pezkuwichain/pezkuwi-telegram-miniapp
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-telegram-miniapp.git synced 2026-04-21 23:37:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
112 Commits 2 Branches 0 Tags
main
Commit Graph

36 Commits

Author SHA1 Message Date
pezkuwichain abd4dc7189 feat: in-app citizenship modal + referral approvals + bot DKS link 
- Add CitizenshipModal component for in-app citizenship application
  (uses connected wallet keypair, no seed phrase needed)
- Replace /citizens redirect with in-app modal in Rewards section
- Add pending approvals to ReferralContext
- Add approveReferral and getPendingApprovals to citizenship lib
- Add applyingCitizenship/applicationSuccess translations (6 langs)
- Add DKS Kurdistan bot link to telegram-bot welcome message
 2026-03-02 00:50:20 +03:00
pezkuwichain 80debdc640 feat: add @DKSKurdistanBot with Claude AI assistant 
- Add DKS bot support to telegram-bot and telegram-auth functions
- Claude-powered Q&A using PezkuwiChain whitepaper knowledge base
- Update Telegram social link to dijitalkurdistan channel
 2026-02-28 02:03:36 +03:00
pezkuwichain 4fbf60f940 feat: return auth_user_id from telegram-auth for P2P role matching 2026-02-27 01:51:57 +03:00
pezkuwichain 8c36b832b8 fix: fallback to PLATFORM_WALLET_MNEMONIC for withdraw TX 2026-02-27 01:17:01 +03:00
pezkuwichain 24cd89606e feat: add blockchain TX processing to withdraw function 
request-withdraw-telegram now sends tokens from hot wallet to user wallet
using @pezkuwi/api, instead of leaving requests in pending state.
Falls back to pending if PLATFORM_PRIVATE_KEY is not configured.
 2026-02-27 01:11:05 +03:00
pezkuwichain 910610491f fix: dual bot token auth + P2P UI logic fixes 
- All 17 edge functions now check both TELEGRAM_BOT_TOKEN and
  TELEGRAM_BOT_TOKEN_KRD for session verification
- Add perPage:1000 to listUsers calls to prevent pagination issues
- Fix offer button label: Buy tab shows "Al" (green), Sell tab shows "Sat" (red)
- Fix active tab highlight with cyan color for visibility
- Fix modal transparency (add --card CSS variable)
- Fix withdraw tab sync (useEffect on modal open)
 2026-02-27 00:53:52 +03:00
pezkuwichain 4686453df7 feat: automate deposit flow + fix listUsers pagination 
- Rewrite DepositWithdrawModal to send TX automatically via assetHubApi
  instead of manual copy-paste-hash flow
- Fix listUsers pagination bug (default 50) in 4 edge functions by
  adding perPage: 1000 - fixes P2P offers not showing for users
- Add new i18n keys for automated deposit states in all 6 languages
 2026-02-26 21:53:41 +03:00
pezkuwichain b711524d57 feat: add P2P deposit/withdraw flow for Telegram mini app 
- New request-withdraw-telegram edge function (session token auth)
- New DepositWithdrawModal component with deposit/withdraw tabs
- Deposit: platform wallet display, TX hash verification, on-chain check
- Withdraw: token select, amount, fee display, balance validation
- BalanceCard: deposit/withdraw buttons always visible
- P2P section: modal state management and balance refresh on success
- p2p-api: verifyDeposit and requestWithdraw functions
- i18n: 24 new translation keys across all 6 languages
 2026-02-26 20:33:31 +03:00
pezkuwichain 31e768de45 feat: integrate P2P trading into Telegram mini app 
- Add 8 Supabase edge functions for P2P operations (get-internal-balance,
  get-payment-methods, get-p2p-offers, accept-p2p-offer, get-p2p-trades,
  trade-action, p2p-messages, p2p-dispute)
- Add frontend P2P API layer (src/lib/p2p-api.ts)
- Add 8 P2P components (BalanceCard, OfferList, TradeModal, CreateOfferModal,
  TradeView, TradeChat, DisputeModal, P2P section)
- Embed P2P as internal section in App.tsx instead of external link
- Remove old P2PModal component
- Add ~70 P2P translation keys across all 6 languages
 2026-02-26 18:38:12 +03:00
pezkuwichain 480b5fe96b feat: P2P E2E test suite + edge function RPC fix + balance tx constraint update 
- Fix process-withdraw and verify-deposit-telegram to use RPC_ENDPOINT
  env var defaulting to Asset Hub (wss://asset-hub-rpc.pezkuwichain.io)
- Add P2P E2E test script (scripts/p2p-e2e-test.py) covering full flow:
  offer creation, trade accept, payment, escrow release, cancel, visa
  user trade, and withdrawal request
- Update p2p_balance_transactions transaction_type check constraint
  to include withdraw_lock, withdraw_complete, dispute_refund
 2026-02-23 21:21:12 +03:00
pezkuwichain 9b97c63a26 feat: 3-state staking score UI with cached data support 2026-02-17 01:56:49 +03:00
pezkuwichain 8f4b9087f3 feat: simplify Be Citizen flow - remove wallet steps, add seed phrase input 
- Remove wallet setup/create/import/connect steps from CitizenPage
- Add privacy notice banner with Shield icon to form
- Add seed phrase textarea with mnemonic validation
- CitizenProcessing creates keypair directly from seed phrase
- CitizenSuccess shows 3-step next process info
- Add /citizens path support alongside ?page=citizen
- Update bot URL to /citizens
- Add 10 new i18n keys in all 6 languages
 2026-02-14 23:24:59 +03:00
pezkuwichain 59d4f3e6a1 fix: preserve query params in i18n URL, make seed phrase copyable in bot 2026-02-14 21:08:28 +03:00
pezkuwichain b8ab86028f feat: add Be Citizen page with 6-language support 2026-02-14 20:44:17 +03:00
pezkuwichain 44a4b9395b feat(supabase): add pezkiwi.app CORS and multi-bot-token auth support 
- Add telegram.pezkiwi.app to CORS allowed origins in all edge functions
- Support multiple bot tokens (TELEGRAM_BOT_TOKEN, TELEGRAM_BOT_TOKEN_KRD) in auth
- Dynamic origin matching for proper CORS headers
 2026-02-14 11:09:14 +03:00
pezkuwichain 107dbbacdf feat: add platform fees for deposit networks 
- TON: 0.1 USDT fee
- Polkadot: 0.1 USDT fee
- TRC20: 3 USDT fee (unchanged)
- Update fee display in Kurdish
 2026-02-08 05:58:45 +03:00
pezkuwichain bf8a3cc06c fix: auto-sync wallet address to tg_users for deposit system 2026-02-08 04:24:06 +03:00
pezkuwichain c100e99c0d feat: add transfer fields to deposits table 2026-02-08 03:56:36 +03:00
pezkuwichain 9cf241e859 feat: add USDT deposit system with TON, Polkadot, TRC20 support 2026-02-08 03:13:52 +03:00
pezkuwichain 734a8111db feat: add multi-network USDT deposit (TON, Polkadot, TRC20 HD wallet) 2026-02-08 02:00:20 +03:00
pezkuwichain 456bbf1dd2 feat: add USDT deposit system with TRC20 and Polkadot support 2026-02-08 01:14:21 +03:00
pezkuwichain 60285fa223 chore: clean up debug logs from Edge Functions and frontend 2026-02-07 06:44:50 +03:00
pezkuwichain ca404f2417 fix: auto-create user in tg_users when reacting 2026-02-07 06:21:34 +03:00
pezkuwichain d98ae6dd81 fix: use initData directly for reactions instead of session token 2026-02-07 06:12:47 +03:00
pezkuwichain 4674e06251 debug: add retry auth button and increase wait time to 5s 2026-02-07 05:40:20 +03:00
pezkuwichain 60a089daa5 debug: add early auth logging 2026-02-07 04:39:54 +03:00
pezkuwichain b79fb83447 debug: improve error logging 2026-02-07 04:28:38 +03:00
pezkuwichain 760db703c5 debug: add auth logging to troubleshoot login issue 2026-02-07 03:36:05 +03:00
pezkuwichain cd5ef71505 feat: add secure announcement reactions with session token validation 
- Add announcement-reaction Edge Function for secure like/dislike
- Update telegram-auth to sync users to tg_users table
- Update useAnnouncementReaction hook to use Edge Function
- Add bridge announcement script and migration
 2026-02-07 03:19:15 +03:00
pezkuwichain 2cf40459d3 fix: use Kurdish terminology (Xal instead of Puanlar) 2026-02-07 01:33:15 +03:00
pezkuwichain 55be8a2a43 security: add HMAC session validation to all Edge Functions 
- create-offer-telegram: HMAC token + restricted CORS
- get-my-offers: HMAC token + restricted CORS
- verify-deposit-telegram: HMAC token + restricted CORS
- process-withdraw: restricted CORS (cron/admin only)
 2026-02-06 04:55:02 +03:00
pezkuwichain 3f8c8f4311 feat: add session token support for P2P cross-app auth 
- AuthContext now stores and exposes sessionToken from telegram-auth
- App.tsx sends session_token instead of tg_id to P2P
- Enables secure cross-app authentication without from_miniapp method
 2026-02-06 04:34:49 +03:00
pezkuwichain 0c1c440382 security: add secure RLS policies for financial tables 
- P2P/financial tables: service_role only (highest security)
- Admin/system tables: service_role only
- User/announcement tables: public read, service write
- Forum/thread tables: authenticated can write (social features)
 2026-02-06 04:19:32 +03:00
pezkuwichain 7c02b8dd83 security: harden telegram-auth Edge Function 
- Remove insecure from_miniapp auth method (telegram_id spoofing vulnerability)
- Implement HMAC-SHA256 signed session tokens (replace weak Base64 encoding)
- Reduce token expiry from 7 days to 24 hours
- Restrict CORS to production domains only (telegram.pezkuwichain.io, t.me)
- Add detailed debug logging for troubleshooting
 2026-02-06 04:06:49 +03:00
pezkuwichain 1e21b1c40d fix: revert edge function, add RLS policies 2026-02-05 16:02:30 +03:00
pezkuwichain ddd28705c1 Initial commit - PezkuwiChain Telegram MiniApp 2026-02-05 10:53:13 +03:00