Add the Telegram platform

[hhio618]

Description

Add the telegram platform support.
Platform instructions:
1- Obtaining the api_id and api_hash from this URL: https://core.telegram.org/api/obtaining_api_id.
2- Create a telegram bot using this doc: https://core.telegram.org/bots#how-do-i-create-a-bot (just create the bot, no need to keep it running!).
#41
References:
https://core.telegram.org/method/messages.getMessages

[nykma]

Pretty impressive, huge thanks to your work!

[nykma]

OK for now, but do you have a way to get long-digit telegram user ID instead of a modifiable username here before generating sign_payload ?
We want to make this validation lasts as long as it can. User can changes their @my_username after the proof post, but LONG_DIGIT_USER_ID will remain the same.

[nykma]

Take validator/steam as a sample if you want.

[hhio618]

Definitely right, thanks for the heads up!

[nykma]

Where should user "post" their proof signature? In any chat? In any public group? Or they must post it into our specific, bot-joined public group?

[hhio618]

Ok, let me explain two different approaches here:

Appr. A:
The user should post the proof directly to the bot after starting it. that's the only place where the bot can read a history of messages. see https://core.telegram.org/method/messages.getMessages.
This is the most hassle-free design (which I used here) according to the telegram API docs.
Requirements:

• user api_key and api_hash.
• Bot token for authenticated calls.

Limits:

• I couldn't find any.

---

Appr. B:
We use the user API client and authenticate using 2FA and Telegram OTP codes...
This way users should post their proofs to a predefined public group, then we read the channel message history using the user API client (authenticated calls).
Requirements:

• user api_key and api_hash.
• User authentication for authenticated calls.

Limits:

• There is a Telegram group member limit of 200K members.
• Maintaining a Telegram group.

API:
https://core.telegram.org/method/channels.getMessages.

[nykma]

When we designed proof post mechanism, we want any other user to validate a specific user's proof material at any time.
So yeah, send proof signature directly to the bot in a private session can finish this binding procedure, but not suitable for other people to validate later.

This bothers us a lot to be honest, but there still is a chance to achieve: "forward" user's proof post to a public channel.
Since we can't "falsify" a user's signature, this action can be considered as safe.

If you want to improve this, also make sure to take a consideration of revalidate logic: bindings will be Validate() again every 7 days, by restoring validator.Base from database, and do a telegram.Validate() again. So please save proof_location to the "forwarded" version of post ID (in a public channel)

[hhio618]

How about running a bot that posts the received proof to a public channel? If not suited, I can just use the telegram user API and get proofs from a public channel.

[nykma]

How about running a bot that posts the received proof to a public channel?

Yeah that's the plan in my mind.

If the bot can read this public channel's message, it is 100% works.

For other users who wants to validate this message later, they can do it manually (by some way, e.g., copy the message manually and validate it in a small script, etc.). But for our "revalidate" process, this is good enough and can be considered 100% done.

[hhio618]

Unfortunately, the bot can't read a public channel's message! there will be a simple bot that forwards every proof to a public group. Also, for revalidating we should use the private message to the bot as our input.
If this is not what you wanted, we could just use the core API and a public group! (no need for a telegram bot anymore)

[nykma]

🤔 Wow, can a public group do this?
I mean, if public group can reach the revalidate goal, this plan is also perfect!

If a user leaves this group later, will his/her message disappear? If not, ship it!

Thank you again for your great work!

[hhio618]

You're welcome! I'm working on it now...

[hhio618]

Actually, I was able to fetch the telegram message using a proof location of https://t.me/some_public_group/CHAT_ID_DIGITS. The only requirement is to add the bot to that public group!

[nykma]

The only requirement is to add the bot to that public group!

This is totally acceptable!

[nykma]

Thank you for respecting our AltID design, just a trivial thing to concern:
AltID here should refer to a user-modifiable, @my_username -like username, while Identity should refer to a immutable, DigitUserIDGeneratedByTelegram -like stuff.

[nykma]

🤔 Just took a deep look to this. Nearly finished, just some details to be determined.

[nykma]

Shouldn't we need to specify the "public channel ID" for bot to forward proof post to?

[hhio618]

We can do it using any public channel where the bot is a member!

[nykma]

Wait, you mean a public group (instead of a public channel)?

This is a "channel": everyone can subscribe and read, but only admin can post contents

[nykma]

Lack of one line:

telegram.Identity = strconv.FormatInt(user.ID, 10)

[nykma]

I'll accept this PR for now. If you want to do any further modification, fell free to open another PR!

[gitpoap-bot]

Congrats, your important contribution to this open-source project has earned you a GitPOAP!

GitPOAP: 2022 Next.ID Contributor:

Head to gitpoap.io & connect your GitHub account to mint!

Learn more about GitPOAPs here.