MKRhere
commented
2 months ago Have you checked this yet?
https://github.com/feathers-studio/telegraf-docs/tree/master/examples/mini-apps#validating-initdata
Open painkkiller opened 2 months ago
MKRhere
commented
2 months ago Have you checked this yet?
https://github.com/feathers-studio/telegraf-docs/tree/master/examples/mini-apps#validating-initdata
painkkiller
commented
2 months ago Have you checked this yet?
https://github.com/feathers-studio/telegraf-docs/tree/master/examples/mini-apps#validating-initdata
I've provided the link to this document in my question
MKRhere
commented
2 months ago Ah, you're right. Let me fix that. Give me a few minutes.
painkkiller
commented
2 months ago This code works for me (it correctly handles user object in WebApp.initDataUnsafe)
app.post('/api/validate', function (req, res) {
const hash = req.body.hash;
delete req.body.hash;
const dataCheckString = Object.entries(req.body).sort().map(([k, v]) => {
if (typeof v === "object" && v !== null) {
v = JSON.stringify(v);
}
return `${k}=${v}`;
}).join("\n");
const secret = createHmac("sha256", "WebAppData").update(process.env.BOT_TOKEN ?? "");
const _hash = createHmac("sha256", secret.digest()).update(dataCheckString).digest("hex");
console.log('|', dataCheckString, '|', hash, _hash);
if (hash === _hash) {
return res.json(req.body);
}
return res.status(401).json({});
});Something has changed. This algo got broken during this week.
I am using @twa-dev/sdk and when my TWA application starts I am getting WebApp.initDataUnsafe. I need to validate it according the docs. And I use code from the docs. The main problem that my hashes never equal. In my WebApp.initDataUnsafe there is object user, and looks that it ignored during this check, it included in the checkstring as user=>[object Object] and probably thats the cause of the problem. But removing it doesn't solve the issue. So it needs to clarify the format of the object required for valudation.