As you got all the info, keep all the structure of api above.
Now when the user clicks on login, we must show the QR and the link of the telegram bot, which we already have (btw sho me, so i see wheter it is true or not)
and add a query param "?start=GUID" and generate a guid there.
after we post it ad a websession, we have to get it like this " r.GET("/users/sessions/:webSessionID", getWebSession)" every 5 secs untill we get a status true
if we will be loged in, we have to keep that webSessionID in the cookies for an hour
1. if we open our website, we have to check the cookies and do a request for that websession
2. if we are not loged in, then we will loge in one more time
