Update files

2025-11-11 02:22:34 +03:00 · 2025-11-11 02:22:34 +03:00 · a4bae70823
parent 08ab000290
commit a4bae70823
7 changed files with 69 additions and 85 deletions
--- a/backend/utils/telegram.js
+++ b/backend/utils/telegram.js
@ -103,18 +103,31 @@ function validateAndParseInitData(initDataRaw, botToken = null) {
    userId: payload?.user?.id,
    auth_date: payload?.auth_date,
    authDate: payload?.authDate,
-    allKeys: Object.keys(payload)
+    allKeys: Object.keys(payload),
+    fullPayload: JSON.stringify(payload, null, 2)
  });

  if (!payload || !payload.user) {
    throw new Error('Отсутствует пользователь в initData');
  }

-  // Check for authDate (camelCase from library) or auth_date (snake_case)
+  // Check if this is signature-based validation (Ed25519) or hash-based (HMAC-SHA256)
+  const hasSignature = 'signature' in payload;
+  const hasHash = 'hash' in payload;
+
+  console.log('[Telegram] Validation method:', {
+    hasSignature,
+    hasHash,
+    method: hasSignature ? 'Ed25519 (signature)' : 'HMAC-SHA256 (hash)'
+  });
+
+  // Only check auth_date for hash-based validation (old method)
+  // Signature-based validation (new method) doesn't include auth_date
+  if (hasHash && !hasSignature) {
    const authDate = Number(payload.authDate || payload.auth_date);

    if (!authDate) {
-    console.error('[Telegram] Missing authDate in payload:', payload);
+      console.error('[Telegram] Missing authDate in hash-based payload:', payload);
      throw new Error('Отсутствует auth_date в initData');
    }

@ -132,6 +145,9 @@ function validateAndParseInitData(initDataRaw, botToken = null) {
    if (age > MAX_AUTH_AGE_SECONDS) {
      throw new Error(`Данные авторизации устарели (возраст: ${age}с, макс: ${MAX_AUTH_AGE_SECONDS}с)`);
    }
+  } else if (hasSignature) {
+    console.log('[Telegram] Signature-based validation detected, skipping auth_date check');
+  }

  console.log('[Telegram] initData validation complete');

--- a/frontend/index.html
+++ b/frontend/index.html
@ -6,21 +6,8 @@
    <meta name="apple-mobile-web-app-capable" content="yes">
    <meta name="mobile-web-app-capable" content="yes">
    <title>NakamaHost</title>
-    <script>
-      (function () {
-        if (window.Telegram && window.Telegram.WebApp) {
-          return;
-        }
-        const script = document.createElement('script');
-        script.src = 'https://telegram.org/js/telegram-web-app.js';
-        script.onload = () => {
-          if (window.Telegram && window.Telegram.WebApp) {
-            window.Telegram.WebApp.ready?.();
-          }
-        };
-        document.head.appendChild(script);
-      })();
-    </script>
+    <!-- Telegram Web App SDK - прямая загрузка -->
+    <script src="https://telegram.org/js/telegram-web-app.js"></script>
    <style>
      /* Предотвращение resize при открытии клавиатуры */
      html, body {
--- a/frontend/src/App.jsx
+++ b/frontend/src/App.jsx
@ -38,29 +38,21 @@ function AppContent() {
    }
  }, [])

-  const waitForInitData = async () => {
-    const start = Date.now()
-    const timeout = 5000
-
-    while (Date.now() - start < timeout) {
-      const tg = window.Telegram?.WebApp
-      if (tg?.initData && tg.initData.length > 0) {
-        return tg
-      }
-      await new Promise(resolve => setTimeout(resolve, 100))
-    }
-
-    throw new Error('Telegram не передал initData. Откройте приложение в официальном клиенте.')
-  }
-
  const initApp = async () => {
    try {
      initTelegramApp()

-      const tg = await waitForInitData()
+      const tg = window.Telegram?.WebApp
+
+      if (!tg) {
+        throw new Error('Откройте приложение из Telegram.')
+      }
+
+      if (!tg.initData) {
+        throw new Error('Telegram не передал initData. Откройте приложение из официального клиента.')
+      }

      tg.disableVerticalSwipes?.()
-      tg.ready?.()
      tg.expand?.()

      const userData = await verifyAuth()
--- a/frontend/src/main.jsx
+++ b/frontend/src/main.jsx
@ -3,6 +3,14 @@ import ReactDOM from 'react-dom/client'
 import App from './App.jsx'
 import './styles/index.css'

+// Убедиться, что Telegram Web App инициализирован
+if (window.Telegram?.WebApp) {
+  window.Telegram.WebApp.ready();
+  console.log('[Nakama] Telegram WebApp initialized');
+} else {
+  console.error('[Nakama] Telegram WebApp not found!');
+}
+
 ReactDOM.createRoot(document.getElementById('root')).render(
  <React.StrictMode>
    <App />
--- a/moderation/frontend/index.html
+++ b/moderation/frontend/index.html
@ -5,21 +5,8 @@
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
    <meta name="theme-color" content="#000000" />
    <title>Nakama Moderation</title>
-    <script>
-      (function () {
-        if (window.Telegram && window.Telegram.WebApp) {
-          return;
-        }
-        const script = document.createElement('script');
-        script.src = 'https://telegram.org/js/telegram-web-app.js';
-        script.onload = () => {
-          if (window.Telegram && window.Telegram.WebApp) {
-            window.Telegram.WebApp.ready?.();
-          }
-        };
-        document.head.appendChild(script);
-      })();
-    </script>
+    <!-- Telegram Web App SDK - прямая загрузка -->
+    <script src="https://telegram.org/js/telegram-web-app.js"></script>
  </head>
  <body>
    <div id="root"></div>
--- a/moderation/frontend/src/App.jsx
+++ b/moderation/frontend/src/App.jsx
@ -100,20 +100,6 @@ export default function App() {
  useEffect(() => {
    let cancelled = false;

-    const waitForInitData = async () => {
-      const start = Date.now();
-      const timeout = 5000;
-
-      while (Date.now() - start < timeout) {
-        const app = window.Telegram?.WebApp;
-        if (app?.initData && app.initData.length > 0) {
-          return app;
-        }
-        await new Promise((resolve) => setTimeout(resolve, 100));
-      }
-      throw new Error('Telegram initData не передан (timeout)');
-    };
-
    const init = async () => {
      try {
        const telegramApp = window.Telegram?.WebApp;
@ -122,12 +108,12 @@ export default function App() {
          throw new Error('Откройте модераторский интерфейс из Telegram (бот @rbachbot).');
        }

-        telegramApp.disableVerticalSwipes?.();
-        telegramApp.ready?.();
-        telegramApp.expand?.();
+        if (!telegramApp.initData) {
+          throw new Error('Telegram не передал initData. Откройте приложение из официального клиента.');
+        }

-        const app = await waitForInitData();
-        if (cancelled) return;
+        telegramApp.disableVerticalSwipes?.();
+        telegramApp.expand?.();

        const userData = await verifyAuth();
        if (cancelled) return;
--- a/moderation/frontend/src/main.jsx
+++ b/moderation/frontend/src/main.jsx
@ -3,6 +3,14 @@ import ReactDOM from 'react-dom/client';
 import App from './App';
 import './styles.css';

+// Убедиться, что Telegram Web App инициализирован
+if (window.Telegram?.WebApp) {
+  window.Telegram.WebApp.ready();
+  console.log('[Moderation] Telegram WebApp initialized');
+} else {
+  console.error('[Moderation] Telegram WebApp not found!');
+}
+
 ReactDOM.createRoot(document.getElementById('root')).render(
  <React.StrictMode>
    <App />