5 Commits

Author	SHA1	Message	Date
pezkuwichain	698c014682	feat: unified P2P identity across Telegram mini app and pwap/web ... Add p2p_user_id column to tg_users to bridge citizen/visa UUID (v5) used by pwap/web with the Supabase Auth UUID (v4) used by the mini app. - Migration: tg_users.p2p_user_id UUID (nullable, indexed) - 6 P2P edge functions: replace listUsers+find with direct tg_users lookup — resolves userId as p2p_user_id ?? id (backwards compatible) - Eliminates O(N) auth.admin.listUsers scan in every P2P call When p2p_user_id is populated (via TelegramConnect wallet link), mini app users share the same P2P balance and offers as pwap/web.	2026-04-27 13:30:09 +03:00
pezkuwichain	910610491f	fix: dual bot token auth + P2P UI logic fixes ... - All 17 edge functions now check both TELEGRAM_BOT_TOKEN and TELEGRAM_BOT_TOKEN_KRD for session verification - Add perPage:1000 to listUsers calls to prevent pagination issues - Fix offer button label: Buy tab shows "Al" (green), Sell tab shows "Sat" (red) - Fix active tab highlight with cyan color for visibility - Fix modal transparency (add --card CSS variable) - Fix withdraw tab sync (useEffect on modal open)	2026-02-27 00:53:52 +03:00
pezkuwichain	44a4b9395b	feat(supabase): add pezkiwi.app CORS and multi-bot-token auth support ... - Add telegram.pezkiwi.app to CORS allowed origins in all edge functions - Support multiple bot tokens (TELEGRAM_BOT_TOKEN, TELEGRAM_BOT_TOKEN_KRD) in auth - Dynamic origin matching for proper CORS headers	2026-02-14 11:09:14 +03:00
pezkuwichain	55be8a2a43	security: add HMAC session validation to all Edge Functions ... - create-offer-telegram: HMAC token + restricted CORS - get-my-offers: HMAC token + restricted CORS - verify-deposit-telegram: HMAC token + restricted CORS - process-withdraw: restricted CORS (cron/admin only)	2026-02-06 04:55:02 +03:00
pezkuwichain	ddd28705c1	Initial commit - PezkuwiChain Telegram MiniApp	2026-02-05 10:53:13 +03:00