From 82f056e88af8233b9b413d8aec1c1c322c09d9bc Mon Sep 17 00:00:00 2001 From: Soham Datta <83786816+TECH-SAVVY-GUY@users.noreply.github.com> Date: Mon, 30 May 2022 14:52:49 +0530 Subject: [PATCH 1/3] Added `WebApp` functions `validate_WebApp_data()` - Use to validate the data received by the WebApp from Telegram. `parse_WebApp_data()` - Use to parse the data sent to the WebApp from the bot's backend. --- telebot/util.py | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/telebot/util.py b/telebot/util.py index 31522e5..f8e4db5 100644 --- a/telebot/util.py +++ b/telebot/util.py @@ -5,6 +5,10 @@ import string import threading import traceback from typing import Any, Callable, List, Dict, Optional, Union +import hmac +import json +from hashlib import sha256 +from urllib.parse import parse_qsl # noinspection PyPep8Naming import queue as Queue @@ -518,3 +522,36 @@ def antiflood(function, *args, **kwargs): msg = function(*args, **kwargs) finally: return msg + + +def parse_WebApp_data(token: str, raw_init_data: str): + is_valid = validate_WebApp_data(token, raw_init_data) + if not is_valid: + return False + + result = {} + for key, value in parse_qsl(raw_init_data): + try: + value = json.loads(value) + except json.JSONDecodeError: + result[key] = value + else: + result[key] = value + return result + + +def validate_WebApp_data(token, raw_init_data): + try: + parsed_data = dict(parse_qsl(raw_init_data)) + except ValueError: + return False + if "hash" not in parsed_data: + return False + + init_data_hash = parsed_data.pop('hash') + data_check_string = "\n".join(f"{key}={value}" for key, value in sorted(parsed_data.items())) + secret_key = hmac.new(key=b"WebAppData", msg=token.encode(), digestmod=sha256) + + return hmac.new(secret_key.digest(), data_check_string.encode(), sha256).hexdigest() == init_data_hash + + From 4401780ba9754653ee0075dc6638b01a641d90f3 Mon Sep 17 00:00:00 2001 From: Soham Datta <83786816+TECH-SAVVY-GUY@users.noreply.github.com> Date: Mon, 30 May 2022 17:18:03 +0530 Subject: [PATCH 2/3] Update `WebApp()` functions Adjusted function name case to pythonic style. --- telebot/util.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/telebot/util.py b/telebot/util.py index f8e4db5..4385228 100644 --- a/telebot/util.py +++ b/telebot/util.py @@ -524,7 +524,7 @@ def antiflood(function, *args, **kwargs): return msg -def parse_WebApp_data(token: str, raw_init_data: str): +def parse_webapp_data(token: str, raw_init_data: str): is_valid = validate_WebApp_data(token, raw_init_data) if not is_valid: return False @@ -540,7 +540,7 @@ def parse_WebApp_data(token: str, raw_init_data: str): return result -def validate_WebApp_data(token, raw_init_data): +def validate_webapp_data(token, raw_init_data): try: parsed_data = dict(parse_qsl(raw_init_data)) except ValueError: From 42ce47914d7afe56cdfb1146c8cff423fc72f3c4 Mon Sep 17 00:00:00 2001 From: Soham Datta <83786816+TECH-SAVVY-GUY@users.noreply.github.com> Date: Mon, 30 May 2022 17:21:33 +0530 Subject: [PATCH 3/3] Fix typo in `WebApp()` functions --- telebot/util.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/telebot/util.py b/telebot/util.py index 4385228..2561c21 100644 --- a/telebot/util.py +++ b/telebot/util.py @@ -524,7 +524,7 @@ def antiflood(function, *args, **kwargs): return msg -def parse_webapp_data(token: str, raw_init_data: str): +def parse_web_app_data(token: str, raw_init_data: str): is_valid = validate_WebApp_data(token, raw_init_data) if not is_valid: return False @@ -540,7 +540,7 @@ def parse_webapp_data(token: str, raw_init_data: str): return result -def validate_webapp_data(token, raw_init_data): +def validate_web_app_data(token, raw_init_data): try: parsed_data = dict(parse_qsl(raw_init_data)) except ValueError: