max-nestjs 0.0.2 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/max-auth.guard.d.ts +1 -0
- package/dist/max-auth.guard.js +61 -88
- package/dist/max-auth.guard.js.map +1 -1
- package/package.json +3 -2
package/dist/max-auth.guard.d.ts
CHANGED
package/dist/max-auth.guard.js
CHANGED
|
@@ -15,47 +15,76 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
15
15
|
exports.MaxAuthGuard = void 0;
|
|
16
16
|
const common_1 = require("@nestjs/common");
|
|
17
17
|
const max_constants_1 = require("./max.constants");
|
|
18
|
-
const common_2 = require("@nestjs/common");
|
|
19
18
|
const crypto_1 = require("crypto");
|
|
20
19
|
const max_constants_2 = require("./max.constants");
|
|
20
|
+
const utils_nodejs_1 = require("@companix/utils-nodejs");
|
|
21
21
|
let MaxAuthGuard = class MaxAuthGuard {
|
|
22
22
|
constructor(options) {
|
|
23
23
|
this.options = options;
|
|
24
24
|
}
|
|
25
25
|
canActivate(context) {
|
|
26
26
|
const request = context.switchToHttp().getRequest();
|
|
27
|
-
const
|
|
28
|
-
if (typeof
|
|
27
|
+
const rawInitData = request.headers[this.options.headerName];
|
|
28
|
+
if (!rawInitData || typeof rawInitData !== 'string') {
|
|
29
29
|
throw new common_1.UnauthorizedException('MAX init data is missing');
|
|
30
30
|
}
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
31
|
+
try {
|
|
32
|
+
const { initData, entities } = this.parseInitData(rawInitData);
|
|
33
|
+
if (!this.validateInitData(entities, initData.hash)) {
|
|
34
|
+
throw new common_1.UnauthorizedException('Invalid MAX init data signature');
|
|
35
|
+
}
|
|
36
|
+
request.maxInitData = initData;
|
|
37
|
+
request.maxUser = initData.user;
|
|
38
|
+
return true;
|
|
39
|
+
}
|
|
40
|
+
catch (error) {
|
|
41
|
+
throw new common_1.UnauthorizedException('Failed to validate Max init data');
|
|
42
|
+
}
|
|
35
43
|
}
|
|
36
|
-
validateInitData(
|
|
37
|
-
const
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
const userParam = getRequiredUniqueParam(params, 'user');
|
|
41
|
-
const launchParams = params
|
|
42
|
-
.filter((param) => param.key !== 'hash')
|
|
43
|
-
.sort((left, right) => left.key.localeCompare(right.key))
|
|
44
|
-
.map((param) => `${param.key}=${param.value}`)
|
|
44
|
+
validateInitData(entities, hash) {
|
|
45
|
+
const launchParamsString = entities
|
|
46
|
+
.sort((left, right) => left[0].localeCompare(right[0]))
|
|
47
|
+
.map((param) => `${param[0]}=${param[1]}`)
|
|
45
48
|
.join('\n');
|
|
46
49
|
const secretKey = (0, crypto_1.createHmac)('sha256', max_constants_2.MAX_WEB_APP_DATA_KEY).update(this.options.botToken).digest();
|
|
47
|
-
const calculatedHash = (0, crypto_1.createHmac)('sha256', secretKey).update(
|
|
48
|
-
|
|
49
|
-
|
|
50
|
+
const calculatedHash = (0, crypto_1.createHmac)('sha256', secretKey).update(launchParamsString).digest('hex');
|
|
51
|
+
return (0, utils_nodejs_1.safeEqual)(calculatedHash, hash);
|
|
52
|
+
}
|
|
53
|
+
parseInitData(rawInitData) {
|
|
54
|
+
const params = new URLSearchParams(rawInitData);
|
|
55
|
+
const entities = Array.from(params.entries());
|
|
56
|
+
const initData = {};
|
|
57
|
+
for (const [key, value] of entities) {
|
|
58
|
+
switch (key) {
|
|
59
|
+
case 'auth_date':
|
|
60
|
+
initData.auth_date = parseRequiredInteger(key, value);
|
|
61
|
+
break;
|
|
62
|
+
case 'hash':
|
|
63
|
+
initData.hash = value;
|
|
64
|
+
break;
|
|
65
|
+
case 'ip':
|
|
66
|
+
initData.ip = value;
|
|
67
|
+
break;
|
|
68
|
+
case 'query_id':
|
|
69
|
+
initData.query_id = value;
|
|
70
|
+
break;
|
|
71
|
+
case 'start_param':
|
|
72
|
+
initData.start_param = value;
|
|
73
|
+
break;
|
|
74
|
+
case 'chat':
|
|
75
|
+
initData.chat = parseJsonValue(key, value);
|
|
76
|
+
break;
|
|
77
|
+
case 'user':
|
|
78
|
+
initData.user = parseJsonValue(key, value);
|
|
79
|
+
break;
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
if (!initData.hash || !initData.auth_date || !initData.user) {
|
|
83
|
+
throw new common_1.BadRequestException('Invalid init data format');
|
|
50
84
|
}
|
|
51
85
|
return {
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
ip: getOptionalParam(params, 'ip'),
|
|
55
|
-
query_id: getOptionalParam(params, 'query_id'),
|
|
56
|
-
start_param: getOptionalParam(params, 'start_param'),
|
|
57
|
-
chat: parseOptionalJsonParam(params, 'chat'),
|
|
58
|
-
user: parseJsonValue(userParam.key, userParam.value)
|
|
86
|
+
entities,
|
|
87
|
+
initData: initData
|
|
59
88
|
};
|
|
60
89
|
}
|
|
61
90
|
};
|
|
@@ -65,75 +94,19 @@ exports.MaxAuthGuard = MaxAuthGuard = __decorate([
|
|
|
65
94
|
__param(0, (0, common_1.Inject)(max_constants_1.MAX_OPTIONS_SYMBOL)),
|
|
66
95
|
__metadata("design:paramtypes", [Object])
|
|
67
96
|
], MaxAuthGuard);
|
|
68
|
-
const
|
|
69
|
-
const
|
|
70
|
-
if (!
|
|
71
|
-
throw new
|
|
72
|
-
}
|
|
73
|
-
const params = parts.map(parseRawParam);
|
|
74
|
-
const occurrences = new Map();
|
|
75
|
-
for (const param of params) {
|
|
76
|
-
occurrences.set(param.key, (occurrences.get(param.key) ?? 0) + 1);
|
|
97
|
+
const parseRequiredInteger = (key, value) => {
|
|
98
|
+
const parsed = Number.parseInt(value, 10);
|
|
99
|
+
if (!Number.isFinite(parsed)) {
|
|
100
|
+
throw new common_1.BadRequestException(`Invalid MAX init data numeric value for "${key}"`);
|
|
77
101
|
}
|
|
78
|
-
|
|
79
|
-
if (count !== 1) {
|
|
80
|
-
throw new common_2.BadRequestException(`MAX init data contains duplicate parameter "${key}"`);
|
|
81
|
-
}
|
|
82
|
-
}
|
|
83
|
-
return params;
|
|
84
|
-
};
|
|
85
|
-
const parseRawParam = (rawParam) => {
|
|
86
|
-
const separatorIndex = rawParam.indexOf('=');
|
|
87
|
-
if (separatorIndex <= 0) {
|
|
88
|
-
throw new common_2.BadRequestException('Invalid MAX init data parameter');
|
|
89
|
-
}
|
|
90
|
-
const key = rawParam.slice(0, separatorIndex);
|
|
91
|
-
const encodedValue = rawParam.slice(separatorIndex + 1);
|
|
92
|
-
return {
|
|
93
|
-
key,
|
|
94
|
-
value: decodeValue(encodedValue)
|
|
95
|
-
};
|
|
96
|
-
};
|
|
97
|
-
const decodeValue = (value) => {
|
|
98
|
-
try {
|
|
99
|
-
return decodeURIComponent(value);
|
|
100
|
-
}
|
|
101
|
-
catch {
|
|
102
|
-
throw new common_2.BadRequestException('Failed to decode MAX init data parameter');
|
|
103
|
-
}
|
|
104
|
-
};
|
|
105
|
-
const getRequiredUniqueParam = (params, key) => {
|
|
106
|
-
const matches = params.filter((param) => param.key === key);
|
|
107
|
-
if (matches.length !== 1) {
|
|
108
|
-
throw new common_2.BadRequestException(`MAX init data must contain exactly one "${key}" parameter`);
|
|
109
|
-
}
|
|
110
|
-
return matches[0];
|
|
111
|
-
};
|
|
112
|
-
const getOptionalParam = (params, key) => {
|
|
113
|
-
const match = params.find((param) => param.key === key);
|
|
114
|
-
return match?.value;
|
|
115
|
-
};
|
|
116
|
-
const parseOptionalJsonParam = (params, key) => {
|
|
117
|
-
const value = getOptionalParam(params, key);
|
|
118
|
-
if (value === undefined) {
|
|
119
|
-
return undefined;
|
|
120
|
-
}
|
|
121
|
-
return parseJsonValue(key, value);
|
|
102
|
+
return parsed;
|
|
122
103
|
};
|
|
123
104
|
const parseJsonValue = (key, value) => {
|
|
124
105
|
try {
|
|
125
106
|
return JSON.parse(value);
|
|
126
107
|
}
|
|
127
108
|
catch {
|
|
128
|
-
throw new
|
|
129
|
-
}
|
|
130
|
-
};
|
|
131
|
-
const safeEqual = (left, right) => {
|
|
132
|
-
const leftBuffer = Buffer.from(left, 'utf8');
|
|
133
|
-
const rightBuffer = Buffer.from(right, 'utf8');
|
|
134
|
-
if (leftBuffer.length !== rightBuffer.length) {
|
|
135
|
-
return false;
|
|
109
|
+
throw new common_1.BadRequestException(`Invalid MAX init data JSON value for "${key}"`);
|
|
136
110
|
}
|
|
137
|
-
return (0, crypto_1.timingSafeEqual)(leftBuffer, rightBuffer);
|
|
138
111
|
};
|
|
139
112
|
//# sourceMappingURL=max-auth.guard.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"max-auth.guard.js","sourceRoot":"","sources":["../src/max-auth.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"max-auth.guard.js","sourceRoot":"","sources":["../src/max-auth.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAOuB;AACvB,mDAAoD;AAGpD,mCAAmC;AACnC,mDAAsD;AAEtD,yDAAkD;AAG3C,IAAM,YAAY,GAAlB,MAAM,YAAY;IACvB,YAEmB,OAAiC;QAAjC,YAAO,GAAP,OAAO,CAA0B;IACjD,CAAC;IAEG,WAAW,CAAC,OAAyB;QAC1C,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAc,CAAA;QAC/D,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;QAE5D,IAAI,CAAC,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;YACpD,MAAM,IAAI,8BAAqB,CAAC,0BAA0B,CAAC,CAAA;QAC7D,CAAC;QAED,IAAI,CAAC;YACH,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAA;YAE9D,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACpD,MAAM,IAAI,8BAAqB,CAAC,iCAAiC,CAAC,CAAA;YACpE,CAAC;YAED,OAAO,CAAC,WAAW,GAAG,QAAQ,CAAA;YAC9B,OAAO,CAAC,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAA;YAE/B,OAAO,IAAI,CAAA;QACb,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,8BAAqB,CAAC,kCAAkC,CAAC,CAAA;QACrE,CAAC;IACH,CAAC;IAEO,gBAAgB,CAAC,QAA4B,EAAE,IAAY;QACjE,MAAM,kBAAkB,GAAG,QAAQ;aAChC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;aACtD,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;aACzC,IAAI,CAAC,IAAI,CAAC,CAAA;QAEb,MAAM,SAAS,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,oCAAoB,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,CAAA;QACnG,MAAM,cAAc,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAE/F,OAAO,IAAA,wBAAS,EAAC,cAAc,EAAE,IAAI,CAAC,CAAA;IACxC,CAAC;IAEO,aAAa,CAAC,WAAmB;QACvC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,WAAW,CAAC,CAAA;QAC/C,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAA;QAC7C,MAAM,QAAQ,GAAyB,EAAE,CAAA;QAEzC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,QAAQ,EAAE,CAAC;YACpC,QAAQ,GAAG,EAAE,CAAC;gBACZ,KAAK,WAAW;oBACd,QAAQ,CAAC,SAAS,GAAG,oBAAoB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;oBACrD,MAAK;gBACP,KAAK,MAAM;oBACT,QAAQ,CAAC,IAAI,GAAG,KAAK,CAAA;oBACrB,MAAK;gBACP,KAAK,IAAI;oBACP,QAAQ,CAAC,EAAE,GAAG,KAAK,CAAA;oBACnB,MAAK;gBACP,KAAK,UAAU;oBACb,QAAQ,CAAC,QAAQ,GAAG,KAAK,CAAA;oBACzB,MAAK;gBACP,KAAK,aAAa;oBAChB,QAAQ,CAAC,WAAW,GAAG,KAAK,CAAA;oBAC5B,MAAK;gBACP,KAAK,MAAM;oBACT,QAAQ,CAAC,IAAI,GAAG,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;oBAC1C,MAAK;gBACP,KAAK,MAAM;oBACT,QAAQ,CAAC,IAAI,GAAG,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;oBAC1C,MAAK;YACT,CAAC;QACH,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YAC5D,MAAM,IAAI,4BAAmB,CAAC,0BAA0B,CAAC,CAAA;QAC3D,CAAC;QAED,OAAO;YACL,QAAQ;YACR,QAAQ,EAAE,QAAuB;SAClC,CAAA;IACH,CAAC;CACF,CAAA;AAlFY,oCAAY;uBAAZ,YAAY;IADxB,IAAA,mBAAU,GAAE;IAGR,WAAA,IAAA,eAAM,EAAC,kCAAkB,CAAC,CAAA;;GAFlB,YAAY,CAkFxB;AAED,MAAM,oBAAoB,GAAG,CAAC,GAAW,EAAE,KAAa,EAAU,EAAE;IAClE,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;IAEzC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,4BAAmB,CAAC,4CAA4C,GAAG,GAAG,CAAC,CAAA;IACnF,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC,CAAA;AAED,MAAM,cAAc,GAAG,CAAI,GAAW,EAAE,KAAa,EAAK,EAAE;IAC1D,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAM,CAAA;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,4BAAmB,CAAC,yCAAyC,GAAG,GAAG,CAAC,CAAA;IAChF,CAAC;AACH,CAAC,CAAA"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "max-nestjs",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.3",
|
|
4
4
|
"description": "NestJS helpers for validating MAX Mini App init data.",
|
|
5
5
|
"files": [
|
|
6
6
|
"dist",
|
|
@@ -22,7 +22,8 @@
|
|
|
22
22
|
"build": "rm -rf dist && tsc -p tsconfig.json"
|
|
23
23
|
},
|
|
24
24
|
"dependencies": {
|
|
25
|
-
"max-bridge": "*"
|
|
25
|
+
"max-bridge": "*",
|
|
26
|
+
"@companix/utils-nodejs": "*"
|
|
26
27
|
},
|
|
27
28
|
"devDependencies": {
|
|
28
29
|
"@nestjs/common": "^11.1.17",
|