如何在电报Bot中获得身份验证? [英] How do I get authentication in a telegram bot?

问题描述

电报机器人现在已经准备好了.

Telegram Bots are ready now.

如果使用网络浏览器和网站的类比，则电报客户端应用程序就像浏览器客户端一样.

If we use the analogy of web browser and websites, the telegram client applications are like the browser clients.

电报聊天室就像网站.

假设我们有一些只想限制某些用户的信息，在网站上，我们将进行身份验证.

Suppose we have some information we only want to restrict to certain users, on the websites, we will have authentication.

我们如何在电报机器人上实现相同的效果?

How do we achieve the same effect on the Telegram Bots?

有人告诉我可以使用深层链接.请参见此处

I was told that I can use deep linking. See description here

我将在下面复制它:

1. 使用合适的用户名创建漫游器，例如@ExampleComBot
2. 设置传入消息的网络挂钩
3. 生成足够长度的随机字符串，例如$ memcache_key ="vCH1vGWJxfSeofSAs0K5PA"
4. 将带有$ memcache_key键的值123放入Memcache中3600秒(一小时)
5. 向我们的用户显示按钮 https://telegram.me/ExampleComBot?start=vCH1vGWJxfSeofSAs0K5PA
6. 配置Webhook处理器以使用/start开头的传入消息中传递的参数查询Memcached. 如果密钥存在，则记录传递给webhook的chat_id为 用户123的telegram_chat_id.从内存缓存中删除密钥.
7. 现在，当我们想向用户123发送通知时，请检查他们是否具有telegram_chat_id字段.如果是，请使用sendMessage Bot API中的方法来向他们发送电报消息.

1. Create a bot with a suitable username, e.g. @ExampleComBot
2. Set up a webhook for incoming messages
3. Generate a random string of a sufficient length, e.g. $memcache_key = "vCH1vGWJxfSeofSAs0K5PA"
4. Put the value 123 with the key $memcache_key into Memcache for 3600 seconds (one hour)
5. Show our user the button https://telegram.me/ExampleComBot?start=vCH1vGWJxfSeofSAs0K5PA
6. Configure the webhook processor to query Memcached with the parameter that is passed in incoming messages beginning with /start. If the key exists, record the chat_id passed to the webhook as telegram_chat_id for the user 123. Remove the key from Memcache.
7. Now when we want to send a notification to the user 123, check if they have the field telegram_chat_id. If yes, use the sendMessage method in the Bot API to send them a message in Telegram.

我知道如何做第1步.

我想了解其余的东西.

这是我尝试破译步骤2时要牢记的图像.

This is the image I have in mind when I try to decipher step 2.

因此，各种电报客户端在与它们的应用程序上的ExampleBot进行通信时都与电报服务器进行通信.通信是双向的.

So the various telegram clients communicate with the Telegram Server when talking to ExampleBot on their applications. The communication is two-way.

第2步建议Telegram服务器将通过Webhook更新ExampleBot服务器. Webhook只是一个URL.

Step 2 suggests that the Telegram Server will update the ExampleBot Server via a webhook. A webhook is just a URL.

到目前为止，我是正确的吗?

So far, am I correct?

将其用于身份验证的下一步是什么?

What's the next step towards using this for authentication?

推荐答案

更新:我用一个非常简单的PHP应用程序创建了一个GitHub存储库，以说明下面解释的概念:

Update: I created a GitHub repository with a very simple PHP application to illustrate the concept explained below:

https://github.com/pevdh/telegram-auth-example

是否使用Webhook是无关紧要的. 深层链接"说明:

Whether you use a webhook or not is irrelevant. The "deep linking" explained:

1. 让用户使用实际的用户名密码验证登录实际的网站.
2. 生成唯一的哈希码(我们将其称为unique_code)
3. 将unique_code->用户名保存到数据库或键值存储中.
4. 向用户显示URL https://telegram.me/YOURBOTNAME?start=unique_code
5. 现在，一旦用户在Telegram中打开此URL并按开始"，您的机器人就会收到一条包含"/start unique_code"的短信，其中的unique_code当然会被实际的哈希码代替.
6. 让机器人通过查询数据库或键值存储中的unique_code来检索用户名.
7. 将chat_id->用户名保存到数据库或键值存储中.

1. Let the user log in on an actual website with actual username-password authentication.
2. Generate a unique hashcode (we will call it unique_code)
3. Save unique_code->username to a database or key-value storage.
4. Show the user the URL https://telegram.me/YOURBOTNAME?start=unique_code
5. Now as soon as the user opens this URL in Telegram and presses 'Start', your bot will receive a text message containing '/start unique_code', where unique_code is of course replaced by the actual hashcode.
6. Let the bot retrieve the username by querying the database or key-value storage for unique_code.
7. Save chat_id->username to a database or key-value storage.

现在，当您的漫游器收到另一条消息时，它可以查询数据库中的message.chat.id来检查该消息是否来自该特定用户. (并据此进行处理)

Now when your bot receives another message, it can query message.chat.id in the database to check if the message is from this specific user. (And handle accordingly)

某些代码(使用 pyTelegramBotAPI ):

import telebot
import time

bot = telebot.TeleBot('TOKEN')

def extract_unique_code(text):
    # Extracts the unique_code from the sent /start command.
    return text.split()[1] if len(text.split()) > 1 else None

def in_storage(unique_code): 
    # Should check if a unique code exists in storage
    return True

def get_username_from_storage(unique_code): 
    # Does a query to the storage, retrieving the associated username
    # Should be replaced by a real database-lookup.
    return "ABC" if in_storage(unique_code) else None

def save_chat_id(chat_id, username):
    # Save the chat_id->username to storage
    # Should be replaced by a real database query.
    pass

@bot.message_handler(commands=['start'])
def send_welcome(message):
    unique_code = extract_unique_code(message.text)
    if unique_code: # if the '/start' command contains a unique_code
        username = get_username_from_storage(unique_code)
        if username: # if the username exists in our database
            save_chat_id(message.chat.id, username)
            reply = "Hello {0}, how are you?".format(username)
        else:
            reply = "I have no clue who you are..."
    else:
        reply = "Please visit me via a provided URL from the website."
    bot.reply_to(message, reply)

bot.polling()

while True:
    time.sleep(0)

注意:在Telegram客户端中，unique_code不会显示为"/start unique_code"，而只会显示为"/start"，但是您的漫游器仍会显示为"/start unique_code".

Note: the unique_code will not be shown as '/start unique_code', only '/start', in the Telegram client, but your bot will still receive '/start unique_code'.

这篇关于如何在电报Bot中获得身份验证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！