From f1be8bf16ec4baedef9577522c4afdbba385cb89 Mon Sep 17 00:00:00 2001 From: InsanusMokrassar Date: Mon, 16 May 2022 18:53:15 +0600 Subject: [PATCH 1/5] start 1.1.1 --- CHANGELOG.md | 2 ++ gradle.properties | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6ddc013835..3182764c0a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ # TelegramBotAPI changelog +## 1.1.1 + ## 1.1.0 * `Utils`: diff --git a/gradle.properties b/gradle.properties index 8cc649d440..bccf3f2a91 100644 --- a/gradle.properties +++ b/gradle.properties @@ -20,6 +20,6 @@ javax_activation_version=1.1.1 dokka_version=1.6.21 library_group=dev.inmo -library_version=1.1.0 +library_version=1.1.1 github_release_plugin_version=2.3.7 From 9d40e598f1018d45c71ef92195f467f8973e49c1 Mon Sep 17 00:00:00 2001 From: InsanusMokrassar Date: Mon, 16 May 2022 18:58:19 +0600 Subject: [PATCH 2/5] buildBehaciour returns BehaviourContext --- CHANGELOG.md | 3 ++ .../behaviour_builder/BehaviourBuilders.kt | 42 +++++++++---------- 2 files changed, 23 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3182764c0a..89f0ff080e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ ## 1.1.1 +* `Behaviour Builder`: + * Extension `TelegramBot#buildBehaviour` now returns `BehaviourContext` + ## 1.1.0 * `Utils`: diff --git a/tgbotapi.behaviour_builder/src/commonMain/kotlin/dev/inmo/tgbotapi/extensions/behaviour_builder/BehaviourBuilders.kt b/tgbotapi.behaviour_builder/src/commonMain/kotlin/dev/inmo/tgbotapi/extensions/behaviour_builder/BehaviourBuilders.kt index 41e193218c..7b426e9a6a 100644 --- a/tgbotapi.behaviour_builder/src/commonMain/kotlin/dev/inmo/tgbotapi/extensions/behaviour_builder/BehaviourBuilders.kt +++ b/tgbotapi.behaviour_builder/src/commonMain/kotlin/dev/inmo/tgbotapi/extensions/behaviour_builder/BehaviourBuilders.kt @@ -7,8 +7,7 @@ import dev.inmo.tgbotapi.extensions.utils.updates.retrieving.longPolling import dev.inmo.tgbotapi.extensions.utils.updates.retrieving.startGettingOfUpdatesByLongPolling import dev.inmo.tgbotapi.updateshandlers.FlowsUpdatesFilter import dev.inmo.tgbotapi.utils.PreviewFeature -import kotlinx.coroutines.CoroutineScope -import kotlinx.coroutines.plus +import kotlinx.coroutines.* /** * This function is used in [buildBehaviour] extensions to provide default [CoroutineScope] and allow to avoid all @@ -30,18 +29,18 @@ suspend fun TelegramBot.buildBehaviour( scope: CoroutineScope = defaultCoroutineScopeProvider(), defaultExceptionsHandler: ExceptionHandler? = null, block: BehaviourContextReceiver -) { - BehaviourContext( - this, - scope.let { - if (defaultExceptionsHandler == null) { - it - } else { - it + ContextSafelyExceptionHandler(defaultExceptionsHandler) - } - }, - flowUpdatesFilter - ).block() +): BehaviourContext = BehaviourContext( + this, + scope.let { + if (defaultExceptionsHandler == null) { + it + } else { + it + ContextSafelyExceptionHandler(defaultExceptionsHandler) + } + }, + flowUpdatesFilter +).apply { + block() } /** @@ -56,15 +55,14 @@ suspend fun TelegramBot.buildBehaviourWithLongPolling( scope: CoroutineScope = defaultCoroutineScopeProvider(), defaultExceptionsHandler: ExceptionHandler? = null, block: BehaviourContextReceiver -) = FlowsUpdatesFilter().let { - buildBehaviour( - it, - scope, - defaultExceptionsHandler, - block +): Job { + val behaviourContext = buildBehaviour( + scope = scope, + defaultExceptionsHandler = defaultExceptionsHandler, + block = block ) - longPolling( - it, + return longPolling( + behaviourContext, scope = scope ) } From 9d16ca3b7e66c0b0ca9659ca102d6c27ec7f4b60 Mon Sep 17 00:00:00 2001 From: InsanusMokrassar Date: Mon, 16 May 2022 18:59:30 +0600 Subject: [PATCH 3/5] small refactor of buildBehaviourWithLongPolling --- .../tgbotapi/extensions/behaviour_builder/BehaviourBuilders.kt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tgbotapi.behaviour_builder/src/commonMain/kotlin/dev/inmo/tgbotapi/extensions/behaviour_builder/BehaviourBuilders.kt b/tgbotapi.behaviour_builder/src/commonMain/kotlin/dev/inmo/tgbotapi/extensions/behaviour_builder/BehaviourBuilders.kt index 7b426e9a6a..0210ab3de7 100644 --- a/tgbotapi.behaviour_builder/src/commonMain/kotlin/dev/inmo/tgbotapi/extensions/behaviour_builder/BehaviourBuilders.kt +++ b/tgbotapi.behaviour_builder/src/commonMain/kotlin/dev/inmo/tgbotapi/extensions/behaviour_builder/BehaviourBuilders.kt @@ -63,6 +63,6 @@ suspend fun TelegramBot.buildBehaviourWithLongPolling( ) return longPolling( behaviourContext, - scope = scope + scope = behaviourContext ) } From 58c1f2ee6af355d4567e595d9471ce6675f65dfc Mon Sep 17 00:00:00 2001 From: InsanusMokrassar Date: Tue, 17 May 2022 19:51:14 +0600 Subject: [PATCH 4/5] fixes in TelegramAPIUrlsKeeper#checkWebAppLink --- CHANGELOG.md | 5 +++++ gradle.properties | 2 +- tgbotapi.core/build.gradle | 4 ++-- .../tgbotapi/utils/TelegramAPIUrlsKeeper.kt | 22 ++++++++++++++----- 4 files changed, 25 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 89f0ff080e..96438400f0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,11 @@ ## 1.1.1 +* `Versions`: + * `MicroUtils.Crypto` will not be provided with that library anymore. Instead, it is recommended to use `Korlibs.Krypto`. You still can add crypto from microutils using next groovy dependency: `dev.inmo:micro_utils.crypto:$micro_utils_version` +* `Core`: + * Improvements in `TelegramAPIUrlsKeeper#checkWebAppLink` + * New field in `TelegramAPIUrlsKeeper#webAppDataSecretKeyHash` * `Behaviour Builder`: * Extension `TelegramBot#buildBehaviour` now returns `BehaviourContext` diff --git a/gradle.properties b/gradle.properties index bccf3f2a91..2d0fa06f61 100644 --- a/gradle.properties +++ b/gradle.properties @@ -8,7 +8,7 @@ kotlin.incremental.js=true kotlin_version=1.6.21 kotlin_coroutines_version=1.6.1 kotlin_serialisation_runtime_version=1.3.3 -klock_version=2.7.0 +korlibs_version=2.7.0 uuid_version=0.4.0 ktor_version=2.0.1 diff --git a/tgbotapi.core/build.gradle b/tgbotapi.core/build.gradle index cb2273c5f7..28889e2fb0 100644 --- a/tgbotapi.core/build.gradle +++ b/tgbotapi.core/build.gradle @@ -47,10 +47,10 @@ kotlin { api "org.jetbrains.kotlinx:kotlinx-serialization-json:$kotlin_serialisation_runtime_version" api "org.jetbrains.kotlinx:kotlinx-serialization-properties:$kotlin_serialisation_runtime_version" - api "com.soywiz.korlibs.klock:klock:$klock_version" + api "com.soywiz.korlibs.klock:klock:$korlibs_version" + api "com.soywiz.korlibs.krypto:krypto:$korlibs_version" api "com.benasher44:uuid:$uuid_version" - api "dev.inmo:micro_utils.crypto:$micro_utils_version" api "dev.inmo:micro_utils.coroutines:$micro_utils_version" api "dev.inmo:micro_utils.serialization.base64:$micro_utils_version" api "dev.inmo:micro_utils.serialization.encapsulator:$micro_utils_version" diff --git a/tgbotapi.core/src/commonMain/kotlin/dev/inmo/tgbotapi/utils/TelegramAPIUrlsKeeper.kt b/tgbotapi.core/src/commonMain/kotlin/dev/inmo/tgbotapi/utils/TelegramAPIUrlsKeeper.kt index 1dfe697c08..83f390cf94 100644 --- a/tgbotapi.core/src/commonMain/kotlin/dev/inmo/tgbotapi/utils/TelegramAPIUrlsKeeper.kt +++ b/tgbotapi.core/src/commonMain/kotlin/dev/inmo/tgbotapi/utils/TelegramAPIUrlsKeeper.kt @@ -1,7 +1,8 @@ package dev.inmo.tgbotapi.utils -import dev.inmo.micro_utils.crypto.hex -import dev.inmo.micro_utils.crypto.hmacSha256 +import com.soywiz.krypto.* +import io.ktor.http.decodeURLQueryComponent +import io.ktor.utils.io.core.toByteArray const val telegramBotAPIDefaultUrl = "https://api.telegram.org" @@ -22,9 +23,11 @@ class TelegramAPIUrlsKeeper( hostUrl: String = telegramBotAPIDefaultUrl, urlsSuffixes: String = "" ) { - val webAppDataSecretKey by lazy { - token.hmacSha256("WebAppData") + val webAppDataSecretKeyHash by lazy { + HMAC.hmacSHA256("WebAppData".toByteArray(), token.toByteArray()) } + val webAppDataSecretKey + get() = webAppDataSecretKeyHash.hexLower val commonAPIUrl: String val fileBaseUrl: String @@ -47,5 +50,14 @@ class TelegramAPIUrlsKeeper( * @param rawData Data from [dev.inmo.tgbotapi.webapps.WebApp.initData] * @param hash Data from [dev.inmo.tgbotapi.webapps.WebApp.initDataUnsafe] from the field [dev.inmo.tgbotapi.webapps.WebAppInitData.hash] */ - fun checkWebAppLink(rawData: String, hash: String) = rawData.hmacSha256(webAppDataSecretKey).hex() == hash + fun checkWebAppLink(rawData: String, hash: String): Boolean { + val preparedData = rawData + .decodeURLQueryComponent() + .split("&") + .filterNot { it.startsWith("hash=") } + .sorted() + .joinToString("\n") + + return HMAC.hmacSHA256(webAppDataSecretKeyHash.bytes, preparedData.toByteArray()).hexLower == hash.lowercase() + } } From c759b9a4668a11863155420ed65f08f98617af94 Mon Sep 17 00:00:00 2001 From: InsanusMokrassar Date: Tue, 17 May 2022 19:54:13 +0600 Subject: [PATCH 5/5] deprecate hmac and hex extensions for CryptoJS in webapp --- .../kotlin/dev/inmo/tgbotapi/webapps/CryptoJSExtensions.kt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tgbotapi.webapps/src/jsMain/kotlin/dev/inmo/tgbotapi/webapps/CryptoJSExtensions.kt b/tgbotapi.webapps/src/jsMain/kotlin/dev/inmo/tgbotapi/webapps/CryptoJSExtensions.kt index 4e24f9e9e0..cb061c9594 100644 --- a/tgbotapi.webapps/src/jsMain/kotlin/dev/inmo/tgbotapi/webapps/CryptoJSExtensions.kt +++ b/tgbotapi.webapps/src/jsMain/kotlin/dev/inmo/tgbotapi/webapps/CryptoJSExtensions.kt @@ -2,6 +2,8 @@ package dev.inmo.tgbotapi.webapps import dev.inmo.micro_utils.crypto.CryptoJs +@Deprecated("Useless") fun CryptoJs.HmacSHA256(text: String, key: String) = this.asDynamic().HmacSHA256(text, key).unsafeCast() +@Deprecated("Useless") fun CryptoJs.hex(text: String) = this.asDynamic().format.Hex(text).unsafeCast()