From e78575fed158a8189a7cfcec837fa91259b1389c Mon Sep 17 00:00:00 2001
From: relya <relya@lunars.ru>
Date: Tue, 10 Mar 2026 21:12:03 +0300
Subject: [PATCH] =?UTF-8?q?=D0=A3=D0=BB=D1=83=D1=87=D1=88=D0=B5=D0=BD?=
 =?UTF-8?q?=D0=B0=20=D0=B3=D0=B5=D0=BD=D0=B5=D1=80=D0=B0=D1=86=D0=B8=D1=8F?=
 =?UTF-8?q?=20=D0=BA=D0=BE=D0=B4=D0=B0,=20=D0=BF=D0=BE=D1=8F=D1=81=D0=BD?=
 =?UTF-8?q?=D0=B5=D0=BD=D0=B8=D1=8F=20=D0=B2=20=D0=BD=D0=B5=D0=BA=D0=BE?=
 =?UTF-8?q?=D1=82=D0=BE=D1=80=D1=8B=D1=85=20=D1=83=D1=87=D0=B0=D1=81=D1=82?=
 =?UTF-8?q?=D0=BA=D0=B0=D1=85,=20=D0=BE=D1=87=D0=B8=D1=81=D1=82=D0=BA?=
 =?UTF-8?q?=D0=B0=20=D0=BD=D0=BE=D0=BC=D0=B5=D1=80=D0=B0=20=D1=82=D0=B5?=
 =?UTF-8?q?=D0=BB=D0=B5=D1=84=D0=BE=D0=BD=D0=B0=20=D1=87=D0=B5=D1=80=D0=B5?=
 =?UTF-8?q?=D0=B7=20=D1=80=D0=B5=D0=B3=D1=83=D0=BB=D1=8F=D1=80=D0=BD=D1=8B?=
 =?UTF-8?q?=D0=B5=20=D0=B2=D1=8B=D1=80=D0=B0=D0=B6=D0=B5=D0=BD=D0=B8=D1=8F?=
 =?UTF-8?q?=20:>?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/tamtam_tcp/processors.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/tamtam_tcp/processors.py b/src/tamtam_tcp/processors.py
index 5faa5e7..c13aba1 100644
--- a/src/tamtam_tcp/processors.py
+++ b/src/tamtam_tcp/processors.py
@@ -1,4 +1,5 @@
-import hashlib, secrets, random, time, logging, json
+import hashlib, secrets, random, time, logging, json # PEP-8 по приколу сделан >_<
+import re
 from common.static import Static
 from common.tools import Tools
 from tamtam_tcp.proto import Proto
@@ -76,17 +77,17 @@ class Processors:
             return
 
         # Извлекаем телефон из пакета
-        phone = payload.get("phone").replace("+", "").replace(" ", "").replace("-", "")
+        phone = re.sub(r'\D', '', payload.get("phone", "")) # Не хардкодим, через регулярки
 
         # Генерируем токен с кодом
-        code = str(random.randint(000000, 999999))
+        code = f"{secrets.randbelow(1_000_000):06d}" # Старая версия ненадежна, могла отбросить ведущие нули или вообще интерпритировать как систему счисления с основанием 8
         token = secrets.token_urlsafe(128)
 
         # Хешируем
         code_hash = hashlib.sha256(code.encode()).hexdigest()
         token_hash = hashlib.sha256(token.encode()).hexdigest()
 
-        # Время истечения токена
+        # Срок жизни токена (5 минут)
         expires = int(time.time()) + 300
 
         # Ищем пользователя, и если он существует, сохраняем токен