diff --git a/backend/utils/telegram.js b/backend/utils/telegram.js
index 4a2eb0a..12c4f88 100644
--- a/backend/utils/telegram.js
+++ b/backend/utils/telegram.js
@@ -103,34 +103,50 @@ function validateAndParseInitData(initDataRaw, botToken = null) {
userId: payload?.user?.id,
auth_date: payload?.auth_date,
authDate: payload?.authDate,
- allKeys: Object.keys(payload)
+ allKeys: Object.keys(payload),
+ fullPayload: JSON.stringify(payload, null, 2)
});
if (!payload || !payload.user) {
throw new Error('Отсутствует пользователь в initData');
}
- // Check for authDate (camelCase from library) or auth_date (snake_case)
- const authDate = Number(payload.authDate || payload.auth_date);
+ // Check if this is signature-based validation (Ed25519) or hash-based (HMAC-SHA256)
+ const hasSignature = 'signature' in payload;
+ const hasHash = 'hash' in payload;
- if (!authDate) {
- console.error('[Telegram] Missing authDate in payload:', payload);
- throw new Error('Отсутствует auth_date в initData');
- }
-
- const now = Math.floor(Date.now() / 1000);
- const age = Math.abs(now - authDate);
-
- console.log('[Telegram] Auth date check:', {
- authDate,
- now,
- age,
- maxAge: MAX_AUTH_AGE_SECONDS,
- expired: age > MAX_AUTH_AGE_SECONDS
+ console.log('[Telegram] Validation method:', {
+ hasSignature,
+ hasHash,
+ method: hasSignature ? 'Ed25519 (signature)' : 'HMAC-SHA256 (hash)'
});
- if (age > MAX_AUTH_AGE_SECONDS) {
- throw new Error(`Данные авторизации устарели (возраст: ${age}с, макс: ${MAX_AUTH_AGE_SECONDS}с)`);
+ // Only check auth_date for hash-based validation (old method)
+ // Signature-based validation (new method) doesn't include auth_date
+ if (hasHash && !hasSignature) {
+ const authDate = Number(payload.authDate || payload.auth_date);
+
+ if (!authDate) {
+ console.error('[Telegram] Missing authDate in hash-based payload:', payload);
+ throw new Error('Отсутствует auth_date в initData');
+ }
+
+ const now = Math.floor(Date.now() / 1000);
+ const age = Math.abs(now - authDate);
+
+ console.log('[Telegram] Auth date check:', {
+ authDate,
+ now,
+ age,
+ maxAge: MAX_AUTH_AGE_SECONDS,
+ expired: age > MAX_AUTH_AGE_SECONDS
+ });
+
+ if (age > MAX_AUTH_AGE_SECONDS) {
+ throw new Error(`Данные авторизации устарели (возраст: ${age}с, макс: ${MAX_AUTH_AGE_SECONDS}с)`);
+ }
+ } else if (hasSignature) {
+ console.log('[Telegram] Signature-based validation detected, skipping auth_date check');
}
console.log('[Telegram] initData validation complete');
diff --git a/frontend/index.html b/frontend/index.html
index 88eb600..5242de1 100644
--- a/frontend/index.html
+++ b/frontend/index.html
@@ -6,21 +6,8 @@
NakamaHost
-
+
+