Update files

backend/utils/telegram.js

@@ -103,34 +103,50 @@ function validateAndParseInitData(initDataRaw, botToken = null) {
     userId: payload?.user?.id,
     auth_date: payload?.auth_date,
     authDate: payload?.authDate,
-    allKeys: Object.keys(payload)
+    allKeys: Object.keys(payload),
+    fullPayload: JSON.stringify(payload, null, 2)
   });
 
   if (!payload || !payload.user) {
     throw new Error('Отсутствует пользователь в initData');
   }
 
-  // Check for authDate (camelCase from library) or auth_date (snake_case)
+  // Check if this is signature-based validation (Ed25519) or hash-based (HMAC-SHA256)
-  const authDate = Number(payload.authDate || payload.auth_date);
+  const hasSignature = 'signature' in payload;
+  const hasHash = 'hash' in payload;
 
-  if (!authDate) {
+  console.log('[Telegram] Validation method:', {
-    console.error('[Telegram] Missing authDate in payload:', payload);
+    hasSignature,
-    throw new Error('Отсутствует auth_date в initData');
+    hasHash,
-  }
+    method: hasSignature ? 'Ed25519 (signature)' : 'HMAC-SHA256 (hash)'
-
-  const now = Math.floor(Date.now() / 1000);
-  const age = Math.abs(now - authDate);
-
-  console.log('[Telegram] Auth date check:', {
-    authDate,
-    now,
-    age,
-    maxAge: MAX_AUTH_AGE_SECONDS,
-    expired: age > MAX_AUTH_AGE_SECONDS
   });
 
-  if (age > MAX_AUTH_AGE_SECONDS) {
+  // Only check auth_date for hash-based validation (old method)
-    throw new Error(`Данные авторизации устарели (возраст: ${age}с, макс: ${MAX_AUTH_AGE_SECONDS}с)`);
+  // Signature-based validation (new method) doesn't include auth_date
+  if (hasHash && !hasSignature) {
+    const authDate = Number(payload.authDate || payload.auth_date);
+
+    if (!authDate) {
+      console.error('[Telegram] Missing authDate in hash-based payload:', payload);
+      throw new Error('Отсутствует auth_date в initData');
+    }
+
+    const now = Math.floor(Date.now() / 1000);
+    const age = Math.abs(now - authDate);
+
+    console.log('[Telegram] Auth date check:', {
+      authDate,
+      now,
+      age,
+      maxAge: MAX_AUTH_AGE_SECONDS,
+      expired: age > MAX_AUTH_AGE_SECONDS
+    });
+
+    if (age > MAX_AUTH_AGE_SECONDS) {
+      throw new Error(`Данные авторизации устарели (возраст: ${age}с, макс: ${MAX_AUTH_AGE_SECONDS}с)`);
+    }
+  } else if (hasSignature) {
+    console.log('[Telegram] Signature-based validation detected, skipping auth_date check');
   }
 
   console.log('[Telegram] initData validation complete');

frontend/index.html

@@ -6,21 +6,8 @@
     <meta name="apple-mobile-web-app-capable" content="yes">
     <meta name="mobile-web-app-capable" content="yes">
     <title>NakamaHost</title>
-    <script>
+    <!-- Telegram Web App SDK - прямая загрузка -->
-      (function () {
+    <script src="https://telegram.org/js/telegram-web-app.js"></script>
-        if (window.Telegram && window.Telegram.WebApp) {
-          return;
-        }
-        const script = document.createElement('script');
-        script.src = 'https://telegram.org/js/telegram-web-app.js';
-        script.onload = () => {
-          if (window.Telegram && window.Telegram.WebApp) {
-            window.Telegram.WebApp.ready?.();
-          }
-        };
-        document.head.appendChild(script);
-      })();
-    </script>
     <style>
       /* Предотвращение resize при открытии клавиатуры */
       html, body {

frontend/src/App.jsx

@@ -38,29 +38,21 @@ function AppContent() {
     }
   }, [])
 
-  const waitForInitData = async () => {
-    const start = Date.now()
-    const timeout = 5000
-
-    while (Date.now() - start < timeout) {
-      const tg = window.Telegram?.WebApp
-      if (tg?.initData && tg.initData.length > 0) {
-        return tg
-      }
-      await new Promise(resolve => setTimeout(resolve, 100))
-    }
-
-    throw new Error('Telegram не передал initData. Откройте приложение в официальном клиенте.')
-  }
-
   const initApp = async () => {
     try {
       initTelegramApp()
 
-      const tg = await waitForInitData()
+      const tg = window.Telegram?.WebApp
+
+      if (!tg) {
+        throw new Error('Откройте приложение из Telegram.')
+      }
+
+      if (!tg.initData) {
+        throw new Error('Telegram не передал initData. Откройте приложение из официального клиента.')
+      }
 
       tg.disableVerticalSwipes?.()
-      tg.ready?.()
       tg.expand?.()
 
       const userData = await verifyAuth()

frontend/src/main.jsx

@@ -3,6 +3,14 @@ import ReactDOM from 'react-dom/client'
 import App from './App.jsx'
 import './styles/index.css'
 
+// Убедиться, что Telegram Web App инициализирован
+if (window.Telegram?.WebApp) {
+  window.Telegram.WebApp.ready();
+  console.log('[Nakama] Telegram WebApp initialized');
+} else {
+  console.error('[Nakama] Telegram WebApp not found!');
+}
+
 ReactDOM.createRoot(document.getElementById('root')).render(
   <React.StrictMode>
     <App />

moderation/frontend/index.html

@@ -5,21 +5,8 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
     <meta name="theme-color" content="#000000" />
     <title>Nakama Moderation</title>
-    <script>
+    <!-- Telegram Web App SDK - прямая загрузка -->
-      (function () {
+    <script src="https://telegram.org/js/telegram-web-app.js"></script>
-        if (window.Telegram && window.Telegram.WebApp) {
-          return;
-        }
-        const script = document.createElement('script');
-        script.src = 'https://telegram.org/js/telegram-web-app.js';
-        script.onload = () => {
-          if (window.Telegram && window.Telegram.WebApp) {
-            window.Telegram.WebApp.ready?.();
-          }
-        };
-        document.head.appendChild(script);
-      })();
-    </script>
   </head>
   <body>
     <div id="root"></div>

moderation/frontend/src/App.jsx

@@ -100,20 +100,6 @@ export default function App() {
   useEffect(() => {
     let cancelled = false;
 
-    const waitForInitData = async () => {
-      const start = Date.now();
-      const timeout = 5000;
-
-      while (Date.now() - start < timeout) {
-        const app = window.Telegram?.WebApp;
-        if (app?.initData && app.initData.length > 0) {
-          return app;
-        }
-        await new Promise((resolve) => setTimeout(resolve, 100));
-      }
-      throw new Error('Telegram initData не передан (timeout)');
-    };
-
     const init = async () => {
       try {
         const telegramApp = window.Telegram?.WebApp;
@@ -122,12 +108,12 @@ export default function App() {
           throw new Error('Откройте модераторский интерфейс из Telegram (бот @rbachbot).');
         }
 
-        telegramApp.disableVerticalSwipes?.();
+        if (!telegramApp.initData) {
-        telegramApp.ready?.();
+          throw new Error('Telegram не передал initData. Откройте приложение из официального клиента.');
-        telegramApp.expand?.();
+        }
 
-        const app = await waitForInitData();
+        telegramApp.disableVerticalSwipes?.();
-        if (cancelled) return;
+        telegramApp.expand?.();
 
         const userData = await verifyAuth();
         if (cancelled) return;

moderation/frontend/src/main.jsx

@@ -3,6 +3,14 @@ import ReactDOM from 'react-dom/client';
 import App from './App';
 import './styles.css';
 
+// Убедиться, что Telegram Web App инициализирован
+if (window.Telegram?.WebApp) {
+  window.Telegram.WebApp.ready();
+  console.log('[Moderation] Telegram WebApp initialized');
+} else {
+  console.error('[Moderation] Telegram WebApp not found!');
+}
+
 ReactDOM.createRoot(document.getElementById('root')).render(
   <React.StrictMode>
     <App />