pezkuwichain/pwap
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pwap.git synced 2026-04-22 04:27:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: update edge functions for wallet-based auth

Browse Source 
- process-withdraw: replace auth.getUser() with userId from request body
- process-withdrawal: fix esm.sh imports to npm: style (@pezkuwi/api@16.5.11)
This commit is contained in:
Kurdistan Tech Ministry
2026-02-23 20:09:36 +03:00
parent 6cfc64475c
commit 1f9111bdd4
2 changed files with 20 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files
web/supabase/functions/process-withdraw/index.ts
+16 -22
View File
@@ -49,6 +49,7 @@ const WITHDRAW_FEE = {
interface WithdrawRequest {
requestId?: string // If processing specific request
userId: string // Identity-based UUID (from citizen/visa number)
token?: 'HEZ' | 'PEZ'
amount?: number
walletAddress?: string
@@ -197,7 +198,6 @@ serve(async (req) => {
// Create Supabase clients
const supabaseUrl = Deno.env.get('SUPABASE_URL')!
const supabaseAnonKey = Deno.env.get('SUPABASE_ANON_KEY')!
const supabaseServiceKey = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
// Get hot wallet private key from secrets
@@ -210,34 +210,28 @@ serve(async (req) => {
)
}
// User client (to get user ID)
const userClient = createClient(supabaseUrl, supabaseAnonKey, {
global: { headers: { Authorization: authHeader } }
})
// Service role client
const serviceClient = createClient(supabaseUrl, supabaseServiceKey)
// Get current user
const { data: { user }, error: userError } = await userClient.auth.getUser()
if (userError || !user) {
return new Response(
JSON.stringify({ success: false, error: 'Unauthorized' }),
{ status: 401, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
// Parse request body
const body: WithdrawRequest = await req.json()
const { userId } = body
let { requestId, token, amount, walletAddress } = body
if (!userId) {
return new Response(
JSON.stringify({ success: false, error: 'Missing required field: userId' }),
{ status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
// Mode 1: Process existing request by ID
if (requestId) {
const { data: request, error: reqError } = await serviceClient
.from('p2p_deposit_withdraw_requests')
.select('*')
.eq('id', requestId)
.eq('user_id', user.id)
.eq('user_id', userId)
.eq('request_type', 'withdraw')
.eq('status', 'pending')
.single()
@@ -292,7 +286,7 @@ serve(async (req) => {
// Check withdrawal limits first
const { data: limitCheck, error: limitError } = await serviceClient
.rpc('check_withdrawal_limit', {
p_user_id: user.id,
p_user_id: userId,
p_amount: amount
})
@@ -311,7 +305,7 @@ serve(async (req) => {
// Create withdrawal request using database function
const { data: requestResult, error: requestError } = await serviceClient
.rpc('request_withdraw', {
p_user_id: user.id,
p_user_id: userId,
p_token: token,
p_amount: amount,
p_wallet_address: walletAddress
@@ -372,7 +366,7 @@ serve(async (req) => {
if (!sendResult.success) {
// Refund the locked balance
await serviceClient.rpc('refund_escrow_internal', {
p_user_id: user.id,
p_user_id: userId,
p_token: token,
p_amount: amount,
p_reference_type: 'withdraw_failed',
@@ -401,7 +395,7 @@ serve(async (req) => {
// Success! Complete the withdrawal using database function
const { error: completeError } = await serviceClient
.rpc('complete_withdraw', {
p_user_id: user.id,
p_user_id: userId,
p_token: token,
p_amount: amount,
p_tx_hash: sendResult.txHash,
@@ -427,7 +421,7 @@ serve(async (req) => {
// Record in withdrawal limits
await serviceClient.rpc('record_withdrawal_limit', {
p_user_id: user.id,
p_user_id: userId,
p_amount: amount
})
@@ -435,7 +429,7 @@ serve(async (req) => {
await serviceClient
.from('p2p_audit_log')
.insert({
user_id: user.id,
user_id: userId,
action: 'withdraw_completed',
entity_type: 'withdraw_request',
entity_id: requestId,