From 7c379eb74d4f5e8bde98656c79dc0896446f235d Mon Sep 17 00:00:00 2001
From: glpshchn <464976@niuitmo.ru>
Date: Mon, 15 Dec 2025 04:55:04 +0300
Subject: [PATCH] Update files

---
 moderation/backend-py/utils/telegram_widget.py | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/moderation/backend-py/utils/telegram_widget.py b/moderation/backend-py/utils/telegram_widget.py
index b3ac96b..6f6c820 100644
--- a/moderation/backend-py/utils/telegram_widget.py
+++ b/moderation/backend-py/utils/telegram_widget.py
@@ -68,13 +68,12 @@ def validate_telegram_widget(auth_data: Dict[str, Any], bot_token: Optional[str]
     print(f"[TelegramWidget] Data check string: {repr(data_check_string)}")
     
     # Create secret key
-    secret_key = hmac.new(
-        'WebAppData'.encode('utf-8'),
-        token_to_use.encode('utf-8'),
-        hashlib.sha256
-    ).digest()
+    # ВАЖНО: Для Login Widget используется SHA256(bot_token), а НЕ HMAC-SHA256('WebAppData', bot_token)
+    # Это отличается от WebApp initData!
+    secret_key = hashlib.sha256(token_to_use.encode('utf-8')).digest()
     
     print(f"[TelegramWidget] Secret key (hex): {secret_key.hex()[:40]}...")
+    print(f"[TelegramWidget] Bot token для secret key: {token_to_use[:10]}...{token_to_use[-10:]}")
     
     # Calculate hash
     calculated_hash = hmac.new(