Skip to content

Instantly share code, notes, and snippets.

Last active September 27, 2023 19:12
  • Star 29 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Telegram website login widget, signature check sample using Node.js
// Copied by,
// thanks for improving code style
const { createHash, createHmac } = require('crypto');
const TOKEN = "ABC:12345...";
// I prefer get the secret's hash once but check the gist linked
// on line 1 if you prefer passing the bot token as a param
const secret = createHash('sha256')
function checkSignature ({ hash, }) {
const checkString = Object.keys(data)
.filter((k) => data[k])
.map(k => (`${k}=${data[k]}`))
const hmac = createHmac('sha256', secret)
return hmac === hash;
// Sample usage
const payload = {
id: '424242424242',
first_name: 'John',
last_name: 'Doe',
username: 'username',
photo_url: '',
auth_date: '1519400000',
hash: '87e5a7e644d0ee362334d92bc8ecc981ca11ffc11eca809505'
Copy link

Pitasi commented Nov 17, 2022

Thanks @lub0v, I updated the gist with your suggestion :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment