Toutsu/GmRelayBot
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases 15 Wiki Activity

v1.1.0: Полный редизайн фронтенда, усиление безопасности и обновление версии
Deploy Telegram Bot / build-and-push (push) Successful in 5m19s
Details
Deploy Telegram Bot / deploy (push) Successful in 10s
Details

Browse Source
This commit is contained in:
Toutsu
2026-04-21 15:21:18 +03:00
parent b6af5f047c
commit 176f1105ab
18 changed files with 1392 additions and 413 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/GmRelay.Web/Services/SessionService.cs
+5 -3
View File
@@ -11,7 +11,8 @@ public sealed record WebSession(Guid Id, Guid GroupId, string Title, DateTime Sc
public sealed class SessionService(
NpgsqlDataSource dataSource,
ITelegramBotClient bot)
ITelegramBotClient bot,
ILogger<SessionService> logger)
{
public async Task<List<WebGameGroup>> GetGroupsForGmAsync(long gmId)
{
@@ -121,9 +122,10 @@ public sealed class SessionService(
parseMode: Telegram.Bot.Types.Enums.ParseMode.Html,
replyMarkup: renderResult.Markup);
}
catch (Exception)
catch (Exception ex)
{
// Ignore if message too old or same content
// Log but don't throw — message may be too old or have same content
logger.LogWarning(ex, "Failed to update batch message {MessageId} in chat {ChatId}", messageId, chatId);
}
}
}
src/GmRelay.Web/Services/TelegramAuthService.cs
+8 -9
View File
@@ -26,19 +26,18 @@ public sealed class TelegramAuthService(IConfiguration configuration)
var dataCheckString = string.Join("\n", dataCheckList);
// 2. Compute Secret Key
using var sha256 = SHA256.Create();
var secretKey = sha256.ComputeHash(Encoding.UTF8.GetBytes(token));
// 2. Compute Secret Key (static method — no IDisposable needed)
var secretKey = SHA256.HashData(Encoding.UTF8.GetBytes(token));
// 3. Compute Hash
using var hmac = new HMACSHA256(secretKey);
var computedHashBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(dataCheckString));
var computedHash = Convert.ToHexString(computedHashBytes).ToLower();
// 3. Compute Hash (static method — no IDisposable needed)
var computedHashBytes = HMACSHA256.HashData(secretKey, Encoding.UTF8.GetBytes(dataCheckString));
if (computedHash != hash.ToString().ToLower())
// 4. Timing-safe comparison to prevent timing attacks
var hashBytes = Convert.FromHexString(hash.ToString());
if (!CryptographicOperations.FixedTimeEquals(computedHashBytes, hashBytes))
return false;
// 4. Check expiration (auth_date)
// 5. Check expiration (auth_date)
if (query.TryGetValue("auth_date", out var authDateStr) && long.TryParse(authDateStr, out var authDate))
{
var now = DateTimeOffset.UtcNow.ToUnixTimeSeconds();