Telegram Web Apps Init Data
TypeScript isomorphic library to make work with Telegram Web Apps init data easier. Feel free to use it in browser and Node JS.
Installation
npm i twa-init-data
or
yarn add twa-init-data
Usage
Parsing
This library contains function called parse
which is able to convert init data presented as string or search params to more comfortable object with known parameters InitData
.
Here comes the example of usage:
import {parse} from 'twa-init-data';
const initDataRaw = 'query_id=AAHdF6IQAAAAAN0XohDhrOrc&user=%7B%22id%22%3A279058397%2C%22first_name%22%3A%22Vladislav%22%2C%22last_name%22%3A%22Kibenko%22%2C%22username%22%3A%22vdkfrost%22%2C%22language_code%22%3A%22ru%22%2C%22is_premium%22%3Atrue%7D&auth_date=1662771648&hash=c501b71e775f74ce10e377dea85a7ea24ecd640b223ea86dfe453e0eaed2e2b2';
console.log(parse(initDataRaw));
// {
// authDate: 2022-09-10T01:00:48.000Z,
// hash: 'c501b71e775f74ce10e377dea85a7ea24ecd640b223ea86dfe453e0eaed2e2b2',
// queryId: 'AAHdF6IQAAAAAN0XohDhrOrc',
// user: {
// id: 279058397,
// firstName: 'Vladislav',
// lastName: 'Kibenko',
// username: 'vdkfrost',
// languageCode: 'ru',
// isPremium: true
// }
// }
Function extracts required parameters and automatically validates their types. It will throw an error in case, some property has invalid type or value.
Validation
To validate init data sign, function validate
is used. It expects passing init data presented in raw format (search params) and throws an error in case, something is wrong. To see full list of errors, please, check function's JSDoc. It does not return any result.
import {validate} from 'twa-init-data';
const initDataRaw = 'query_id=AAHdF6IQAAAAAN0XohDhrOrc&user=%7B%22id%22%3A279058397%2C%22first_name%22%3A%22Vladislav%22%2C%22last_name%22%3A%22Kibenko%22%2C%22username%22%3A%22vdkfrost%22%2C%22language_code%22%3A%22ru%22%2C%22is_premium%22%3Atrue%7D&auth_date=1662771648&hash=c501b71e775f74ce10e377dea85a7ea24ecd640b223ea86dfe453e0eaed2e2b2';
const secretToken = '5768337691:AAH5YkoiEuPk8-FZa32hStHTqXiLPtAEhx8';
validate(initDataRaw, secretToken);
By default, function checks init data expiration. Default expiration duration is 1 day (86_400 seconds). It is recommended to always check init data expiration as long as it could be stolen, but still valid. To disable this feature, use third function argument:
import {validate} from 'twa-init-data';
const initDataRaw = 'query_id=AAHdF6IQAAAAAN0XohDhrOrc&user=%7B%22id%22%3A279058397%2C%22first_name%22%3A%22Vladislav%22%2C%22last_name%22%3A%22Kibenko%22%2C%22username%22%3A%22vdkfrost%22%2C%22language_code%22%3A%22ru%22%2C%22is_premium%22%3Atrue%7D&auth_date=1662771648&hash=c501b71e775f74ce10e377dea85a7ea24ecd640b223ea86dfe453e0eaed2e2b2';
const secretToken = '5768337691:AAH5YkoiEuPk8-FZa32hStHTqXiLPtAEhx8';
validate(initDataRaw, secretToken, {expiresIn: 0});