fregat/web-frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): encode telegram start payload safely

Browse Source
This commit is contained in:
Ruslan Bakiev
2026-04-03 17:49:18 +07:00
parent 448ade72b8
commit 93b6c51625
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
app/composables/useMessengerBotLink.ts
View File

@@ -1,10 +1,21 @@
function toBase64Url(value: string) {
if (typeof Buffer !== 'undefined') {
return Buffer.from(value, 'utf8').toString('base64url');
}
return btoa(value)
.replace(/\+/g, '-')
.replace(/\//g, '_')
.replace(/=+$/g, '');
}
export function buildMessengerBotStartUrl(baseUrl: string, email: string) { export function buildMessengerBotStartUrl(baseUrl: string, email: string) {
const normalizedEmail = email.trim().toLowerCase(); const normalizedEmail = email.trim().toLowerCase();
if (!baseUrl || !normalizedEmail) { if (!baseUrl || !normalizedEmail) {
return ''; return '';
} }
const payload = encodeURIComponent(`login:${normalizedEmail}`); const payload = encodeURIComponent(toBase64Url(`login:${normalizedEmail}`));
const separator = baseUrl.includes('?') ? '&' : '?'; const separator = baseUrl.includes('?') ? '&' : '?';
return `${baseUrl}${separator}start=${payload}`; return `${baseUrl}${separator}start=${payload}`;
} }