Update files

moderation/backend-py/utils/telegram_widget.py

@@ -21,26 +21,52 @@ def validate_telegram_widget(auth_data: Dict[str, Any], bot_token: Optional[str]
     Raises:
         ValueError: If validation fails
     """
+    print(f"[TelegramWidget] 🔍 Начало валидации виджета")
+    print(f"[TelegramWidget] Полученные данные: {auth_data}")
+    
     token_to_use = bot_token or settings.MODERATION_BOT_TOKEN
     
     if not token_to_use or not isinstance(token_to_use, str) or not token_to_use.strip():
+        print(f"[TelegramWidget] ❌ Bot token не настроен")
         raise ValueError('Bot token модерации не настроен (MODERATION_BOT_TOKEN)')
     
+    print(f"[TelegramWidget] Bot token: {token_to_use[:10]}...{token_to_use[-10:]}")
+    
     if not auth_data or 'hash' not in auth_data:
+        print(f"[TelegramWidget] ❌ Отсутствует hash в authData")
         raise ValueError('Отсутствует hash в authData')
     
-    received_hash = auth_data.pop('hash')
+    # Создаем копию, чтобы не изменять оригинал
+    auth_data_copy = auth_data.copy()
+    received_hash = auth_data_copy.pop('hash')
+    
+    print(f"[TelegramWidget] Received hash: {received_hash[:20]}...{received_hash[-20:]}")
+    print(f"[TelegramWidget] Данные для валидации (без hash): {auth_data_copy}")
     
     # Clean data - remove None, empty strings, and convert all to strings
     clean_data = {}
-    for key, value in auth_data.items():
+    for key, value in auth_data_copy.items():
         if value is not None and value != '':
+            # ВАЖНО: auth_date должен быть числом (int), но в строке для валидации
+            if key == 'auth_date':
+                # Преобразуем в int, затем в str для валидации
+                try:
+                    auth_date_int = int(value)
+                    clean_data[key] = str(auth_date_int)
+                except (ValueError, TypeError):
+                    print(f"[TelegramWidget] ⚠️ Неверный формат auth_date: {value} (type: {type(value)})")
                     clean_data[key] = str(value)
+            else:
+                clean_data[key] = str(value)
+    
+    print(f"[TelegramWidget] Очищенные данные: {clean_data}")
     
     # Create data check string (sorted keys)
     data_check_arr = sorted(clean_data.items())
     data_check_string = '\n'.join(f'{key}={value}' for key, value in data_check_arr)
     
+    print(f"[TelegramWidget] Data check string: {repr(data_check_string)}")
+    
     # Create secret key
     secret_key = hmac.new(
         'WebAppData'.encode('utf-8'),
@@ -48,6 +74,8 @@ def validate_telegram_widget(auth_data: Dict[str, Any], bot_token: Optional[str]
         hashlib.sha256
     ).digest()
     
+    print(f"[TelegramWidget] Secret key (hex): {secret_key.hex()[:40]}...")
+    
     # Calculate hash
     calculated_hash = hmac.new(
         secret_key,
@@ -55,14 +83,21 @@ def validate_telegram_widget(auth_data: Dict[str, Any], bot_token: Optional[str]
         hashlib.sha256
     ).hexdigest()
     
+    print(f"[TelegramWidget] Calculated hash: {calculated_hash}")
+    print(f"[TelegramWidget] Received hash:   {received_hash}")
+    
     # Compare hashes
     is_valid = calculated_hash == received_hash
     
     if not is_valid:
-        print(f"[TelegramWidget] Hash mismatch:")
+        print(f"[TelegramWidget] ❌ Hash mismatch:")
-        print(f"  Calculated: {calculated_hash[:20]}...")
+        print(f"  Calculated: {calculated_hash}")
-        print(f"  Received: {received_hash[:20]}...")
+        print(f"  Received:   {received_hash}")
-        print(f"  Data check string: {data_check_string}")
+        print(f"  Data check string: {repr(data_check_string)}")
+        print(f"  Clean data keys: {list(clean_data.keys())}")
+        print(f"  Clean data values: {list(clean_data.values())}")
+    else:
+        print(f"[TelegramWidget] ✅ Hash совпадает!")
     
     return is_valid