pezkuwichain/pezkuwi-telegram-miniapp
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-telegram-miniapp.git synced 2026-05-01 03:08:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
55 Commits 3 Branches 0 Tags
d48fb39c4e47dc71d2dd21afd7b6cfd80b12596e
Commit Graph

21 Commits

Author SHA1 Message Date
pezkuwichain 107dbbacdf feat: add platform fees for deposit networks 
- TON: 0.1 USDT fee
- Polkadot: 0.1 USDT fee
- TRC20: 3 USDT fee (unchanged)
- Update fee display in Kurdish
 2026-02-08 05:58:45 +03:00
pezkuwichain bf8a3cc06c fix: auto-sync wallet address to tg_users for deposit system 2026-02-08 04:24:06 +03:00
pezkuwichain c100e99c0d feat: add transfer fields to deposits table 2026-02-08 03:56:36 +03:00
pezkuwichain 9cf241e859 feat: add USDT deposit system with TON, Polkadot, TRC20 support 2026-02-08 03:13:52 +03:00
pezkuwichain 734a8111db feat: add multi-network USDT deposit (TON, Polkadot, TRC20 HD wallet) 2026-02-08 02:00:20 +03:00
pezkuwichain 456bbf1dd2 feat: add USDT deposit system with TRC20 and Polkadot support 2026-02-08 01:14:21 +03:00
pezkuwichain 60285fa223 chore: clean up debug logs from Edge Functions and frontend 2026-02-07 06:44:50 +03:00
pezkuwichain ca404f2417 fix: auto-create user in tg_users when reacting 2026-02-07 06:21:34 +03:00
pezkuwichain d98ae6dd81 fix: use initData directly for reactions instead of session token 2026-02-07 06:12:47 +03:00
pezkuwichain 4674e06251 debug: add retry auth button and increase wait time to 5s 2026-02-07 05:40:20 +03:00
pezkuwichain 60a089daa5 debug: add early auth logging 2026-02-07 04:39:54 +03:00
pezkuwichain b79fb83447 debug: improve error logging 2026-02-07 04:28:38 +03:00
pezkuwichain 760db703c5 debug: add auth logging to troubleshoot login issue 2026-02-07 03:36:05 +03:00
pezkuwichain cd5ef71505 feat: add secure announcement reactions with session token validation 
- Add announcement-reaction Edge Function for secure like/dislike
- Update telegram-auth to sync users to tg_users table
- Update useAnnouncementReaction hook to use Edge Function
- Add bridge announcement script and migration
 2026-02-07 03:19:15 +03:00
pezkuwichain 2cf40459d3 fix: use Kurdish terminology (Xal instead of Puanlar) 2026-02-07 01:33:15 +03:00
pezkuwichain 55be8a2a43 security: add HMAC session validation to all Edge Functions 
- create-offer-telegram: HMAC token + restricted CORS
- get-my-offers: HMAC token + restricted CORS
- verify-deposit-telegram: HMAC token + restricted CORS
- process-withdraw: restricted CORS (cron/admin only)
 2026-02-06 04:55:02 +03:00
pezkuwichain 3f8c8f4311 feat: add session token support for P2P cross-app auth 
- AuthContext now stores and exposes sessionToken from telegram-auth
- App.tsx sends session_token instead of tg_id to P2P
- Enables secure cross-app authentication without from_miniapp method
 2026-02-06 04:34:49 +03:00
pezkuwichain 0c1c440382 security: add secure RLS policies for financial tables 
- P2P/financial tables: service_role only (highest security)
- Admin/system tables: service_role only
- User/announcement tables: public read, service write
- Forum/thread tables: authenticated can write (social features)
 2026-02-06 04:19:32 +03:00
pezkuwichain 7c02b8dd83 security: harden telegram-auth Edge Function 
- Remove insecure from_miniapp auth method (telegram_id spoofing vulnerability)
- Implement HMAC-SHA256 signed session tokens (replace weak Base64 encoding)
- Reduce token expiry from 7 days to 24 hours
- Restrict CORS to production domains only (telegram.pezkuwichain.io, t.me)
- Add detailed debug logging for troubleshooting
 2026-02-06 04:06:49 +03:00
pezkuwichain 1e21b1c40d fix: revert edge function, add RLS policies 2026-02-05 16:02:30 +03:00
pezkuwichain ddd28705c1 Initial commit - PezkuwiChain Telegram MiniApp 2026-02-05 10:53:13 +03:00