zimk/TeleWatchdog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update verification TTL and init data checks

Browse Source
This commit is contained in:
zimk
2026-04-19 19:44:35 +08:00
parent c3139d6826
commit 2e058e5c60
2 changed files with 21 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.env.example
View File

@@ -1,5 +0,0 @@
BOT_TOKEN=
TG_WEBHOOK_SECRET=
AI_BASE_URL=
AI_API_KEY=
TURNSTILE_SECRET=

22
src/index.ts
View File

@@ -77,7 +77,8 @@ interface RequestContext {
const JOIN_PREFIX = "join:"; const JOIN_PREFIX = "join:";
const ACTIVE_PREFIX = "active:"; const ACTIVE_PREFIX = "active:";
const CHALLENGE_TTL_MS = 10 * 60 * 1000; const CHALLENGE_TTL_MS = 10 * 60 * 1000;
const RECORD_TTL_SECONDS = 24 * 60 * 60; const RECORD_TTL_SECONDS = 30 * 60;
const INIT_DATA_MAX_AGE_SECONDS = 10 * 60;
type Locale = "zh" | "en"; type Locale = "zh" | "en";
export default { export default {
@@ -362,6 +363,25 @@ async function verifyTelegramWebAppInitData(env: Env, initData: string, expected
throw new HttpError(401, "invalid_init_data_hash"); throw new HttpError(401, "invalid_init_data_hash");
} }
const authDateRaw = params.get("auth_date");
if (!authDateRaw) {
throw new HttpError(401, "missing_init_data_auth_date");
}
const authDate = Number(authDateRaw);
if (!Number.isFinite(authDate)) {
throw new HttpError(401, "invalid_init_data_auth_date");
}
const nowSeconds = Math.floor(Date.now() / 1000);
if (authDate > nowSeconds + 30) {
throw new HttpError(401, "invalid_init_data_auth_date");
}
if (nowSeconds - authDate > INIT_DATA_MAX_AGE_SECONDS) {
throw new HttpError(401, "expired_init_data");
}
const userRaw = params.get("user"); const userRaw = params.get("user");
if (!userRaw) { if (!userRaw) {
throw new HttpError(401, "missing_init_data_user"); throw new HttpError(401, "missing_init_data_user");