Telegram小程序指南 | 授权用户

riyad

本帖最后由 riyad 于 2025-2-21 19:27 编辑

本文提供了不同编程语言的代码示例，说明开发人员如何使用 Telegram 初始数据授权用户。

客户端

首先，需要从客户端向服务器传输初始数据开始。我们可以使用此代码：

import { retrieveLaunchParams } from '@telegram-apps/sdk';1 m5 p" e) y7 U" A4 K/ j
" h: V9 v' i9 p: i4 ?6 J
const { initDataRaw } = retrieveLaunchParams();
" O: }: I7 I7 m: I% [; r
5 ^+ S# J+ ~- d: x. F
fetch('https://example.com/api', {* ~) t- b, Y: w
method: 'POST',4 z7 K* G' T: I; n
headers: {3 y4 R- w x4 p P
Authorization: `tma ${initDataRaw}`
: @% A9 ^2 d( ?% i$ }# P
}, P5 u3 C9 i7 U9 e: z- r) U( ?; J; i9 e
});

复制代码

我们使用 https://example.com/api URL 向假想的服务器发送请求。该请求使用 HTTP POST 方法（你可以使用任何你想要的方法），并附加 Authorization（授权）标头，这在这里是最重要的。表示一个字符串，包含由空格分割的两个部分。第一个描述授权方法（在的情况下，我们的服务器将支持其他几种方法），第二个包含授权数据。就 Telegram Mini Apps 而言，第二部分是原始 init 数据。

服务器端

现在，当 init 数据传输到服务器端时，我们应该创建一个简单的 HTTP 服务器，使用这些数据并授权用户。

Node.js

Node.js 示例使用 express 处理 HTTP 请求。

import { validate, parse, type InitDataParsed } from '@telegram-apps/init-data-node';: U" E) k4 [ W% ?, W
import express, {
6 V7 Q# g3 a5 U+ h. T- ^
type ErrorRequestHandler,& X' Y& _9 b3 R, [) {. C) Q
type RequestHandler,0 i6 t1 ?* E& ` l, X
type Response,! G9 `( _# \7 m+ S% e
} from 'express';; X+ x/ V% c* i% |3 P% m, a
) b) L/ w, A4 W3 u- l
/**7 n j7 O9 z( N; P( n
* Sets init data in the specified Response object.
$ p* c- L' s$ ?# r* u
* @param res - Response object.- |1 n0 v0 w3 y6 H
* @param initData - init data.
# Y% [2 f* g# u4 t
*/
8 N, G% Q& R" `7 H
function setInitData(res: Response, initData: InitDataParsed): void {
: ?8 |1 e" ~/ U. s, |' [) D
res.locals.initData = initData;
5 x+ ?& m/ Y8 t
}( M1 \2 d& L$ D5 C X7 v
A/ G: t# a4 d$ ~
/**2 W$ A* S# n* Z9 K, x3 l
* Extracts init data from the Response object.
& t) _1 j a& x/ p0 ?# _& E, ~
* @param res - Response object.* A- w' m- B6 B, M/ v
* @returns Init data stored in the Response object. Can return undefined in case, W# S7 A' t3 T: O
* the client is not authorized.( Q" U' A/ s3 g6 t b9 q- b
*/
( Y$ b9 ]/ z k: x, o
function getInitData(res: Response): InitDataParsed | undefined {
4 I0 g. x, ]% _) D* T
return res.locals.initData;
2 X% O; F6 @0 D) u1 H
}$ p& _) U$ M' r+ [; K. r
/ E N: @4 _) W* [4 N P2 s% p
/**( I7 L* c' J# l @# I5 r+ \
* Middleware which authorizes the external client.3 T4 ]" G1 a' o. X: K" m* F+ n+ v
* @param req - Request object.
9 i" b' u0 g- l2 B ]
* @param res - Response object.
0 a8 i+ J/ R7 V$ g6 f+ s+ D2 z
* @param next - function to call the next middleware.
- t! c( F0 X8 O# a& c3 }
*/( r4 P1 H1 U/ `9 Y9 B/ m: }
const authMiddleware: RequestHandler = (req, res, next) => {! q5 A$ F i9 |6 C J
// We expect passing init data in the Authorization header in the following format:. {8 L& t2 `0 X% r
// <auth-type> <auth-data>- R) z- q" Z2 L- D' c/ p
// <auth-type> must be "tma", and <auth-data> is Telegram Mini Apps init data.' O- X1 s$ H( H
const [authType, authData = ''] = (req.header('authorization') || '').split(' ');
, w. z3 Y- M# w$ C
4 F" T& T0 n# J6 A+ N u3 A
switch (authType) {1 T2 g8 E$ r; N; F- r
case 'tma':6 N' r- B. a3 @4 i
try {, c2 q8 @8 Y8 j0 r: Y& X
// Validate init data.# N0 X( B" R2 j$ a: r& j
validate(authData, token, {
! ]7 n4 a) f9 Q
// We consider init data sign valid for 1 hour from their creation moment.) Z/ Q3 w: M( Z* j0 y$ g* g
expiresIn: 3600,- K) ]+ G0 G* H0 H& F& p
});) o2 g; ? n1 d' c" o
, ?) `8 M7 a5 _9 X
// Parse init data. We will surely need it in the future.
7 V1 u2 a4 X2 i) u% p
setInitData(res, parse(authData));
* D/ `5 o. U9 A
return next();
* B" h6 R- U7 v6 F/ R7 z
} catch (e) {
return next(e);
0 G4 G3 M% P" d5 h1 s6 g$ B
}
& k6 y. B" [* V& T' o4 i: }
// ... other authorization methods.1 ?3 c" B1 K) A9 A, z, p
default:8 j1 h% Q* a" @; l( K% Z: l
return next(new Error('Unauthorized'));8 b& `- B9 x. O. f9 E: r9 y
}
" w1 @7 f7 x& G" I
};. D; t* n, [/ R! n* d! D
( s8 m5 b+ L) ~2 m+ h) J, l y
/**0 e4 l1 t6 I" J1 _* A
* Middleware which shows the user init data.+ B: a$ ^' v' k, J9 M
* @param _req
2 ?1 i2 k2 N& Q! P
* @param res - Response object.; F h5 _5 ?$ K" J. i; {* r
* @param next - function to call the next middleware.+ p0 h) x }/ p2 O- T
*/, P5 ~' o& U9 _5 t9 l' e _
const showInitDataMiddleware: RequestHandler = (_req, res, next) => {6 [( @) A" T/ F+ V. {3 ^' D1 s
const initData = getInitData(res);0 x8 N3 ~- P+ P1 H
if (!initData) {9 C, p8 ?+ U9 b$ S8 v; L
return next(new Error('Cant display init data as long as it was not found'));
+ U2 A1 ]4 v! ~! U( o
}& Q* L0 H T- O! F& C( \' E) e
res.json(initData);
: l& }+ s! n: ^- N2 X; ~
};6 k' R7 I7 {$ X6 w, M0 ?- x
8 G7 v: a5 c0 Q7 v
/**5 ?7 t7 d7 C9 j% ~& t
* Middleware which displays the user init data.. c! G1 \/ h# s0 V4 y! a. c2 _
* @param err - handled error.( G" E/ w1 U2 l7 H6 F
* @param _req
# [; [% M4 X( U |' E5 ]
* @param res - Response object.
: K( F1 Z/ x0 Z; J: x3 t2 O& A
*/3 v# S) b! ]! M& @- U
const defaultErrorMiddleware: ErrorRequestHandler = (err, _req, res) => {
) j6 x1 x8 a0 O2 I4 I1 |1 k
res.status(500).json({/ e% \# A* n' J" [
error: err.message,
" s% y0 W# t$ S/ k4 ~# [$ O. Z5 v
});
! ?% r9 n& u; V, z( J P
};
2 U& f; m! h; ]- H( `7 c
! y5 ? ?$ m. A: X# k6 c
// Your secret bot token.8 j0 G$ p0 C6 g5 s
const token = '1234567890:ABC';: g5 _/ u4 B3 Y
% F" m2 t& Y- x( T
// Create an Express applet and start listening to port 3000.# u: h& W1 g' W a& s! Z
const app = express();
! A/ B4 F, a, B' D( w/ w
7 N2 \- C' H% D# }* I. B
app.use(authMiddleware);( ^: E# u! m' }! P4 y
app.get('/', showInitDataMiddleware);
( V& D7 U! y1 @ q! W7 k0 @
app.use(defaultErrorMiddleware);
6 q% w/ d- r, }9 e! f8 [' J
( u/ P$ V" |% U, p6 H4 t
app.listen(3000);
$ P3 v$ l2 P9 Q9 n! V
6 G1 u$ d; f' ~- I; k* S% F3 Z
// After the HTTP server was launched, try sending an HTTP GET request to the URL
: y6 n/ L7 d4 O1 m/ B2 W3 m! c
// http://localhost:3000/ with an Authorization header containing data in the required format.

复制代码

GoLang[color=var(--vp-c-brand-1)]

GoLang 示例使用 [color=var(--vp-c-brand-1)]gin 处理 HTTP 请求。

package main. X" b& `0 `, S- D0 u$ ^
D) I. R, `* F* h% E# p" F5 U
import (2 T9 Q( n; \$ G3 w
"context". O( `* H, C K w# D, r3 @
"strings"
, W( a, ~6 t( J, U* d( V
"time"
% [1 ]; |" c3 x& `3 E8 a" Q
% a4 f6 o: Z& V: }+ m( g: Y6 P
"github.com/gin-gonic/gin"
+ w4 C5 f9 a; u1 _* y! g
initdata "github.com/telegram-mini-apps/init-data-golang"6 B ~) Z* ^. J$ h
), T; n9 s m. F: a/ D& [
0 r( a' F, [4 E9 c9 f# B
type contextKey string. B: j- `: Q& J3 V4 F4 s) I
# J, n, q8 [: f) {
const (# j- C' K* p+ q0 u
_initDataKey contextKey = "init-data"5 m3 {6 D' \! g& [4 m: N: h+ n& @
)0 X' X7 O$ E, s# L% g: E
# T! T8 [6 h8 I1 |8 `
// Returns new context with specified init data.
, A3 G+ M1 f% c' c4 `
func withInitData(ctx context.Context, initData initdata.InitData) context.Context {) X5 M; a2 f. U% S) Y4 h% x! W& _
return context.WithValue(ctx, _initDataKey, initData)# h- z/ _9 U' S* ~
}
3 m5 t( |9 k) S# u& t5 j
* x3 E% p, M8 d$ v) G4 D3 m7 g" M
// Returns the init data from the specified context.: [, O! w0 e( D& m0 N! |
func ctxInitData(ctx context.Context) (initdata.InitData, bool) {9 W3 j1 X* Z! l G! i
initData, ok := ctx.Value(_initDataKey).(initdata.InitData)
! M! a9 w- l! y' o: g! F* d" ^" k
return initData, ok
/ v9 ]- E" T5 h& T( S5 O
}
2 L% D4 e" D7 ]
! n6 g. B, E4 z+ W! l, W
// Middleware which authorizes the external client.: v' G, I! J/ M$ _6 I* @
func authMiddleware(token string) gin.HandlerFunc {
" K6 ~9 T7 c! B9 i2 k/ D
return func(context *gin.Context) {
1 Q. e8 w2 g3 b! K8 H4 ~, A1 F1 R
// We expect passing init data in the Authorization header in the following format:7 L) `' B2 W* W
// <auth-type> <auth-data>
$ s) \ Q6 A8 i
// <auth-type> must be "tma", and <auth-data> is Telegram Mini Apps init data./ U' w8 @3 |5 a0 Y+ F5 P
authParts := strings.Split(context.GetHeader("authorization"), " ")
) v: y: E. y9 O |/ b! W
if len(authParts) != 2 {
& F* S. U& T! q
context.AbortWithStatusJSON(401, map[string]any{$ D f8 p$ y8 a- h1 N
"message": "Unauthorized",
( I' X# X" e8 z5 ^ d4 T- c
})
. W" ?& b, H7 f1 i; `
return
, R) T' d0 m1 w5 L+ E9 F# J+ h
}# y6 ^& y" z% x9 R0 u: ^# } ^
, V# p, R9 ^! @( v" S
authType := authParts[0]
) B# F# F' \: ^. d: z1 z
authData := authParts[1]3 o( I' T y6 Q" F9 A# h/ |# j9 w
" E6 c& \( r _8 \
switch authType {
! ~- d5 {0 X: Z. _# L. M0 i8 x
case "tma":
# D7 t1 C+ b; Y/ Y: `
// Validate init data. We consider init data sign valid for 1 hour from their
& i5 {& {4 p( U
// creation moment.
k, f& H/ m0 Y1 \
if err := initdata.Validate(authData, token, time.Hour); err != nil {9 |: H4 L) `: P9 P9 `
context.AbortWithStatusJSON(401, map[string]any{8 u9 Q+ ` {9 Q3 M5 K. z2 w
"message": err.Error(),
* F1 U b. ?; c; y# U
})
; ?! d& e8 z/ E. [2 r: b+ F
return8 @& ^+ s9 f- o: b1 z
}& {! ?# ~9 o' O3 M
: w: m& D6 o& k. _
// Parse init data. We will surely need it in the future.) J5 t, O* f' O* R2 I& [ ?: l3 L
initData, err := initdata.Parse(authData)
2 X b0 E/ o4 @4 L8 n! h' u }
if err != nil {5 A! l. B0 h' L. z& s+ d5 p* g
context.AbortWithStatusJSON(500, map[string]any{
- c! S/ Y4 X5 w% N- ^
"message": err.Error()," d6 A' R) {; P2 X: b" s# n
})8 T# T4 l W9 c- l1 }, ^
return
# b' T# T- I& R% n* j
}5 V+ }% u1 e3 t8 Z( d2 u- y
* x% I6 H c2 B% a3 k
context.Request = context.Request.WithContext(
5 }6 I+ ~6 u2 {! [% w) y6 k
withInitData(context.Request.Context(), initData),0 w7 Y3 I5 e. |5 m6 y! h; i. I( U6 i
)7 a* a; o: ]/ ^) R" w
}# v* P+ B7 b: j }
}0 t' n. b- x. B
}# A* j a' h$ h5 Q6 }
$ o9 ?7 e c( ?! V1 ?
// Middleware which shows the user init data.+ P7 }1 U; }3 l( _1 P+ r v
func showInitDataMiddleware(context *gin.Context) {
2 R: P: q/ n9 S% l1 J
initData, ok := ctxInitData(context.Request.Context())
2 o. c) ]# _( _; k
if !ok {' Y6 u3 v+ H P, u1 z! X
context.AbortWithStatusJSON(401, map[string]any{
5 D9 y8 i, z: K; v4 [0 ^. w
"message": "Init data not found",
, B6 b, ~6 J2 @
})- _# j8 A! W8 v& |. b2 J
return
! G. [1 A% I, Y8 p: k! Q1 h
}9 ?8 i" ~0 R- T+ z
7 Z# H, @/ n. i6 U0 ^+ ^
context.JSON(200, initData)
+ O* A. X1 l& Y w" Z% A6 J
}) C- p3 n" {$ P
+ _' t4 F* q4 ^& ]4 c
func main() {9 J8 @" A$ r$ r# I2 A5 p7 m
// Your secret bot token.
* C# f) T( W P& R
token := "1234567890:ABC"
0 L" w+ _$ W' l: }7 _
6 U4 v3 r+ d. l& @
r := gin.New(); [1 z4 {2 ]! s6 Z# q- k# I
" |! | E5 b/ |8 D$ }- J0 w0 }
r.Use(authMiddleware(token)); I4 P* j1 n9 L; S/ m, f" [
r.GET("/", showInitDataMiddleware); s/ P, e6 T( H- F
9 G' S- @- g* U2 G4 e I
if err := r.Run(":3000"); err != nil {
# R! h6 Q) y- x3 J$ m
panic(err)
W" X5 Q( W6 E, {
}
7 A1 \4 Z' E+ m* p- l
}

复制代码

Telegram小程序 指南 | 授权用户

riyad LV4

Telegram小程序指南 | 授权用户