TON AR Hotspots

from flask import Flask, Response, request, jsonify import json import os import hmac import hashlib from urllib.parse import unquote app = Flask(__name__) HOTSPOTS_FILE = 'hotspots.json' BOT_TOKEN = '6909363967:AAGl58czIt7Vra_V8wWR7MyXkN_ayS27Soo' def get_all_hotspots(): if not os.path.exists(HOTSPOTS_FILE): return [] try: with open(HOTSPOTS_FILE, 'r', encoding='utf-8') as f: return json.load(f) except (json.JSONDecodeError, FileNotFoundError): return [] def save_hotspot(new_hotspot): hotspots = get_all_hotspots() hotspots.append(new_hotspot) with open(HOTSPOTS_FILE, 'w', encoding='utf-8') as f: json.dump(hotspots, f, ensure_ascii=False, indent=4) def is_data_safe(init_data: str) -> (bool, dict): try: encoded_data = unquote(init_data) data_check_string = [] recieved_hash = '' for pair in encoded_data.split('&'): key, value = pair.split('=', 1) if key == 'hash': recieved_hash = value else: data_check_string.append(f"{key}={value}") data_check_string.sort() data_check_string = "\n".join(data_check_string) secret_key = hmac.new("WebAppData".encode(), BOT_TOKEN.encode(), hashlib.sha256).digest() calculated_hash = hmac.new(secret_key, data_check_string.encode(), hashlib.sha256).hexdigest() if calculated_hash == recieved_hash: data = {k: v for k, v in [pair.split('=', 1) for pair in encoded_data.split('&')]} user_data = json.loads(unquote(data['user'])) return True, user_data return False, None except Exception: return False, None @app.route('/') def index(): html_content = ''' TON AR Hotspots

''' return Response(html_content, mimetype='text/html') @app.route('/hotspots', methods=['GET', 'POST']) def handle_hotspots(): if request.method == 'GET': return jsonify(get_all_hotspots()) if request.method == 'POST': if not request.is_json: return jsonify({"error": "Missing JSON in request"}), 400 data = request.get_json() init_data = data.get('initData') if not init_data: return jsonify({"error": "Missing initData"}), 401 is_safe, user_data = is_data_safe(init_data) if not is_safe: return jsonify({"error": "Validation failed"}), 403 text = data.get('text') lat = data.get('lat') lon = data.get('lon') if not all([text, lat, lon]): return jsonify({"error": "Missing data: text, lat, or lon"}), 400 try: creator_info = user_data.get('first_name', 'User') if user_data.get('username'): creator_info = f"{creator_info} (@{user_data.get('username')})" new_hotspot = { "text": str(text), "lat": float(lat), "lon": float(lon), "creator_info": creator_info, "creator_id": user_data.get('id') } save_hotspot(new_hotspot) return jsonify({"success": True, "hotspot": new_hotspot}), 201 except (ValueError, TypeError): return jsonify({"error": "Invalid data types"}), 400 if __name__ == '__main__': app.run(host='0.0.0.0', port=7860, debug=False)