passport-tg-web-app
v1.0.4
Published
A [Passport](https://www.passportjs.org/) strategy for [telegram web app (bots)](https://core.telegram.org/bots/webapps) authentication.
Downloads
5
Readme
telegram-web-app-passport
A Passport strategy for telegram web app (bots) authentication.
This module lets you authenticate endpoints using a telegram WebAppInitData.
Install
$ npm install passport-telegram-web-app
Usage
Configure Strategy
new JwtStrategy(options, verify)
options
is an object literal containing options to control how extracted data and hash from request and how is all of it checked
token
(required) is a string containing the telegram bot tokenexpiration
(optional) is a time in seconds to check if the token expires- default:
0
- default:
passRequestToCallback
(optional) is a boolean for cases when you need pass request object to verify callback- default:
false
- default:
dataFromRequest
(optional) function for extract data from request- default:
ExtractData.fromHeaders
- interface:
interface DataFromRequestFunction { (req: Request): Data | null; }
- default:
hashFromRequest
(optional) function for extract hash from request- default:
ExtractHash.fromHeaders
- interface:
interface HashFromRequestFunction { (req: Request): string | null; }
- default:
dataToCheckString
(optional) function to make check string from data- default:
Utils.dataToCheckString
- interface:
interface DataToCheckStringFunction { (data: Data): string; }
- default:
hashVerifier
(optional) function for verify hash- default:
Utils.hashVerifier
- interface:
interface HashVerifierFunction { (token: string, dataCheckString: string, hash: string, callback: HashVerifierCallbackFunction): void | Promise<void>; }
- HashVerifierCallbackFunction
interface HashVerifierCallbackFunction { (error: Error): void | Promise<void>; }
- default:
verify
is a callback function
request
(optional only if passRequestToCallback is true) is a request objectpayload
is an object literal containing web app userdone
is a passport error first callback accepting arguments done(error, user, info)
Extracting data from request
To be able to save flexible solutions, a special callback is used that pulls Data from the request. This callback is passed during configuration and is called dataFromRequest
. This callback, from now on referred to as an extractor, accepts a request object as an argument and returns the encoded JWT string or null.
Included extractors
fromHeaders
auth_date
header calledtg-web-app-auth-date
query_id
header calledtg-web-app-query-id
user
header calledtg-web-app-user
(pass as json)
Extracting hash from request
Essentially the same but for hash from web app init data. This callback is passed during configuration and is called hashFromRequest
.
Included extractors
fromHeaders
hash
header calledtg-web-app-hash
Other things (dataToCheckString, hashVerifier)
For understanding read how validate data received via the Web App.
Authenticate requests
Use passport.authenticate() specifying 'telegram-web-app' as the strategy.
Express
app.post('/ping', passport.authenticate('telegram-web-app', { session: false }), (request, response) => {
response.send('pong!');
});
NestJS
telegram-web-app.strategy.ts
import { Inject, Injectable } from "@nestjs/common";
import { PassportStrategy } from "@nestjs/passport";
import { Strategy, WebAppUserInterface } from "passport-telegram-web-app";
@Injectable()
export class TelegramWebAppStrategy extends PassportStrategy(Strategy) {
public constructor() {
super({
token: "your telegram bot token",
});
}
async validate(webAppUser: WebAppUserInterface): Promise<any> {
return webAppUser;
}
}
telegram-web-app.auth-guard.ts
import { Injectable } from "@nestjs/common";
import { AuthGuard } from "@nestjs/passport";
import { STRATEGY_NAME } from "passport-telegram-web-app";
@Injectable()
export class TelegramWebAppAuthGuard extends AuthGuard(STRATEGY_NAME) {}