Home Verkennen Help
Registreren Inloggen
tgbot
/
server
2
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Aftakking: dev_origin
Aftakkingen Labels
server
/
game
/
game_cluster
/
internal
/
third
/
tg_sign
/
validate.go

validate.go 2.2 KB
Permalink Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 
  1. package initdata
    2. 

  2. 

  3. import (
    4. 

  4. 	"net/url"
    5. 

  5. 	"sort"
    6. 

  6. 	"strconv"
    7. 

  7. 	"strings"
    8. 

  8. 	"time"
    9. 

  9. )
    10. 

  10. 

  11. // Validate validates passed init data. This method expects initData to be
    12. 

  12. // passed in the exact raw format as it could be found
    13. 

  13. // in window.Telegram.WebApp.initData. Returns true in case init data is
    14. 

  14. // signed correctly, and it is allowed to trust it.
    15. 

  15. //
    16. 

  16. // Current code is implementation of algorithmic code described in official
    17. 

  17. // docs:
    18. 

  18. // https://core.telegram.org/bots/webapps#validating-data-received-via-the-web-app
    19. 

  19. //
    20. 

  20. // initData - init data passed from application;
    21. 

  21. // token - TWA bot secret token which was used to create init data;
    22. 

  22. // expIn - maximum init data lifetime. It is strongly recommended to use this
    23. 

  23. // parameter. In case, exp duration is less than or equal to 0, function does
    24. 

  24. // not check if parameters are expired.
    25. 

  25. func Validate(initData, token string, expIn time.Duration) error {
    26. 

  26. 	// Parse passed init data as query string.
    27. 

  27. 	q, err := url.ParseQuery(initData)
    28. 

  28. 	if err != nil {
    29. 

  29. 		return ErrUnexpectedFormat
    30. 

  30. 	}
    31. 

  31. 

  32. 	var (
    33. 

  33. 		// Init data creation time.
    34. 

  34. 		authDate time.Time
    35. 

  35. 		// Init data sign.
    36. 

  36. 		hash string
    37. 

  37. 		// All found key-value pairs.
    38. 

  38. 		pairs = make([]string, 0, len(q))
    39. 

  39. 	)
    40. 

  40. 

  41. 	// Iterate over all key-value pairs of parsed parameters.
    42. 

  42. 	for k, v := range q {
    43. 

  43. 		// Store found sign.
    44. 

  44. 		if k == "hash" {
    45. 

  45. 			hash = v[0]
    46. 

  46. 			continue
    47. 

  47. 		}
    48. 

  48. 		if k == "auth_date" {
    49. 

  49. 			if i, err := strconv.Atoi(v[0]); err == nil {
    50. 

  50. 				authDate = time.Unix(int64(i), 0)
    51. 

  51. 			}
    52. 

  52. 		}
    53. 

  53. 		// Append new pair.
    54. 

  54. 		pairs = append(pairs, k+"="+v[0])
    55. 

  55. 	}
    56. 

  56. 

  57. 	// Sign is always required.
    58. 

  58. 	if hash == "" {
    59. 

  59. 		return ErrSignMissing
    60. 

  60. 	}
    61. 

  61. 

  62. 	// In case, expiration time is passed, we do additional parameters check.
    63. 

  63. 	if expIn > 0 {
    64. 

  64. 		// In case, auth date is zero, it means, we can not check if parameters
    65. 

  65. 		// are expired.
    66. 

  66. 		if authDate.IsZero() {
    67. 

  67. 			return ErrAuthDateMissing
    68. 

  68. 		}
    69. 

  69. 

  70. 		// Check if init data is expired.
    71. 

  71. 		if authDate.Add(expIn).Before(time.Now()) {
    72. 

  72. 			return ErrExpired
    73. 

  73. 		}
    74. 

  74. 	}
    75. 

  75. 

  76. 	// According to docs, we sort all the pairs in alphabetical order.
    77. 

  77. 	sort.Strings(pairs)
    78. 

  78. 

  79. 	// In case, our sign is not equal to found one, we should throw an error.
    80. 

  80. 	if sign(strings.Join(pairs, "\n"), token) != hash {
    81. 

  81. 		return ErrSignInvalid
    82. 

  82. 	}
    83. 

  83. 	return nil
    84. 

  84. }
    85.