0

I need to do authorization through telegram. The procedure is as follows:

  1. Generate a random string
  2. Write it into the cache
  3. We pass this line to the bot through the command /start random_str
  4. The bot sends a request to the server, where the system compares the value of the transmitted string and received from the bot
  5. If everything is fine, we authorize / register the user

Everything collapses at the time of authorization. After all, authorization is stored in the session, and the session of the bot is always different and does not coincide with the session of the user who sent the request from the site. But I've already seen such authorizations, for example, https://storebot.me/

AuthController (website)

public function getLogin()
{
    cache(['auth_key' => str_random(24)], 10);
    return view('panel.auth.login');
}

AuthController (Bot)

public function auth(Request $request): JsonResponse
{
    if (!isset($request->auth_key) || $request->auth_key !== cache('auth_key')) {
        return response()->json([
            'status' => false,
            'message' => 'invalid_token',
        ]);
    }

    if (!auth()->check()) {
        if (!$user = User::where('username', $request->user['username'])->first()) {
            DB::beginTransaction();
            try {
                $user = new User();
                $user->chat_id = $request->chat_id;
                $user->username = $request->user['username'];
                $user->first_name = $request->user['first_name'];
                $user->last_name = $request->user['last_name'];
                $user->save();
                DB::commit();
            } catch (\Exception $e) {
                DB::rollBack();
                return response()->json([
                    'status' => false,
                    'message' => $e->getMessage()
                ]);
            }
        }

        auth()->login($user);
    }

    return response()->json([
        'status' => true,
        'message' => 'Вы успешно авторизированы.',
    ]);
}

login.blade.php

<a href="https://t.me/surgead_bot?start={{ cache('auth_key') }}" target="_blank">Открыть <i class="fa fa-telegram"></i> и нажать Start</a>

bot.js (long polling script for bot)

bot.onText(/\/start (.+)/, (msg, params) => {
axios.post('auth', {
    auth_key: params[1],
    chat_id: msg.chat.id,
    user: msg.from
})
    .then(response => {
        console.log(response.data);
        if (response.data.status === false) {
            // log or smth??
        }

        bot.sendMessage(msg.from.id, response.data.message);
    })
    .catch(error => {
        console.log(error);
    });

});

So, I have Laravel 5 as backend. Bot works on JS. The problem is of session, I think. Because, when I sent auth_key to bot, it sends request to the server, and the auth session isn't for the user session, just for bot. But I have no idea, how to auth in needed session. I tried to create new session with the user's session id, but Laravel doesn't permit this.

weijinnx
  • 61
  • 1
  • 1
  • 7

1 Answers1

0

I have made it by using Autologin in laravel side which login by a token stored in MySQL and in telegram bot generate token and make link to laravel route

https://t.me/intermarkbot