Skip to content

Instantly share code, notes, and snippets.

@dotcypress
Created February 24, 2018 08:34
  • Star 15 You must be signed in to star a gist
  • Fork 4 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
Telegram authorization data checker
const { createHash, createHmac } = require('crypto')
function checkSignature (token, { hash, ...data }) {
const secret = createHash('sha256')
.update(token)
.digest()
const checkString = Object.keys(data)
.sort()
.map(k => `${k}=${data[k]}`)
.join('\n')
const hmac = createHmac('sha256', secret)
.update(checkString)
.digest('hex')
return hmac === hash
}
const payload = {
id: '424242424242',
first_name: 'John',
last_name: 'Doe',
username: 'username',
photo_url: 'https://t.me/i/userpic/320/username.jpg',
auth_date: '1519400000',
hash: '87e5a7e644d0ee362334d92bc8ecc981ca11ffc11eca809505'
}
checkSignature('ABC:12345...', payload)
@anton-razin
Copy link

Great, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment