mirror of
https://github.com/InsanusMokrassar/TelegramBotAPI.git
synced 2024-12-22 16:47:13 +00:00
fixes in TelegramAPIUrlsKeeper#checkWebAppLink
This commit is contained in:
parent
9d16ca3b7e
commit
58c1f2ee6a
@ -2,6 +2,11 @@
|
||||
|
||||
## 1.1.1
|
||||
|
||||
* `Versions`:
|
||||
* `MicroUtils.Crypto` will not be provided with that library anymore. Instead, it is recommended to use `Korlibs.Krypto`. You still can add crypto from microutils using next groovy dependency: `dev.inmo:micro_utils.crypto:$micro_utils_version`
|
||||
* `Core`:
|
||||
* Improvements in `TelegramAPIUrlsKeeper#checkWebAppLink`
|
||||
* New field in `TelegramAPIUrlsKeeper#webAppDataSecretKeyHash`
|
||||
* `Behaviour Builder`:
|
||||
* Extension `TelegramBot#buildBehaviour` now returns `BehaviourContext`
|
||||
|
||||
|
@ -8,7 +8,7 @@ kotlin.incremental.js=true
|
||||
kotlin_version=1.6.21
|
||||
kotlin_coroutines_version=1.6.1
|
||||
kotlin_serialisation_runtime_version=1.3.3
|
||||
klock_version=2.7.0
|
||||
korlibs_version=2.7.0
|
||||
uuid_version=0.4.0
|
||||
ktor_version=2.0.1
|
||||
|
||||
|
@ -47,10 +47,10 @@ kotlin {
|
||||
api "org.jetbrains.kotlinx:kotlinx-serialization-json:$kotlin_serialisation_runtime_version"
|
||||
api "org.jetbrains.kotlinx:kotlinx-serialization-properties:$kotlin_serialisation_runtime_version"
|
||||
|
||||
api "com.soywiz.korlibs.klock:klock:$klock_version"
|
||||
api "com.soywiz.korlibs.klock:klock:$korlibs_version"
|
||||
api "com.soywiz.korlibs.krypto:krypto:$korlibs_version"
|
||||
api "com.benasher44:uuid:$uuid_version"
|
||||
|
||||
api "dev.inmo:micro_utils.crypto:$micro_utils_version"
|
||||
api "dev.inmo:micro_utils.coroutines:$micro_utils_version"
|
||||
api "dev.inmo:micro_utils.serialization.base64:$micro_utils_version"
|
||||
api "dev.inmo:micro_utils.serialization.encapsulator:$micro_utils_version"
|
||||
|
@ -1,7 +1,8 @@
|
||||
package dev.inmo.tgbotapi.utils
|
||||
|
||||
import dev.inmo.micro_utils.crypto.hex
|
||||
import dev.inmo.micro_utils.crypto.hmacSha256
|
||||
import com.soywiz.krypto.*
|
||||
import io.ktor.http.decodeURLQueryComponent
|
||||
import io.ktor.utils.io.core.toByteArray
|
||||
|
||||
const val telegramBotAPIDefaultUrl = "https://api.telegram.org"
|
||||
|
||||
@ -22,9 +23,11 @@ class TelegramAPIUrlsKeeper(
|
||||
hostUrl: String = telegramBotAPIDefaultUrl,
|
||||
urlsSuffixes: String = ""
|
||||
) {
|
||||
val webAppDataSecretKey by lazy {
|
||||
token.hmacSha256("WebAppData")
|
||||
val webAppDataSecretKeyHash by lazy {
|
||||
HMAC.hmacSHA256("WebAppData".toByteArray(), token.toByteArray())
|
||||
}
|
||||
val webAppDataSecretKey
|
||||
get() = webAppDataSecretKeyHash.hexLower
|
||||
|
||||
val commonAPIUrl: String
|
||||
val fileBaseUrl: String
|
||||
@ -47,5 +50,14 @@ class TelegramAPIUrlsKeeper(
|
||||
* @param rawData Data from [dev.inmo.tgbotapi.webapps.WebApp.initData]
|
||||
* @param hash Data from [dev.inmo.tgbotapi.webapps.WebApp.initDataUnsafe] from the field [dev.inmo.tgbotapi.webapps.WebAppInitData.hash]
|
||||
*/
|
||||
fun checkWebAppLink(rawData: String, hash: String) = rawData.hmacSha256(webAppDataSecretKey).hex() == hash
|
||||
fun checkWebAppLink(rawData: String, hash: String): Boolean {
|
||||
val preparedData = rawData
|
||||
.decodeURLQueryComponent()
|
||||
.split("&")
|
||||
.filterNot { it.startsWith("hash=") }
|
||||
.sorted()
|
||||
.joinToString("\n")
|
||||
|
||||
return HMAC.hmacSHA256(webAppDataSecretKeyHash.bytes, preparedData.toByteArray()).hexLower == hash.lowercase()
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user