InsanusMokrassar/tgbotapi
1
0
Fork 0
mirror of https://github.com/InsanusMokrassar/TelegramBotAPI.git synced 2025-09-15 05:09:30 +00:00
Code Releases Activity

"TelegramAPIUrlsKeeper" now have two new things: properties "webAppDataSecretKey" and fun "checkWebAppLink"

Browse Source
This commit is contained in:
InsanusMokrassar
2022-04-29 19:11:38 +06:00
parent c70484076d
commit 4799617ced
8 changed files with 78 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
tgbotapi.core/src/commonMain/kotlin/dev/inmo/tgbotapi/utils/Crypto.kt Normal file
View File

@@ -0,0 +1,7 @@
package dev.inmo.tgbotapi.utils
import dev.inmo.micro_utils.crypto.SourceString
internal expect fun SourceString.hmacSha256(key: String): String
internal expect fun SourceString.hex(): String

10
tgbotapi.core/src/commonMain/kotlin/dev/inmo/tgbotapi/utils/TelegramAPIUrlsKeeper.kt
View File

@@ -18,6 +18,10 @@ class TelegramAPIUrlsKeeper(
token: String,
hostUrl: String = telegramBotAPIDefaultUrl
) {
val webAppDataSecretKey by lazy {
token.hmacSha256("WebAppData")
}
val commonAPIUrl: String
val fileBaseUrl: String
@@ -28,4 +32,10 @@ class TelegramAPIUrlsKeeper(
}
fun createFileLinkUrl(filePath: String) = "${fileBaseUrl}/$filePath"
/**
* @param rawData Data from [dev.inmo.tgbotapi.webapps.WebApp.initData]
* @param hash Data from [dev.inmo.tgbotapi.webapps.WebApp.initDataUnsafe] from the field [dev.inmo.tgbotapi.webapps.WebAppInitData.hash]
*/
fun checkWebAppLink(rawData: String, hash: String) = rawData.hmacSha256(webAppDataSecretKey).hex() == hash
}

8
tgbotapi.core/src/jsMain/kotlin/dev/inmo/tgbotapi/utils/CryptoActual.kt Normal file
View File

@@ -0,0 +1,8 @@
package dev.inmo.tgbotapi.utils
import dev.inmo.micro_utils.crypto.CryptoJS
import dev.inmo.micro_utils.crypto.SourceString
actual fun SourceString.hmacSha256(key: String) = CryptoJS.asDynamic().HmacSHA256(this, key).unsafeCast<String>()
actual fun SourceString.hex() = CryptoJS.asDynamic().format.Hex(this).unsafeCast<String>()

29
tgbotapi.core/src/jvmMain/kotlin/dev/inmo/tgbotapi/utils/CryptoActual.kt Normal file
View File

@@ -0,0 +1,29 @@
package dev.inmo.tgbotapi.utils
import dev.inmo.micro_utils.crypto.SourceBytes
import dev.inmo.micro_utils.crypto.SourceString
import javax.crypto.Mac
import javax.crypto.spec.SecretKeySpec
val HEX_ARRAY = "0123456789ABCDEF".toCharArray()
private fun SourceBytes.hex(): String {
val hexChars = CharArray(size * 2)
for (j in indices) {
val v: Int = this[j].toInt() and 0xFF
hexChars[j * 2] = HEX_ARRAY[v ushr 4]
hexChars[j * 2 + 1] = HEX_ARRAY[v and 0x0F]
}
return String(hexChars)
}
actual fun SourceString.hmacSha256(key: String): String {
val mac = Mac.getInstance("HmacSHA256")
val secretKey = SecretKeySpec(key.toByteArray(), "HmacSHA256")
mac.init(secretKey)
return mac.doFinal(toByteArray()).hex()
}
actual fun SourceString.hex(): String = toByteArray().hex()