pezkuwi-telegram-miniapp

mirror of https://github.com/pezkuwichain/pezkuwi-telegram-miniapp.git synced 2026-04-25 11:57:57 +00:00

Author	SHA1	Message	Date
pezkuwichain	44a4b9395b	feat(supabase): add pezkiwi.app CORS and multi-bot-token auth support - Add telegram.pezkiwi.app to CORS allowed origins in all edge functions - Support multiple bot tokens (TELEGRAM_BOT_TOKEN, TELEGRAM_BOT_TOKEN_KRD) in auth - Dynamic origin matching for proper CORS headers	2026-02-14 11:09:14 +03:00
pezkuwichain	60285fa223	chore: clean up debug logs from Edge Functions and frontend	2026-02-07 06:44:50 +03:00
pezkuwichain	4674e06251	debug: add retry auth button and increase wait time to 5s	2026-02-07 05:40:20 +03:00
pezkuwichain	60a089daa5	debug: add early auth logging	2026-02-07 04:39:54 +03:00
pezkuwichain	b79fb83447	debug: improve error logging	2026-02-07 04:28:38 +03:00
pezkuwichain	cd5ef71505	feat: add secure announcement reactions with session token validation - Add announcement-reaction Edge Function for secure like/dislike - Update telegram-auth to sync users to tg_users table - Update useAnnouncementReaction hook to use Edge Function - Add bridge announcement script and migration	2026-02-07 03:19:15 +03:00
pezkuwichain	2cf40459d3	fix: use Kurdish terminology (Xal instead of Puanlar)	2026-02-07 01:33:15 +03:00
pezkuwichain	7c02b8dd83	security: harden telegram-auth Edge Function - Remove insecure from_miniapp auth method (telegram_id spoofing vulnerability) - Implement HMAC-SHA256 signed session tokens (replace weak Base64 encoding) - Reduce token expiry from 7 days to 24 hours - Restrict CORS to production domains only (telegram.pezkuwichain.io, t.me) - Add detailed debug logging for troubleshooting	2026-02-06 04:06:49 +03:00
pezkuwichain	1e21b1c40d	fix: revert edge function, add RLS policies	2026-02-05 16:02:30 +03:00
pezkuwichain	ddd28705c1	Initial commit - PezkuwiChain Telegram MiniApp	2026-02-05 10:53:13 +03:00

10 Commits