mirror of
https://github.com/InsanusMokrassar/TelegramBotAPI.git
synced 2024-11-26 12:08:43 +00:00
Compare commits
5 Commits
0c92e6eeb4
...
37317a1055
Author | SHA1 | Date | |
---|---|---|---|
37317a1055 | |||
60c21002e1 | |||
78a7a3546a | |||
4799617ced | |||
c70484076d |
@ -1,5 +1,10 @@
|
||||
# TelegramBotAPI changelog
|
||||
|
||||
## 0.38.16
|
||||
|
||||
* `Core`:
|
||||
* `TelegramAPIUrlsKeeper` now have two new things: properties `webAppDataSecretKey` and fun `checkWebAppLink`
|
||||
|
||||
## 0.38.15
|
||||
|
||||
* `Common`:
|
||||
|
@ -20,6 +20,6 @@ javax_activation_version=1.1.1
|
||||
dokka_version=1.6.10
|
||||
|
||||
library_group=dev.inmo
|
||||
library_version=0.38.15
|
||||
library_version=0.38.16
|
||||
|
||||
github_release_plugin_version=2.3.7
|
||||
|
@ -0,0 +1,19 @@
|
||||
package dev.inmo.tgbotapi.utils
|
||||
|
||||
import dev.inmo.micro_utils.crypto.SourceBytes
|
||||
import dev.inmo.micro_utils.crypto.SourceString
|
||||
|
||||
internal expect fun SourceString.hmacSha256(key: String): String
|
||||
private val HEX_ARRAY = "0123456789abcdef".toCharArray()
|
||||
|
||||
internal fun SourceBytes.hex(): String {
|
||||
val hexChars = CharArray(size * 2)
|
||||
for (j in indices) {
|
||||
val v: Int = this[j].toInt() and 0xFF
|
||||
hexChars[j * 2] = HEX_ARRAY[v ushr 4]
|
||||
hexChars[j * 2 + 1] = HEX_ARRAY[v and 0x0F]
|
||||
}
|
||||
return hexChars.concatToString()
|
||||
}
|
||||
|
||||
internal fun SourceString.hex(): String = encodeToByteArray().hex()
|
@ -18,6 +18,10 @@ class TelegramAPIUrlsKeeper(
|
||||
token: String,
|
||||
hostUrl: String = telegramBotAPIDefaultUrl
|
||||
) {
|
||||
val webAppDataSecretKey by lazy {
|
||||
token.hmacSha256("WebAppData")
|
||||
}
|
||||
|
||||
val commonAPIUrl: String
|
||||
val fileBaseUrl: String
|
||||
|
||||
@ -28,4 +32,10 @@ class TelegramAPIUrlsKeeper(
|
||||
}
|
||||
|
||||
fun createFileLinkUrl(filePath: String) = "${fileBaseUrl}/$filePath"
|
||||
|
||||
/**
|
||||
* @param rawData Data from [dev.inmo.tgbotapi.webapps.WebApp.initData]
|
||||
* @param hash Data from [dev.inmo.tgbotapi.webapps.WebApp.initDataUnsafe] from the field [dev.inmo.tgbotapi.webapps.WebAppInitData.hash]
|
||||
*/
|
||||
fun checkWebAppLink(rawData: String, hash: String) = rawData.hmacSha256(webAppDataSecretKey).hex() == hash
|
||||
}
|
||||
|
@ -0,0 +1,6 @@
|
||||
package dev.inmo.tgbotapi.utils
|
||||
|
||||
import dev.inmo.micro_utils.crypto.CryptoJS
|
||||
import dev.inmo.micro_utils.crypto.SourceString
|
||||
|
||||
actual fun SourceString.hmacSha256(key: String) = CryptoJS.asDynamic().HmacSHA256(this, key).toString().unsafeCast<String>()
|
@ -0,0 +1,14 @@
|
||||
package dev.inmo.tgbotapi.utils
|
||||
|
||||
import dev.inmo.micro_utils.crypto.SourceString
|
||||
import javax.crypto.Mac
|
||||
import javax.crypto.spec.SecretKeySpec
|
||||
|
||||
actual fun SourceString.hmacSha256(key: String): String {
|
||||
val mac = Mac.getInstance("HmacSHA256")
|
||||
|
||||
val secretKey = SecretKeySpec(key.toByteArray(), "HmacSHA256")
|
||||
mac.init(secretKey)
|
||||
|
||||
return mac.doFinal(toByteArray()).hex()
|
||||
}
|
@ -27,6 +27,13 @@ repositories {
|
||||
}
|
||||
|
||||
kotlin {
|
||||
jvm {
|
||||
compilations.main {
|
||||
kotlinOptions {
|
||||
jvmTarget = "1.8"
|
||||
}
|
||||
}
|
||||
}
|
||||
js(IR) {
|
||||
browser()
|
||||
nodejs()
|
||||
|
@ -1,6 +1,7 @@
|
||||
package dev.inmo.tgbotapi.webapps
|
||||
|
||||
import dev.inmo.micro_utils.crypto.CryptoJS
|
||||
import dev.inmo.tgbotapi.utils.TelegramAPIUrlsKeeper
|
||||
|
||||
external class WebApp {
|
||||
val initData: String
|
||||
@ -76,6 +77,7 @@ fun WebApp.onMainButtonClicked(eventHandler: EventHandler) = onEvent(EventType.M
|
||||
*/
|
||||
fun WebApp.onViewportChanged(eventHandler: ViewportChangedEventHandler) = onEvent(EventType.ViewportChanged, eventHandler)
|
||||
|
||||
fun WebApp.isInitDataSafe(botToken: String) = CryptoJS.hex(
|
||||
CryptoJS.HmacSHA256(botToken, "WebAppData")
|
||||
) == initDataUnsafe.hash
|
||||
fun WebApp.isInitDataSafe(botToken: String) = TelegramAPIUrlsKeeper(botToken).checkWebAppLink(
|
||||
initData,
|
||||
initDataUnsafe.hash
|
||||
)
|
||||
|
Loading…
Reference in New Issue
Block a user