pezkuwichain/pezkuwi-telegram-miniapp
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-telegram-miniapp.git synced 2026-04-21 23:37:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
112 Commits 2 Branches 0 Tags
main
Commit Graph

112 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
pezkuwichain c35c538678 fix: LP staking logout issue and Kurdish text correction 
- Replace window.location.reload() with onClose() in LPStakingModal
- Fix Turkish word "ise" to Kurdish "be" in Rewards score formula
 2026-02-07 02:07:37 +03:00
pezkuwichain 2cf40459d3 fix: use Kurdish terminology (Xal instead of Puanlar) 2026-02-07 01:33:15 +03:00
pezkuwichain 122e38e306 feat: add staking and presale buttons to wallet quick actions 
- Change quick actions grid from 2x2 to 2x3 with smaller buttons
- Add LP Staking modal with stake/unstake/claim rewards functionality
- Add Presale button with coming soon message
 2026-02-07 01:20:16 +03:00
pezkuwichain 1a7609c14c feat: add scores tab and DOT token to send list 
- Add Puanlar (Scores) tab to Xelat section showing trust, staking, referral, tiki scores
- Add scores.ts lib with frontend fallback for staking and trust score calculation
- Add DOT token (asset ID 1001) to sendable tokens list
 2026-02-07 01:10:09 +03:00
pezkuwichain 57f9d9e7ff fix: improve edge function error handling and display 2026-02-06 20:04:46 +03:00
pezkuwichain e97bc0f56b fix: add auth error display and fix retry button 2026-02-06 19:48:42 +03:00
pezkuwichain 55be8a2a43 security: add HMAC session validation to all Edge Functions 
- create-offer-telegram: HMAC token + restricted CORS
- get-my-offers: HMAC token + restricted CORS
- verify-deposit-telegram: HMAC token + restricted CORS
- process-withdraw: restricted CORS (cron/admin only)
 2026-02-06 04:55:02 +03:00
pezkuwichain 3f8c8f4311 feat: add session token support for P2P cross-app auth 
- AuthContext now stores and exposes sessionToken from telegram-auth
- App.tsx sends session_token instead of tg_id to P2P
- Enables secure cross-app authentication without from_miniapp method
 2026-02-06 04:34:49 +03:00
pezkuwichain 0c1c440382 security: add secure RLS policies for financial tables 
- P2P/financial tables: service_role only (highest security)
- Admin/system tables: service_role only
- User/announcement tables: public read, service write
- Forum/thread tables: authenticated can write (social features)
 2026-02-06 04:19:32 +03:00
pezkuwichain 7c02b8dd83 security: harden telegram-auth Edge Function 
- Remove insecure from_miniapp auth method (telegram_id spoofing vulnerability)
- Implement HMAC-SHA256 signed session tokens (replace weak Base64 encoding)
- Reduce token expiry from 7 days to 24 hours
- Restrict CORS to production domains only (telegram.pezkuwichain.io, t.me)
- Add detailed debug logging for troubleshooting
 2026-02-06 04:06:49 +03:00
pezkuwichain 1e21b1c40d fix: revert edge function, add RLS policies 2026-02-05 16:02:30 +03:00
pezkuwichain ddd28705c1 Initial commit - PezkuwiChain Telegram MiniApp 2026-02-05 10:53:13 +03:00