Created
February 26, 2023 23:49
-
-
Save X1ting/6d814e5f9dd0cbc47f8eaed5f2ee65e0 to your computer and use it in GitHub Desktop.
Check telegram auth token
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
data = { | |
auth_date: DATE, | |
first_name: "NAME", | |
hash: "HASH", | |
id: ID, | |
last_name: "SURNAME", | |
photo_url: "PHOTO", | |
username: "USERNAME" | |
} | |
token = "YOUR_TOKEN" | |
check_data = data.except(:hash).sort.to_h.map { |k,v| "#{k}=#{v}"}.join("\n") | |
hashed_token = Digest::SHA256.digest(token) | |
hash = OpenSSL::HMAC.hexdigest("SHA256", hashed_token, check_data) | |
puts data[:hash] == hash |
Keep in mind that when you receive data as params it will not be symbolized as shown above. It will be instance of Parameters class which will not work with snippet above. You will have to permit all params sent by Telegram and you will get "string" => "string"
hash data so
check_data = data.except(:hash)...
should be check_data = data.except('hash')...
P.S
Also, OpenSSL::HMAC.hexdigest
first param should be instance of OpenSSL::Digest.new('sha256')
class instead of just a string "SHA256"
Marmuz_botHttps://marmuz_not.telegram.org/phanro71 @13714492Farz #``
Thanks a lot!!!!!!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
data = {
auth_date: DATE,
first_name: "NAME",
hash: "HASH",
id: ID,
last_name: "SURNAME",
photo_url: "PHOTO",
username: "USERNAME"
}
token = 6259800315:AAEfZ7q_VymgLq55JNOjCjovkRFUQA_zh6w
check_data = data.except(:hash).sort.to_h.map { |k,v| "#{k}=#{v}"}.join("\n")
hashed_token = Digest::SHA256.digest(token)
hash = OpenSSL::HMAC.hexdigest("SHA256", hashed_token, check_data)
puts data[:hash] == hash