pezkuwichain/pezkuwi-telegram-miniapp
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-telegram-miniapp.git synced 2026-04-25 02:37:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
16 Commits 2 Branches 0 Tags
0d9b8fee4faf61ba2ea88b7e0978ec7e4fc4c0f9
Commit Graph

5 Commits

Author SHA1 Message Date
pezkuwichain 2cf40459d3 fix: use Kurdish terminology (Xal instead of Puanlar) 2026-02-07 01:33:15 +03:00
pezkuwichain 55be8a2a43 security: add HMAC session validation to all Edge Functions 
- create-offer-telegram: HMAC token + restricted CORS
- get-my-offers: HMAC token + restricted CORS
- verify-deposit-telegram: HMAC token + restricted CORS
- process-withdraw: restricted CORS (cron/admin only)
 2026-02-06 04:55:02 +03:00
pezkuwichain 7c02b8dd83 security: harden telegram-auth Edge Function 
- Remove insecure from_miniapp auth method (telegram_id spoofing vulnerability)
- Implement HMAC-SHA256 signed session tokens (replace weak Base64 encoding)
- Reduce token expiry from 7 days to 24 hours
- Restrict CORS to production domains only (telegram.pezkuwichain.io, t.me)
- Add detailed debug logging for troubleshooting
 2026-02-06 04:06:49 +03:00
pezkuwichain 1e21b1c40d fix: revert edge function, add RLS policies 2026-02-05 16:02:30 +03:00
pezkuwichain ddd28705c1 Initial commit - PezkuwiChain Telegram MiniApp 2026-02-05 10:53:13 +03:00