fix: switch telegram connect to short token and single-window redirect

2026-02-22 09:20:22 +07:00
parent 25f7f8dfb4
commit 5679f22f7f
4 changed files with 44 additions and 88 deletions
--- a/frontend/server/api/omni/telegram/business/webhook.post.ts
+++ b/frontend/server/api/omni/telegram/business/webhook.post.ts
@@ -5,7 +5,6 @@ import {
  extractLinkTokenFromStartText,
  getBusinessConnectionFromUpdate,
  getTelegramChatIdFromUpdate,
-  verifyLinkToken,
 } from "../../../../utils/telegramBusinessConnect";

 function hasValidSecret(event: any) {
@@ -78,8 +77,13 @@ export default defineEventHandler(async (event) => {
  }

  if (linkToken) {
-    const payload = verifyLinkToken(linkToken);
-    if (!payload) {
+    const pendingId = `pending:${linkToken}`;
+    const pending = await prisma.telegramBusinessConnection.findFirst({
+      where: {
+        businessConnectionId: pendingId,
+      },
+    });
+    if (!pending) {
      if (startChatId) {
        void telegramBotApi("sendMessage", {
          chat_id: startChatId,
@@ -90,20 +94,31 @@ export default defineEventHandler(async (event) => {
      return { ok: true, accepted: false, reason: "invalid_or_expired_link_token" };
    }

-    const pendingId = `pending:${payload.nonce}`;
+    const rawPending = (pending.rawJson ?? {}) as any;
+    const exp = Number(rawPending?.link?.exp ?? 0);
+    if (Number.isFinite(exp) && exp > 0 && Math.floor(Date.now() / 1000) > exp) {
+      if (startChatId) {
+        void telegramBotApi("sendMessage", {
+          chat_id: startChatId,
+          text: "Ссылка привязки истекла. Вернись в CRM и нажми Connect заново.",
+          reply_markup: crmConnectButton(),
+        }).catch(() => {});
+      }
+      return { ok: true, accepted: false, reason: "invalid_or_expired_link_token" };
+    }
+
    const chatId = startChatId;

    await prisma.telegramBusinessConnection.updateMany({
      where: {
-        teamId: payload.teamId,
+        teamId: pending.teamId,
        businessConnectionId: pendingId,
      },
      data: {
        rawJson: {
          state: "pending_business_connection",
          link: {
-            nonce: payload.nonce,
-            exp: payload.exp,
+            ...(rawPending?.link ?? {}),
            linkedAt: nowIso,
            telegramUserId: chatId,
            chatId,