pezkuwichain/pezkuwi-telegram-miniapp
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-telegram-miniapp.git synced 2026-04-22 07:37:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
5 Commits 2 Branches 0 Tags
3f8c8f4311e8137209e8556d27abbcf0e4e1c133
Commit Graph

5 Commits

Author SHA1 Message Date
pezkuwichain 3f8c8f4311 feat: add session token support for P2P cross-app auth 
- AuthContext now stores and exposes sessionToken from telegram-auth
- App.tsx sends session_token instead of tg_id to P2P
- Enables secure cross-app authentication without from_miniapp method
 2026-02-06 04:34:49 +03:00
pezkuwichain 0c1c440382 security: add secure RLS policies for financial tables 
- P2P/financial tables: service_role only (highest security)
- Admin/system tables: service_role only
- User/announcement tables: public read, service write
- Forum/thread tables: authenticated can write (social features)
 2026-02-06 04:19:32 +03:00
pezkuwichain 7c02b8dd83 security: harden telegram-auth Edge Function 
- Remove insecure from_miniapp auth method (telegram_id spoofing vulnerability)
- Implement HMAC-SHA256 signed session tokens (replace weak Base64 encoding)
- Reduce token expiry from 7 days to 24 hours
- Restrict CORS to production domains only (telegram.pezkuwichain.io, t.me)
- Add detailed debug logging for troubleshooting
 2026-02-06 04:06:49 +03:00
pezkuwichain 1e21b1c40d fix: revert edge function, add RLS policies 2026-02-05 16:02:30 +03:00
pezkuwichain ddd28705c1 Initial commit - PezkuwiChain Telegram MiniApp 2026-02-05 10:53:13 +03:00