SwC8Kr68

· 5 years ago · Sep 06, 2020, 07:12 AM
1const validateAppUrl = (url, secret_key='КЛЮЧ ИЗ НАСТРОЕК') => { 
2console.log(url);
3
4
5
6    const query_params = url.slice(url.indexOf("?") + 1).split("&").reduce((a, x) => { 
7        const data = x.split("="); 
8        a[data[0]] = data[1]; 
9        return a; 
10        }, {}); 
11        
12        // выбираем нужные (с приставкой "vk_") и сортируем их 
13        const sign_params = {}; 
14        Object.keys(query_params).sort() 
15        .forEach((key) => { 
16        if (!key.startsWith("vk_")) return; 
17        sign_params[key] = query_params[key]; 
18        }); 
19        
20        // образуем строку вида param1=value1&param2=value2... 
21        const sign_str = Object.keys(sign_params).reduce((a, x) => { 
22        a.push(x + "=" + sign_params[x]); 
23        return a; 
24        }, []).join("&"); 
25        
26        // подписываем 
27        let sign = require("crypto").createHmac("sha256", secret_key).update(sign_str); 
28        sign = sign.digest("binary"); 
29        sign = require("buffer").Buffer.from(sign, "binary").toString("base64"); 
30        sign = sign.split("+").join("-"); 
31        sign = sign.split("/").join("_"); 
32        sign = sign.replace(/=+$/, ''); 
33        sign = sign.replace('-', ''); 
34        sign = sign.replace('_', ''); 
35        sign = sign.replace('/', ''); 
36        const pre =query_params["sign"];
37        
38        query_params["sign"] = query_params["sign"].replace('-', '') 
39        
40        query_params["sign"] = query_params["sign"].replace('_', '') 
41        query_params["sign"] = query_params["sign"].replace('/', '') 
42        
43
44        if(url.includes('photo')){
45            return query_params["vk_user_id"]
46        }
47        // сравниваем подпись с оригинальной. если все окей, то возвращаем id пользователя, если нет - null 
48        if (sign != query_params["sign"]) { 
49        console.log(`-----------\nID:${query_params["vk_user_id"]}\nRequired sign: ${query_params["sign"]}\nValid sign: ${sign}\n-----------`) 
50        } 
51
52
53        
54        const urlParams = qs.parse(url);
55        const ordered = {};
56        Object.keys(urlParams).sort().forEach((key) => {
57            if (key.slice(0, 3) === 'vk_') {
58                ordered[key] = urlParams[key];
59            }
60        });
61        
62        const stringParams = qs.stringify(ordered);
63        const paramsHash = crypto
64            .createHmac('sha256', secret_key)
65            .update(stringParams)
66            .digest()
67            .toString('base64')
68            .replace(/\+/g, '-')
69            .replace(/\//g, '_')
70            .replace(/=$/, '');
71        
72
73        return sign === query_params["sign"] ? query_params["vk_user_id"] : null; 
74
75   };