G˝i2 ddlZddlmZddlmZddlmZddlmZddl m Z m Z e jdZe jd Zefd ed ed e d efdZefd ed ed e d e fdZy)N) itemgetter) parse_qsl)InvalidSignature)Ed25519PublicKey)WebAppInitDataparse_webapp_init_data@e7bf03a2fa4602af4580703d88dda5bb59f32ed8b02a56c187fe7d34caed242d@40055058a4ee38156a06562e52eece92a771bcd8346a8c4615cb7376eddf72ecbot_id init_datapublic_key_bytesreturnc  tt|d}|jdd}|sy|jdd|ddj d t |j td  Dz}|j}d t| d zz}tj||z}tj|} | j||y#t$rYywxYw#t$rYywxYw)aM Check incoming WebApp init data signature without bot token using only bot id. Source: https://core.telegram.org/bots/webapps#validating-data-for-third-party-use :param bot_id: Bot ID :param init_data: WebApp init data :param public_key: Public key :return: True if signature is valid, False otherwise T)strict_parsingF signatureNhashz :WebAppData  c30K|]\}}|d|yw)=N).0kvs X/home/leshdev/mybot/venv/lib/python3.12/site-packages/aiogram/utils/web_app_signature.py z)check_webapp_signature..*s#=q!1#Qqc =sr)keyr)dictr ValueErrorpopjoinsorteditemsrencodelenbase64urlsafe_b64decoderfrom_public_bytesverifyr) r r r parsed_data signature_b64data_check_stringmessagepaddingr public_keys rcheck_webapp_signaturer1s 9YtDE  OOK6M OOFD!!(-0499=%k&7&7&9z!}M=4 &&(Gc-((1,-G(()@AI!334DEJ)W-1 * s#C"C1" C.-C.1 C=<C=cLt|||r t|Sd}t|)a  Validate raw WebApp init data using only bot id and return it as WebAppInitData object :param bot_id: bot id :param init_data: data from frontend to be parsed and validated :param public_key_bytes: public key :return: WebAppInitData object zInvalid init data signature)r1r r )r r rmsgs r*safe_check_webapp_init_data_from_signaturer4<s+fi1AB%i00 'C S/)r'operatorr urllib.parsercryptography.exceptionsr1cryptography.hazmat.primitives.asymmetric.ed25519rweb_apprr bytesfromhexPRODUCTION_PUBLIC_KEYTEST_PUBLIC_KEYintstrboolr1r4rr5rrBs "4N; F-- bc 4) ))) )^4  r5