docs: add auto re-login (OTP webhook) documentation

Create docs/auto-relogin.md to detail the architecture, setup, and API.
Update README.md, cli.md, openwrt.md, systemd.md, and telegram-bot.md
to reference the new guide and provide environment variable examples.
This provides comprehensive guidance for automatic session renewal,
reducing manual intervention for expired sessions.

Author: 0xtbug

README.md

@@ -9,6 +9,7 @@ Go-based tool for managing Telkomsel accounts via **Telegram Bot**, **Terminal C
 - 📦 Browse recommended packages
 - 🛍️ Purchase packages (Pulsa / QRIS)
 - ⏰ Auto-buy monitor (auto-purchase when quota is depleted or below a custom MB threshold)
+- 🔄 Auto re-login via OTP webhook (session renewal without manual intervention)
 - 🤖 MCP server for AI agent integration
 
 ## Quick Start
@@ -67,6 +68,8 @@ To install the binary globally so you can run `telbot` from any folder:
 |----------|----------|-------------|
 | `TELKOMSEL_BOT_TOKEN` | Bot mode | Telegram bot token from BotFather |
 | `TELEGRAM_ADMIN_ID` | Bot mode | Your Telegram user ID |
+| `OTP_WEBHOOK_PORT` | Optional | Port for OTP webhook listener (e.g. `8081`) |
+| `OTP_WEBHOOK_SECRET` | Optional | Shared secret for webhook authentication |
 
 You can either export these directly in your terminal, or place them in a `.env` file located in your platform's standard configuration directory:
 
@@ -90,8 +93,10 @@ See the [docs/](docs/) folder for detailed guides:
 - [Telegram Bot](docs/telegram-bot.md)
 - [CLI Mode](docs/cli.md)
 - [MCP Server](docs/mcp-server.md)
+- [Auto Re-login (OTP Webhook)](docs/auto-relogin.md)
 - [Systemd Service (Linux)](docs/systemd.md)
 - [OpenWrt](docs/openwrt.md)
+- [SMS Forwarder](sms-forwarder-openwrt/README.md)
 - [OpenClaw Skill](telbot-skills/SKILL.md)
 
 ## Disclaimer

docs/auto-relogin.md

@@ -0,0 +1,136 @@
+# Auto Re-login (OTP Webhook)
+
+When a Telkomsel session expires during automation (e.g., auto-buy), Telbot can automatically re-login by receiving the OTP via a webhook from the [SMS Forwarder](../sms-forwarder-openwrt/README.md) running on an OpenWrt device.
+
+## Architecture
+
+```
+┌──────────────────────────────────┐
+│         OpenWrt (Home)           │
+│                                  │
+│  Android ──ADB──► sms-forwarder  │
+│                       │          │
+│            ┌──────────┴────────┐ │
+│            │ 1. Telegram (info)│ │
+│            │ 2. POST webhook   │ │
+│            │    to VPS         │ │
+│            └──────────┬────────┘ │
+└───────────────────────┼──────────┘
+                        │ HTTP POST (internet)
+                        ▼
+┌──────────────────────────────────┐
+│           VPS (Telbot)           │
+│                                  │
+│  HTTP Server (:8081/api/otp)     │
+│       │                          │
+│       ▼                          │
+│  OTP Listener ──► parse OTP      │
+│       │           (regex)        │
+│       ▼                          │
+│  Auto Re-login                   │
+│  ├─ bot mode (auto-buy resumes)  │
+│  └─ cli mode (auto login)       │
+└──────────────────────────────────┘
+```
+
+## How It Works
+
+1. **Session expires** — Telbot detects `401 Unauthorized` during API calls (e.g., quota check in auto-buy)
+2. **Request OTP** — Telbot automatically calls `RequestOTP()` for the phone number
+3. **SMS arrives** — Telkomsel sends OTP via SMS to the phone connected to OpenWrt
+4. **SMS Forwarder** — Detects new SMS via ADB, POSTs it to Telbot's webhook
+5. **Parse & Submit** — Telbot extracts the OTP code (regex), submits it, and gets new tokens
+6. **Resume** — Auto-buy continues with the renewed session
+
+## Setup
+
+### Step 1: Configure Telbot (VPS)
+
+Add these environment variables to your `.env`:
+
+```bash
+OTP_WEBHOOK_PORT=8081
+OTP_WEBHOOK_SECRET=your-random-secret-here
+```
+
+Open the firewall port:
+```bash
+sudo ufw allow 8081/tcp
+```
+
+### Step 2: Configure SMS Forwarder (OpenWrt)
+
+See the [SMS Forwarder README](../sms-forwarder-openwrt/README.md) for full installation. Add the webhook config:
+
+```bash
+# In /etc/sms-forwarder/sms-forwarder.conf:
+WEBHOOK_URL="http://YOUR_VPS_IP:8081/api/otp"
+WEBHOOK_SECRET="your-random-secret-here"
+```
+
+> **Important:** `WEBHOOK_SECRET` must match `OTP_WEBHOOK_SECRET` in Telbot.
+
+### Step 3: Test
+
+Health check:
+```bash
+curl http://YOUR_VPS_IP:8081/health
+# Expected: ok
+```
+
+Simulate an OTP webhook:
+```bash
+curl -X POST http://YOUR_VPS_IP:8081/api/otp \
+  -H "Content-Type: application/json" \
+  -H "X-Webhook-Secret: your-random-secret-here" \
+  -d '{"from":"+6281219414870","body":"Kode OTP MyTelkomsel Anda: 654321. Jangan berikan ke siapapun."}'
+```
+
+## Webhook API
+
+### `POST /api/otp`
+
+Receives SMS content from the SMS Forwarder.
+
+**Headers:**
+| Header | Required | Description |
+|--------|----------|-------------|
+| `Content-Type` | Yes | `application/json` |
+| `X-Webhook-Secret` | If configured | Must match `OTP_WEBHOOK_SECRET` |
+
+**Request body:**
+```json
+{
+  "from": "+6281xxxxx",
+  "body": "Kode OTP MyTelkomsel Anda: 123456. Jangan berikan kepada siapapun."
+}
+```
+
+**Responses:**
+```json
+{"status":"dispatched","otp":"123456"}    // OTP sent to waiting caller
+{"status":"no_waiter","otp":"123456"}     // No one waiting for OTP
+{"status":"no_otp_found"}                 // Could not parse OTP from body
+```
+
+### `GET /health`
+
+Returns `ok` — useful for uptime monitoring.
+
+## OTP Parsing
+
+The listener uses regex to extract OTP codes from SMS body:
+
+| Priority | Pattern | Example Match |
+|----------|---------|---------------|
+| 1 | `Kode OTP ... 123456` | Specific Telkomsel pattern |
+| 2 | Generic 6-digit | Any standalone 6-digit number |
+| 3 | Generic 4-digit | Any standalone 4-digit number |
+
+## Behavior
+
+- **Backward compatible** — Without `OTP_WEBHOOK_PORT`, behavior is unchanged (manual login only)
+- **Cooldown** — Minimum 2 minutes between re-login attempts per phone number to avoid rate limiting
+- **Timeout** — If no OTP is received within 3 minutes, re-login fails and auto-buy stops
+- **Fallback** — If auto re-login fails, user is notified and manual login is required
+- **Both modes** — Works in both `--bot` and `--cli` modes

docs/cli.md

@@ -30,3 +30,16 @@ No environment variables required — sessions are loaded from `sessions.json`.
 ## Session Persistence
 
 Sessions are saved to `sessions.json` automatically. If you've logged in before (via CLI, Bot, or MCP), the CLI will pick up the existing session.
+
+## Auto OTP (Optional)
+
+If `OTP_WEBHOOK_PORT` is set as an environment variable, the CLI will start an OTP webhook listener. During login, instead of manually entering the OTP, it will be automatically received from the [SMS Forwarder](../sms-forwarder-openwrt/README.md) webhook.
+
+```bash
+# Export before running CLI:
+export OTP_WEBHOOK_PORT=8081
+export OTP_WEBHOOK_SECRET=your_secret
+telbot --cli
+```
+
+See [Auto Re-login docs](auto-relogin.md) for full setup guide.

docs/openwrt.md

@@ -32,6 +32,10 @@ Here is the content of .env
 ```bash
 TELKOMSEL_BOT_TOKEN=your_bot_token
 TELEGRAM_ADMIN_ID=your_admin_id
+
+# Optional: Enable auto re-login via OTP webhook from SMS Forwarder
+# OTP_WEBHOOK_PORT=8081
+# OTP_WEBHOOK_SECRET=your_secret
 ```
 
 Then copy .env to /.config/telbot/ directory

docs/systemd.md

@@ -47,6 +47,10 @@ WorkingDirectory=/home/your_username/telkomsel-bot
 Environment="TELKOMSEL_BOT_TOKEN=your_telegram_bot_token"
 Environment="TELEGRAM_ADMIN_ID=your_telegram_id"
 
+# Optional: Enable auto re-login via OTP webhook from SMS Forwarder
+# Environment="OTP_WEBHOOK_PORT=8081"
+# Environment="OTP_WEBHOOK_SECRET=your_secret"
+
 # The command to execute
 ExecStart=/usr/local/bin/telbot --bot
 

docs/telegram-bot.md

@@ -8,6 +8,10 @@
    ```
    TELKOMSEL_BOT_TOKEN=your_token_here
    TELEGRAM_ADMIN_ID=your_user_id
+
+   # Optional: Enable auto re-login via OTP webhook
+   OTP_WEBHOOK_PORT=8081
+   OTP_WEBHOOK_SECRET=your_secret
    ```
 
 ## Run
@@ -34,3 +38,9 @@ telbot --bot --verbose
 | `/start` | Show main menu |
 
 All other interactions are through inline keyboard buttons.
+
+## Auto Re-login
+
+If an OTP webhook listener is configured (`OTP_WEBHOOK_PORT`), the bot will automatically re-login when a session expires during auto-buy monitoring. This requires the [SMS Forwarder](../sms-forwarder-openwrt/README.md) to be set up on an OpenWrt device.
+
+See [Auto Re-login docs](auto-relogin.md) for full setup guide.