mirror of
https://github.com/InsanusMokrassar/TelegramBotAPI.git
synced 2024-11-25 19:48:43 +00:00
fixes in TelegramAPIUrlsKeeper#checkWebAppLink
This commit is contained in:
parent
9d16ca3b7e
commit
58c1f2ee6a
@ -2,6 +2,11 @@
|
|||||||
|
|
||||||
## 1.1.1
|
## 1.1.1
|
||||||
|
|
||||||
|
* `Versions`:
|
||||||
|
* `MicroUtils.Crypto` will not be provided with that library anymore. Instead, it is recommended to use `Korlibs.Krypto`. You still can add crypto from microutils using next groovy dependency: `dev.inmo:micro_utils.crypto:$micro_utils_version`
|
||||||
|
* `Core`:
|
||||||
|
* Improvements in `TelegramAPIUrlsKeeper#checkWebAppLink`
|
||||||
|
* New field in `TelegramAPIUrlsKeeper#webAppDataSecretKeyHash`
|
||||||
* `Behaviour Builder`:
|
* `Behaviour Builder`:
|
||||||
* Extension `TelegramBot#buildBehaviour` now returns `BehaviourContext`
|
* Extension `TelegramBot#buildBehaviour` now returns `BehaviourContext`
|
||||||
|
|
||||||
|
@ -8,7 +8,7 @@ kotlin.incremental.js=true
|
|||||||
kotlin_version=1.6.21
|
kotlin_version=1.6.21
|
||||||
kotlin_coroutines_version=1.6.1
|
kotlin_coroutines_version=1.6.1
|
||||||
kotlin_serialisation_runtime_version=1.3.3
|
kotlin_serialisation_runtime_version=1.3.3
|
||||||
klock_version=2.7.0
|
korlibs_version=2.7.0
|
||||||
uuid_version=0.4.0
|
uuid_version=0.4.0
|
||||||
ktor_version=2.0.1
|
ktor_version=2.0.1
|
||||||
|
|
||||||
|
@ -47,10 +47,10 @@ kotlin {
|
|||||||
api "org.jetbrains.kotlinx:kotlinx-serialization-json:$kotlin_serialisation_runtime_version"
|
api "org.jetbrains.kotlinx:kotlinx-serialization-json:$kotlin_serialisation_runtime_version"
|
||||||
api "org.jetbrains.kotlinx:kotlinx-serialization-properties:$kotlin_serialisation_runtime_version"
|
api "org.jetbrains.kotlinx:kotlinx-serialization-properties:$kotlin_serialisation_runtime_version"
|
||||||
|
|
||||||
api "com.soywiz.korlibs.klock:klock:$klock_version"
|
api "com.soywiz.korlibs.klock:klock:$korlibs_version"
|
||||||
|
api "com.soywiz.korlibs.krypto:krypto:$korlibs_version"
|
||||||
api "com.benasher44:uuid:$uuid_version"
|
api "com.benasher44:uuid:$uuid_version"
|
||||||
|
|
||||||
api "dev.inmo:micro_utils.crypto:$micro_utils_version"
|
|
||||||
api "dev.inmo:micro_utils.coroutines:$micro_utils_version"
|
api "dev.inmo:micro_utils.coroutines:$micro_utils_version"
|
||||||
api "dev.inmo:micro_utils.serialization.base64:$micro_utils_version"
|
api "dev.inmo:micro_utils.serialization.base64:$micro_utils_version"
|
||||||
api "dev.inmo:micro_utils.serialization.encapsulator:$micro_utils_version"
|
api "dev.inmo:micro_utils.serialization.encapsulator:$micro_utils_version"
|
||||||
|
@ -1,7 +1,8 @@
|
|||||||
package dev.inmo.tgbotapi.utils
|
package dev.inmo.tgbotapi.utils
|
||||||
|
|
||||||
import dev.inmo.micro_utils.crypto.hex
|
import com.soywiz.krypto.*
|
||||||
import dev.inmo.micro_utils.crypto.hmacSha256
|
import io.ktor.http.decodeURLQueryComponent
|
||||||
|
import io.ktor.utils.io.core.toByteArray
|
||||||
|
|
||||||
const val telegramBotAPIDefaultUrl = "https://api.telegram.org"
|
const val telegramBotAPIDefaultUrl = "https://api.telegram.org"
|
||||||
|
|
||||||
@ -22,9 +23,11 @@ class TelegramAPIUrlsKeeper(
|
|||||||
hostUrl: String = telegramBotAPIDefaultUrl,
|
hostUrl: String = telegramBotAPIDefaultUrl,
|
||||||
urlsSuffixes: String = ""
|
urlsSuffixes: String = ""
|
||||||
) {
|
) {
|
||||||
val webAppDataSecretKey by lazy {
|
val webAppDataSecretKeyHash by lazy {
|
||||||
token.hmacSha256("WebAppData")
|
HMAC.hmacSHA256("WebAppData".toByteArray(), token.toByteArray())
|
||||||
}
|
}
|
||||||
|
val webAppDataSecretKey
|
||||||
|
get() = webAppDataSecretKeyHash.hexLower
|
||||||
|
|
||||||
val commonAPIUrl: String
|
val commonAPIUrl: String
|
||||||
val fileBaseUrl: String
|
val fileBaseUrl: String
|
||||||
@ -47,5 +50,14 @@ class TelegramAPIUrlsKeeper(
|
|||||||
* @param rawData Data from [dev.inmo.tgbotapi.webapps.WebApp.initData]
|
* @param rawData Data from [dev.inmo.tgbotapi.webapps.WebApp.initData]
|
||||||
* @param hash Data from [dev.inmo.tgbotapi.webapps.WebApp.initDataUnsafe] from the field [dev.inmo.tgbotapi.webapps.WebAppInitData.hash]
|
* @param hash Data from [dev.inmo.tgbotapi.webapps.WebApp.initDataUnsafe] from the field [dev.inmo.tgbotapi.webapps.WebAppInitData.hash]
|
||||||
*/
|
*/
|
||||||
fun checkWebAppLink(rawData: String, hash: String) = rawData.hmacSha256(webAppDataSecretKey).hex() == hash
|
fun checkWebAppLink(rawData: String, hash: String): Boolean {
|
||||||
|
val preparedData = rawData
|
||||||
|
.decodeURLQueryComponent()
|
||||||
|
.split("&")
|
||||||
|
.filterNot { it.startsWith("hash=") }
|
||||||
|
.sorted()
|
||||||
|
.joinToString("\n")
|
||||||
|
|
||||||
|
return HMAC.hmacSHA256(webAppDataSecretKeyHash.bytes, preparedData.toByteArray()).hexLower == hash.lowercase()
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user