@core-ease/telegram-kit 3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (86) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +299 -0
  3. package/dist/animation/index.d.mts +4 -0
  4. package/dist/animation/index.d.ts +4 -0
  5. package/dist/animation/index.js +2413 -0
  6. package/dist/animation/index.mjs +5 -0
  7. package/dist/animation/lottie/index.d.mts +10 -0
  8. package/dist/animation/lottie/index.d.ts +10 -0
  9. package/dist/animation/lottie/index.js +2313 -0
  10. package/dist/animation/lottie/index.mjs +4 -0
  11. package/dist/animation/tgs/index.d.mts +18 -0
  12. package/dist/animation/tgs/index.d.ts +18 -0
  13. package/dist/animation/tgs/index.js +2402 -0
  14. package/dist/animation/tgs/index.mjs +4 -0
  15. package/dist/bot/index.d.mts +477 -0
  16. package/dist/bot/index.d.ts +477 -0
  17. package/dist/bot/index.js +870 -0
  18. package/dist/bot/index.mjs +847 -0
  19. package/dist/bot-D8BnLWIi.d.mts +2041 -0
  20. package/dist/bot-D8BnLWIi.d.ts +2041 -0
  21. package/dist/browser.global.js +23 -0
  22. package/dist/chunk-7AARTHNW.mjs +40 -0
  23. package/dist/chunk-7CVYPKAL.mjs +15 -0
  24. package/dist/chunk-B3PWALX5.mjs +4418 -0
  25. package/dist/chunk-BQEUEAVK.mjs +2262 -0
  26. package/dist/chunk-FPWYSKK2.mjs +3089 -0
  27. package/dist/chunk-JXK5HCDV.mjs +254 -0
  28. package/dist/chunk-OMH2JGOH.mjs +88 -0
  29. package/dist/chunk-PXO36YTU.mjs +38 -0
  30. package/dist/core/index.d.mts +151 -0
  31. package/dist/core/index.d.ts +151 -0
  32. package/dist/core/index.js +3837 -0
  33. package/dist/core/index.mjs +495 -0
  34. package/dist/dev/index.d.mts +77 -0
  35. package/dist/dev/index.d.ts +77 -0
  36. package/dist/dev/index.js +3214 -0
  37. package/dist/dev/index.mjs +151 -0
  38. package/dist/engine-BDm1_hzn.d.mts +382 -0
  39. package/dist/engine-BDm1_hzn.d.ts +382 -0
  40. package/dist/format/index.d.mts +61 -0
  41. package/dist/format/index.d.ts +61 -0
  42. package/dist/format/index.js +121 -0
  43. package/dist/format/index.mjs +112 -0
  44. package/dist/hooks/index.d.mts +1 -0
  45. package/dist/hooks/index.d.ts +1 -0
  46. package/dist/hooks/index.js +4234 -0
  47. package/dist/hooks/index.mjs +3 -0
  48. package/dist/hooks-C5Per70R.d.mts +1066 -0
  49. package/dist/hooks-C5Per70R.d.ts +1066 -0
  50. package/dist/index.d.mts +849 -0
  51. package/dist/index.d.ts +849 -0
  52. package/dist/index.js +5026 -0
  53. package/dist/index.mjs +478 -0
  54. package/dist/keyboards/index.d.mts +50 -0
  55. package/dist/keyboards/index.d.ts +50 -0
  56. package/dist/keyboards/index.js +127 -0
  57. package/dist/keyboards/index.mjs +124 -0
  58. package/dist/links/index.d.mts +53 -0
  59. package/dist/links/index.d.ts +53 -0
  60. package/dist/links/index.js +139 -0
  61. package/dist/links/index.mjs +133 -0
  62. package/dist/lottie/index.d.mts +3 -0
  63. package/dist/lottie/index.d.ts +3 -0
  64. package/dist/lottie/index.js +2313 -0
  65. package/dist/lottie/index.mjs +4 -0
  66. package/dist/qr/index.d.mts +75 -0
  67. package/dist/qr/index.d.ts +75 -0
  68. package/dist/qr/index.js +983 -0
  69. package/dist/qr/index.mjs +946 -0
  70. package/dist/sdk/index.d.mts +322 -0
  71. package/dist/sdk/index.d.ts +322 -0
  72. package/dist/sdk/index.js +3138 -0
  73. package/dist/sdk/index.mjs +2 -0
  74. package/dist/server/index.d.mts +28 -0
  75. package/dist/server/index.d.ts +28 -0
  76. package/dist/server/index.js +254 -0
  77. package/dist/server/index.mjs +246 -0
  78. package/dist/tgs/index.d.mts +3 -0
  79. package/dist/tgs/index.d.ts +3 -0
  80. package/dist/tgs/index.js +2402 -0
  81. package/dist/tgs/index.mjs +4 -0
  82. package/dist/webapp-B-3_74nK.d.mts +842 -0
  83. package/dist/webapp-B-3_74nK.d.ts +842 -0
  84. package/dist/webapp-BDi9q3-a.d.mts +42 -0
  85. package/dist/webapp-YvmwFYUQ.d.ts +42 -0
  86. package/package.json +165 -0
@@ -0,0 +1,2 @@
1
+ export { Accelerometer, BackButton, BiometricManager, BottomButton, ClipboardManager, CloudStorage, ContactManager, DebugBottomBar, DeviceOrientation, DeviceStorage, DownloadFileManager, EmojiStatusManager, Gyroscope, HapticFeedback, HomeScreenManager, InvoiceManager, LinkManager, LocationManager, PopupManager, SDK_NAME, ScanQrManager, SecureStorage, SettingsButton, SharingManager, TelegramWebView, ThemeManager, Utils, ViewportManager, WebApp, WebAppError, WebAppErrorName, WebAppKernel, bootstrapTelegramWebApp, isBootstrapped } from '../chunk-FPWYSKK2.mjs';
2
+ import '../chunk-7AARTHNW.mjs';
@@ -0,0 +1,28 @@
1
+ import { R as RuntimeMode } from '../webapp-BDi9q3-a.mjs';
2
+ import { W as WebAppUser } from '../webapp-B-3_74nK.mjs';
3
+
4
+ interface ValidateInitDataOptions {
5
+ maxAgeSeconds?: number;
6
+ runtime?: RuntimeMode;
7
+ parseUser?: boolean;
8
+ strict?: boolean;
9
+ skipAuthDateCheck?: boolean;
10
+ extractStartParam?: boolean;
11
+ extractChat?: boolean;
12
+ parseUnsafeData?: boolean;
13
+ }
14
+ interface ValidateInitDataResult<TUser = WebAppUser> {
15
+ valid: boolean;
16
+ reason?: 'invalid_hash' | 'expired' | 'missing_hash' | 'malformed';
17
+ data?: Record<string, string>;
18
+ authDate?: number;
19
+ user?: TUser;
20
+ startParam?: string | null;
21
+ chatType?: string | null;
22
+ chatInstance?: string | null;
23
+ rawInitData?: string;
24
+ }
25
+ declare function validateInitData<TUser = WebAppUser>(initData: string, botToken: string, options?: ValidateInitDataOptions): Promise<ValidateInitDataResult<TUser>>;
26
+ declare function validateInitDataSync<TUser = WebAppUser>(initData: string, botToken: string, options?: ValidateInitDataOptions): ValidateInitDataResult<TUser>;
27
+
28
+ export { type ValidateInitDataOptions, type ValidateInitDataResult, validateInitData, validateInitDataSync };
@@ -0,0 +1,28 @@
1
+ import { R as RuntimeMode } from '../webapp-YvmwFYUQ.js';
2
+ import { W as WebAppUser } from '../webapp-B-3_74nK.js';
3
+
4
+ interface ValidateInitDataOptions {
5
+ maxAgeSeconds?: number;
6
+ runtime?: RuntimeMode;
7
+ parseUser?: boolean;
8
+ strict?: boolean;
9
+ skipAuthDateCheck?: boolean;
10
+ extractStartParam?: boolean;
11
+ extractChat?: boolean;
12
+ parseUnsafeData?: boolean;
13
+ }
14
+ interface ValidateInitDataResult<TUser = WebAppUser> {
15
+ valid: boolean;
16
+ reason?: 'invalid_hash' | 'expired' | 'missing_hash' | 'malformed';
17
+ data?: Record<string, string>;
18
+ authDate?: number;
19
+ user?: TUser;
20
+ startParam?: string | null;
21
+ chatType?: string | null;
22
+ chatInstance?: string | null;
23
+ rawInitData?: string;
24
+ }
25
+ declare function validateInitData<TUser = WebAppUser>(initData: string, botToken: string, options?: ValidateInitDataOptions): Promise<ValidateInitDataResult<TUser>>;
26
+ declare function validateInitDataSync<TUser = WebAppUser>(initData: string, botToken: string, options?: ValidateInitDataOptions): ValidateInitDataResult<TUser>;
27
+
28
+ export { type ValidateInitDataOptions, type ValidateInitDataResult, validateInitData, validateInitDataSync };
@@ -0,0 +1,254 @@
1
+ 'use strict';
2
+
3
+ var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
4
+ get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
5
+ }) : x)(function(x) {
6
+ if (typeof require !== "undefined") return require.apply(this, arguments);
7
+ throw Error('Dynamic require of "' + x + '" is not supported');
8
+ });
9
+
10
+ // src/_internal/server/verifyInitData.ts
11
+ var _nodeCryptoPromise = null;
12
+ async function getNodeCrypto() {
13
+ if (!_nodeCryptoPromise) {
14
+ _nodeCryptoPromise = import('crypto');
15
+ }
16
+ return _nodeCryptoPromise;
17
+ }
18
+ function getNodeCryptoSync() {
19
+ return __require("crypto");
20
+ }
21
+ function detectRuntime() {
22
+ var _a, _b;
23
+ const hasNodeProcess = typeof process !== "undefined" && typeof ((_a = process.versions) == null ? void 0 : _a.node) === "string";
24
+ const hasWebCrypto = typeof crypto !== "undefined" && typeof ((_b = crypto.subtle) == null ? void 0 : _b.importKey) === "function";
25
+ if (!hasNodeProcess && hasWebCrypto) return "edge";
26
+ return "node";
27
+ }
28
+ function normalizeInitData(initData) {
29
+ if (initData.includes("hash=")) {
30
+ return initData;
31
+ }
32
+ if (!initData.includes("%26hash%3D")) {
33
+ return initData;
34
+ }
35
+ try {
36
+ const decoded = decodeURIComponent(initData);
37
+ if (decoded.includes("user=") && decoded.includes("auth_date=") && decoded.includes("hash=")) {
38
+ return decoded;
39
+ }
40
+ } catch (e) {
41
+ }
42
+ return initData;
43
+ }
44
+ function parseInitData(initData) {
45
+ const params = new URLSearchParams(initData);
46
+ const hash = params.get("hash");
47
+ const authDate = params.get("auth_date");
48
+ const startParam = params.get("start_param");
49
+ const chatType = params.get("chat_type");
50
+ const chatInstance = params.get("chat_instance");
51
+ params.delete("hash");
52
+ const data = {};
53
+ for (const [k, v] of params.entries()) {
54
+ data[k] = v;
55
+ }
56
+ return { data, hash, authDate, startParam, chatType, chatInstance };
57
+ }
58
+ function buildDataCheckString(data) {
59
+ return Object.keys(data).sort().map((k) => `${k}=${data[k]}`).join("\n");
60
+ }
61
+ function hexToUint8Array(hex) {
62
+ const len = hex.length;
63
+ const bytes = new Uint8Array(len / 2);
64
+ for (let i = 0; i < len; i += 2) {
65
+ bytes[i / 2] = parseInt(hex.slice(i, i + 2), 16);
66
+ }
67
+ return bytes;
68
+ }
69
+ function timingSafeEqualBytes(a, b) {
70
+ if (a.length !== b.length) return false;
71
+ let diff = 0;
72
+ for (let i = 0; i < a.length; i++) {
73
+ diff |= a[i] ^ b[i];
74
+ }
75
+ return diff === 0;
76
+ }
77
+ async function verifyEdge(dataCheckString, botToken, hash) {
78
+ const enc = new TextEncoder();
79
+ const key = await crypto.subtle.importKey(
80
+ "raw",
81
+ enc.encode("WebAppData"),
82
+ { name: "HMAC", hash: "SHA-256" },
83
+ false,
84
+ ["sign"]
85
+ );
86
+ const secret = await crypto.subtle.sign("HMAC", key, enc.encode(botToken));
87
+ const hmacKey = await crypto.subtle.importKey(
88
+ "raw",
89
+ secret,
90
+ { name: "HMAC", hash: "SHA-256" },
91
+ false,
92
+ ["sign"]
93
+ );
94
+ const signature = await crypto.subtle.sign("HMAC", hmacKey, enc.encode(dataCheckString));
95
+ const computedBytes = new Uint8Array(signature);
96
+ const hashBytes = hexToUint8Array(hash);
97
+ return timingSafeEqualBytes(computedBytes, hashBytes);
98
+ }
99
+ async function verifyNode(dataCheckString, botToken, hash) {
100
+ const { createHmac, timingSafeEqual } = await getNodeCrypto();
101
+ const secretKey = createHmac("sha256", "WebAppData").update(botToken).digest();
102
+ const computed = createHmac("sha256", secretKey).update(dataCheckString).digest();
103
+ const hashBuffer = Buffer.from(hash, "hex");
104
+ if (hashBuffer.length !== computed.length) return false;
105
+ return timingSafeEqual(hashBuffer, computed);
106
+ }
107
+ function verifyNodeSync(dataCheckString, botToken, hash) {
108
+ const { createHmac, timingSafeEqual } = getNodeCryptoSync();
109
+ const secretKey = createHmac("sha256", "WebAppData").update(botToken).digest();
110
+ const computed = createHmac("sha256", secretKey).update(dataCheckString).digest();
111
+ const hashBuffer = Buffer.from(hash, "hex");
112
+ if (hashBuffer.length !== computed.length) return false;
113
+ return timingSafeEqual(hashBuffer, computed);
114
+ }
115
+ async function validateInitData(initData, botToken, options = {}) {
116
+ var _a, _b, _c;
117
+ const {
118
+ maxAgeSeconds = 86400,
119
+ runtime = detectRuntime(),
120
+ parseUser = true,
121
+ strict = false,
122
+ skipAuthDateCheck = false,
123
+ extractStartParam = true,
124
+ extractChat = true,
125
+ parseUnsafeData = false
126
+ } = options;
127
+ if (!initData || typeof initData !== "string") {
128
+ if (strict) throw new Error("malformed initData");
129
+ return { valid: false, reason: "malformed" };
130
+ }
131
+ let parsed;
132
+ try {
133
+ initData = normalizeInitData(initData);
134
+ parsed = parseInitData(initData);
135
+ } catch (e) {
136
+ if (strict) throw new Error("malformed initData");
137
+ return { valid: false, reason: "malformed" };
138
+ }
139
+ const { data, hash, authDate: authDateStr } = parsed;
140
+ if (!hash) {
141
+ if (strict) throw new Error("missing_hash");
142
+ return { valid: false, reason: "missing_hash" };
143
+ }
144
+ const dataCheckString = buildDataCheckString(data);
145
+ const isValid = runtime === "edge" ? await verifyEdge(dataCheckString, botToken, hash) : await verifyNode(dataCheckString, botToken, hash);
146
+ if (!isValid) {
147
+ if (strict) throw new Error("invalid_hash");
148
+ return { valid: false, reason: "invalid_hash" };
149
+ }
150
+ const authDate = authDateStr ? Number(authDateStr) : 0;
151
+ if (!skipAuthDateCheck) {
152
+ if (!authDate || Number.isNaN(authDate)) {
153
+ if (strict) throw new Error("malformed auth_date");
154
+ return { valid: false, reason: "malformed" };
155
+ }
156
+ const now = Math.floor(Date.now() / 1e3);
157
+ if (now - authDate > maxAgeSeconds) {
158
+ if (strict) throw new Error("expired");
159
+ return { valid: false, reason: "expired", authDate };
160
+ }
161
+ }
162
+ let parsedUser;
163
+ if (parseUser && data.user) {
164
+ try {
165
+ parsedUser = JSON.parse(data.user);
166
+ } catch (e) {
167
+ if (strict) throw new Error("invalid_user_json");
168
+ }
169
+ }
170
+ const startParam = extractStartParam ? (_a = data.start_param) != null ? _a : null : void 0;
171
+ const chatType = extractChat ? (_b = data.chat_type) != null ? _b : null : void 0;
172
+ const chatInstance = extractChat ? (_c = data.chat_instance) != null ? _c : null : void 0;
173
+ return {
174
+ valid: true,
175
+ data,
176
+ authDate,
177
+ user: parsedUser,
178
+ startParam,
179
+ chatType,
180
+ chatInstance,
181
+ rawInitData: parseUnsafeData ? initData : void 0
182
+ };
183
+ }
184
+ function validateInitDataSync(initData, botToken, options = {}) {
185
+ var _a, _b, _c;
186
+ const {
187
+ maxAgeSeconds = 86400,
188
+ parseUser = true,
189
+ strict = false,
190
+ skipAuthDateCheck = false,
191
+ extractStartParam = true,
192
+ extractChat = true,
193
+ parseUnsafeData = false
194
+ } = options;
195
+ if (!initData || typeof initData !== "string") {
196
+ if (strict) throw new Error("malformed initData");
197
+ return { valid: false, reason: "malformed" };
198
+ }
199
+ let parsed;
200
+ try {
201
+ initData = normalizeInitData(initData);
202
+ parsed = parseInitData(initData);
203
+ } catch (e) {
204
+ if (strict) throw new Error("malformed initData");
205
+ return { valid: false, reason: "malformed" };
206
+ }
207
+ const { data, hash, authDate: authDateStr } = parsed;
208
+ if (!hash) {
209
+ if (strict) throw new Error("missing_hash");
210
+ return { valid: false, reason: "missing_hash" };
211
+ }
212
+ const dataCheckString = buildDataCheckString(data);
213
+ const isValid = verifyNodeSync(dataCheckString, botToken, hash);
214
+ if (!isValid) {
215
+ if (strict) throw new Error("invalid_hash");
216
+ return { valid: false, reason: "invalid_hash" };
217
+ }
218
+ const authDate = authDateStr ? Number(authDateStr) : 0;
219
+ if (!skipAuthDateCheck) {
220
+ if (!authDate || Number.isNaN(authDate)) {
221
+ if (strict) throw new Error("malformed auth_date");
222
+ return { valid: false, reason: "malformed" };
223
+ }
224
+ const now = Math.floor(Date.now() / 1e3);
225
+ if (now - authDate > maxAgeSeconds) {
226
+ if (strict) throw new Error("expired");
227
+ return { valid: false, reason: "expired", authDate };
228
+ }
229
+ }
230
+ let parsedUser;
231
+ if (parseUser && data.user) {
232
+ try {
233
+ parsedUser = JSON.parse(data.user);
234
+ } catch (e) {
235
+ if (strict) throw new Error("invalid_user_json");
236
+ }
237
+ }
238
+ const startParam = extractStartParam ? (_a = data.start_param) != null ? _a : null : void 0;
239
+ const chatType = extractChat ? (_b = data.chat_type) != null ? _b : null : void 0;
240
+ const chatInstance = extractChat ? (_c = data.chat_instance) != null ? _c : null : void 0;
241
+ return {
242
+ valid: true,
243
+ data,
244
+ authDate,
245
+ user: parsedUser,
246
+ startParam,
247
+ chatType,
248
+ chatInstance,
249
+ rawInitData: parseUnsafeData ? initData : void 0
250
+ };
251
+ }
252
+
253
+ exports.validateInitData = validateInitData;
254
+ exports.validateInitDataSync = validateInitDataSync;
@@ -0,0 +1,246 @@
1
+ import { __require } from '../chunk-7AARTHNW.mjs';
2
+
3
+ // src/_internal/server/verifyInitData.ts
4
+ var _nodeCryptoPromise = null;
5
+ async function getNodeCrypto() {
6
+ if (!_nodeCryptoPromise) {
7
+ _nodeCryptoPromise = import('crypto');
8
+ }
9
+ return _nodeCryptoPromise;
10
+ }
11
+ function getNodeCryptoSync() {
12
+ return __require("crypto");
13
+ }
14
+ function detectRuntime() {
15
+ var _a, _b;
16
+ const hasNodeProcess = typeof process !== "undefined" && typeof ((_a = process.versions) == null ? void 0 : _a.node) === "string";
17
+ const hasWebCrypto = typeof crypto !== "undefined" && typeof ((_b = crypto.subtle) == null ? void 0 : _b.importKey) === "function";
18
+ if (!hasNodeProcess && hasWebCrypto) return "edge";
19
+ return "node";
20
+ }
21
+ function normalizeInitData(initData) {
22
+ if (initData.includes("hash=")) {
23
+ return initData;
24
+ }
25
+ if (!initData.includes("%26hash%3D")) {
26
+ return initData;
27
+ }
28
+ try {
29
+ const decoded = decodeURIComponent(initData);
30
+ if (decoded.includes("user=") && decoded.includes("auth_date=") && decoded.includes("hash=")) {
31
+ return decoded;
32
+ }
33
+ } catch (e) {
34
+ }
35
+ return initData;
36
+ }
37
+ function parseInitData(initData) {
38
+ const params = new URLSearchParams(initData);
39
+ const hash = params.get("hash");
40
+ const authDate = params.get("auth_date");
41
+ const startParam = params.get("start_param");
42
+ const chatType = params.get("chat_type");
43
+ const chatInstance = params.get("chat_instance");
44
+ params.delete("hash");
45
+ const data = {};
46
+ for (const [k, v] of params.entries()) {
47
+ data[k] = v;
48
+ }
49
+ return { data, hash, authDate, startParam, chatType, chatInstance };
50
+ }
51
+ function buildDataCheckString(data) {
52
+ return Object.keys(data).sort().map((k) => `${k}=${data[k]}`).join("\n");
53
+ }
54
+ function hexToUint8Array(hex) {
55
+ const len = hex.length;
56
+ const bytes = new Uint8Array(len / 2);
57
+ for (let i = 0; i < len; i += 2) {
58
+ bytes[i / 2] = parseInt(hex.slice(i, i + 2), 16);
59
+ }
60
+ return bytes;
61
+ }
62
+ function timingSafeEqualBytes(a, b) {
63
+ if (a.length !== b.length) return false;
64
+ let diff = 0;
65
+ for (let i = 0; i < a.length; i++) {
66
+ diff |= a[i] ^ b[i];
67
+ }
68
+ return diff === 0;
69
+ }
70
+ async function verifyEdge(dataCheckString, botToken, hash) {
71
+ const enc = new TextEncoder();
72
+ const key = await crypto.subtle.importKey(
73
+ "raw",
74
+ enc.encode("WebAppData"),
75
+ { name: "HMAC", hash: "SHA-256" },
76
+ false,
77
+ ["sign"]
78
+ );
79
+ const secret = await crypto.subtle.sign("HMAC", key, enc.encode(botToken));
80
+ const hmacKey = await crypto.subtle.importKey(
81
+ "raw",
82
+ secret,
83
+ { name: "HMAC", hash: "SHA-256" },
84
+ false,
85
+ ["sign"]
86
+ );
87
+ const signature = await crypto.subtle.sign("HMAC", hmacKey, enc.encode(dataCheckString));
88
+ const computedBytes = new Uint8Array(signature);
89
+ const hashBytes = hexToUint8Array(hash);
90
+ return timingSafeEqualBytes(computedBytes, hashBytes);
91
+ }
92
+ async function verifyNode(dataCheckString, botToken, hash) {
93
+ const { createHmac, timingSafeEqual } = await getNodeCrypto();
94
+ const secretKey = createHmac("sha256", "WebAppData").update(botToken).digest();
95
+ const computed = createHmac("sha256", secretKey).update(dataCheckString).digest();
96
+ const hashBuffer = Buffer.from(hash, "hex");
97
+ if (hashBuffer.length !== computed.length) return false;
98
+ return timingSafeEqual(hashBuffer, computed);
99
+ }
100
+ function verifyNodeSync(dataCheckString, botToken, hash) {
101
+ const { createHmac, timingSafeEqual } = getNodeCryptoSync();
102
+ const secretKey = createHmac("sha256", "WebAppData").update(botToken).digest();
103
+ const computed = createHmac("sha256", secretKey).update(dataCheckString).digest();
104
+ const hashBuffer = Buffer.from(hash, "hex");
105
+ if (hashBuffer.length !== computed.length) return false;
106
+ return timingSafeEqual(hashBuffer, computed);
107
+ }
108
+ async function validateInitData(initData, botToken, options = {}) {
109
+ var _a, _b, _c;
110
+ const {
111
+ maxAgeSeconds = 86400,
112
+ runtime = detectRuntime(),
113
+ parseUser = true,
114
+ strict = false,
115
+ skipAuthDateCheck = false,
116
+ extractStartParam = true,
117
+ extractChat = true,
118
+ parseUnsafeData = false
119
+ } = options;
120
+ if (!initData || typeof initData !== "string") {
121
+ if (strict) throw new Error("malformed initData");
122
+ return { valid: false, reason: "malformed" };
123
+ }
124
+ let parsed;
125
+ try {
126
+ initData = normalizeInitData(initData);
127
+ parsed = parseInitData(initData);
128
+ } catch (e) {
129
+ if (strict) throw new Error("malformed initData");
130
+ return { valid: false, reason: "malformed" };
131
+ }
132
+ const { data, hash, authDate: authDateStr } = parsed;
133
+ if (!hash) {
134
+ if (strict) throw new Error("missing_hash");
135
+ return { valid: false, reason: "missing_hash" };
136
+ }
137
+ const dataCheckString = buildDataCheckString(data);
138
+ const isValid = runtime === "edge" ? await verifyEdge(dataCheckString, botToken, hash) : await verifyNode(dataCheckString, botToken, hash);
139
+ if (!isValid) {
140
+ if (strict) throw new Error("invalid_hash");
141
+ return { valid: false, reason: "invalid_hash" };
142
+ }
143
+ const authDate = authDateStr ? Number(authDateStr) : 0;
144
+ if (!skipAuthDateCheck) {
145
+ if (!authDate || Number.isNaN(authDate)) {
146
+ if (strict) throw new Error("malformed auth_date");
147
+ return { valid: false, reason: "malformed" };
148
+ }
149
+ const now = Math.floor(Date.now() / 1e3);
150
+ if (now - authDate > maxAgeSeconds) {
151
+ if (strict) throw new Error("expired");
152
+ return { valid: false, reason: "expired", authDate };
153
+ }
154
+ }
155
+ let parsedUser;
156
+ if (parseUser && data.user) {
157
+ try {
158
+ parsedUser = JSON.parse(data.user);
159
+ } catch (e) {
160
+ if (strict) throw new Error("invalid_user_json");
161
+ }
162
+ }
163
+ const startParam = extractStartParam ? (_a = data.start_param) != null ? _a : null : void 0;
164
+ const chatType = extractChat ? (_b = data.chat_type) != null ? _b : null : void 0;
165
+ const chatInstance = extractChat ? (_c = data.chat_instance) != null ? _c : null : void 0;
166
+ return {
167
+ valid: true,
168
+ data,
169
+ authDate,
170
+ user: parsedUser,
171
+ startParam,
172
+ chatType,
173
+ chatInstance,
174
+ rawInitData: parseUnsafeData ? initData : void 0
175
+ };
176
+ }
177
+ function validateInitDataSync(initData, botToken, options = {}) {
178
+ var _a, _b, _c;
179
+ const {
180
+ maxAgeSeconds = 86400,
181
+ parseUser = true,
182
+ strict = false,
183
+ skipAuthDateCheck = false,
184
+ extractStartParam = true,
185
+ extractChat = true,
186
+ parseUnsafeData = false
187
+ } = options;
188
+ if (!initData || typeof initData !== "string") {
189
+ if (strict) throw new Error("malformed initData");
190
+ return { valid: false, reason: "malformed" };
191
+ }
192
+ let parsed;
193
+ try {
194
+ initData = normalizeInitData(initData);
195
+ parsed = parseInitData(initData);
196
+ } catch (e) {
197
+ if (strict) throw new Error("malformed initData");
198
+ return { valid: false, reason: "malformed" };
199
+ }
200
+ const { data, hash, authDate: authDateStr } = parsed;
201
+ if (!hash) {
202
+ if (strict) throw new Error("missing_hash");
203
+ return { valid: false, reason: "missing_hash" };
204
+ }
205
+ const dataCheckString = buildDataCheckString(data);
206
+ const isValid = verifyNodeSync(dataCheckString, botToken, hash);
207
+ if (!isValid) {
208
+ if (strict) throw new Error("invalid_hash");
209
+ return { valid: false, reason: "invalid_hash" };
210
+ }
211
+ const authDate = authDateStr ? Number(authDateStr) : 0;
212
+ if (!skipAuthDateCheck) {
213
+ if (!authDate || Number.isNaN(authDate)) {
214
+ if (strict) throw new Error("malformed auth_date");
215
+ return { valid: false, reason: "malformed" };
216
+ }
217
+ const now = Math.floor(Date.now() / 1e3);
218
+ if (now - authDate > maxAgeSeconds) {
219
+ if (strict) throw new Error("expired");
220
+ return { valid: false, reason: "expired", authDate };
221
+ }
222
+ }
223
+ let parsedUser;
224
+ if (parseUser && data.user) {
225
+ try {
226
+ parsedUser = JSON.parse(data.user);
227
+ } catch (e) {
228
+ if (strict) throw new Error("invalid_user_json");
229
+ }
230
+ }
231
+ const startParam = extractStartParam ? (_a = data.start_param) != null ? _a : null : void 0;
232
+ const chatType = extractChat ? (_b = data.chat_type) != null ? _b : null : void 0;
233
+ const chatInstance = extractChat ? (_c = data.chat_instance) != null ? _c : null : void 0;
234
+ return {
235
+ valid: true,
236
+ data,
237
+ authDate,
238
+ user: parsedUser,
239
+ startParam,
240
+ chatType,
241
+ chatInstance,
242
+ rawInitData: parseUnsafeData ? initData : void 0
243
+ };
244
+ }
245
+
246
+ export { validateInitData, validateInitDataSync };
@@ -0,0 +1,3 @@
1
+ import 'react';
2
+ export { L as LottieAnimation, a as LottieAnimationController, P as PlayMode, b as PlayerState, T as TgsSource, l as loadTgsSource, r as renderDocumentFrame } from '../engine-BDm1_hzn.mjs';
3
+ export { TgsPlayer, TgsPlayerHandle, TgsPlayerProps, checkTgsCompliance, gunzip, isGzip } from '../animation/tgs/index.mjs';
@@ -0,0 +1,3 @@
1
+ import 'react';
2
+ export { L as LottieAnimation, a as LottieAnimationController, P as PlayMode, b as PlayerState, T as TgsSource, l as loadTgsSource, r as renderDocumentFrame } from '../engine-BDm1_hzn.js';
3
+ export { TgsPlayer, TgsPlayerHandle, TgsPlayerProps, checkTgsCompliance, gunzip, isGzip } from '../animation/tgs/index.js';