nakama/moderation/backend-py/utils/telegram_widget.py

"""
Telegram Login Widget validation
"""
import hmac
import hashlib
from typing import Optional, Dict, Any
from config import settings


def validate_telegram_widget(auth_data: Dict[str, Any], bot_token: Optional[str] = None) -> bool:
    """
    Validate Telegram Login Widget authentication data
    
    Args:
        auth_data: Dictionary with user data and hash from Telegram widget
        bot_token: Bot token (uses MODERATION_BOT_TOKEN if not provided)
    
    Returns:
        True if validation successful
    
    Raises:
        ValueError: If validation fails
    """
    token_to_use = bot_token or settings.MODERATION_BOT_TOKEN
    
    if not token_to_use or not isinstance(token_to_use, str) or not token_to_use.strip():
        raise ValueError('Bot token модерации не настроен (MODERATION_BOT_TOKEN)')
    
    if not auth_data or 'hash' not in auth_data:
        raise ValueError('Отсутствует hash в authData')
    
    received_hash = auth_data.pop('hash')
    
    # Clean data - remove None, empty strings, and convert all to strings
    clean_data = {}
    for key, value in auth_data.items():
        if value is not None and value != '':
            clean_data[key] = str(value)
    
    # Create data check string (sorted keys)
    data_check_arr = sorted(clean_data.items())
    data_check_string = '\n'.join(f'{key}={value}' for key, value in data_check_arr)
    
    # Create secret key
    secret_key = hmac.new(
        'WebAppData'.encode('utf-8'),
        token_to_use.encode('utf-8'),
        hashlib.sha256
    ).digest()
    
    # Calculate hash
    calculated_hash = hmac.new(
        secret_key,
        data_check_string.encode('utf-8'),
        hashlib.sha256
    ).hexdigest()
    
    # Compare hashes
    is_valid = calculated_hash == received_hash
    
    if not is_valid:
        print(f"[TelegramWidget] Hash mismatch:")
        print(f"  Calculated: {calculated_hash[:20]}...")
        print(f"  Received: {received_hash[:20]}...")
        print(f"  Data check string: {data_check_string}")
    
    return is_valid
Update files 2025-12-15 00:37:34 +00:00			`"""`
			`Telegram Login Widget validation`
			`"""`
			`import hmac`
			`import hashlib`
			`from typing import Optional, Dict, Any`
			`from config import settings`


			`def validate_telegram_widget(auth_data: Dict[str, Any], bot_token: Optional[str] = None) -> bool:`
			`"""`
			`Validate Telegram Login Widget authentication data`

			`Args:`
			`auth_data: Dictionary with user data and hash from Telegram widget`
			`bot_token: Bot token (uses MODERATION_BOT_TOKEN if not provided)`

			`Returns:`
			`True if validation successful`

			`Raises:`
			`ValueError: If validation fails`
			`"""`
			`token_to_use = bot_token or settings.MODERATION_BOT_TOKEN`

			`if not token_to_use or not isinstance(token_to_use, str) or not token_to_use.strip():`
			`raise ValueError('Bot token модерации не настроен (MODERATION_BOT_TOKEN)')`

			`if not auth_data or 'hash' not in auth_data:`
			`raise ValueError('Отсутствует hash в authData')`

			`received_hash = auth_data.pop('hash')`

			`# Clean data - remove None, empty strings, and convert all to strings`
			`clean_data = {}`
			`for key, value in auth_data.items():`
			`if value is not None and value != '':`
			`clean_data[key] = str(value)`

			`# Create data check string (sorted keys)`
			`data_check_arr = sorted(clean_data.items())`
			`data_check_string = '\n'.join(f'{key}={value}' for key, value in data_check_arr)`

			`# Create secret key`
			`secret_key = hmac.new(`
			`'WebAppData'.encode('utf-8'),`
			`token_to_use.encode('utf-8'),`
			`hashlib.sha256`
			`).digest()`

			`# Calculate hash`
			`calculated_hash = hmac.new(`
			`secret_key,`
			`data_check_string.encode('utf-8'),`
			`hashlib.sha256`
			`).hexdigest()`

			`# Compare hashes`
			`is_valid = calculated_hash == received_hash`

			`if not is_valid:`
			`print(f"[TelegramWidget] Hash mismatch:")`
			`print(f" Calculated: {calculated_hash[:20]}...")`
			`print(f" Received: {received_hash[:20]}...")`
			`print(f" Data check string: {data_check_string}")`

			`return is_valid`