mirror of
https://github.com/aiogram/aiogram.git
synced 2026-04-08 16:37:47 +00:00
Implemented auth widget object and auth data validator.
This commit is contained in:
Alex Root Junior
parent
6ee38bcad9
commit
4f2cb40aea
4 changed files with 75 additions and 0 deletions
25
aiogram/utils/auth_widget.py
Normal file
25
aiogram/utils/auth_widget.py
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
import collections
|
||||
import hashlib
|
||||
import hmac
|
||||
|
||||
|
||||
def check_token(data, token):
|
||||
"""
|
||||
Validate auth token
|
||||
https://core.telegram.org/widgets/login#checking-authorization
|
||||
|
||||
Source: https://gist.github.com/xen/e4bea72487d34caa28c762776cf655a3
|
||||
|
||||
:param data:
|
||||
:param token:
|
||||
:return:
|
||||
"""
|
||||
secret = hashlib.sha256()
|
||||
secret.update(token.encode('utf-8'))
|
||||
sorted_params = collections.OrderedDict(sorted(data.items()))
|
||||
param_hash = sorted_params.pop('hash', '') or ''
|
||||
msg = "\n".join(["{}={}".format(k, v) for k, v in sorted_params.items()])
|
||||
|
||||
if param_hash == hmac.new(secret.digest(), msg.encode('utf-8'), digestmod=hashlib.sha256).hexdigest():
|
||||
return True
|
||||
return False
|
||||
Loading…
Add table
Add a link
Reference in a new issue