Created
February 10, 2022 13:58
-
-
Save MarvinMiles/f041205d872b0d8547d054eafeafe2a5 to your computer and use it in GitHub Desktop.
Telegram user authentication in JavaScript via Web Crypto API (dependency-free)
For those who faced the same problem with me, this is the code in JS
const crypto = require("crypto");
function validate(data, token) {
const secretKey = crypto.createHash("sha256").update(token).digest();
const data_check_string = Object.keys(message)
.filter((key) => key !== "hash")
.map((key) => `${key}=${message[key]}`)
.sort()
.join("\n");
const check_hash = crypto
.createHmac("sha256", secretKey)
.update(data_check_string)
.digest("hex");
return check_hash == data.hash;
}
Provided By Link
@MarvinMiles thanks a lot
@abc-1211 thanks , I had the same problem as you, recommended to replace "message" with "data"
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@MarvinMiles Thanks for your code, it works perfect, but I found that due to the crypto.subtle, this function must be placed at the frontend webpage as this requires HTTPS to work. However, inside the function stated above, you will need to provide your bot_token. Saving credentials at the frontend may not be a safe approach. I tried to move it to the backend, but it will pops out an Error message. Cannot read property 'digest' of undefined. Do you got any other work around which it can prevent the bot_token leak?