mirror of
https://github.com/InsanusMokrassar/TelegramBotAPI.git
synced 2024-11-24 19:18:44 +00:00
"TelegramAPIUrlsKeeper" now have two new things: properties "webAppDataSecretKey" and fun "checkWebAppLink"
This commit is contained in:
parent
c70484076d
commit
4799617ced
@ -2,6 +2,9 @@
|
|||||||
|
|
||||||
## 0.38.16
|
## 0.38.16
|
||||||
|
|
||||||
|
* `Core`:
|
||||||
|
* `TelegramAPIUrlsKeeper` now have two new things: properties `webAppDataSecretKey` and fun `checkWebAppLink`
|
||||||
|
|
||||||
## 0.38.15
|
## 0.38.15
|
||||||
|
|
||||||
* `Common`:
|
* `Common`:
|
||||||
|
@ -0,0 +1,7 @@
|
|||||||
|
package dev.inmo.tgbotapi.utils
|
||||||
|
|
||||||
|
import dev.inmo.micro_utils.crypto.SourceString
|
||||||
|
|
||||||
|
internal expect fun SourceString.hmacSha256(key: String): String
|
||||||
|
|
||||||
|
internal expect fun SourceString.hex(): String
|
@ -18,6 +18,10 @@ class TelegramAPIUrlsKeeper(
|
|||||||
token: String,
|
token: String,
|
||||||
hostUrl: String = telegramBotAPIDefaultUrl
|
hostUrl: String = telegramBotAPIDefaultUrl
|
||||||
) {
|
) {
|
||||||
|
val webAppDataSecretKey by lazy {
|
||||||
|
token.hmacSha256("WebAppData")
|
||||||
|
}
|
||||||
|
|
||||||
val commonAPIUrl: String
|
val commonAPIUrl: String
|
||||||
val fileBaseUrl: String
|
val fileBaseUrl: String
|
||||||
|
|
||||||
@ -28,4 +32,10 @@ class TelegramAPIUrlsKeeper(
|
|||||||
}
|
}
|
||||||
|
|
||||||
fun createFileLinkUrl(filePath: String) = "${fileBaseUrl}/$filePath"
|
fun createFileLinkUrl(filePath: String) = "${fileBaseUrl}/$filePath"
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param rawData Data from [dev.inmo.tgbotapi.webapps.WebApp.initData]
|
||||||
|
* @param hash Data from [dev.inmo.tgbotapi.webapps.WebApp.initDataUnsafe] from the field [dev.inmo.tgbotapi.webapps.WebAppInitData.hash]
|
||||||
|
*/
|
||||||
|
fun checkWebAppLink(rawData: String, hash: String) = rawData.hmacSha256(webAppDataSecretKey).hex() == hash
|
||||||
}
|
}
|
||||||
|
@ -0,0 +1,8 @@
|
|||||||
|
package dev.inmo.tgbotapi.utils
|
||||||
|
|
||||||
|
import dev.inmo.micro_utils.crypto.CryptoJS
|
||||||
|
import dev.inmo.micro_utils.crypto.SourceString
|
||||||
|
|
||||||
|
actual fun SourceString.hmacSha256(key: String) = CryptoJS.asDynamic().HmacSHA256(this, key).unsafeCast<String>()
|
||||||
|
|
||||||
|
actual fun SourceString.hex() = CryptoJS.asDynamic().format.Hex(this).unsafeCast<String>()
|
@ -0,0 +1,29 @@
|
|||||||
|
package dev.inmo.tgbotapi.utils
|
||||||
|
|
||||||
|
import dev.inmo.micro_utils.crypto.SourceBytes
|
||||||
|
import dev.inmo.micro_utils.crypto.SourceString
|
||||||
|
import javax.crypto.Mac
|
||||||
|
import javax.crypto.spec.SecretKeySpec
|
||||||
|
|
||||||
|
val HEX_ARRAY = "0123456789ABCDEF".toCharArray()
|
||||||
|
|
||||||
|
private fun SourceBytes.hex(): String {
|
||||||
|
val hexChars = CharArray(size * 2)
|
||||||
|
for (j in indices) {
|
||||||
|
val v: Int = this[j].toInt() and 0xFF
|
||||||
|
hexChars[j * 2] = HEX_ARRAY[v ushr 4]
|
||||||
|
hexChars[j * 2 + 1] = HEX_ARRAY[v and 0x0F]
|
||||||
|
}
|
||||||
|
return String(hexChars)
|
||||||
|
}
|
||||||
|
|
||||||
|
actual fun SourceString.hmacSha256(key: String): String {
|
||||||
|
val mac = Mac.getInstance("HmacSHA256")
|
||||||
|
|
||||||
|
val secretKey = SecretKeySpec(key.toByteArray(), "HmacSHA256")
|
||||||
|
mac.init(secretKey)
|
||||||
|
|
||||||
|
return mac.doFinal(toByteArray()).hex()
|
||||||
|
}
|
||||||
|
|
||||||
|
actual fun SourceString.hex(): String = toByteArray().hex()
|
@ -27,6 +27,13 @@ repositories {
|
|||||||
}
|
}
|
||||||
|
|
||||||
kotlin {
|
kotlin {
|
||||||
|
jvm {
|
||||||
|
compilations.main {
|
||||||
|
kotlinOptions {
|
||||||
|
jvmTarget = "1.8"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
js(IR) {
|
js(IR) {
|
||||||
browser()
|
browser()
|
||||||
nodejs()
|
nodejs()
|
||||||
|
@ -0,0 +1,9 @@
|
|||||||
|
package dev.inmo.tgbotapi.webapps
|
||||||
|
|
||||||
|
import dev.inmo.tgbotapi.utils.*
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param rawData Data from [dev.inmo.tgbotapi.webapps.WebApp.initData]
|
||||||
|
* @param hash Data from [dev.inmo.tgbotapi.webapps.WebApp.initDataUnsafe] from the field [dev.inmo.tgbotapi.webapps.WebAppInitData.hash]
|
||||||
|
*/
|
||||||
|
fun TelegramAPIUrlsKeeper.checkWebAppLink(rawData: String, hash: String) = rawData.hmacSha256(webAppDataSecretKey).hex() == hash
|
@ -1,6 +1,7 @@
|
|||||||
package dev.inmo.tgbotapi.webapps
|
package dev.inmo.tgbotapi.webapps
|
||||||
|
|
||||||
import dev.inmo.micro_utils.crypto.CryptoJS
|
import dev.inmo.micro_utils.crypto.CryptoJS
|
||||||
|
import dev.inmo.tgbotapi.utils.TelegramAPIUrlsKeeper
|
||||||
|
|
||||||
external class WebApp {
|
external class WebApp {
|
||||||
val initData: String
|
val initData: String
|
||||||
@ -76,6 +77,7 @@ fun WebApp.onMainButtonClicked(eventHandler: EventHandler) = onEvent(EventType.M
|
|||||||
*/
|
*/
|
||||||
fun WebApp.onViewportChanged(eventHandler: ViewportChangedEventHandler) = onEvent(EventType.ViewportChanged, eventHandler)
|
fun WebApp.onViewportChanged(eventHandler: ViewportChangedEventHandler) = onEvent(EventType.ViewportChanged, eventHandler)
|
||||||
|
|
||||||
fun WebApp.isInitDataSafe(botToken: String) = CryptoJS.hex(
|
fun WebApp.isInitDataSafe(botToken: String) = TelegramAPIUrlsKeeper(botToken).checkWebAppLink(
|
||||||
CryptoJS.HmacSHA256(botToken, "WebAppData")
|
initData,
|
||||||
) == initDataUnsafe.hash
|
initDataUnsafe.hash
|
||||||
|
)
|
||||||
|
Loading…
Reference in New Issue
Block a user