Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature]: Improve security by allowing to pass token's hmac hash instead of token #371

Closed
snimshchikov opened this issue Jun 29, 2024 · 2 comments
Closed

[Feature]: Improve security by allowing to pass token's hmac hash instead of token #371

snimshchikov opened this issue Jun 29, 2024 · 2 comments
Assignees
@heyqbnk
Labels
enhancement New feature or request

Comments

@snimshchikov
Copy link

Is your feature request related to a problem? Please describe.

I want to minimize the number of places where I need to provide bot token.

Describe the solution you'd like

an option skip_token_hashing added to ValidateOptions (or something like this)

Describe alternatives you've considered

No response

Additional context

Bot's token is always encoded with hmac sha256 function with the same key. It is possible to check data authenticity just by providing this hash instead of bot's token.
@snimshchikov snimshchikov added the enhancement New feature or request label Jun 29, 2024
@snimshchikov snimshchikov changed the title [Feature]: Improve secirity by allowing to pass token hmac hash istead of token [Feature]: Improve secirity by allowing to pass token's hmac hash istead of token Jun 29, 2024
@snimshchikov snimshchikov changed the title [Feature]: Improve secirity by allowing to pass token's hmac hash istead of token [Feature]: Improve secirity by allowing to pass token's hmac hash instead of token Jun 29, 2024
@snimshchikov snimshchikov changed the title [Feature]: Improve secirity by allowing to pass token's hmac hash instead of token [Feature]: Improve security by allowing to pass token's hmac hash instead of token Jun 29, 2024
@heyqbnk
Copy link
Member

heyqbnk commented Jul 6, 2024

Your feature is Implemented in @tma.js/init-data-node@1.4.0

@heyqbnk heyqbnk closed this as completed Jul 6, 2024
@snimshchikov
Copy link
Author

You are the best, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@heyqbnk heyqbnk

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@heyqbnk @snimshchikov