Function telegram_login::check_signature

source ·

pub fn check_signature(
    bot_token: String,
    user: TelegramLogin
) -> Result<(), TelegramLoginError>

Expand description

Verifies that the hash in the Telegram auth object is valid.

The algorithm from the Telegram docs:

secret_key = SHA256(<bot_token>)
hex(HMAC_SHA256(data_check_string, secret_key)) == hash

Examples:

extern crate chrono;
extern crate telegram_login;

use chrono::NaiveDateTime;
use telegram_login::{TelegramLogin, TelegramLoginError, check_signature};

let t_l = TelegramLogin {
  id: 666666666,
  username: Some("my_username".to_string()),
  first_name: Some("Some".to_string()),
  last_name: Some("Guy".to_string()),
  photo_url: Some("https://t.me/i/userpic/320/my_username.jpg".to_string()),
  auth_date: NaiveDateTime::from_timestamp(1543194375, 0),
  hash: "a9cf12636fb07b54b4c95673d017a72364472c41a760b6850bcd5405da769f80".to_string()
};

let bot_token = "777777777:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa".to_string();

match check_signature(bot_token, t_l) {
  Ok(()) => {
    // The login is valid, so we can log the user in.
  }
  Err(TelegramLoginError::InvalidHash) => {
    // The login failed, so we need to return an error to the client.
  }
  Err(TelegramLoginError::VerificationFailed) => {
    // The login failed, so we need to return an error to the client.
  }
}