8de9fb1ecd
CI / changes (pull_request) Successful in 2s
CI / unit (pull_request) Successful in 9s
CI / integration (pull_request) Successful in 15s
CI / ui (pull_request) Successful in 55s
CI / gate (pull_request) Successful in 0s
CI / deploy (pull_request) Successful in 1m19s
The validator parsed only id/username/first_name/language_code from the signed Telegram user, so a WebAppUser flagged is_bot would have been provisioned a normal account. The HMAC already proves Telegram signed the payload, so is_bot==true is Telegram itself attesting the launching principal is a bot. Parse is_bot and reject it (ErrInvalidInitData -> gateway 4xx -> launch error). A real user opening the Mini App never carries it, so this is a defensive deny. Tests cover both the denied (is_bot true) and allowed (is_bot false) paths.