feat: add USDT deposit system with TRC20 and Polkadot support

supabase/functions/get-deposit-code/index.ts

@@ -0,0 +1,170 @@
+import { serve } from 'https://deno.land/std@0.177.0/http/server.ts';
+import { createClient } from 'https://esm.sh/@supabase/supabase-js@2';
+import { createHmac } from 'https://deno.land/std@0.177.0/node/crypto.ts';
+
+const ALLOWED_ORIGIN = 'https://telegram.pezkuwichain.io';
+
+function getCorsHeaders(): Record<string, string> {
+  return {
+    'Access-Control-Allow-Origin': ALLOWED_ORIGIN,
+    'Access-Control-Allow-Headers':
+      'authorization, x-client-info, apikey, content-type, x-supabase-client-platform',
+    'Access-Control-Allow-Methods': 'POST, OPTIONS',
+  };
+}
+
+interface TelegramUser {
+  id: number;
+  first_name: string;
+  last_name?: string;
+  username?: string;
+}
+
+function validateInitData(initData: string, botToken: string): TelegramUser | null {
+  try {
+    const params = new URLSearchParams(initData);
+    const hash = params.get('hash');
+    if (!hash) return null;
+
+    params.delete('hash');
+
+    const sortedParams = Array.from(params.entries())
+      .sort(([a], [b]) => a.localeCompare(b))
+      .map(([key, value]) => `${key}=${value}`)
+      .join('\n');
+
+    const secretKey = createHmac('sha256', 'WebAppData').update(botToken).digest();
+    const calculatedHash = createHmac('sha256', secretKey).update(sortedParams).digest('hex');
+
+    if (calculatedHash !== hash) return null;
+
+    const authDate = parseInt(params.get('auth_date') || '0');
+    const now = Math.floor(Date.now() / 1000);
+    if (now - authDate > 86400) return null;
+
+    const userStr = params.get('user');
+    if (!userStr) return null;
+
+    return JSON.parse(userStr) as TelegramUser;
+  } catch {
+    return null;
+  }
+}
+
+function generateDepositCode(): string {
+  const chars = 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789';
+  let result = 'PEZ-';
+  for (let i = 0; i < 8; i++) {
+    result += chars.charAt(Math.floor(Math.random() * chars.length));
+  }
+  return result;
+}
+
+serve(async (req) => {
+  const corsHeaders = getCorsHeaders();
+
+  if (req.method === 'OPTIONS') {
+    return new Response('ok', { headers: corsHeaders });
+  }
+
+  try {
+    const body = await req.json();
+    const { initData } = body;
+
+    if (!initData) {
+      return new Response(JSON.stringify({ error: 'Missing initData' }), {
+        status: 400,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' },
+      });
+    }
+
+    const supabaseUrl = Deno.env.get('SUPABASE_URL')!;
+    const supabaseServiceKey = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!;
+    const botToken = Deno.env.get('TELEGRAM_BOT_TOKEN');
+
+    if (!botToken) {
+      return new Response(JSON.stringify({ error: 'Server configuration error' }), {
+        status: 500,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' },
+      });
+    }
+
+    const telegramUser = validateInitData(initData, botToken);
+    if (!telegramUser) {
+      return new Response(JSON.stringify({ error: 'Invalid Telegram data' }), {
+        status: 401,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' },
+      });
+    }
+
+    const supabase = createClient(supabaseUrl, supabaseServiceKey, {
+      auth: { autoRefreshToken: false, persistSession: false },
+    });
+
+    // Get or create user
+    let userId: string;
+    const { data: existingUser } = await supabase
+      .from('tg_users')
+      .select('id')
+      .eq('telegram_id', telegramUser.id)
+      .single();
+
+    if (existingUser) {
+      userId = existingUser.id;
+    } else {
+      const { data: newUser, error: createError } = await supabase
+        .from('tg_users')
+        .insert({
+          telegram_id: telegramUser.id,
+          username: telegramUser.username || null,
+          first_name: telegramUser.first_name,
+          last_name: telegramUser.last_name || null,
+        })
+        .select('id')
+        .single();
+
+      if (createError || !newUser) {
+        return new Response(JSON.stringify({ error: 'Failed to create user' }), {
+          status: 500,
+          headers: { ...corsHeaders, 'Content-Type': 'application/json' },
+        });
+      }
+      userId = newUser.id;
+    }
+
+    // Get or create deposit code
+    const { data: existingCode } = await supabase
+      .from('tg_user_deposit_codes')
+      .select('code')
+      .eq('user_id', userId)
+      .single();
+
+    if (existingCode) {
+      return new Response(JSON.stringify({ code: existingCode.code }), {
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' },
+      });
+    }
+
+    // Create new code
+    const newCode = generateDepositCode();
+    const { error: insertError } = await supabase
+      .from('tg_user_deposit_codes')
+      .insert({ user_id: userId, code: newCode });
+
+    if (insertError) {
+      return new Response(JSON.stringify({ error: 'Failed to create deposit code' }), {
+        status: 500,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' },
+      });
+    }
+
+    return new Response(JSON.stringify({ code: newCode }), {
+      headers: { ...corsHeaders, 'Content-Type': 'application/json' },
+    });
+  } catch {
+    return new Response(JSON.stringify({ error: 'Internal server error' }), {
+      status: 500,
+      headers: { ...corsHeaders, 'Content-Type': 'application/json' },
+    });
+  }
+});

supabase/functions/get-deposits/index.ts

@@ -0,0 +1,125 @@
+import { serve } from 'https://deno.land/std@0.177.0/http/server.ts';
+import { createClient } from 'https://esm.sh/@supabase/supabase-js@2';
+import { createHmac } from 'https://deno.land/std@0.177.0/node/crypto.ts';
+
+const ALLOWED_ORIGIN = 'https://telegram.pezkuwichain.io';
+
+function getCorsHeaders(): Record<string, string> {
+  return {
+    'Access-Control-Allow-Origin': ALLOWED_ORIGIN,
+    'Access-Control-Allow-Headers':
+      'authorization, x-client-info, apikey, content-type, x-supabase-client-platform',
+    'Access-Control-Allow-Methods': 'POST, OPTIONS',
+  };
+}
+
+interface TelegramUser {
+  id: number;
+  first_name: string;
+  last_name?: string;
+  username?: string;
+}
+
+function validateInitData(initData: string, botToken: string): TelegramUser | null {
+  try {
+    const params = new URLSearchParams(initData);
+    const hash = params.get('hash');
+    if (!hash) return null;
+
+    params.delete('hash');
+
+    const sortedParams = Array.from(params.entries())
+      .sort(([a], [b]) => a.localeCompare(b))
+      .map(([key, value]) => `${key}=${value}`)
+      .join('\n');
+
+    const secretKey = createHmac('sha256', 'WebAppData').update(botToken).digest();
+    const calculatedHash = createHmac('sha256', secretKey).update(sortedParams).digest('hex');
+
+    if (calculatedHash !== hash) return null;
+
+    const authDate = parseInt(params.get('auth_date') || '0');
+    const now = Math.floor(Date.now() / 1000);
+    if (now - authDate > 86400) return null;
+
+    const userStr = params.get('user');
+    if (!userStr) return null;
+
+    return JSON.parse(userStr) as TelegramUser;
+  } catch {
+    return null;
+  }
+}
+
+serve(async (req) => {
+  const corsHeaders = getCorsHeaders();
+
+  if (req.method === 'OPTIONS') {
+    return new Response('ok', { headers: corsHeaders });
+  }
+
+  try {
+    const body = await req.json();
+    const { initData } = body;
+
+    if (!initData) {
+      return new Response(JSON.stringify({ error: 'Missing initData' }), {
+        status: 400,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' },
+      });
+    }
+
+    const supabaseUrl = Deno.env.get('SUPABASE_URL')!;
+    const supabaseServiceKey = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!;
+    const botToken = Deno.env.get('TELEGRAM_BOT_TOKEN');
+
+    if (!botToken) {
+      return new Response(JSON.stringify({ error: 'Server configuration error' }), {
+        status: 500,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' },
+      });
+    }
+
+    const telegramUser = validateInitData(initData, botToken);
+    if (!telegramUser) {
+      return new Response(JSON.stringify({ error: 'Invalid Telegram data' }), {
+        status: 401,
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' },
+      });
+    }
+
+    const supabase = createClient(supabaseUrl, supabaseServiceKey, {
+      auth: { autoRefreshToken: false, persistSession: false },
+    });
+
+    // Get user
+    const { data: user } = await supabase
+      .from('tg_users')
+      .select('id')
+      .eq('telegram_id', telegramUser.id)
+      .single();
+
+    if (!user) {
+      return new Response(JSON.stringify({ deposits: [] }), {
+        headers: { ...corsHeaders, 'Content-Type': 'application/json' },
+      });
+    }
+
+    // Get deposits
+    const { data: deposits } = await supabase
+      .from('tg_deposits')
+      .select('id, network, amount, status, tx_hash, created_at')
+      .eq('user_id', user.id)
+      .order('created_at', { ascending: false })
+      .limit(20);
+
+    return new Response(JSON.stringify({ deposits: deposits || [] }), {
+      headers: { ...corsHeaders, 'Content-Type': 'application/json' },
+    });
+  } catch {
+    return new Response(JSON.stringify({ error: 'Internal server error' }), {
+      status: 500,
+      headers: { ...corsHeaders, 'Content-Type': 'application/json' },
+    });
+  }
+});

supabase/migrations/20260208_deposit_system.sql

@@ -0,0 +1,96 @@
+-- Deposit System Tables
+-- For USDT deposits (TRC20 and Polkadot)
+
+-- User deposit codes (unique memo for each user)
+CREATE TABLE IF NOT EXISTS tg_user_deposit_codes (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  user_id UUID NOT NULL REFERENCES tg_users(id) ON DELETE CASCADE,
+  code VARCHAR(12) NOT NULL UNIQUE,
+  created_at TIMESTAMPTZ DEFAULT NOW(),
+  CONSTRAINT unique_user_deposit_code UNIQUE (user_id)
+);
+
+-- Deposit records
+CREATE TABLE IF NOT EXISTS tg_deposits (
+  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+  user_id UUID NOT NULL REFERENCES tg_users(id) ON DELETE CASCADE,
+  network VARCHAR(20) NOT NULL CHECK (network IN ('trc20', 'polkadot')),
+  amount DECIMAL(20, 6) NOT NULL,
+  tx_hash VARCHAR(100),
+  memo VARCHAR(50),
+  status VARCHAR(20) NOT NULL DEFAULT 'pending' CHECK (status IN ('pending', 'confirming', 'completed', 'failed', 'expired')),
+  wusdt_tx_hash VARCHAR(100),
+  error_message TEXT,
+  created_at TIMESTAMPTZ DEFAULT NOW(),
+  confirmed_at TIMESTAMPTZ,
+  processed_at TIMESTAMPTZ
+);
+
+-- Indexes
+CREATE INDEX IF NOT EXISTS idx_deposits_user_id ON tg_deposits(user_id);
+CREATE INDEX IF NOT EXISTS idx_deposits_status ON tg_deposits(status);
+CREATE INDEX IF NOT EXISTS idx_deposits_network ON tg_deposits(network);
+CREATE INDEX IF NOT EXISTS idx_deposits_tx_hash ON tg_deposits(tx_hash);
+CREATE INDEX IF NOT EXISTS idx_deposit_codes_code ON tg_user_deposit_codes(code);
+
+-- Function to generate unique deposit code
+CREATE OR REPLACE FUNCTION generate_deposit_code()
+RETURNS VARCHAR(12) AS $$
+DECLARE
+  chars VARCHAR(36) := 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789';
+  result VARCHAR(12) := 'PEZ-';
+  i INTEGER;
+BEGIN
+  FOR i IN 1..8 LOOP
+    result := result || substr(chars, floor(random() * length(chars) + 1)::integer, 1);
+  END LOOP;
+  RETURN result;
+END;
+$$ LANGUAGE plpgsql;
+
+-- Trigger to auto-generate deposit code for new users
+CREATE OR REPLACE FUNCTION create_user_deposit_code()
+RETURNS TRIGGER AS $$
+BEGIN
+  INSERT INTO tg_user_deposit_codes (user_id, code)
+  VALUES (NEW.id, generate_deposit_code())
+  ON CONFLICT (user_id) DO NOTHING;
+  RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+DROP TRIGGER IF EXISTS trigger_create_deposit_code ON tg_users;
+CREATE TRIGGER trigger_create_deposit_code
+  AFTER INSERT ON tg_users
+  FOR EACH ROW
+  EXECUTE FUNCTION create_user_deposit_code();
+
+-- Generate codes for existing users
+INSERT INTO tg_user_deposit_codes (user_id, code)
+SELECT id, generate_deposit_code()
+FROM tg_users
+WHERE id NOT IN (SELECT user_id FROM tg_user_deposit_codes)
+ON CONFLICT DO NOTHING;
+
+-- RLS Policies
+ALTER TABLE tg_user_deposit_codes ENABLE ROW LEVEL SECURITY;
+ALTER TABLE tg_deposits ENABLE ROW LEVEL SECURITY;
+
+-- Users can read their own deposit code
+CREATE POLICY "Users can view own deposit code"
+  ON tg_user_deposit_codes FOR SELECT
+  USING (auth.uid() = user_id);
+
+-- Users can view their own deposits
+CREATE POLICY "Users can view own deposits"
+  ON tg_deposits FOR SELECT
+  USING (auth.uid() = user_id);
+
+-- Service role can do everything (for backend)
+CREATE POLICY "Service role full access to deposit codes"
+  ON tg_user_deposit_codes FOR ALL
+  USING (auth.role() = 'service_role');
+
+CREATE POLICY "Service role full access to deposits"
+  ON tg_deposits FOR ALL
+  USING (auth.role() = 'service_role');