fix: switch telegram connect to short token and single-window redirect

2026-02-22 09:20:22 +07:00
parent 25f7f8dfb4
commit 5679f22f7f
4 changed files with 44 additions and 88 deletions
--- a/frontend/server/api/omni/telegram/business/connect/complete.post.ts
+++ b/frontend/server/api/omni/telegram/business/connect/complete.post.ts
@@ -1,6 +1,5 @@
 import { readBody } from "h3";
 import { prisma } from "../../../../../utils/prisma";
-import { verifyLinkToken } from "../../../../../utils/telegramBusinessConnect";

 type CompleteBody = {
  token?: string;
@@ -13,15 +12,9 @@ export default defineEventHandler(async (event) => {
    throw createError({ statusCode: 400, statusMessage: "token is required" });
  }

-  const payload = verifyLinkToken(token);
-  if (!payload) {
-    return { ok: false, status: "invalid_or_expired_token" };
-  }
-
-  const pendingId = `pending:${payload.nonce}`;
+  const pendingId = `pending:${token}`;
  const pending = await prisma.telegramBusinessConnection.findFirst({
    where: {
-      teamId: payload.teamId,
      businessConnectionId: pendingId,
    },
  });
@@ -31,6 +24,11 @@ export default defineEventHandler(async (event) => {
  }

  const raw = (pending.rawJson ?? {}) as any;
+  const exp = Number(raw?.link?.exp ?? 0);
+  if (Number.isFinite(exp) && exp > 0 && Math.floor(Date.now() / 1000) > exp) {
+    return { ok: false, status: "invalid_or_expired_token" };
+  }
+
  const telegramUserId = raw?.link?.telegramUserId != null ? String(raw.link.telegramUserId).trim() : "";
  if (!telegramUserId) {
    return { ok: false, status: "awaiting_telegram_start" };
@@ -41,12 +39,12 @@ export default defineEventHandler(async (event) => {
    prisma.telegramBusinessConnection.upsert({
      where: {
        teamId_businessConnectionId: {
-          teamId: payload.teamId,
+          teamId: pending.teamId,
          businessConnectionId: linkedConnectionId,
        },
      },
      create: {
-        teamId: payload.teamId,
+        teamId: pending.teamId,
        businessConnectionId: linkedConnectionId,
        isEnabled: true,
        canReply: true,
@@ -55,7 +53,7 @@ export default defineEventHandler(async (event) => {
          mode: "token_link",
          linkedAt: new Date().toISOString(),
          telegramUserId,
-          tokenNonce: payload.nonce,
+          tokenNonce: token,
        },
      },
      update: {
@@ -66,7 +64,7 @@ export default defineEventHandler(async (event) => {
          mode: "token_link",
          linkedAt: new Date().toISOString(),
          telegramUserId,
-          tokenNonce: payload.nonce,
+          tokenNonce: token,
        },
      },
    }),