp" > "$ENV_FILE" +else + printf '%s=%s\n' "$ENV_VAR" "$SESSION" >> "$ENV_FILE" +fi +echo ">> Updated $ENV_VAR in $ENV_FILE" +echo ">> Done. Run /mcp (reconnect) to pick up the new session for telegram-$ACCOUNT." diff --git a/scripts/telegram-mcp.sh b/scripts/telegram-mcp.sh new file mode 100755 index 0000000..a53155e --- /dev/null +++ b/scripts/telegram-mcp.sh @@ -0,0 +1,36 @@ +#!/usr/bin/env bash +# Launch the telegram-mcp server for one account, reading API creds and the +# session string from the project .env. Used by .mcp.json so that NO secrets +# are hardcoded in the committed config. +# +# Usage (from .mcp.json): +# bash scripts/telegram-mcp.sh usulsu # main account -> TELEGRAM_SESSION_STRING +# bash scripts/telegram-mcp.sh helper # samuishechka -> TELEGRAM_SESSION_STRING_HELPER +# +# The telegram-mcp binary path can be overridden with TELEGRAM_MCP_BIN. +set -euo pipefail + +ACCOUNT="${1:?usage: telegram-mcp.sh }" +PROJECT_ROOT="$(cd "$(dirname "$0")/.." && pwd)" +BIN="${TELEGRAM_MCP_BIN:-/home/usul/workspace/projects/my-utils/telegram/.venv/bin/telegram-mcp}" + +[ -f "$PROJECT_ROOT/.env" ] || { echo "missing $PROJECT_ROOT/.env" >&2; exit 1; } +set -a; . "$PROJECT_ROOT/.env"; set +a + +case "$ACCOUNT" in + usulsu) export TELEGRAM_SESSION_STRING="${TELEGRAM_SESSION_STRING:-}" ;; + helper) export TELEGRAM_SESSION_STRING="${TELEGRAM_SESSION_STRING_HELPER:-}" ;; + *) echo "account must be 'usulsu' or 'helper'" >&2; exit 1 ;; +esac + +if [ -z "${TELEGRAM_API_ID:-}" ] || [ -z "${TELEGRAM_API_HASH:-}" ]; then + echo "TELEGRAM_API_ID / TELEGRAM_API_HASH missing in $PROJECT_ROOT/.env" >&2 + exit 1 +fi +if [ -z "${TELEGRAM_SESSION_STRING:-}" ]; then + echo "session string for '$ACCOUNT' is empty in .env — regenerate it with:" >&2 + echo " pnpm tg:session:$ACCOUNT" >&2 + exit 1 +fi + +exec "$BIN"