Skip to content

feat: enhance error logging with HTML formatting and add HTML escapin… #52

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
xbuddhi merged 1 commit into from
Oct 14, 2025
Merged

feat: enhance error logging with HTML formatting and add HTML escapin… #52

xbuddhi merged 1 commit into from
Oct 14, 2025

Conversation

@xbuddhi
Copy link

@xbuddhi xbuddhi commented Oct 14, 2025
edited by coderabbitai bot
Loading

User description

…g utility

PR Type

Enhancement

Description

  • Migrated payment error logging from MarkdownV2 to HTML formatting

  • Added HTML escaping utility function for safe Telegram message rendering

  • Enhanced error messages with spoiler tags and blockquote formatting

  • Introduced dedicated sendToTelegramHTML method for HTML message delivery

Diagram Walkthrough

flowchart LR
  A["LogPaymentError"] --> B["HTML Escape Utility"]
  B --> C["Format with Spoilers"]
  C --> D["Blockquote Details"]
  D --> E["sendToTelegramHTML"]
Loading

File Walkthrough
Relevant files
Enhancement
error_logger.go
Convert payment error logging to HTML format                         

internal/telegram/error_logger.go

  • Replaced MarkdownV2 formatting with HTML formatting in LogPaymentError
  • Added spoiler tags for sensitive data (username, amount)
  • Wrapped error details in expandable blockquote
  • Created new sendToTelegramHTML method with HTML parse mode
 +53/-8   
html.go
Add HTML escaping utility function                                             

internal/utils/html.go

  • Added EscapeHTML function to sanitize special HTML characters
  • Escapes &, <, >, ", and ' for safe Telegram rendering
 +15/-0   

Summary by CodeRabbit

  • New Features
    • Telegram error notifications now use rich HTML formatting for improved readability, including clearer sections for user, amount, memo, invoice, and an expandable detail block with timestamp and source context.
  • Bug Fixes
    • Added automatic fallback to plain text if HTML delivery fails, ensuring error notifications are still delivered reliably.

@xbuddhi xbuddhi merged commit 1bd1be9 into main Oct 14, 2025
1 of 2 checks passed
@coderabbitai
Copy link

coderabbitai bot commented Oct 14, 2025
edited
Loading

Caution

Review failed

The pull request is closed.

Walkthrough

Switches Telegram error logging from Markdown/plaintext to HTML formatting, adds HTML escaping utility, constructs HTML message with user/amount/memo/invoice and detail blocks, sends via a new HTML-specific path with parse mode and thread/reply support, and introduces a fallback to plain text if HTML send fails.

Changes

Cohort / File(s) Summary
Telegram error logger
internal/telegram/error_logger.go		 Rewrote payment error log composition to HTML; added HTML escaping for interpolated fields; integrated detailed context (file/line, timestamp); introduced sendToTelegramHTML with ParseMode HTML and fallback to plaintext on failure; adjusted control flow to use the new HTML path.
HTML utils
internal/utils/html.go		 Added EscapeHTML utility using strings.Replacer to encode &, <, >, ", ' for safe Telegram HTML formatting.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor App as App
  participant EL as ErrorLogger
  participant Utils as utils.EscapeHTML
  participant TG as Telegram API

  App->>EL: LogPaymentError(err, user, amount, memo, invoice)
  EL->>Utils: EscapeHTML(fields)
  Utils-->>EL: escaped strings
  EL->>EL: Build HTML message (user, amount, memo, invoice, details)
  EL->>TG: sendMessage(chat, msg, parse_mode=HTML)
  alt HTML send succeeds
    TG-->>EL: ok
    EL-->>App: done
  else HTML send fails (e.g., parse error)
    EL->>EL: Fallback to plaintext
    EL->>TG: sendMessage(chat, plain_text, parse_mode=none)
    TG-->>EL: ok or error
    EL-->>App: done
  end

  note over EL,TG: Existing non-payment logs unchanged (not shown)
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

Suggested labels

Review effort 4/5, Possible security concern

Poem

I twitch my whiskers, thump with glee,
HTML lace for logs I see!
Escaped and bold, the truths now tell,
If tags should break—plain words dispel.
A carrot toast to tidy trails,
Telegram hums, and error sails. 🥕✨

✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch dev
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ad69dea and 6b9251f.

📒 Files selected for processing (2)
  • internal/telegram/error_logger.go (2 hunks)
  • internal/utils/html.go (1 hunks)

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@qodo-code-review
Copy link

qodo-code-review bot commented Oct 14, 2025

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🔴
Nil pointer dereference

Description: Possible HTML injection/XSS in Telegram message if 'user' is nil because 'user.ID' is used
without a nil-check while other user fields are guarded, which can cause a panic and
prevent logging.
error_logger.go [321-329]

Referred Code 
// Compose HTML message
msg := fmt.Sprintf(
	"🚫 Payment Error for <b>%s</b> (ID: %d)\n\n"+
		"💰 Amount: <span class=\"tg-spoiler\">%s</span>\n"+
		"📄 Invoice: %s\n"+
		"📝 Memo: %s\n"+
		"<blockquote expandable>",
	userStr, user.ID, amountStr, invoiceStr, memoStr,
)
HTML formatting issue

Description: Redundant double-wrapping of amount with spoiler tags ('amountStr' already includes a
spoiler span and is inserted into another spoiler span), which may break intended HTML
rendering in Telegram.
error_logger.go [323-327]

Referred Code 
"🚫 Payment Error for <b>%s</b> (ID: %d)\n\n"+
	"💰 Amount: <span class=\"tg-spoiler\">%s</span>\n"+
	"📄 Invoice: %s\n"+
	"📝 Memo: %s\n"+
	"<blockquote expandable>",
Ticket Compliance
🎫 No ticket provided
  • Create ticket/issue
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
No custom compliance provided

Follow the guide to enable custom compliance check.
Compliance status legend 🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

@qodo-code-review
Copy link

qodo-code-review bot commented Oct 14, 2025

PR Code Suggestions ✨

Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
Possible issue
Prevent panic from nil user

Prevent a potential panic by adding a nil check before accessing user.ID and
providing a default value for the user ID.

internal/telegram/error_logger.go [308-329]

+	var userID int64
 	userStr := "Unknown"
 	if user != nil {
+		userID = user.ID
 		if user.Username != "" {
 			userStr = "<span class=\"tg-spoiler\">@" + htmlEscape(user.Username) + "</span>"
 		} else {
 			userStr = "<span class=\"tg-spoiler\">" + htmlEscape(user.FirstName+" "+user.LastName) + "</span>"
 		}
 	}
 
 	amountStr := "<span class=\"tg-spoiler\">" + htmlEscape(utils.FormatSats(amount)) + "</span>"
 	memoStr := htmlEscape(memo)
 	invoiceStr := htmlEscape(invoice)
 
 	// Compose HTML message
 	msg := fmt.Sprintf(
 		"🚫 Payment Error for <b>%s</b> (ID: %d)\n\n"+
 			"💰 Amount: <span class=\"tg-spoiler\">%s</span>\n"+
 			"📄 Invoice: %s\n"+
 			"📝 Memo: %s\n"+
 			"<blockquote expandable>",
-		userStr, user.ID, amountStr, invoiceStr, memoStr,
+		userStr, userID, amountStr, invoiceStr, memoStr,
 	)
  • Apply / Chat
Suggestion importance[1-10]: 9

__

Why: The suggestion correctly identifies a critical nil pointer dereference on user.ID that would cause a panic if the user object is nil, making the error logging mechanism fragile.

High
High-level
Use standard library for HTML escaping

Replace the custom EscapeHTML function with the standard library's
html.EscapeString. This change leverages a robust, well-tested solution and
reduces maintenance overhead.

Examples:

internal/utils/html.go [5-15] 
// EscapeHTML escapes special HTML characters for safe Telegram HTML message formatting.
func EscapeHTML(text string) string {
	replacer := strings.NewReplacer(
		"&", "&amp;",
		"<", "&lt;",
		">", "&gt;",
		"\"", "&quot;",
		"'", "&#39;",
	)
	return replacer.Replace(text)

 ... (clipped 1 lines)

Solution Walkthrough:

Before:

// file: internal/utils/html.go
package utils

import "strings"

func EscapeHTML(text string) string {
    replacer := strings.NewReplacer(
        "&", "&amp;",
        "<", "&lt;",
        ">", "&gt;",
        "\"", "&quot;",
        "'", "&#39;",
    )
    return replacer.Replace(text)
}

After:

// file: internal/utils/html.go
package utils

import "html"

func EscapeHTML(text string) string {
    return html.EscapeString(text)
}
Suggestion importance[1-10]: 6

__

Why: The suggestion correctly identifies that the custom EscapeHTML function reinvents a standard library feature (html.EscapeString), and replacing it improves maintainability and adheres to best practices.

Low
  • More

@coderabbitai coderabbitai bot mentioned this pull request Oct 14, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Review effort 2/5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@xbuddhi @BuddhiTW