42 lines
766 B
Go
42 lines
766 B
Go
package main
|
|
|
|
import (
|
|
"crypto/hmac"
|
|
"crypto/sha256"
|
|
"encoding/hex"
|
|
"net/url"
|
|
"sort"
|
|
"strings"
|
|
)
|
|
|
|
func VerifyTelegramInitData(initData, botToken string) (map[string]string, bool) {
|
|
values, _ := url.ParseQuery(initData)
|
|
|
|
hash := values.Get("hash")
|
|
values.Del("hash")
|
|
|
|
var data []string
|
|
for k, v := range values {
|
|
data = append(data, k+"="+v[0])
|
|
}
|
|
sort.Strings(data)
|
|
|
|
checkString := strings.Join(data, "\n")
|
|
|
|
secret := sha256.Sum256([]byte(botToken))
|
|
h := hmac.New(sha256.New, secret[:])
|
|
h.Write([]byte(checkString))
|
|
|
|
expected := hex.EncodeToString(h.Sum(nil))
|
|
|
|
return valuesToMap(values), expected == hash
|
|
}
|
|
|
|
func valuesToMap(v url.Values) map[string]string {
|
|
m := make(map[string]string)
|
|
for k, val := range v {
|
|
m[k] = val[0]
|
|
}
|
|
return m
|
|
}
|