Add telegram bot

2025-12-16 20:06:16 +07:00
parent 9fd93a185c
commit 412de3bf05
32 changed files with 1721 additions and 3 deletions
--- a/backend/app/core/config.py
+++ b/backend/app/core/config.py
@@ -20,6 +20,8 @@ class Settings(BaseSettings):

    # Telegram
    TELEGRAM_BOT_TOKEN: str = ""
+    TELEGRAM_BOT_USERNAME: str = ""
+    TELEGRAM_LINK_TOKEN_EXPIRE_MINUTES: int = 10

    # Uploads
    UPLOAD_DIR: str = "uploads"
--- a/backend/app/core/security.py
+++ b/backend/app/core/security.py
@@ -1,3 +1,8 @@
+import base64
+import hashlib
+import hmac
+import struct
+import time
 from datetime import datetime, timedelta
 from typing import Any

@@ -35,3 +40,71 @@ def decode_access_token(token: str) -> dict | None:
        return payload
    except jwt.JWTError:
        return None
+
+
+def create_telegram_link_token(user_id: int, expire_minutes: int = 10) -> str:
+    """
+    Create a short token for Telegram account linking.
+    Format: base64url encoded binary data (no separators).
+    Structure: user_id (4 bytes) + expire_at (4 bytes) + signature (8 bytes) = 16 bytes -> 22 chars base64url.
+    """
+    expire_at = int(time.time()) + (expire_minutes * 60)
+
+    # Pack user_id and expire_at as unsigned 32-bit integers (8 bytes total)
+    data = struct.pack(">II", user_id, expire_at)
+
+    # Create HMAC signature (take first 8 bytes)
+    signature = hmac.new(
+        settings.SECRET_KEY.encode(),
+        data,
+        hashlib.sha256
+    ).digest()[:8]
+
+    # Combine data + signature (16 bytes)
+    token_bytes = data + signature
+
+    # Encode as base64url without padding
+    token = base64.urlsafe_b64encode(token_bytes).decode().rstrip("=")
+
+    return token
+
+
+def verify_telegram_link_token(token: str) -> int | None:
+    """
+    Verify Telegram link token and return user_id if valid.
+    Returns None if token is invalid or expired.
+    """
+    try:
+        # Add padding if needed for base64 decoding
+        padding = 4 - (len(token) % 4)
+        if padding != 4:
+            token += "=" * padding
+
+        token_bytes = base64.urlsafe_b64decode(token)
+
+        if len(token_bytes) != 16:
+            return None
+
+        # Unpack data
+        data = token_bytes[:8]
+        provided_signature = token_bytes[8:]
+
+        user_id, expire_at = struct.unpack(">II", data)
+
+        # Check expiration
+        if time.time() > expire_at:
+            return None
+
+        # Verify signature
+        expected_signature = hmac.new(
+            settings.SECRET_KEY.encode(),
+            data,
+            hashlib.sha256
+        ).digest()[:8]
+
+        if not hmac.compare_digest(provided_signature, expected_signature):
+            return None
+
+        return user_id
+    except (ValueError, struct.error, Exception):
+        return None