@tma.js/init-data-node 1.1.15 → 1.2.0

package/dist/index.mjs

@@ -1,253 +0,0 @@
-import { createHmac as N } from "node:crypto";
-import { URLSearchParams as E } from "node:url";
-var O = Object.defineProperty, T = (e, t, r) => t in e ? O(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r, U = (e, t, r) => (T(e, typeof t != "symbol" ? t + "" : t, r), r);
-class l extends Error {
-  constructor(t, { cause: r, type: o } = {}) {
-    super(`Unable to parse value${o ? ` as ${o}` : ""}`, { cause: r }), U(this, "type"), this.value = t, Object.setPrototypeOf(this, l.prototype), this.type = o;
-  }
-}
-class m extends Error {
-  constructor(t, { cause: r, type: o } = {}) {
-    super(`Unable to parse field "${t}"${o ? ` as ${o}` : ""}`, { cause: r }), Object.setPrototypeOf(this, m.prototype);
-  }
-}
-function P(e, t) {
-  const r = {};
-  for (const o in e) {
-    const a = e[o];
-    if (!a)
-      continue;
-    let s, p;
-    if (typeof a == "function" || "parse" in a)
-      s = o, p = typeof a == "function" ? a : a.parse.bind(a);
-    else {
-      const { type: i } = a;
-      s = a.from || o, p = typeof i == "function" ? i : i.parse.bind(i);
-    }
-    let u;
-    const b = t(s);
-    try {
-      u = p(b);
-    } catch (i) {
-      throw i instanceof l ? new m(s, {
-        type: i.type,
-        cause: i
-      }) : new m(s, { cause: i });
-    }
-    u !== void 0 && (r[o] = u);
-  }
-  return r;
-}
-function f() {
-  return new TypeError("Value has unexpected type");
-}
-function x(e) {
-  let t = e;
-  if (typeof t == "string" && (t = JSON.parse(t)), typeof t != "object" || t === null || Array.isArray(t))
-    throw f();
-  return t;
-}
-class w {
-  constructor(t, r, o) {
-    this.parser = t, this.isOptional = r, this.type = o;
-  }
-  parse(t) {
-    if (!(this.isOptional && t === void 0))
-      try {
-        return this.parser(t);
-      } catch (r) {
-        throw new l(t, { type: this.type, cause: r });
-      }
-  }
-  optional() {
-    return this.isOptional = !0, this;
-  }
-}
-function _(e, t) {
-  return new w((r) => {
-    const o = x(r);
-    return P(e, (a) => o[a]);
-  }, !1, t);
-}
-function y(e, t) {
-  return () => new w(e, !1, t);
-}
-const n = y((e) => {
-  if (typeof e == "string" || typeof e == "number")
-    return e.toString();
-  throw f();
-}, "string"), h = y((e) => {
-  if (typeof e == "boolean")
-    return e;
-  const t = String(e);
-  if (t === "1" || t === "true")
-    return !0;
-  if (t === "0" || t === "false")
-    return !1;
-  throw f();
-}, "boolean"), c = y((e) => {
-  if (typeof e == "number")
-    return e;
-  if (typeof e == "string") {
-    const t = Number(e);
-    if (!Number.isNaN(t))
-      return t;
-  }
-  throw f();
-}, "number");
-function I() {
-  return _({
-    id: c(),
-    type: n(),
-    title: n(),
-    photoUrl: {
-      type: n().optional(),
-      from: "photo_url"
-    },
-    username: n().optional()
-  }, "Chat");
-}
-function D() {
-  return _({
-    addedToAttachmentMenu: {
-      type: h().optional(),
-      from: "added_to_attachment_menu"
-    },
-    allowsWriteToPm: {
-      type: h().optional(),
-      from: "allows_write_to_pm"
-    },
-    firstName: {
-      type: n(),
-      from: "first_name"
-    },
-    id: c(),
-    isBot: {
-      type: h().optional(),
-      from: "is_bot"
-    },
-    isPremium: {
-      type: h().optional(),
-      from: "is_premium"
-    },
-    languageCode: {
-      type: n().optional(),
-      from: "language_code"
-    },
-    lastName: {
-      type: n().optional(),
-      from: "last_name"
-    },
-    photoUrl: {
-      type: n().optional(),
-      from: "photo_url"
-    },
-    username: n().optional()
-  }, "User");
-}
-const v = y((e) => e instanceof Date ? e : new Date(c().parse(e) * 1e3), "Date");
-function S(e, t) {
-  return new w((r) => {
-    if (typeof r != "string" && !(r instanceof URLSearchParams))
-      throw f();
-    const o = typeof r == "string" ? new URLSearchParams(r) : r;
-    return P(e, (a) => {
-      const s = o.get(a);
-      return s === null ? void 0 : s;
-    });
-  }, !1, t);
-}
-function $() {
-  return S({
-    authDate: {
-      type: v(),
-      from: "auth_date"
-    },
-    canSendAfter: {
-      type: c().optional(),
-      from: "can_send_after"
-    },
-    chat: I().optional(),
-    chatInstance: {
-      type: n().optional(),
-      from: "chat_instance"
-    },
-    chatType: {
-      type: n().optional(),
-      from: "chat_type"
-    },
-    hash: n(),
-    queryId: {
-      type: n().optional(),
-      from: "query_id"
-    },
-    receiver: D().optional(),
-    startParam: {
-      type: n().optional(),
-      from: "start_param"
-    },
-    user: D().optional()
-  }, "InitData");
-}
-function R(e) {
-  return $().parse(e);
-}
-S({
-  contact: _({
-    userId: {
-      type: c(),
-      from: "user_id"
-    },
-    phoneNumber: {
-      type: n(),
-      from: "phone_number"
-    },
-    firstName: {
-      type: n(),
-      from: "first_name"
-    },
-    lastName: {
-      type: n().optional(),
-      from: "last_name"
-    }
-  }),
-  authDate: {
-    type: v(),
-    from: "auth_date"
-  },
-  hash: n()
-});
-function L(e, t, r = {}) {
-  const o = typeof e == "string" ? new E(e) : e;
-  let a = /* @__PURE__ */ new Date(0), s = "";
-  const p = [];
-  if (o.forEach((i, d) => {
-    if (d === "hash") {
-      s = i;
-      return;
-    }
-    if (d === "auth_date") {
-      const g = parseInt(i, 10);
-      if (Number.isNaN(g))
-        throw new TypeError('"auth_date" should present integer');
-      a = new Date(g * 1e3);
-    }
-    p.push(`${d}=${i}`);
-  }), s.length === 0)
-    throw new Error('"hash" is empty or not found');
-  if (a.getTime() === 0)
-    throw new Error('"auth_date" is empty or not found');
-  const { expiresIn: u = 86400 } = r;
-  if (u > 0 && a.getTime() + u * 1e3 < (/* @__PURE__ */ new Date()).getTime())
-    throw new Error("Init data expired");
-  if (p.sort(), N(
-    "sha256",
-    N("sha256", "WebAppData").update(t).digest()
-  ).update(p.join(`
-`)).digest().toString("hex") !== s)
-    throw new Error("Signature is invalid");
-}
-export {
-  R as parse,
-  L as validate
-};

package/src/__tests__/validate.ts

@@ -1,43 +0,0 @@
-import { URLSearchParams } from 'node:url';
-
-import { expect, it } from 'vitest';
-
-import { validate } from '../validate.js';
-
-const sp = 'query_id=AAHdF6IQAAAAAN0XohDhrOrc&user=%7B%22id%22%3A279058397%2C%22first_name%22%3A%22Vladislav%22%2C%22last_name%22%3A%22Kibenko%22%2C%22username%22%3A%22vdkfrost%22%2C%22language_code%22%3A%22ru%22%2C%22is_premium%22%3Atrue%7D&auth_date=1662771648&hash=c501b71e775f74ce10e377dea85a7ea24ecd640b223ea86dfe453e0eaed2e2b2';
-const secretToken = '5768337691:AAH5YkoiEuPk8-FZa32hStHTqXiLPtAEhx8';
-
-it('should throw missing hash error in case, it is not in search params', () => {
-  expect(() => validate('auth_date=1', secretToken))
-    .toThrowError('"hash" is empty or not found');
-});
-
-it('should throw an error on case, auth_date is not passed, equal to 0 or does not represent integer', () => {
-  expect(() => validate('auth_date=0&hash=HHH', secretToken))
-    .toThrowError('"auth_date" is empty or not found');
-  expect(() => validate('hash=HHH', secretToken))
-    .toThrowError('"auth_date" is empty or not found');
-  expect(() => validate('auth_date=AAA&hash=HHH', secretToken))
-    .toThrowError('"auth_date" should present integer');
-});
-
-it('should throw an error in case, parameters are expired', () => {
-  expect(() => validate(sp, secretToken, {
-    expiresIn: 1,
-  })).toThrowError('Init data expired');
-});
-
-it('should throw an error in case, sign is invalid', () => {
-  expect(() => validate(sp, `${secretToken}A`, {
-    expiresIn: 0,
-  })).toThrowError('Signature is invalid');
-});
-
-it('should correctly validate parameters in case, they are valid', () => {
-  expect(() => validate(sp, secretToken, { expiresIn: 0 })).not.toThrow();
-  expect(() => validate(new URLSearchParams(sp), secretToken, { expiresIn: 0 })).not.toThrow();
-});
-
-it('should throw an error in case, expiration time is not passed, parameters were created more than 1 day ago and already expired', () => {
-  expect(() => validate(sp, secretToken)).toThrow('Init data expired');
-});

package/src/index.ts

@@ -1,3 +0,0 @@
-export type { InitDataParsed as InitData } from '@tma.js/sdk';
-export { parse } from './parse.js';
-export { validate, type ValidateOptions } from './validate.js';

package/src/parse.ts

@@ -1,3 +0,0 @@
-import { parseInitData } from '@tma.js/sdk';
-
-export { parseInitData as parse };

package/src/validate.ts

@@ -1,107 +0,0 @@
-import { createHmac } from 'node:crypto';
-import { URLSearchParams } from 'node:url';
-
-export interface ValidateOptions {
-  /**
-   * Time in seconds which states, how long from creation time is init data
-   * considered valid.
-   *
-   * In other words, in case, when authDate + expiresIn is before current
-   * time, init data recognized as expired.
-   *
-   * In case, this value is equal to 0, function does not check init data
-   * expiration.
-   * @default 86400 (1 day)
-   */
-  expiresIn?: number;
-}
-
-/**
- * Validates passed init data presented as search params converted to string,
- * or its object presentation.
- *
- * @param sp - search parameters.
- * @param token - Telegram bot secret token.
- * @param options - validation options.
- * @see toSearchParams
- * @throws {TypeError} "hash" should be string.
- * @throws {Error} "hash" is empty or not found.
- * @throws {TypeError} "auth_date" should be string.
- * @throws {TypeError} "auth_date" does not represent integer.
- * @throws {Error} "auth_date" is empty or not found.
- * @throws {Error} Init data expired.
- * @throws {Error} Sign invalid.
- */
-export function validate(
-  sp: string | URLSearchParams,
-  token: string,
-  options: ValidateOptions = {},
-): void {
-  const searchParams = typeof sp === 'string' ? new URLSearchParams(sp) : sp;
-
-  // Init data creation time.
-  let authDate = new Date(0);
-
-  // Init data sign.
-  let hash = '';
-
-  // All search params pairs presented as `k=v`.
-  const pairs: string[] = [];
-
-  // Iterate over all key-value pairs of parsed parameters and find required
-  // parameters.
-  searchParams.forEach((value, key) => {
-    if (key === 'hash') {
-      hash = value;
-      return;
-    }
-
-    if (key === 'auth_date') {
-      const authDateNum = parseInt(value, 10);
-
-      if (Number.isNaN(authDateNum)) {
-        throw new TypeError('"auth_date" should present integer');
-      }
-      authDate = new Date(authDateNum * 1000);
-    }
-
-    // Append new pair.
-    pairs.push(`${key}=${value}`);
-  });
-
-  // Hash and auth date always required.
-  if (hash.length === 0) {
-    throw new Error('"hash" is empty or not found');
-  }
-
-  if (authDate.getTime() === 0) {
-    throw new Error('"auth_date" is empty or not found');
-  }
-
-  // In case, expiration time passed, we do additional parameters check.
-  const { expiresIn = 86400 } = options;
-
-  if (expiresIn > 0) {
-    // Check if init data expired.
-    if (authDate.getTime() + expiresIn * 1000 < new Date().getTime()) {
-      throw new Error('Init data expired');
-    }
-  }
-
-  // According to docs, we sort all the pairs in alphabetical order.
-  pairs.sort();
-
-  // Compute sign.
-  const computedHash = createHmac(
-    'sha256',
-    createHmac('sha256', 'WebAppData').update(token).digest(),
-  )
-    .update(pairs.join('\n'))
-    .digest()
-    .toString('hex');
-
-  // In case, our sign is not equal to found one, we should throw an error.
-  if (computedHash !== hash) {
-    throw new Error('Signature is invalid');
-  }
-}