add checking of data in web app

2022-04-18 17:26:09 +06:00 · 2022-04-18 17:26:09 +06:00 · 88c62bd51c
parent 705bcbe352
commit 88c62bd51c
2 changed files with 13 additions and 0 deletions
--- a/tgbotapi.webapps/src/jsMain/kotlin/dev/inmo/tgbotapi/webapps/CryptoJSExtensions.kt
+++ b/tgbotapi.webapps/src/jsMain/kotlin/dev/inmo/tgbotapi/webapps/CryptoJSExtensions.kt
@ -0,0 +1,7 @@
+package dev.inmo.tgbotapi.webapps
+
+import dev.inmo.micro_utils.crypto.CryptoJs
+
+fun CryptoJs.HmacSHA256(text: String, key: String) = this.asDynamic().HmacSHA256(text, key).unsafeCast<String>()
+
+fun CryptoJs.hex(text: String) = this.asDynamic().format.Hex(text).unsafeCast<String>()
--- a/tgbotapi.webapps/src/jsMain/kotlin/dev/inmo/tgbotapi/webapps/WebApp.kt
+++ b/tgbotapi.webapps/src/jsMain/kotlin/dev/inmo/tgbotapi/webapps/WebApp.kt
@ -1,5 +1,7 @@
 package dev.inmo.tgbotapi.webapps

+import dev.inmo.micro_utils.crypto.CryptoJS
+
 external class WebApp {
    val initData: String
    val initDataUnsafe: WebAppInitData
@ -73,3 +75,7 @@ fun WebApp.onMainButtonClicked(eventHandler: EventHandler) = onEvent(EventType.M
 * @return The callback which should be used in case you want to turn off events handling
 */
 fun WebApp.onViewportChanged(eventHandler: ViewportChangedEventHandler) = onEvent(EventType.ViewportChanged, eventHandler)
+
+fun WebApp.isInitDataSafe(botToken: String) = CryptoJS.hex(
+    CryptoJS.HmacSHA256(botToken, "WebAppData")
+) == initDataUnsafe.hash