Skip to content

Instantly share code, notes, and snippets.

@MarvinMiles

MarvinMiles/check_authorization.js

Created February 10, 2022 13:58
Show Gist options
  • Save MarvinMiles/f041205d872b0d8547d054eafeafe2a5 to your computer and use it in GitHub Desktop.
Save MarvinMiles/f041205d872b0d8547d054eafeafe2a5 to your computer and use it in GitHub Desktop.
Download ZIP
Telegram user authentication in JavaScript via Web Crypto API (dependency-free)
Raw
check_authorization.js
async function validate(data, bot_token) {
const encoder = new TextEncoder()
const checkString = await Object.keys(data)
.filter((key) => key !== "hash")
.map((key) => `${key}=${data[key]}`)
.sort()
.join("\n")
//console.log('computed string:', checkString)
const tokenKey = await crypto.subtle.digest('SHA-256', encoder.encode(bot_token))
const secretKey = await crypto.subtle.importKey("raw", tokenKey, {name: "HMAC", hash: "SHA-256"}, true, ["sign"])
const signature = await crypto.subtle.sign("HMAC", secretKey, encoder.encode(checkString))
const hex = [...new Uint8Array(signature)].map(b => b.toString(16).padStart(2, '0')).join('')
//console.log('original hash:', data.hash)
//console.log('computed hash:', hex)
return data.hash === hex
}
@geniustonya
Copy link

@MarvinMiles thanks a lot
@abc-1211 thanks , I had the same problem as you, recommended to replace "message" with "data"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment