承接 kilogram/auth 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

kilogram/auth

Composer 安装命令:

composer require kilogram/auth

包简介

Secure and simple validation library for Telegram Login Widget and Web App data (including Third-Party validation support).

README 文档

README

Telegram Auth 🔑

Latest Version PHP Version License Stars Downloads

Secure and simple validation library for Telegram Login Widget and Web App (including Third-Party validation support).

Features

  • Telegram Login Widget – validate payloads from the login widget (hash verification, timestamp check).
  • Telegram Web App – authenticate users inside mini‑apps by verifying initData.
  • Third‑Party Use – validate Telegram data for external services (without a bot token, using bot ID).
  • Simple API – ready‑to‑use methods like isValidLoginWidget(), validateWebApp(), plus exceptions for error handling.
  • Secure by design – uses cryptographically strong hashing (hash_hmac, sodium) to prevent data tampering.
  • PHP 8.2+ – modern, strictly typed code.

Requirements

Installation

composer require kilogram/auth

Quick start

Note

Usage examples are also available in the examples directory.

Login Widget (simple)

Basic validation of the data received from the Telegram Login Widget. Checks the hash and timestamp, returns a boolean result.

use Kilogram\Auth\Validator;

$data = $_GET;

$validator = new Validator($_ENV['TELEGRAM_BOT_TOKEN']);

if ($validator->isValidLoginWidget($data)) {
    echo "Authenticated. User ID: " . $data['id'];
} else {
    echo "Authentication failed";
}

Login Widget (with exceptions)

A more robust approach that throws specific exceptions for invalid input (missing parameters) and validation failures (tampered data).

use Kilogram\Auth\Validator;
use Kilogram\Auth\Exceptions\InvalidDataException;
use Kilogram\Auth\Exceptions\ValidationException;

$data = $_GET;

$validator = new Validator($_ENV['TELEGRAM_BOT_TOKEN']);

try {
    $validator->validateLoginWidget($data);
    echo "Authenticated. Hello " . ($data['first_name'] ?? 'user');
} catch (InvalidDataException $e) {
    // Developer error: invalid input format (e.g. missing "hash")
    echo "Bad request: " . $e->getMessage();
} catch (ValidationException $e) {
    // Invalid signature: possible tampering
    echo "Authentication failed";
}

Web App (simple)

Verifies the initData string from a Telegram Web App. Returns true if the signature is valid and the data is fresh.

use Kilogram\Auth\Validator;

$initData = $_POST['initData'];

$validator = new Validator($_ENV['TELEGRAM_BOT_TOKEN']);

if ($validator->isValidWebApp($initData)) {
    echo "Web App authenticated";
} else {
    echo "Invalid initData";
}

Web App (with exceptions)

Same as above, but throws exceptions for malformed input or invalid signatures, giving you finer control over error handling.

use Kilogram\Auth\Validator;
use Kilogram\Auth\Exceptions\InvalidDataException;
use Kilogram\Auth\Exceptions\ValidationException;

$initData = $_POST['initData'];

$validator = new Validator($_ENV['TELEGRAM_BOT_TOKEN']);

try {
    $validator->validateWebApp($initData);
    echo "Web App authenticated";
} catch (InvalidDataException $e) {
    // Developer error: initData format is broken / empty
    echo "Bad request: " . $e->getMessage();
} catch (ValidationException $e) {
    // Invalid signature
    echo "Authentication failed";
}

Web App Third-Party (simple)

Validates data for third‑party services without using a bot token. Only the bot ID is required.

use Kilogram\Auth\Validator;

$initData = $_POST['initData'];

if (Validator::isValidWebAppDataForThirdParty($initData, $botId)) {
    echo "Web App authenticated (Third-Party)!";
} else {
    echo "Invalid data";
}

Web App Third-Party (with exceptions)

The same third‑party validation, but with exception-based error reporting.

use Kilogram\Auth\Validator;
use Kilogram\Auth\Exceptions\ValidationException;

$initData = $_POST['initData'];

try {
    Validator::validateWebAppDataForThirdParty($initData, $botId);
    echo "Web App authorized!";
} catch (ValidationException $e) {
    echo "Authentication failed";
}

Tip

When to use simple vs exceptions?
Use the simple methods (isValid*) when you only need a boolean result (e.g., in controllers, middleware, or conditional logic).
Use the exception methods (validate*) when you need granular error handling – they distinguish between malformed input (developer errors, e.g., missing parameters) and invalid signatures (security issues, e.g., tampered data).

License

MIT

kilogram/auth 适用场景与选型建议

kilogram/auth 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1 次下载、GitHub Stars 达 0, 最近一次更新时间为 2025 年 12 月 25 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「security」 「Authentication」 「validation」 「auth」 「bot」 「webapp」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 kilogram/auth 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 kilogram/auth 我们能提供哪些服务?
定制开发 / 二次开发

基于 kilogram/auth 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 1
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 19
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2025-12-25