Merge pull request #13 from CrazyTapok-bit/dev-master

Simplified hash removal before validation
CrazyTapok-bit · Mar 30, 2023 · c4c9e60 · c4c9e60
2 parents b65854a + 0f29cbe
commit c4c9e60
Showing 1 changed file with 7 additions and 8 deletions.
diff --git a/src/TgWebValid.php b/src/TgWebValid.php
@@ -28,10 +28,7 @@ public function isValid(string $initData)
             $rawData
         )));
 
-        $data = implode("\n", array_filter(
-            $rawData,
-            fn ($item) => substr($item, 0, strlen('hash=')) !== 'hash='
-        ));
+        $data = implode("\n", $this->ridHash($rawData));
 
         $secretKey = hash_hmac('sha256', $this->token, 'WebAppData', true);
         $hash      = bin2hex(hash_hmac('sha256', $data, $secretKey, true));
@@ -51,14 +48,16 @@ public function isLoginValid(array $user)
 
         sort($rawData);
 
-        $data = implode("\n", array_filter(
-            $rawData,
-            fn ($item) => substr($item, 0, strlen('hash=')) !== 'hash='
-        ));
+        $data = implode("\n", $this->ridHash($rawData));
 
         $secretKey = hash('sha256', $this->token, true);
         $hash      = hash_hmac('sha256', $data, $secretKey);
 
         return 0 === strcmp($hash, $this->user->hash);
     }
+
+    private function ridHash(array $array): array
+    {
+        return preg_grep('/^hash=/i', $array, PREG_GREP_INVERT);
+    }
 }