From 7148e68e0697e5afbce4190a272e384b04ebf59a Mon Sep 17 00:00:00 2001
From: user <unexpected@gmail.com>
Date: Sun, 27 Oct 2024 17:57:36 +0300
Subject: [PATCH] fix auth.twa

---
 app/api/routes/auth.py | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/app/api/routes/auth.py b/app/api/routes/auth.py
index 115c17c..55eb2a6 100644
--- a/app/api/routes/auth.py
+++ b/app/api/routes/auth.py
@@ -5,7 +5,7 @@ from sanic import response
 from sqlalchemy import select, and_
 from tonsdk.utils import Address
 
-from app.core._config import TELEGRAM_API_KEY
+from app.core._config import TELEGRAM_API_KEY, CLIENT_TELEGRAM_API_KEY
 from app.core.logger import make_log
 from app.core.models import KnownKey, WalletConnection
 from app.core.models.user import User
@@ -21,8 +21,20 @@ async def s_api_v1_auth_twa(request):
             auth_data[req_key] = None
 
     twa_data = auth_data['twa_data']
-    twa_data = safe_parse_webapp_init_data(token=TELEGRAM_API_KEY, init_data=twa_data)
-    assert twa_data
+
+    valid_twa_data = False
+    for validation_api_key in [TELEGRAM_API_KEY, CLIENT_TELEGRAM_API_KEY]:
+        try:
+            twa_data = safe_parse_webapp_init_data(token=validation_api_key, init_data=twa_data)
+            assert twa_data
+            valid_twa_data = True
+            break
+        except:
+            pass
+
+    if not valid_twa_data:
+        make_log("auth", "Invalid TWA data", level="warning")
+        return response.json({"error": "Invalid TWA data"}, status=401)
 
     known_user = request.ctx.db_session.query(User).filter(User.telegram_id == twa_data.user.id).first()
     if not known_user: