2022-04-26 00:02:51 +08:00
|
|
|
package bot
|
|
|
|
|
|
|
|
|
|
import (
|
2024-07-25 20:30:52 +08:00
|
|
|
"crypto/hmac"
|
|
|
|
|
"crypto/sha256"
|
|
|
|
|
"encoding/json"
|
|
|
|
|
"fmt"
|
2022-04-26 00:02:51 +08:00
|
|
|
"math/rand"
|
2024-07-25 20:30:52 +08:00
|
|
|
"net/url"
|
|
|
|
|
"sort"
|
2022-04-26 00:02:51 +08:00
|
|
|
"strings"
|
|
|
|
|
"sync"
|
|
|
|
|
"time"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// escape special symbols in text for MarkdownV2 parse mode
|
|
|
|
|
|
|
|
|
|
var shouldBeEscaped = "_*[]()~`>#+-=|{}.!"
|
|
|
|
|
|
2023-01-19 16:33:13 +08:00
|
|
|
// EscapeMarkdown escapes special symbols for Telegram MarkdownV2 syntax
|
2022-04-26 00:02:51 +08:00
|
|
|
func EscapeMarkdown(s string) string {
|
|
|
|
|
var result []rune
|
|
|
|
|
for _, r := range s {
|
2022-04-30 00:04:38 +08:00
|
|
|
if strings.ContainsRune(shouldBeEscaped, r) {
|
2022-04-26 00:02:51 +08:00
|
|
|
result = append(result, '\\')
|
|
|
|
|
}
|
|
|
|
|
result = append(result, r)
|
|
|
|
|
}
|
|
|
|
|
return string(result)
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-19 16:33:13 +08:00
|
|
|
// EscapeMarkdownUnescaped escapes unescaped special symbols for Telegram Markdown v2 syntax
|
2023-01-19 16:13:19 +08:00
|
|
|
func EscapeMarkdownUnescaped(s string) string {
|
|
|
|
|
var result []rune
|
|
|
|
|
var escaped bool
|
|
|
|
|
for _, r := range s {
|
|
|
|
|
if r == '\\' {
|
|
|
|
|
escaped = !escaped
|
|
|
|
|
result = append(result, r)
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
if strings.ContainsRune(shouldBeEscaped, r) && !escaped {
|
|
|
|
|
result = append(result, '\\')
|
|
|
|
|
}
|
|
|
|
|
escaped = false
|
|
|
|
|
result = append(result, r)
|
|
|
|
|
}
|
|
|
|
|
return string(result)
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-26 00:02:51 +08:00
|
|
|
// log functions
|
|
|
|
|
|
|
|
|
|
// random string generator
|
|
|
|
|
|
|
|
|
|
const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
letterIdxBits = 6 // 6 bits to represent a letter index
|
|
|
|
|
letterIdxMask = 1<<letterIdxBits - 1 // All 1-bits, as many as letterIdxBits
|
|
|
|
|
letterIdxMax = 63 / letterIdxBits // # of letter indices fitting in 63 bits
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var randSrc = rand.NewSource(time.Now().UnixNano())
|
|
|
|
|
var randSrcMx sync.Mutex
|
|
|
|
|
|
2023-01-19 16:33:13 +08:00
|
|
|
// RandomString returns random a-zA-Z string with n length
|
2022-04-26 00:02:51 +08:00
|
|
|
func RandomString(n int) string {
|
|
|
|
|
b := make([]byte, n)
|
|
|
|
|
// A randSrc.Int63() generates 63 random bits, enough for letterIdxMax characters!
|
|
|
|
|
randSrcMx.Lock()
|
|
|
|
|
ch := randSrc.Int63()
|
|
|
|
|
randSrcMx.Unlock()
|
|
|
|
|
for i, remain := n-1, letterIdxMax; i >= 0; {
|
|
|
|
|
if remain == 0 {
|
|
|
|
|
randSrcMx.Lock()
|
|
|
|
|
ch, remain = randSrc.Int63(), letterIdxMax
|
|
|
|
|
randSrcMx.Unlock()
|
|
|
|
|
}
|
|
|
|
|
if idx := int(ch & letterIdxMask); idx < len(letterBytes) {
|
|
|
|
|
b[i] = letterBytes[idx]
|
|
|
|
|
i--
|
|
|
|
|
}
|
|
|
|
|
ch >>= letterIdxBits
|
|
|
|
|
remain--
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return string(b)
|
|
|
|
|
}
|
2024-07-25 20:30:52 +08:00
|
|
|
|
2025-01-10 17:00:32 +08:00
|
|
|
// WebAppUser represents user model from webapp request
|
2025-01-10 15:36:46 +08:00
|
|
|
type WebAppUser struct {
|
2025-01-11 17:26:46 +08:00
|
|
|
ID int64 `json:"id"`
|
2025-01-10 15:36:46 +08:00
|
|
|
IsBot bool `json:"is_bot"`
|
|
|
|
|
FirstName string `json:"first_name"`
|
|
|
|
|
LastName string `json:"last_name"`
|
|
|
|
|
Username string `json:"username"`
|
|
|
|
|
LanguageCode string `json:"language_code"`
|
|
|
|
|
IsPremium bool `json:"is_premium"`
|
|
|
|
|
AddedToAttachmentMenu bool `json:"added_to_attachment_menu"`
|
|
|
|
|
AllowsWriteToPM bool `json:"allows_write_to_pm"`
|
|
|
|
|
PhotoURL string `json:"photo_url"`
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-25 20:30:52 +08:00
|
|
|
// ValidateWebappRequest validates request from webapp
|
2025-01-10 15:36:46 +08:00
|
|
|
func ValidateWebappRequest(values url.Values, token string) (user *WebAppUser, ok bool) {
|
2024-07-25 20:30:52 +08:00
|
|
|
h := values.Get("hash")
|
|
|
|
|
values.Del("hash")
|
|
|
|
|
|
|
|
|
|
var vals []string
|
|
|
|
|
|
2025-01-10 15:36:46 +08:00
|
|
|
var u WebAppUser
|
2024-07-25 20:30:52 +08:00
|
|
|
|
|
|
|
|
for k, v := range values {
|
|
|
|
|
vv, _ := url.QueryUnescape(v[0])
|
|
|
|
|
vals = append(vals, k+"="+vv)
|
|
|
|
|
if k == "user" {
|
|
|
|
|
errDecodeUser := json.Unmarshal([]byte(vv), &u)
|
|
|
|
|
if errDecodeUser != nil {
|
|
|
|
|
return nil, false
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sort.Slice(vals, func(i, j int) bool {
|
|
|
|
|
return vals[i] < vals[j]
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
hmac1 := hmac.New(sha256.New, []byte("WebAppData"))
|
|
|
|
|
hmac1.Write([]byte(token))
|
|
|
|
|
r1 := hmac1.Sum(nil)
|
|
|
|
|
|
|
|
|
|
data := []byte(strings.Join(vals, "\n"))
|
|
|
|
|
|
|
|
|
|
hmac2 := hmac.New(sha256.New, r1)
|
|
|
|
|
hmac2.Write(data)
|
|
|
|
|
r2 := hmac2.Sum(nil)
|
|
|
|
|
|
|
|
|
|
if h != fmt.Sprintf("%x", r2) {
|
|
|
|
|
return nil, false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return &u, true
|
|
|
|
|
}
|
