From 8f249c35e59a3bcb3fdb0cb64cc6b6ad2487623c Mon Sep 17 00:00:00 2001
From: anten-ka <antenkamax@gmail.com>
Date: Sat, 11 Apr 2026 20:18:42 +0300
Subject: [PATCH] =?UTF-8?q?v2.4.7:=20telemt=20download=20=E2=80=94=20try?=
 =?UTF-8?q?=20GitHub=20API=20first,=20fall=20back=20to=20direct=20CDN=20UR?=
 =?UTF-8?q?L=20on=20403/empty?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/telemt.sh | 41 ++++++++++++++++++++++++++++-------------
 1 file changed, 28 insertions(+), 13 deletions(-)

diff --git a/lib/telemt.sh b/lib/telemt.sh
index 3eb5f9a..0a2df12 100644
--- a/lib/telemt.sh
+++ b/lib/telemt.sh
@@ -19,26 +19,41 @@ get_latest_telemt_version() {
 }
 
 get_telemt_download_url() {
-    # Detect arch and map to telemt asset naming convention
-    local arch arch_name
+    # 1) Сначала пробуем GitHub Releases API — он отдаёт точное имя ассета
+    #    последнего релиза (в т.ч. если в репо есть несколько архитектур,
+    #    pre-release и т.д.). Это наш предпочтительный путь.
+    local resp url arch
     arch=$(get_arch)
+    resp=$(curl -s --max-time 10 "$TELEMT_RELEASE_API" 2>/dev/null)
+    if [ -n "$resp" ]; then
+        url=$(echo "$resp" | jq -r --arg a "$arch" '
+            .assets[]?.browser_download_url
+            | select(test("linux"))
+            | select(
+                ($a == "amd64" and (test("x86_64|amd64"))) or
+                ($a == "arm64" and (test("aarch64|arm64"))) or
+                ($a == "armv7" and (test("armv7"))) or
+                (test($a))
+              )
+            | select(test("gnu"))
+        ' 2>/dev/null | head -1)
+        if [ -n "$url" ] && [ "$url" != "null" ]; then
+            echo "$url"
+            return 0
+        fi
+    fi
+
+    # 2) Fallback: API не ответил / отдал 403 (rate limit на shared-IP VPS),
+    #    отдал пустой JSON, или jq не нашёл подходящий ассет.
+    #    Берём прямой "magic redirect" CDN-URL — он не считается в API rate
+    #    limit и всегда указывает на последний релиз.
+    local arch_name
     case "$arch" in
         amd64)  arch_name="x86_64" ;;
         arm64)  arch_name="aarch64" ;;
         armv7)  arch_name="armv7" ;;
         *)      arch_name="$arch" ;;
     esac
-
-    # IMPORTANT: We do NOT query the GitHub releases API here.
-    # Reason: VPS providers (Hetzner/Hostkey/Aeza/DO/Selectel) share IPv4 with
-    # many other tenants → unauthenticated GitHub API rate limit (60/hour) is
-    # exhausted constantly → API returns 403 → jq sees no assets → install
-    # fails with "не найден бинарник".
-    #
-    # The endpoint /releases/latest/download/<file> is a stable redirect served
-    # from GitHub's CDN — it does NOT count against the API rate limit and
-    # always points at the latest non-prerelease asset by exact filename.
-    # Asset name format: telemt-<arch>-linux-gnu.tar.gz
     echo "https://github.com/${TELEMT_GITHUB}/releases/latest/download/telemt-${arch_name}-linux-gnu.tar.gz"
 }