pezkuwichain/pezkuwi-telegram-miniapp
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-telegram-miniapp.git synced 2026-04-22 04:17:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
66 Commits 2 Branches 0 Tags
e93cb143e2f795651bb11b7df8d733bec30d4e48
Commit Graph

25 Commits

Author SHA1 Message Date
pezkuwichain 8f4b9087f3 feat: simplify Be Citizen flow - remove wallet steps, add seed phrase input 
- Remove wallet setup/create/import/connect steps from CitizenPage
- Add privacy notice banner with Shield icon to form
- Add seed phrase textarea with mnemonic validation
- CitizenProcessing creates keypair directly from seed phrase
- CitizenSuccess shows 3-step next process info
- Add /citizens path support alongside ?page=citizen
- Update bot URL to /citizens
- Add 10 new i18n keys in all 6 languages
 2026-02-14 23:24:59 +03:00
pezkuwichain 59d4f3e6a1 fix: preserve query params in i18n URL, make seed phrase copyable in bot 2026-02-14 21:08:28 +03:00
pezkuwichain b8ab86028f feat: add Be Citizen page with 6-language support 2026-02-14 20:44:17 +03:00
pezkuwichain 44a4b9395b feat(supabase): add pezkiwi.app CORS and multi-bot-token auth support 
- Add telegram.pezkiwi.app to CORS allowed origins in all edge functions
- Support multiple bot tokens (TELEGRAM_BOT_TOKEN, TELEGRAM_BOT_TOKEN_KRD) in auth
- Dynamic origin matching for proper CORS headers
 2026-02-14 11:09:14 +03:00
pezkuwichain 107dbbacdf feat: add platform fees for deposit networks 
- TON: 0.1 USDT fee
- Polkadot: 0.1 USDT fee
- TRC20: 3 USDT fee (unchanged)
- Update fee display in Kurdish
 2026-02-08 05:58:45 +03:00
pezkuwichain bf8a3cc06c fix: auto-sync wallet address to tg_users for deposit system 2026-02-08 04:24:06 +03:00
pezkuwichain c100e99c0d feat: add transfer fields to deposits table 2026-02-08 03:56:36 +03:00
pezkuwichain 9cf241e859 feat: add USDT deposit system with TON, Polkadot, TRC20 support 2026-02-08 03:13:52 +03:00
pezkuwichain 734a8111db feat: add multi-network USDT deposit (TON, Polkadot, TRC20 HD wallet) 2026-02-08 02:00:20 +03:00
pezkuwichain 456bbf1dd2 feat: add USDT deposit system with TRC20 and Polkadot support 2026-02-08 01:14:21 +03:00
pezkuwichain 60285fa223 chore: clean up debug logs from Edge Functions and frontend 2026-02-07 06:44:50 +03:00
pezkuwichain ca404f2417 fix: auto-create user in tg_users when reacting 2026-02-07 06:21:34 +03:00
pezkuwichain d98ae6dd81 fix: use initData directly for reactions instead of session token 2026-02-07 06:12:47 +03:00
pezkuwichain 4674e06251 debug: add retry auth button and increase wait time to 5s 2026-02-07 05:40:20 +03:00
pezkuwichain 60a089daa5 debug: add early auth logging 2026-02-07 04:39:54 +03:00
pezkuwichain b79fb83447 debug: improve error logging 2026-02-07 04:28:38 +03:00
pezkuwichain 760db703c5 debug: add auth logging to troubleshoot login issue 2026-02-07 03:36:05 +03:00
pezkuwichain cd5ef71505 feat: add secure announcement reactions with session token validation 
- Add announcement-reaction Edge Function for secure like/dislike
- Update telegram-auth to sync users to tg_users table
- Update useAnnouncementReaction hook to use Edge Function
- Add bridge announcement script and migration
 2026-02-07 03:19:15 +03:00
pezkuwichain 2cf40459d3 fix: use Kurdish terminology (Xal instead of Puanlar) 2026-02-07 01:33:15 +03:00
pezkuwichain 55be8a2a43 security: add HMAC session validation to all Edge Functions 
- create-offer-telegram: HMAC token + restricted CORS
- get-my-offers: HMAC token + restricted CORS
- verify-deposit-telegram: HMAC token + restricted CORS
- process-withdraw: restricted CORS (cron/admin only)
 2026-02-06 04:55:02 +03:00
pezkuwichain 3f8c8f4311 feat: add session token support for P2P cross-app auth 
- AuthContext now stores and exposes sessionToken from telegram-auth
- App.tsx sends session_token instead of tg_id to P2P
- Enables secure cross-app authentication without from_miniapp method
 2026-02-06 04:34:49 +03:00
pezkuwichain 0c1c440382 security: add secure RLS policies for financial tables 
- P2P/financial tables: service_role only (highest security)
- Admin/system tables: service_role only
- User/announcement tables: public read, service write
- Forum/thread tables: authenticated can write (social features)
 2026-02-06 04:19:32 +03:00
pezkuwichain 7c02b8dd83 security: harden telegram-auth Edge Function 
- Remove insecure from_miniapp auth method (telegram_id spoofing vulnerability)
- Implement HMAC-SHA256 signed session tokens (replace weak Base64 encoding)
- Reduce token expiry from 7 days to 24 hours
- Restrict CORS to production domains only (telegram.pezkuwichain.io, t.me)
- Add detailed debug logging for troubleshooting
 2026-02-06 04:06:49 +03:00
pezkuwichain 1e21b1c40d fix: revert edge function, add RLS policies 2026-02-05 16:02:30 +03:00
pezkuwichain ddd28705c1 Initial commit - PezkuwiChain Telegram MiniApp 2026-02-05 10:53:13 +03:00