Telegram小程序指南 | 授权用户

riyad

本帖最后由 riyad 于 2025-2-21 19:27 编辑

本文提供了不同编程语言的代码示例，说明开发人员如何使用 Telegram 初始数据授权用户。

客户端

首先，需要从客户端向服务器传输初始数据开始。我们可以使用此代码：

import { retrieveLaunchParams } from '@telegram-apps/sdk';
3 X/ C6 t7 h( k2 ^& v
& P: r# l! T" P2 N! ~
const { initDataRaw } = retrieveLaunchParams();
& S; |' p3 {# |0 ?
$ X; A, q6 H; S( j2 K% }' w3 s3 b2 z
fetch('https://example.com/api', {
+ z& p: ?5 E" h4 [0 g& M4 o6 R
method: 'POST',
1 W9 i z# [3 X
headers: {4 Q9 ~' k8 a2 ~- l
Authorization: `tma ${initDataRaw}`
( D! m' P B- x% V( M' W, k
},
. o& W5 R4 r1 U# `6 _4 ]$ c4 D
});

复制代码

我们使用 https://example.com/api URL 向假想的服务器发送请求。该请求使用 HTTP POST 方法（你可以使用任何你想要的方法），并附加 Authorization（授权）标头，这在这里是最重要的。表示一个字符串，包含由空格分割的两个部分。第一个描述授权方法（在的情况下，我们的服务器将支持其他几种方法），第二个包含授权数据。就 Telegram Mini Apps 而言，第二部分是原始 init 数据。

服务器端

现在，当 init 数据传输到服务器端时，我们应该创建一个简单的 HTTP 服务器，使用这些数据并授权用户。

Node.js

Node.js 示例使用 express 处理 HTTP 请求。

import { validate, parse, type InitDataParsed } from '@telegram-apps/init-data-node';3 A: G( N% x( ]. S* o, N) e5 j0 I: G# {
import express, {) ~) `: f& J& D' q
type ErrorRequestHandler,& _! ?: ~3 q( [2 X9 J* r, _
type RequestHandler," G8 e& @, k% t3 N7 B0 a% S- S2 @
type Response,! K3 r! w1 E( H( j- u$ Y6 W
} from 'express';8 S3 j+ W9 l3 E, b7 l
W9 `9 C2 ^7 H* j g- [
/**
( w# D f2 [" _, [5 C; K- e, ?7 P
* Sets init data in the specified Response object.
, M' c) L1 Z0 r2 C' D: e$ ~
* @param res - Response object.# Q& T5 U }/ R0 {
* @param initData - init data.
. j/ f W8 p: `1 f. @$ ^4 \+ n
*/6 R3 v, A7 f' w' }
function setInitData(res: Response, initData: InitDataParsed): void {+ l$ n+ P5 X9 B+ I7 Z
res.locals.initData = initData;# O9 D C2 l; u+ h( d+ D! z7 Y' [# ^
}; X( X$ Y3 D- K
/ U' S) R8 F" e1 X* u6 p
/**
3 n, r' X" H# p" Z
* Extracts init data from the Response object.
u+ \. [6 I m3 }
* @param res - Response object.
. t& V8 p7 b1 I2 L1 p
* @returns Init data stored in the Response object. Can return undefined in case,! V7 g+ o; i* T* o! ]) I& T
* the client is not authorized.
! K5 C/ F! g7 M8 M1 d
*/. d# w4 J% H- V2 U4 [
function getInitData(res: Response): InitDataParsed | undefined {
# H% S/ Q4 ]: y
return res.locals.initData;2 ]6 _2 {, F; Z0 [# ^; @
}
' V- N" [" J, n1 V" L% h* Z/ j' X
3 I2 r! A4 y( O. O, Y% z8 X
/**
9 Y8 ~, `2 {: O, v9 \, X/ R! [
* Middleware which authorizes the external client.( d; j: x) Z0 c- F) z
* @param req - Request object.
& k$ `& x( Q2 e& R+ s4 J( o+ x
* @param res - Response object.2 e# g7 Z' @) e8 m
* @param next - function to call the next middleware.+ d* w! W7 q! l* X" s' y- h
*/% A4 r( Q( a0 X8 ?4 U' H( ]$ E
const authMiddleware: RequestHandler = (req, res, next) => {( x! \/ z0 p, L4 M
// We expect passing init data in the Authorization header in the following format:
" s" l# K5 |) h5 ]& X# c+ G
// <auth-type> <auth-data>8 R" H( A5 ], K) u9 d% T+ l
// <auth-type> must be "tma", and <auth-data> is Telegram Mini Apps init data.3 f O# [& q5 m4 [ p! g
const [authType, authData = ''] = (req.header('authorization') || '').split(' ');
+ F: G( q8 K; G9 P. {* A
1 z9 ]1 S& J/ e* B
switch (authType) {
# T& [" s; u6 D* N5 x, z# l2 }
case 'tma':
2 M# {5 r9 ]& \4 c# K$ g
try {' d4 e' I0 l! o) \% e6 m
// Validate init data.
4 A/ d/ d k0 m' W) n1 e/ }
validate(authData, token, {
* v! ?" m9 l) p2 g' c: F) w
// We consider init data sign valid for 1 hour from their creation moment.
, A- b' u& U+ V9 [$ s" N' _) m5 @
expiresIn: 3600,% m: |2 H, R7 z5 W% d( @, V
});6 {7 F4 i! B+ @5 }) t
& C7 U' k# v0 H' d |- Z# e
// Parse init data. We will surely need it in the future. w& V5 ]% _. K4 ?5 S$ v8 Y3 l
setInitData(res, parse(authData));
5 q5 z8 k9 G! z. k$ [) l
return next();
& w. S6 ~/ C8 G' S) o6 o) Z
} catch (e) {
8 @* n7 A& l3 O6 K; z
return next(e);
! y1 a$ Q# V- D9 Y4 {2 p! s( X- _- `
}
% Y; I" I" ~/ O [
// ... other authorization methods.
# z3 x4 N; b: n" H8 q2 o( h' u6 U2 S
default:# o C& j, w" V5 |2 o& i
return next(new Error('Unauthorized'));: P i1 y* }: p
}
5 L. ~9 }# ^4 ?1 _9 ]* B( a4 Q/ k
};
4 I. Y1 q0 [) @4 p6 V( X. E+ F/ A
7 ]# x3 q2 @$ Y) G
/**2 W0 }) G o" A' \& z9 [
* Middleware which shows the user init data.
, e6 `9 i# |8 k ?0 Z
* @param _req
$ Q3 n8 H0 h# z" v: ~
* @param res - Response object.
: [2 V$ N* R# A" k/ S5 Z: B ^; R, [
* @param next - function to call the next middleware.; N, |$ D8 B( D* a' G8 H
*/7 G6 ^( k z! N6 ?* v
const showInitDataMiddleware: RequestHandler = (_req, res, next) => {! x- I' w: T c K) O3 ~2 U
const initData = getInitData(res);7 {0 n( D2 t1 F# ~% ]5 w# @
if (!initData) {
* s k8 V0 o' f0 @
return next(new Error('Cant display init data as long as it was not found'));6 Q! V" i; I d" l
}9 \0 d: F, b" ~" @6 H' P" G" M
res.json(initData);
! Y3 d. ~0 ]4 H4 P, v
};% p) W1 m: p" O) E a8 }
# e8 w1 V5 n: U" r$ G: w
/**( b2 z. |. I) Y( A) _& N
* Middleware which displays the user init data.7 B/ g) @2 F0 V) j4 e
* @param err - handled error., X' A* q( X1 W* Q2 w
* @param _req
3 ~, p( b a% y* C4 E3 q. J
* @param res - Response object.. Y! t2 H* F- m5 X
*/$ ^& H$ k1 d4 U' z
const defaultErrorMiddleware: ErrorRequestHandler = (err, _req, res) => { q: E, N* ~2 ]6 ?( c
res.status(500).json({
0 s+ P8 [: s0 _, {9 ?+ }
error: err.message,
9 c% p9 ?& |8 S: U) \, @ x
});
( h- L6 W1 y, W5 t3 L5 X
};
& x. i3 _1 U& s& y5 ~
5 H- y4 y& s7 C7 X5 s- q
// Your secret bot token.4 e- N) ]4 M! U+ o0 S1 O
const token = '1234567890:ABC';# c" ~- R3 l! Z; G8 w; T% J! h
4 E% X$ r5 {' r' e3 Z r
// Create an Express applet and start listening to port 3000.
8 J, l! |) V* i, W2 a
const app = express();
' a: r" H0 g3 i' v( I. G# n
j' H; \5 `) _ w# s$ Z! A
app.use(authMiddleware);
: m7 Y! f, }$ t7 Z5 j2 F
app.get('/', showInitDataMiddleware);( I3 F; @. D4 e& @1 f! C8 B
app.use(defaultErrorMiddleware);$ N) g' a0 |& C' _/ m' P9 m; M& C
& n) m: C$ Q) C& c- e- f6 b* n' M! u
app.listen(3000);0 m7 g4 w; D) b; B+ h
- ~7 O' u( m2 b4 `6 W0 ~4 @
// After the HTTP server was launched, try sending an HTTP GET request to the URL
- x; G7 q9 \% _8 D
// http://localhost:3000/ with an Authorization header containing data in the required format.

复制代码

GoLang[color=var(--vp-c-brand-1)]

GoLang 示例使用 [color=var(--vp-c-brand-1)]gin 处理 HTTP 请求。

package main( I( M* c: y$ b8 [% Y8 P. L
7 w! Y% ?6 `# A, B/ y
import (" S# e, o5 l) c7 Q* e% ]7 q1 ?# U* f
"context"
/ @& J$ n5 s2 Z8 u9 |$ K4 Y
"strings"! x4 p! _9 U; ^' }" m3 T3 |; a9 r
"time"
8 j( \% Z9 @0 G! B9 d: ]5 B5 J
! R1 S/ I0 x. `7 g, Z
"github.com/gin-gonic/gin"
- w. J: T# H! S3 Y, P1 K9 `! ], S
initdata "github.com/telegram-mini-apps/init-data-golang"
9 r/ A: i; l9 [3 q4 A% T
)/ A; j+ G1 g' p) M: p: ~
0 v: ?8 b2 |. l" E. t3 B8 G
type contextKey string5 S: c; x" _: p) o* }/ y( @. [$ S/ d
6 ^* k. _5 {3 Q" M+ a# T
const (
3 X+ o. e2 X) o0 k( |
_initDataKey contextKey = "init-data"# {* r5 d: P1 o
)" d* G9 J7 _& A d
) d7 C* i' }7 H7 N5 `* p y L
// Returns new context with specified init data.
# m. `! R: N; Y) X7 y9 T f% G* q1 d
func withInitData(ctx context.Context, initData initdata.InitData) context.Context {$ L! y; x7 r/ O0 N$ x
return context.WithValue(ctx, _initDataKey, initData)
; u E. Q5 o3 t1 y( T( @
}2 e1 I* }1 |7 i( |0 G
. R7 P, r% _% ^, k7 D
// Returns the init data from the specified context.
+ |+ \. T4 }0 m- @, z& B
func ctxInitData(ctx context.Context) (initdata.InitData, bool) {8 w: L+ B9 S$ i- n
initData, ok := ctx.Value(_initDataKey).(initdata.InitData): c1 W; I' P5 x
return initData, ok
+ P* Q) U h9 \. A
}
( t; y; G U7 s6 L
9 U2 I. E( p& `* I
// Middleware which authorizes the external client.) Q8 |: m$ ~$ i3 ^
func authMiddleware(token string) gin.HandlerFunc {
! R5 j/ Y: W; i# @
return func(context *gin.Context) {( ^2 P2 _, H+ _5 Z Q
// We expect passing init data in the Authorization header in the following format:" d# ]9 E: E$ f1 M) k$ L! r
// <auth-type> <auth-data>) K9 o& [, { j" h7 g( p
// <auth-type> must be "tma", and <auth-data> is Telegram Mini Apps init data.* H/ Y" O7 k! K6 ]+ U X/ c; Z6 ^
authParts := strings.Split(context.GetHeader("authorization"), " ")
4 I9 |) y! m! F( M
if len(authParts) != 2 {
5 Q' N# h C( o" u" A- u
context.AbortWithStatusJSON(401, map[string]any{
5 C8 X# C& K( V) E& K# \+ q }; Z
"message": "Unauthorized",
' c, i7 `5 o1 N& o
})5 Z! q% _& N5 E& m& a2 T
return
! z# o3 ~, V Y! h
}
- h3 P. {0 D: Y, s4 D5 d% ~( k" Z
; z# ?, Q7 C2 x X G( I; c/ S, f
authType := authParts[0]
2 V2 K D$ w: e- Y! }1 o3 V" ^$ A4 @
authData := authParts[1]
' f; w9 T' T3 p# y
0 L' Y' t' x4 o
switch authType {6 Z$ E+ B+ f9 }. f
case "tma":
" G# S$ v2 F7 [! t! p& ~/ Y7 j1 I
// Validate init data. We consider init data sign valid for 1 hour from their8 v, X; p* E9 D- j
// creation moment.
. c9 N( |' c2 @7 e E; I( ?; Y
if err := initdata.Validate(authData, token, time.Hour); err != nil {
* h c# N8 I O* c/ l' Q3 e
context.AbortWithStatusJSON(401, map[string]any{& H! V. J( e+ _
"message": err.Error(),
0 _$ a/ t! T4 `' N5 O+ m% k) m: p
})
" i) I9 ~9 B2 h
return
: U4 a+ G# e3 f6 Q* {; n
}1 m9 p+ N. b0 H: N9 w
N8 ~3 Q. p$ y7 h1 r
// Parse init data. We will surely need it in the future.0 A0 {$ L; x" I
initData, err := initdata.Parse(authData)
- ]. c) a# d5 t; L3 `2 r2 F4 a
if err != nil {
2 n5 \. d& |& v5 v" o5 c% S
context.AbortWithStatusJSON(500, map[string]any{
4 u5 n7 t: E8 c
"message": err.Error(),* e4 n* o) R: M0 [7 b9 h
})
8 Z/ v6 E! i" o2 f9 l6 f6 t
return# U0 ?8 h+ I: ?( X
}) O2 Z' ~% z7 X5 m5 ]( K
! ]! r% k, c/ W E* D# u# k8 t! O
context.Request = context.Request.WithContext(9 F* R; I9 i. {! p5 [( E
withInitData(context.Request.Context(), initData),
' _+ a( |4 P1 [: \8 p
)4 N& z5 h) R; A8 d/ H- H
}: i4 j# y/ l' y3 ?' G& ~; {, u( c
} @. F) Z; b w
}1 |* @' ?# \& T1 Z7 Q& s8 I
7 @* S; p* F) M% h: H
// Middleware which shows the user init data.7 c' d5 J0 z) n; W) q/ q
func showInitDataMiddleware(context *gin.Context) {
# I9 o: M' Z2 I6 I2 J! e' w
initData, ok := ctxInitData(context.Request.Context())
0 D! J/ A& U) i0 E; a) T. H
if !ok {
& o0 D1 @' \: S0 z/ ?8 Y1 X
context.AbortWithStatusJSON(401, map[string]any{
' a3 ]5 q5 e. [$ f
"message": "Init data not found",& U8 V( w0 b# @1 \9 q9 A4 [9 _
})
: i0 K+ ~# H* h& k) x( Y7 I2 r/ \
return
4 ?2 o5 `6 b% v- g. }
}
! w) h z/ }. O" `
2 B2 j* U& k$ e% h) r" H9 ]
context.JSON(200, initData)0 R3 D3 R4 R4 \3 R( ^- t
}$ j6 d1 R+ ?+ f2 a7 h
! \: M+ `1 ]! m2 @1 {( W% A0 `
func main() {: s. r5 N: D2 k) M1 S" u* y
// Your secret bot token.
! y6 B# R! l. ]6 |" q
token := "1234567890:ABC"
/ t$ q' c) y4 Q0 ~! `- T ^
. r' x# | }) x; }3 b
r := gin.New()
+ C! f9 C X" j' U1 j
' c! h4 E0 N# X( E8 }' Y u! B
r.Use(authMiddleware(token))& h4 x) I! ~% {3 C& z$ m
r.GET("/", showInitDataMiddleware)
# o) _$ N4 a, T) S
* O7 r, o+ g: o3 I5 |6 o1 a3 F3 I
if err := r.Run(":3000"); err != nil {
% h1 S1 l: R2 X4 y4 n6 h
panic(err): k+ f' s: v) f. F. s. H3 {
}! _- {/ k/ `$ C+ D7 l( N6 ^
}

复制代码

Telegram小程序 指南 | 授权用户

riyad LV4

Telegram小程序指南 | 授权用户