"TelegramAPIUrlsKeeper" now have two new things: properties "webAppDataSecretKey" and fun "checkWebAppLink"

tgbotapi.webapps/build.gradle

@@ -27,6 +27,13 @@ repositories {
 }
 
 kotlin {
+    jvm {
+        compilations.main {
+            kotlinOptions {
+                jvmTarget = "1.8"
+            }
+        }
+    }
     js(IR) {
         browser()
         nodejs()

tgbotapi.webapps/src/commonMain/kotlin/dev/inmo/tgbotapi/webapps/CheckWebAppData.kt

@@ -0,0 +1,9 @@
+package dev.inmo.tgbotapi.webapps
+
+import dev.inmo.tgbotapi.utils.*
+
+/**
+ * @param rawData Data from [dev.inmo.tgbotapi.webapps.WebApp.initData]
+ * @param hash Data from [dev.inmo.tgbotapi.webapps.WebApp.initDataUnsafe] from the field [dev.inmo.tgbotapi.webapps.WebAppInitData.hash]
+ */
+fun TelegramAPIUrlsKeeper.checkWebAppLink(rawData: String, hash: String) = rawData.hmacSha256(webAppDataSecretKey).hex() == hash

tgbotapi.webapps/src/jsMain/kotlin/dev/inmo/tgbotapi/webapps/WebApp.kt

@@ -1,6 +1,7 @@
 package dev.inmo.tgbotapi.webapps
 
 import dev.inmo.micro_utils.crypto.CryptoJS
+import dev.inmo.tgbotapi.utils.TelegramAPIUrlsKeeper
 
 external class WebApp {
     val initData: String
@@ -76,6 +77,7 @@ fun WebApp.onMainButtonClicked(eventHandler: EventHandler) = onEvent(EventType.M
  */
 fun WebApp.onViewportChanged(eventHandler: ViewportChangedEventHandler) = onEvent(EventType.ViewportChanged, eventHandler)
 
-fun WebApp.isInitDataSafe(botToken: String) = CryptoJS.hex(
-    CryptoJS.HmacSHA256(botToken, "WebAppData")
-) == initDataUnsafe.hash
+fun WebApp.isInitDataSafe(botToken: String) = TelegramAPIUrlsKeeper(botToken).checkWebAppLink(
+    initData,
+    initDataUnsafe.hash
+)