Telegram-Mini-Apps / telegram-apps

Made from scratch TypeScript packages, examples and documentation you will surely need to start developing on Telegram Mini Apps.
https://docs.telegram-mini-apps.com/
MIT License
702 stars 197 forks source link

[Feature]: Not clear documentation on init-data-node package, can't configure end to end validation #467

Open hubert-de-lalye opened 2 months ago

hubert-de-lalye commented 2 months ago

Is your feature request related to a problem? Please describe.

Not quite sure what kind of issue to open, bug or feature. I'm kinda sure that I'm doing something wrong, but have no idea what exactly. Currently I'm struggling with validation with init-data-node package. Constantly get Signature is invalid whatever I try to pass to validate.

I see some differences between documentation and real life. For instance the user data passed as encoded URI component in example has format user_name: '...', but useInitData() returns userName: '...'. Additionally, if look into .validate() implementation it seems that ordering in user data JSON should be important.

I tried to pass URI, to pass result of useInitData() but any option returned me a Signature is invalid. Currently me approach is to pass decodeURIComponent(window.location.hash.replace("#tgWebAppData=", "")) to NodeJS, then use parseInitData on it and pass result to .validate. I run out of ideas what else am I doing wrong. Some help will be very useful and appreciated

Describe the solution you'd like

Add an end to end example or more detailed description of how to get data on client side and pass it to NodeJS including formats, ordering etc

Describe alternatives you've considered

No response

Additional context

No response

heyqbnk commented 2 months ago

Hey! If you are using @telegram-apps/sdk-react, you must use useLaunchParams().initDataRaw. useInitData() returns an object based on the raw representation, but it may cut some fields or mutate values for more comfortable usage.

Think of the useInitData result as an object with just some picked and typed values from the raw representation. You can't use it to pass to the server side

hubert-de-lalye commented 2 months ago

Wow, seems works for me. I think it will be great to explicitly highlight this in documentation.