diff --git a/package.json b/package.json index 574dd0f..cf3e793 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "pezkuwi-telegram-miniapp", - "version": "1.0.187", + "version": "1.0.188", "type": "module", "description": "Pezkuwichain Telegram Mini App - Forum, Announcements, Rewards", "author": "Pezkuwichain Team", diff --git a/src/version.json b/src/version.json index 608e8b1..92ff1de 100644 --- a/src/version.json +++ b/src/version.json @@ -1,5 +1,5 @@ { - "version": "1.0.187", - "buildTime": "2026-02-14T08:08:25.403Z", - "buildNumber": 1771056505404 + "version": "1.0.188", + "buildTime": "2026-02-14T08:09:14.764Z", + "buildNumber": 1771056554765 } diff --git a/supabase/functions/announcement-reaction/index.ts b/supabase/functions/announcement-reaction/index.ts index a5553ff..f41767c 100644 --- a/supabase/functions/announcement-reaction/index.ts +++ b/supabase/functions/announcement-reaction/index.ts @@ -2,11 +2,13 @@ import { serve } from 'https://deno.land/std@0.177.0/http/server.ts'; import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'; import { createHmac } from 'https://deno.land/std@0.177.0/node/crypto.ts'; -const ALLOWED_ORIGIN = 'https://telegram.pezkuwichain.io'; +const ALLOWED_ORIGINS = ['https://telegram.pezkuwichain.io', 'https://telegram.pezkiwi.app']; -function getCorsHeaders(): Record { +function getCorsHeaders(origin?: string | null): Record { + const allowedOrigin = + origin && ALLOWED_ORIGINS.some((o) => origin.startsWith(o)) ? origin : ALLOWED_ORIGINS[0]; return { - 'Access-Control-Allow-Origin': ALLOWED_ORIGIN, + 'Access-Control-Allow-Origin': allowedOrigin, 'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type, x-supabase-client-platform', 'Access-Control-Allow-Methods': 'POST, OPTIONS', @@ -52,7 +54,8 @@ function validateInitData(initData: string, botToken: string): TelegramUser | nu } serve(async (req) => { - const corsHeaders = getCorsHeaders(); + const origin = req.headers.get('origin'); + const corsHeaders = getCorsHeaders(origin); if (req.method === 'OPTIONS') { return new Response('ok', { headers: corsHeaders }); diff --git a/supabase/functions/check-deposits/index.ts b/supabase/functions/check-deposits/index.ts index 11cd8e7..c1c8556 100644 --- a/supabase/functions/check-deposits/index.ts +++ b/supabase/functions/check-deposits/index.ts @@ -13,7 +13,7 @@ import { sha256 } from 'https://esm.sh/@noble/hashes@1.3.2/sha256'; import { bytesToHex } from 'https://esm.sh/@noble/hashes@1.3.2/utils'; import { secp256k1 } from 'https://esm.sh/@noble/curves@1.2.0/secp256k1'; -const ALLOWED_ORIGIN = 'https://telegram.pezkuwichain.io'; +const ALLOWED_ORIGINS = ['https://telegram.pezkuwichain.io', 'https://telegram.pezkiwi.app']; const MIN_DEPOSIT = 10; // Minimum 10 USDT // Platform fees per network @@ -32,9 +32,11 @@ const TRON_USDT_CONTRACT = 'TR7NHqjeKQxGTCi8q8ZY4pL8otSzgjLj6t'; // TRC20 USDT const BASE58_ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'; -function getCorsHeaders(): Record { +function getCorsHeaders(origin?: string | null): Record { + const allowedOrigin = + origin && ALLOWED_ORIGINS.some((o) => origin.startsWith(o)) ? origin : ALLOWED_ORIGINS[0]; return { - 'Access-Control-Allow-Origin': ALLOWED_ORIGIN, + 'Access-Control-Allow-Origin': allowedOrigin, 'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type, x-supabase-client-platform', 'Access-Control-Allow-Methods': 'POST, OPTIONS', @@ -313,7 +315,8 @@ async function checkTrc20Deposits( } serve(async (req) => { - const corsHeaders = getCorsHeaders(); + const origin = req.headers.get('origin'); + const corsHeaders = getCorsHeaders(origin); if (req.method === 'OPTIONS') { return new Response('ok', { headers: corsHeaders }); diff --git a/supabase/functions/create-offer-telegram/index.ts b/supabase/functions/create-offer-telegram/index.ts index 000cd2f..b35d1ad 100644 --- a/supabase/functions/create-offer-telegram/index.ts +++ b/supabase/functions/create-offer-telegram/index.ts @@ -3,7 +3,11 @@ import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'; import { createHmac } from 'https://deno.land/std@0.177.0/node/crypto.ts'; // CORS - Production domain only -const ALLOWED_ORIGINS = ['https://telegram.pezkuwichain.io', 'https://t.me']; +const ALLOWED_ORIGINS = [ + 'https://telegram.pezkuwichain.io', + 'https://telegram.pezkiwi.app', + 'https://t.me', +]; function getCorsHeaders(origin: string | null): Record { const allowedOrigin = diff --git a/supabase/functions/get-deposit-code/index.ts b/supabase/functions/get-deposit-code/index.ts index 69ab366..b862be8 100644 --- a/supabase/functions/get-deposit-code/index.ts +++ b/supabase/functions/get-deposit-code/index.ts @@ -2,11 +2,13 @@ import { serve } from 'https://deno.land/std@0.177.0/http/server.ts'; import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'; import { createHmac } from 'https://deno.land/std@0.177.0/node/crypto.ts'; -const ALLOWED_ORIGIN = 'https://telegram.pezkuwichain.io'; +const ALLOWED_ORIGINS = ['https://telegram.pezkuwichain.io', 'https://telegram.pezkiwi.app']; -function getCorsHeaders(): Record { +function getCorsHeaders(origin?: string | null): Record { + const allowedOrigin = + origin && ALLOWED_ORIGINS.some((o) => origin.startsWith(o)) ? origin : ALLOWED_ORIGINS[0]; return { - 'Access-Control-Allow-Origin': ALLOWED_ORIGIN, + 'Access-Control-Allow-Origin': allowedOrigin, 'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type, x-supabase-client-platform', 'Access-Control-Allow-Methods': 'POST, OPTIONS', @@ -61,7 +63,8 @@ function generateDepositCode(): string { } serve(async (req) => { - const corsHeaders = getCorsHeaders(); + const origin = req.headers.get('origin'); + const corsHeaders = getCorsHeaders(origin); if (req.method === 'OPTIONS') { return new Response('ok', { headers: corsHeaders }); diff --git a/supabase/functions/get-deposit-info/index.ts b/supabase/functions/get-deposit-info/index.ts index a99f7d4..c7ff87c 100644 --- a/supabase/functions/get-deposit-info/index.ts +++ b/supabase/functions/get-deposit-info/index.ts @@ -13,12 +13,14 @@ import { sha256 } from 'https://esm.sh/@noble/hashes@1.3.2/sha256'; import { bytesToHex, hexToBytes } from 'https://esm.sh/@noble/hashes@1.3.2/utils'; import { secp256k1 } from 'https://esm.sh/@noble/curves@1.2.0/secp256k1'; -const ALLOWED_ORIGIN = 'https://telegram.pezkuwichain.io'; +const ALLOWED_ORIGINS = ['https://telegram.pezkuwichain.io', 'https://telegram.pezkiwi.app']; const BASE58_ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'; -function getCorsHeaders(): Record { +function getCorsHeaders(origin?: string | null): Record { + const allowedOrigin = + origin && ALLOWED_ORIGINS.some((o) => origin.startsWith(o)) ? origin : ALLOWED_ORIGINS[0]; return { - 'Access-Control-Allow-Origin': ALLOWED_ORIGIN, + 'Access-Control-Allow-Origin': allowedOrigin, 'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type, x-supabase-client-platform', 'Access-Control-Allow-Methods': 'POST, OPTIONS', @@ -143,7 +145,8 @@ function deriveTronAddress(mnemonic: string, index: number): string { } serve(async (req) => { - const corsHeaders = getCorsHeaders(); + const origin = req.headers.get('origin'); + const corsHeaders = getCorsHeaders(origin); if (req.method === 'OPTIONS') { return new Response('ok', { headers: corsHeaders }); diff --git a/supabase/functions/get-deposits/index.ts b/supabase/functions/get-deposits/index.ts index bb67afa..e518483 100644 --- a/supabase/functions/get-deposits/index.ts +++ b/supabase/functions/get-deposits/index.ts @@ -2,11 +2,13 @@ import { serve } from 'https://deno.land/std@0.177.0/http/server.ts'; import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'; import { createHmac } from 'https://deno.land/std@0.177.0/node/crypto.ts'; -const ALLOWED_ORIGIN = 'https://telegram.pezkuwichain.io'; +const ALLOWED_ORIGINS = ['https://telegram.pezkuwichain.io', 'https://telegram.pezkiwi.app']; -function getCorsHeaders(): Record { +function getCorsHeaders(origin?: string | null): Record { + const allowedOrigin = + origin && ALLOWED_ORIGINS.some((o) => origin.startsWith(o)) ? origin : ALLOWED_ORIGINS[0]; return { - 'Access-Control-Allow-Origin': ALLOWED_ORIGIN, + 'Access-Control-Allow-Origin': allowedOrigin, 'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type, x-supabase-client-platform', 'Access-Control-Allow-Methods': 'POST, OPTIONS', @@ -52,7 +54,8 @@ function validateInitData(initData: string, botToken: string): TelegramUser | nu } serve(async (req) => { - const corsHeaders = getCorsHeaders(); + const origin = req.headers.get('origin'); + const corsHeaders = getCorsHeaders(origin); if (req.method === 'OPTIONS') { return new Response('ok', { headers: corsHeaders }); diff --git a/supabase/functions/get-my-offers/index.ts b/supabase/functions/get-my-offers/index.ts index adb0aff..cd4d231 100644 --- a/supabase/functions/get-my-offers/index.ts +++ b/supabase/functions/get-my-offers/index.ts @@ -3,7 +3,11 @@ import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'; import { createHmac } from 'https://deno.land/std@0.177.0/node/crypto.ts'; // CORS - Production domain only -const ALLOWED_ORIGINS = ['https://telegram.pezkuwichain.io', 'https://t.me']; +const ALLOWED_ORIGINS = [ + 'https://telegram.pezkuwichain.io', + 'https://telegram.pezkiwi.app', + 'https://t.me', +]; function getCorsHeaders(origin: string | null): Record { const allowedOrigin = diff --git a/supabase/functions/process-withdraw/index.ts b/supabase/functions/process-withdraw/index.ts index 0505eaf..f5e2dc3 100644 --- a/supabase/functions/process-withdraw/index.ts +++ b/supabase/functions/process-withdraw/index.ts @@ -9,7 +9,11 @@ import { ApiPromise, WsProvider, Keyring } from 'npm:@pezkuwi/api@16.5.36'; import { cryptoWaitReady } from 'npm:@pezkuwi/util-crypto@14.0.25'; // CORS - Restricted for security (cron/admin only) -const ALLOWED_ORIGINS = ['https://telegram.pezkuwichain.io', 'https://supabase.com']; +const ALLOWED_ORIGINS = [ + 'https://telegram.pezkuwichain.io', + 'https://telegram.pezkiwi.app', + 'https://supabase.com', +]; function getCorsHeaders(origin: string | null): Record { const allowedOrigin = diff --git a/supabase/functions/save-wallet-address/index.ts b/supabase/functions/save-wallet-address/index.ts index 4ba64bc..03db4ba 100644 --- a/supabase/functions/save-wallet-address/index.ts +++ b/supabase/functions/save-wallet-address/index.ts @@ -6,11 +6,13 @@ import { serve } from 'https://deno.land/std@0.177.0/http/server.ts'; import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'; import { createHmac } from 'https://deno.land/std@0.177.0/node/crypto.ts'; -const ALLOWED_ORIGIN = 'https://telegram.pezkuwichain.io'; +const ALLOWED_ORIGINS = ['https://telegram.pezkuwichain.io', 'https://telegram.pezkiwi.app']; -function getCorsHeaders(): Record { +function getCorsHeaders(origin?: string | null): Record { + const allowedOrigin = + origin && ALLOWED_ORIGINS.some((o) => origin.startsWith(o)) ? origin : ALLOWED_ORIGINS[0]; return { - 'Access-Control-Allow-Origin': ALLOWED_ORIGIN, + 'Access-Control-Allow-Origin': allowedOrigin, 'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type, x-supabase-client-platform', 'Access-Control-Allow-Methods': 'POST, OPTIONS', @@ -65,7 +67,8 @@ function isValidSubstrateAddress(address: string): boolean { } serve(async (req) => { - const corsHeaders = getCorsHeaders(); + const origin = req.headers.get('origin'); + const corsHeaders = getCorsHeaders(origin); if (req.method === 'OPTIONS') { return new Response('ok', { headers: corsHeaders }); diff --git a/supabase/functions/telegram-auth/index.ts b/supabase/functions/telegram-auth/index.ts index b528e5d..2884c77 100644 --- a/supabase/functions/telegram-auth/index.ts +++ b/supabase/functions/telegram-auth/index.ts @@ -2,11 +2,13 @@ import { serve } from 'https://deno.land/std@0.177.0/http/server.ts'; import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'; import { createHmac } from 'https://deno.land/std@0.177.0/node/crypto.ts'; -const ALLOWED_ORIGIN = 'https://telegram.pezkuwichain.io'; +const ALLOWED_ORIGINS = ['https://telegram.pezkuwichain.io', 'https://telegram.pezkiwi.app']; -function getCorsHeaders(): Record { +function getCorsHeaders(origin?: string | null): Record { + const allowedOrigin = + origin && ALLOWED_ORIGINS.some((o) => origin.startsWith(o)) ? origin : ALLOWED_ORIGINS[0]; return { - 'Access-Control-Allow-Origin': ALLOWED_ORIGIN, + 'Access-Control-Allow-Origin': allowedOrigin, 'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type, x-supabase-client-platform', 'Access-Control-Allow-Methods': 'POST, OPTIONS', @@ -93,7 +95,8 @@ function verifySessionToken(token: string, botToken: string): number | null { } serve(async (req) => { - const corsHeaders = getCorsHeaders(); + const origin = req.headers.get('origin'); + const corsHeaders = getCorsHeaders(origin); if (req.method === 'OPTIONS') { return new Response('ok', { headers: corsHeaders }); @@ -105,9 +108,15 @@ serve(async (req) => { const supabaseUrl = Deno.env.get('SUPABASE_URL')!; const supabaseServiceKey = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!; - const botToken = Deno.env.get('TELEGRAM_BOT_TOKEN'); - if (!botToken) { + // Collect all available bot tokens + const botTokens: string[] = []; + const mainToken = Deno.env.get('TELEGRAM_BOT_TOKEN'); + const krdToken = Deno.env.get('TELEGRAM_BOT_TOKEN_KRD'); + if (mainToken) botTokens.push(mainToken); + if (krdToken) botTokens.push(krdToken); + + if (botTokens.length === 0) { return new Response(JSON.stringify({ error: 'Server configuration error' }), { status: 500, headers: { ...corsHeaders, 'Content-Type': 'application/json' }, @@ -118,7 +127,15 @@ serve(async (req) => { // Method 1: Session token verification if (sessionToken) { - const tgId = verifySessionToken(sessionToken, botToken); + let tgId: number | null = null; + let matchedToken: string = botTokens[0]; + for (const token of botTokens) { + tgId = verifySessionToken(sessionToken, token); + if (tgId) { + matchedToken = token; + break; + } + } if (!tgId) { return new Response(JSON.stringify({ error: 'Invalid or expired session' }), { status: 401, @@ -142,7 +159,7 @@ serve(async (req) => { return new Response( JSON.stringify({ user: userData, - session_token: generateSessionToken(tgId, botToken), + session_token: generateSessionToken(tgId, matchedToken), }), { headers: { ...corsHeaders, 'Content-Type': 'application/json' } } ); @@ -156,7 +173,15 @@ serve(async (req) => { }); } - const telegramUser = validateInitData(initData, botToken); + let telegramUser: TelegramUser | null = null; + let matchedBotToken: string = botTokens[0]; + for (const token of botTokens) { + telegramUser = validateInitData(initData, token); + if (telegramUser) { + matchedBotToken = token; + break; + } + } if (!telegramUser) { return new Response(JSON.stringify({ error: 'Invalid Telegram data' }), { status: 401, @@ -216,7 +241,7 @@ serve(async (req) => { JSON.stringify({ user: userData, telegram_user: telegramUser, - session_token: generateSessionToken(telegramUser.id, botToken), + session_token: generateSessionToken(telegramUser.id, matchedBotToken), }), { headers: { ...corsHeaders, 'Content-Type': 'application/json' } } ); diff --git a/supabase/functions/verify-deposit-telegram/index.ts b/supabase/functions/verify-deposit-telegram/index.ts index ef15ffa..7e59a73 100644 --- a/supabase/functions/verify-deposit-telegram/index.ts +++ b/supabase/functions/verify-deposit-telegram/index.ts @@ -8,7 +8,11 @@ import { ApiPromise, WsProvider } from 'npm:@pezkuwi/api@16.5.36'; import { createHmac } from 'https://deno.land/std@0.177.0/node/crypto.ts'; // CORS - Production domain only -const ALLOWED_ORIGINS = ['https://telegram.pezkuwichain.io', 'https://t.me']; +const ALLOWED_ORIGINS = [ + 'https://telegram.pezkuwichain.io', + 'https://telegram.pezkiwi.app', + 'https://t.me', +]; function getCorsHeaders(origin: string | null): Record { const allowedOrigin =