fix(auth): encode telegram start payload safely

2026-04-03 17:49:18 +07:00
parent 448ade72b8
commit 93b6c51625
1 changed files with 12 additions and 1 deletions
--- a/app/composables/useMessengerBotLink.ts
+++ b/app/composables/useMessengerBotLink.ts
@@ -1,10 +1,21 @@
+function toBase64Url(value: string) {
+  if (typeof Buffer !== 'undefined') {
+    return Buffer.from(value, 'utf8').toString('base64url');
+  }
+
+  return btoa(value)
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+    .replace(/=+$/g, '');
+}
+
 export function buildMessengerBotStartUrl(baseUrl: string, email: string) {
  const normalizedEmail = email.trim().toLowerCase();
  if (!baseUrl || !normalizedEmail) {
    return '';
  }

-  const payload = encodeURIComponent(`login:${normalizedEmail}`);
+  const payload = encodeURIComponent(toBase64Url(`login:${normalizedEmail}`));
  const separator = baseUrl.includes('?') ? '&' : '?';
  return `${baseUrl}${separator}start=${payload}`;
 }