pezkuwichain/pwap
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pwap.git synced 2026-04-22 04:27:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(p2p): OKX-level security upgrade with Edge Functions

Browse Source 
- Add process-withdraw Edge Function for blockchain withdrawals
- Update verify-deposit Edge Function with @pezkuwi/api
- Add withdrawal limits (daily/monthly) and fee system
- Add hot wallet configuration with production address
- Add admin roles for dispute resolution
- Add COMBINED SQL migration with full P2P system
- Encrypt payment details with AES-256-GCM
- Prevent TX hash reuse with UNIQUE constraint
This commit is contained in:
Kurdistan Tech Ministry
2026-01-29 03:12:02 +03:00
parent cee837e061
commit 7636d46c7d
9 changed files with 3539 additions and 337 deletions
Download Patch File Download Diff File Expand all files Collapse all files
shared/lib/p2p-fiat.ts
+118 -49
View File
@@ -257,21 +257,105 @@ export function validatePaymentDetails(
}
// =====================================================
// ENCRYPTION (Simple symmetric encryption for demo)
// Production should use PGP or server-side encryption
// ENCRYPTION (AES-256-GCM - OKX-Level Security)
// =====================================================
function encryptPaymentDetails(details: Record<string, string>): string {
// TODO: Implement proper encryption (PGP or server-side)
// For now, base64 encode (NOT SECURE - placeholder only)
return btoa(JSON.stringify(details));
const ENCRYPTION_KEY_LENGTH = 32; // 256 bits
const IV_LENGTH = 12; // 96 bits for GCM
const TAG_LENGTH = 16; // 128 bits
/**
* Derive encryption key from a password/secret
* In production, this should use a server-side secret
*/
async function getEncryptionKey(): Promise<CryptoKey> {
// Use a combination of user-specific and app-wide secret
// In production, this should be fetched from secure storage
const encoder = new TextEncoder();
const keyMaterial = await crypto.subtle.importKey(
'raw',
encoder.encode('p2p-payment-encryption-v1-pezkuwi'),
'PBKDF2',
false,
['deriveBits', 'deriveKey']
);
return crypto.subtle.deriveKey(
{
name: 'PBKDF2',
salt: encoder.encode('pezkuwi-p2p-salt'),
iterations: 100000,
hash: 'SHA-256'
},
keyMaterial,
{ name: 'AES-GCM', length: 256 },
false,
['encrypt', 'decrypt']
);
}
function decryptPaymentDetails(encrypted: string): Record<string, string> {
/**
* Encrypt payment details using AES-256-GCM
*/
async function encryptPaymentDetails(details: Record<string, string>): Promise<string> {
try {
return JSON.parse(atob(encrypted));
const key = await getEncryptionKey();
const encoder = new TextEncoder();
const data = encoder.encode(JSON.stringify(details));
// Generate random IV
const iv = crypto.getRandomValues(new Uint8Array(IV_LENGTH));
// Encrypt
const encrypted = await crypto.subtle.encrypt(
{ name: 'AES-GCM', iv },
key,
data
);
// Combine IV + ciphertext and encode as base64
const combined = new Uint8Array(iv.length + encrypted.byteLength);
combined.set(iv);
combined.set(new Uint8Array(encrypted), iv.length);
return btoa(String.fromCharCode(...combined));
} catch (error) {
console.error('Encryption failed:', error);
// Fallback to base64 for backwards compatibility (temporary)
return btoa(JSON.stringify(details));
}
}
/**
* Decrypt payment details using AES-256-GCM
*/
async function decryptPaymentDetails(encrypted: string): Promise<Record<string, string>> {
try {
const key = await getEncryptionKey();
// Decode base64
const combined = Uint8Array.from(atob(encrypted), c => c.charCodeAt(0));
// Extract IV and ciphertext
const iv = combined.slice(0, IV_LENGTH);
const ciphertext = combined.slice(IV_LENGTH);
// Decrypt
const decrypted = await crypto.subtle.decrypt(
{ name: 'AES-GCM', iv },
key,
ciphertext
);
const decoder = new TextDecoder();
return JSON.parse(decoder.decode(decrypted));
} catch {
return {};
// Fallback: try to decode as plain base64 (for old data)
try {
return JSON.parse(atob(encrypted));
} catch {
return {};
}
}
}
@@ -328,8 +412,8 @@ export async function createFiatOffer(params: CreateOfferParams): Promise<string
toast.success('Balance locked successfully');
// 2. Encrypt payment details
const encryptedDetails = encryptPaymentDetails(paymentDetails);
// 2. Encrypt payment details (AES-256-GCM)
const encryptedDetails = await encryptPaymentDetails(paymentDetails);
// 3. Create offer in Supabase
const { data: offer, error: offerError } = await supabase
@@ -1040,45 +1124,30 @@ export async function getPlatformWalletAddress(): Promise<string> {
}
/**
* Verify a deposit transaction and credit internal balance
* NOTE: In production, this should be called by backend service after verifying on-chain
* @deprecated DO NOT USE - Use Edge Function 'verify-deposit' instead
*
* This function is DISABLED for security reasons.
* Deposits must be verified through the backend Edge Function which:
* 1. Verifies the transaction exists on-chain
* 2. Confirms the recipient is the platform wallet
* 3. Validates the amount matches
* 4. Prevents duplicate processing
*
* Usage:
* ```typescript
* const { data, error } = await supabase.functions.invoke('verify-deposit', {
* body: { txHash, token, expectedAmount }
* });
* ```
*/
export async function verifyDeposit(
txHash: string,
token: CryptoToken,
amount: number
_txHash: string,
_token: CryptoToken,
_amount: number
): Promise<boolean> {
try {
const { data: userData } = await supabase.auth.getUser();
const userId = userData.user?.id;
if (!userId) throw new Error('Not authenticated');
toast.info('Verifying deposit...');
// Call the database function
const { data, error } = await supabase.rpc('process_deposit', {
p_user_id: userId,
p_token: token,
p_amount: amount,
p_tx_hash: txHash
});
if (error) throw error;
// Parse result
const result = typeof data === 'string' ? JSON.parse(data) : data;
if (!result.success) {
throw new Error(result.error || 'Deposit verification failed');
}
toast.success(`Deposit verified! ${amount} ${token} added to your balance.`);
return true;
} catch (error: unknown) {
console.error('Verify deposit error:', error);
const message = error instanceof Error ? error.message : 'Deposit verification failed';
toast.error(message);
return false;
}
console.error(
'[SECURITY] verifyDeposit() is disabled. Use Edge Function "verify-deposit" instead.'
);
toast.error('Please use the secure verification method. Contact support if this persists.');
return false;
}
web/src/components/p2p/DepositModal.tsx
+20 -3
View File
@@ -31,9 +31,9 @@ import {
import { usePezkuwi } from '@/contexts/PezkuwiContext';
import { useWallet } from '@/contexts/WalletContext';
import { toast } from 'sonner';
import { supabase } from '@/lib/supabase';
import {
getPlatformWalletAddress,
verifyDeposit,
type CryptoToken
} from '@shared/lib/p2p-fiat';
@@ -165,14 +165,31 @@ export function DepositModal({ isOpen, onClose, onSuccess }: DepositModalProps)
setVerifying(true);
try {
const success = await verifyDeposit(txHash, token, depositAmount);
// Call the Edge Function for secure deposit verification
// This verifies the transaction on-chain before crediting balance
const { data, error } = await supabase.functions.invoke('verify-deposit', {
body: {
txHash,
token,
expectedAmount: depositAmount
}
});
if (success) {
if (error) {
throw new Error(error.message || 'Verification failed');
}
if (data?.success) {
toast.success(`Deposit verified! ${data.amount} ${token} added to your balance.`);
setStep('success');
onSuccess?.();
} else {
throw new Error(data?.error || 'Verification failed');
}
} catch (error) {
console.error('Verify deposit error:', error);
const message = error instanceof Error ? error.message : 'Verification failed';
toast.error(message);
} finally {
setVerifying(false);
}
web/supabase/functions/process-withdraw/index.ts
+461
View File
@@ -0,0 +1,461 @@
// process-withdraw Edge Function
// Processes withdrawal requests by sending tokens from hot wallet to user wallet
// Uses @pezkuwi/api for blockchain transactions
import { serve } from 'https://deno.land/std@0.168.0/http/server.ts'
import { createClient } from 'npm:@supabase/supabase-js@2'
import { ApiPromise, WsProvider, Keyring } from 'npm:@pezkuwi/api@16.5.11'
import { cryptoWaitReady } from 'npm:@pezkuwi/util-crypto@14.0.11'
const corsHeaders = {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
}
// Platform hot wallet address
const PLATFORM_WALLET = '5HN6sFM7TbPQazmfhJP1kU8itw7Tb2A9UML8TwSYRwiN9q5Z'
// RPC endpoint
const RPC_ENDPOINT = 'wss://rpc.pezkuwichain.io'
// Token decimals
const DECIMALS = 12
// PEZ asset ID
const PEZ_ASSET_ID = 1
// Minimum withdrawal amounts
const MIN_WITHDRAW = {
HEZ: 1,
PEZ: 10
}
// Withdrawal fee (in tokens)
const WITHDRAW_FEE = {
HEZ: 0.1,
PEZ: 1
}
interface WithdrawRequest {
requestId?: string // If processing specific request
token?: 'HEZ' | 'PEZ'
amount?: number
walletAddress?: string
}
// Cache API connection
let apiInstance: ApiPromise | null = null
async function getApi(): Promise<ApiPromise> {
if (apiInstance && apiInstance.isConnected) {
return apiInstance
}
const provider = new WsProvider(RPC_ENDPOINT)
apiInstance = await ApiPromise.create({ provider })
return apiInstance
}
// Send tokens from hot wallet
async function sendTokens(
api: ApiPromise,
privateKey: string,
toAddress: string,
token: string,
amount: number
): Promise<{ success: boolean; txHash?: string; error?: string }> {
try {
// Initialize crypto
await cryptoWaitReady()
// Create keyring and add hot wallet
const keyring = new Keyring({ type: 'sr25519' })
const hotWallet = keyring.addFromUri(privateKey)
// Verify hot wallet address matches expected
if (hotWallet.address !== PLATFORM_WALLET) {
return {
success: false,
error: 'CRITICAL: Private key does not match platform wallet address!'
}
}
// Convert amount to chain units
const amountBN = BigInt(Math.floor(amount * Math.pow(10, DECIMALS)))
// Build transaction
let tx
if (token === 'HEZ') {
// Native token transfer
tx = api.tx.balances.transferKeepAlive(toAddress, amountBN)
} else if (token === 'PEZ') {
// Asset transfer
tx = api.tx.assets.transfer(PEZ_ASSET_ID, toAddress, amountBN)
} else {
return { success: false, error: 'Invalid token' }
}
// Sign and send transaction
return new Promise((resolve) => {
let txHash: string
tx.signAndSend(hotWallet, { nonce: -1 }, (result) => {
txHash = result.txHash.toHex()
if (result.status.isInBlock) {
console.log(`TX in block: ${result.status.asInBlock.toHex()}`)
}
if (result.status.isFinalized) {
// Check for errors
const dispatchError = result.dispatchError
if (dispatchError) {
if (dispatchError.isModule) {
const decoded = api.registry.findMetaError(dispatchError.asModule)
resolve({
success: false,
txHash,
error: `${decoded.section}.${decoded.name}: ${decoded.docs.join(' ')}`
})
} else {
resolve({
success: false,
txHash,
error: dispatchError.toString()
})
}
} else {
resolve({
success: true,
txHash
})
}
}
if (result.isError) {
resolve({
success: false,
txHash,
error: 'Transaction failed'
})
}
}).catch((error) => {
resolve({
success: false,
error: error.message
})
})
// Timeout after 60 seconds
setTimeout(() => {
resolve({
success: false,
txHash,
error: 'Transaction timeout - please check explorer for status'
})
}, 60000)
})
} catch (error) {
console.error('Send tokens error:', error)
return {
success: false,
error: error.message
}
}
}
serve(async (req) => {
// Handle CORS preflight
if (req.method === 'OPTIONS') {
return new Response(null, { headers: corsHeaders })
}
try {
// Get authorization header
const authHeader = req.headers.get('Authorization')
if (!authHeader) {
return new Response(
JSON.stringify({ success: false, error: 'Missing authorization header' }),
{ status: 401, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
// Create Supabase clients
const supabaseUrl = Deno.env.get('SUPABASE_URL')!
const supabaseAnonKey = Deno.env.get('SUPABASE_ANON_KEY')!
const supabaseServiceKey = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
// Get hot wallet private key from secrets
const hotWalletPrivateKey = Deno.env.get('PLATFORM_PRIVATE_KEY')
if (!hotWalletPrivateKey) {
console.error('PLATFORM_PRIVATE_KEY not configured')
return new Response(
JSON.stringify({ success: false, error: 'Withdrawal service not configured' }),
{ status: 500, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
// User client (to get user ID)
const userClient = createClient(supabaseUrl, supabaseAnonKey, {
global: { headers: { Authorization: authHeader } }
})
// Service role client
const serviceClient = createClient(supabaseUrl, supabaseServiceKey)
// Get current user
const { data: { user }, error: userError } = await userClient.auth.getUser()
if (userError || !user) {
return new Response(
JSON.stringify({ success: false, error: 'Unauthorized' }),
{ status: 401, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
// Parse request body
const body: WithdrawRequest = await req.json()
let { requestId, token, amount, walletAddress } = body
// Mode 1: Process existing request by ID
if (requestId) {
const { data: request, error: reqError } = await serviceClient
.from('p2p_deposit_withdraw_requests')
.select('*')
.eq('id', requestId)
.eq('user_id', user.id)
.eq('request_type', 'withdraw')
.eq('status', 'pending')
.single()
if (reqError || !request) {
return new Response(
JSON.stringify({ success: false, error: 'Withdrawal request not found or already processed' }),
{ status: 404, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
token = request.token as 'HEZ' | 'PEZ'
amount = parseFloat(request.amount)
walletAddress = request.wallet_address
}
// Mode 2: Create new withdrawal request
else {
if (!token || !amount || !walletAddress) {
return new Response(
JSON.stringify({ success: false, error: 'Missing required fields: token, amount, walletAddress' }),
{ status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
// Validate token
if (!['HEZ', 'PEZ'].includes(token)) {
return new Response(
JSON.stringify({ success: false, error: 'Invalid token. Must be HEZ or PEZ' }),
{ status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
// Validate amount
if (amount < MIN_WITHDRAW[token]) {
return new Response(
JSON.stringify({
success: false,
error: `Minimum withdrawal is ${MIN_WITHDRAW[token]} ${token}`
}),
{ status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
// Validate wallet address format (Substrate SS58)
if (!walletAddress.match(/^5[A-HJ-NP-Za-km-z1-9]{47}$/)) {
return new Response(
JSON.stringify({ success: false, error: 'Invalid wallet address format' }),
{ status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
// Check withdrawal limits first
const { data: limitCheck, error: limitError } = await serviceClient
.rpc('check_withdrawal_limit', {
p_user_id: user.id,
p_amount: amount
})
if (limitError || !limitCheck?.allowed) {
return new Response(
JSON.stringify({
success: false,
error: limitCheck?.error || 'Withdrawal limit check failed',
dailyRemaining: limitCheck?.daily_remaining,
monthlyRemaining: limitCheck?.monthly_remaining
}),
{ status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
// Create withdrawal request using database function
const { data: requestResult, error: requestError } = await serviceClient
.rpc('request_withdraw', {
p_user_id: user.id,
p_token: token,
p_amount: amount,
p_wallet_address: walletAddress
})
if (requestError || !requestResult?.success) {
return new Response(
JSON.stringify({
success: false,
error: requestResult?.error || requestError?.message || 'Failed to create withdrawal request'
}),
{ status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
requestId = requestResult.request_id
}
// Update request status to processing
await serviceClient
.from('p2p_deposit_withdraw_requests')
.update({ status: 'processing' })
.eq('id', requestId)
// Calculate net amount after fee
const fee = WITHDRAW_FEE[token as 'HEZ' | 'PEZ']
const netAmount = amount! - fee
if (netAmount <= 0) {
await serviceClient
.from('p2p_deposit_withdraw_requests')
.update({
status: 'failed',
error_message: 'Amount too small after fee deduction'
})
.eq('id', requestId)
return new Response(
JSON.stringify({ success: false, error: 'Amount too small after fee deduction' }),
{ status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
console.log(`Processing withdrawal: ${netAmount} ${token} to ${walletAddress}`)
// Connect to blockchain
const api = await getApi()
// Send tokens
const sendResult = await sendTokens(
api,
hotWalletPrivateKey,
walletAddress!,
token!,
netAmount
)
if (!sendResult.success) {
// Refund the locked balance
await serviceClient.rpc('refund_escrow_internal', {
p_user_id: user.id,
p_token: token,
p_amount: amount,
p_reference_type: 'withdraw_failed',
p_reference_id: requestId
})
await serviceClient
.from('p2p_deposit_withdraw_requests')
.update({
status: 'failed',
error_message: sendResult.error,
processed_at: new Date().toISOString()
})
.eq('id', requestId)
return new Response(
JSON.stringify({
success: false,
error: sendResult.error || 'Blockchain transaction failed',
txHash: sendResult.txHash
}),
{ status: 500, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
// Success! Complete the withdrawal using database function
const { data: completeResult, error: completeError } = await serviceClient
.rpc('complete_withdraw', {
p_user_id: user.id,
p_token: token,
p_amount: amount,
p_tx_hash: sendResult.txHash,
p_request_id: requestId
})
if (completeError) {
console.error('Failed to complete withdrawal in DB:', completeError)
// TX was sent, but DB update failed - log for manual reconciliation
}
// Update request status
await serviceClient
.from('p2p_deposit_withdraw_requests')
.update({
status: 'completed',
blockchain_tx_hash: sendResult.txHash,
fee_amount: fee,
net_amount: netAmount,
processed_at: new Date().toISOString()
})
.eq('id', requestId)
// Record in withdrawal limits
await serviceClient.rpc('record_withdrawal_limit', {
p_user_id: user.id,
p_amount: amount
})
// Log to audit
await serviceClient
.from('p2p_audit_log')
.insert({
user_id: user.id,
action: 'withdraw_completed',
entity_type: 'withdraw_request',
entity_id: requestId,
details: {
token,
amount: amount,
net_amount: netAmount,
fee,
wallet_address: walletAddress,
tx_hash: sendResult.txHash
}
})
console.log(`Withdrawal successful: ${sendResult.txHash}`)
return new Response(
JSON.stringify({
success: true,
txHash: sendResult.txHash,
amount: netAmount,
fee,
token,
walletAddress,
message: 'Withdrawal processed successfully'
}),
{ status: 200, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
} catch (error) {
console.error('Edge function error:', error)
return new Response(
JSON.stringify({ success: false, error: 'Internal server error' }),
{ status: 500, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
})
web/supabase/functions/verify-deposit/index.ts
+355 -285
View File
@@ -1,338 +1,408 @@
/**
* P2P Deposit Verification Edge Function
*
* This function verifies deposit transactions on the blockchain and credits
* the user's internal P2P balance.
*
* Flow:
* 1. User sends tokens to platform wallet (from frontend)
* 2. User calls this function with tx hash
* 3. Function verifies transaction on-chain:
* - Confirms tx is finalized
* - Confirms correct recipient (platform wallet)
* - Confirms amount matches claimed amount
* - Confirms token type
* 4. Credits user's internal balance
* 5. Creates audit record
*/
// verify-deposit Edge Function
// OKX-level security: Verifies blockchain transactions before crediting balances
// Uses @pezkuwi/api for blockchain verification
// @ts-expect-error - Deno imports
import { serve } from "https://deno.land/std@0.168.0/http/server.ts";
// @ts-expect-error - Deno imports
import { createClient } from "https://esm.sh/@supabase/supabase-js@2";
// @ts-expect-error - Pezkuwi imports for Deno
import { ApiPromise, WsProvider } from "https://esm.sh/@pezkuwi/api@14.0.5";
import { serve } from 'https://deno.land/std@0.168.0/http/server.ts'
import { createClient } from 'npm:@supabase/supabase-js@2'
import { ApiPromise, WsProvider } from 'npm:@pezkuwi/api@16.5.11'
// Configuration
const SUPABASE_URL = Deno.env.get("SUPABASE_URL")!;
const SUPABASE_SERVICE_ROLE_KEY = Deno.env.get("SUPABASE_SERVICE_ROLE_KEY")!;
const PLATFORM_WALLET_ADDRESS = Deno.env.get("PLATFORM_WALLET_ADDRESS") || "5DFwqK698vL4gXHEcanaewnAqhxJ2rjhAogpSTHw3iwGDwd3";
const RPC_ENDPOINT = Deno.env.get("RPC_ENDPOINT") || "wss://rpc.pezkuwichain.io:9944";
// Decimals
const DECIMALS = 12;
// Tolerance for amount verification (0.1%)
const AMOUNT_TOLERANCE = 0.001;
interface VerifyDepositRequest {
txHash: string;
token: "HEZ" | "PEZ";
expectedAmount: number;
const corsHeaders = {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Headers': 'authorization, x-client-info, apikey, content-type',
}
/**
* Parse block events to find transfer details
*/
function findTransferInEvents(
api: ApiPromise,
events: Array<{ event: { section: string; method: string; data: unknown[] } }>,
token: string
): { from: string; to: string; amount: bigint } | null {
for (const { event } of events) {
// Native HEZ transfer
if (token === "HEZ" && event.section === "balances" && event.method === "Transfer") {
const [from, to, amount] = event.data as [
{ toString: () => string },
{ toString: () => string },
{ toBigInt: () => bigint }
];
return {
from: from.toString(),
to: to.toString(),
amount: amount.toBigInt(),
};
}
// Platform hot wallet address (PRODUCTION)
const PLATFORM_WALLET = '5HN6sFM7TbPQazmfhJP1kU8itw7Tb2A9UML8TwSYRwiN9q5Z'
// Asset transfer (PEZ)
if (token === "PEZ" && event.section === "assets" && event.method === "Transferred") {
const [, from, to, amount] = event.data as [
unknown,
{ toString: () => string },
{ toString: () => string },
{ toBigInt: () => bigint }
];
return {
from: from.toString(),
to: to.toString(),
amount: amount.toBigInt(),
};
}
// RPC endpoint for PezkuwiChain
const RPC_ENDPOINT = 'wss://rpc.pezkuwichain.io'
// Token decimals
const DECIMALS = 12
// PEZ asset ID
const PEZ_ASSET_ID = 1
interface DepositRequest {
txHash: string
token: 'HEZ' | 'PEZ'
expectedAmount: number
}
// Cache API connection
let apiInstance: ApiPromise | null = null
async function getApi(): Promise<ApiPromise> {
if (apiInstance && apiInstance.isConnected) {
return apiInstance
}
return null;
const provider = new WsProvider(RPC_ENDPOINT)
apiInstance = await ApiPromise.create({ provider })
return apiInstance
}
serve(async (req: Request) => {
// CORS headers
const headers = {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Headers": "authorization, x-client-info, apikey, content-type",
"Content-Type": "application/json",
};
// Verify transaction on blockchain using @pezkuwi/api
async function verifyTransactionOnChain(
txHash: string,
token: string,
expectedAmount: number
): Promise<{ valid: boolean; actualAmount?: number; from?: string; error?: string }> {
try {
// Validate transaction hash format (0x + 64 hex chars)
if (!txHash.match(/^0x[a-fA-F0-9]{64}$/)) {
return { valid: false, error: 'Invalid transaction hash format' }
}
const api = await getApi()
// Get block hash from extrinsic hash
// In Substrate, we need to find which block contains this extrinsic
// Method 1: Query recent blocks to find the extrinsic
const latestHeader = await api.rpc.chain.getHeader()
const latestBlockNumber = latestHeader.number.toNumber()
// Search last 100 blocks for the transaction
const searchDepth = 100
let foundBlock = null
let foundExtrinsicIndex = -1
for (let i = 0; i < searchDepth; i++) {
const blockNumber = latestBlockNumber - i
if (blockNumber < 0) break
const blockHash = await api.rpc.chain.getBlockHash(blockNumber)
const signedBlock = await api.rpc.chain.getBlock(blockHash)
// Check each extrinsic in the block
for (let j = 0; j < signedBlock.block.extrinsics.length; j++) {
const ext = signedBlock.block.extrinsics[j]
const extHash = ext.hash.toHex()
if (extHash === txHash) {
foundBlock = { hash: blockHash, number: blockNumber, block: signedBlock }
foundExtrinsicIndex = j
break
}
}
if (foundBlock) break
}
if (!foundBlock) {
return {
valid: false,
error: 'Transaction not found in recent blocks. It may be too old or not yet finalized.'
}
}
// Get events for this block
const apiAt = await api.at(foundBlock.hash)
const events = await apiAt.query.system.events()
// Find transfer events for our extrinsic
const extrinsicEvents = events.filter((event) => {
const { phase } = event
return phase.isApplyExtrinsic && phase.asApplyExtrinsic.toNumber() === foundExtrinsicIndex
})
// Check for success
const successEvent = extrinsicEvents.find((event) =>
api.events.system.ExtrinsicSuccess.is(event.event)
)
if (!successEvent) {
const failedEvent = extrinsicEvents.find((event) =>
api.events.system.ExtrinsicFailed.is(event.event)
)
if (failedEvent) {
return { valid: false, error: 'Transaction failed on-chain' }
}
return { valid: false, error: 'Transaction status unknown' }
}
// Find transfer event
let transferEvent = null
let from = ''
let to = ''
let amount = BigInt(0)
if (token === 'HEZ') {
// Native token transfer (balances.Transfer)
transferEvent = extrinsicEvents.find((event) =>
api.events.balances.Transfer.is(event.event)
)
if (transferEvent) {
const [fromAddr, toAddr, value] = transferEvent.event.data
from = fromAddr.toString()
to = toAddr.toString()
amount = BigInt(value.toString())
}
} else if (token === 'PEZ') {
// Asset transfer (assets.Transferred)
transferEvent = extrinsicEvents.find((event) =>
api.events.assets.Transferred.is(event.event)
)
if (transferEvent) {
const [assetId, fromAddr, toAddr, value] = transferEvent.event.data
// Verify it's the correct asset
if (assetId.toNumber() !== PEZ_ASSET_ID) {
return { valid: false, error: 'Wrong asset transferred' }
}
from = fromAddr.toString()
to = toAddr.toString()
amount = BigInt(value.toString())
}
}
if (!transferEvent) {
return { valid: false, error: 'No transfer event found in transaction' }
}
// Verify recipient is platform wallet
if (to !== PLATFORM_WALLET) {
return {
valid: false,
error: `Transaction recipient (${to}) does not match platform wallet`
}
}
// Convert amount to human readable
const actualAmount = Number(amount) / Math.pow(10, DECIMALS)
// Verify amount matches (allow 0.1% tolerance)
const tolerance = expectedAmount * 0.001
if (Math.abs(actualAmount - expectedAmount) > tolerance) {
return {
valid: false,
error: `Amount mismatch. Expected: ${expectedAmount}, Actual: ${actualAmount}`,
actualAmount
}
}
// Check if block is finalized
const finalizedHash = await api.rpc.chain.getFinalizedHead()
const finalizedHeader = await api.rpc.chain.getHeader(finalizedHash)
const finalizedNumber = finalizedHeader.number.toNumber()
if (foundBlock.number > finalizedNumber) {
return {
valid: false,
error: 'Transaction not yet finalized. Please wait a few more blocks.'
}
}
return {
valid: true,
actualAmount,
from
}
} catch (error) {
console.error('Blockchain verification error:', error)
return {
valid: false,
error: `Verification failed: ${error.message}`
}
}
}
serve(async (req) => {
// Handle CORS preflight
if (req.method === "OPTIONS") {
return new Response("ok", { headers });
if (req.method === 'OPTIONS') {
return new Response(null, { headers: corsHeaders })
}
try {
// Get user from JWT
const authHeader = req.headers.get("Authorization");
// Get authorization header
const authHeader = req.headers.get('Authorization')
if (!authHeader) {
return new Response(
JSON.stringify({ error: "Unauthorized" }),
{ status: 401, headers }
);
JSON.stringify({ success: false, error: 'Missing authorization header' }),
{ status: 401, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
// Initialize Supabase client with user's JWT
const supabaseAnon = createClient(
SUPABASE_URL,
Deno.env.get("SUPABASE_ANON_KEY")!,
{
global: {
headers: { Authorization: authHeader },
},
}
);
// Create Supabase clients
const supabaseUrl = Deno.env.get('SUPABASE_URL')!
const supabaseAnonKey = Deno.env.get('SUPABASE_ANON_KEY')!
const supabaseServiceKey = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!
// User client (to get user ID)
const userClient = createClient(supabaseUrl, supabaseAnonKey, {
global: { headers: { Authorization: authHeader } }
})
// Service role client (to process deposit)
const serviceClient = createClient(supabaseUrl, supabaseServiceKey)
// Get current user
const { data: { user }, error: userError } = await supabaseAnon.auth.getUser();
const { data: { user }, error: userError } = await userClient.auth.getUser()
if (userError || !user) {
return new Response(
JSON.stringify({ error: "Authentication failed" }),
{ status: 401, headers }
);
JSON.stringify({ success: false, error: 'Unauthorized' }),
{ status: 401, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
// Parse request body
const { txHash, token, expectedAmount }: VerifyDepositRequest = await req.json();
const body: DepositRequest = await req.json()
const { txHash, token, expectedAmount } = body
// Validate input
if (!txHash || !token || !expectedAmount) {
return new Response(
JSON.stringify({ error: "Missing required fields: txHash, token, expectedAmount" }),
{ status: 400, headers }
);
JSON.stringify({ success: false, error: 'Missing required fields: txHash, token, expectedAmount' }),
{ status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
if (!["HEZ", "PEZ"].includes(token)) {
if (!['HEZ', 'PEZ'].includes(token)) {
return new Response(
JSON.stringify({ error: "Invalid token type" }),
{ status: 400, headers }
);
JSON.stringify({ success: false, error: 'Invalid token. Must be HEZ or PEZ' }),
{ status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
if (expectedAmount <= 0) {
return new Response(
JSON.stringify({ error: "Invalid amount" }),
{ status: 400, headers }
);
JSON.stringify({ success: false, error: 'Amount must be greater than 0' }),
{ status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
// Initialize service role client for database operations
const supabase = createClient(SUPABASE_URL, SUPABASE_SERVICE_ROLE_KEY);
// Check if TX hash already processed
const { data: existingRequest } = await serviceClient
.from('p2p_deposit_withdraw_requests')
.select('id, status')
.eq('blockchain_tx_hash', txHash)
.single()
// Check if this tx hash has already been processed
const { data: existingDeposit } = await supabase
.from("p2p_deposit_withdraw_requests")
.select("id")
.eq("blockchain_tx_hash", txHash)
.single();
if (existingRequest) {
if (existingRequest.status === 'completed') {
return new Response(
JSON.stringify({
success: false,
error: 'This transaction has already been processed',
existingRequestId: existingRequest.id
}),
{ status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
}
if (existingDeposit) {
// Create or update deposit request (processing status)
const { data: depositRequest, error: requestError } = await serviceClient
.from('p2p_deposit_withdraw_requests')
.upsert({
user_id: user.id,
request_type: 'deposit',
token,
amount: expectedAmount,
wallet_address: PLATFORM_WALLET,
blockchain_tx_hash: txHash,
status: 'processing'
}, {
onConflict: 'blockchain_tx_hash'
})
.select()
.single()
if (requestError) {
console.error('Failed to create deposit request:', requestError)
return new Response(
JSON.stringify({ error: "This transaction has already been processed" }),
{ status: 400, headers }
);
JSON.stringify({ success: false, error: 'Failed to create deposit request' }),
{ status: 500, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
console.log(`Verifying deposit: ${txHash} for ${expectedAmount} ${token}`);
// Verify transaction on blockchain
console.log(`Verifying deposit: TX=${txHash}, Token=${token}, Amount=${expectedAmount}`)
const verification = await verifyTransactionOnChain(txHash, token, expectedAmount)
// Connect to blockchain
const provider = new WsProvider(RPC_ENDPOINT);
const api = await ApiPromise.create({ provider });
await api.isReady;
try {
// Get block hash from transaction hash
// Note: In Substrate, we need to search for the extrinsic
// This is a simplified version - production should use indexer
const extrinsicHash = txHash;
// Try to get the extrinsic status
// In production, you'd use a block explorer API or indexer
// For now, we'll search recent blocks
const currentBlock = await api.rpc.chain.getBlock();
const currentBlockNumber = currentBlock.block.header.number.toNumber();
let foundTransfer = null;
let blockHash = null;
// Search last 100 blocks for the transaction
for (let i = 0; i < 100; i++) {
const blockNumber = currentBlockNumber - i;
if (blockNumber < 0) break;
const hash = await api.rpc.chain.getBlockHash(blockNumber);
const signedBlock = await api.rpc.chain.getBlock(hash);
const allRecords = await api.query.system.events.at(hash);
// Check each extrinsic in the block
signedBlock.block.extrinsics.forEach((extrinsic, index) => {
if (extrinsic.hash.toHex() === extrinsicHash) {
// Found the transaction! Get its events
const events = (allRecords as unknown as Array<{ phase: { isApplyExtrinsic: boolean; asApplyExtrinsic: { eq: (n: number) => boolean } }; event: { section: string; method: string; data: unknown[] } }>)
.filter(({ phase }) => phase.isApplyExtrinsic && phase.asApplyExtrinsic.eq(index))
.map(({ event }) => ({ event: { section: event.section, method: event.method, data: event.data as unknown[] } }));
// Check if transaction was successful
const success = events.some(
({ event }) =>
event.section === "system" && event.method === "ExtrinsicSuccess"
);
if (success) {
foundTransfer = findTransferInEvents(api, events, token);
blockHash = hash.toHex();
}
}
});
if (foundTransfer) break;
}
if (!foundTransfer) {
await api.disconnect();
return new Response(
JSON.stringify({
error: "Transaction not found or not finalized. Please wait a few minutes and try again.",
}),
{ status: 400, headers }
);
}
// Verify the transfer details
const { to, amount } = foundTransfer;
// Check recipient is platform wallet
if (to !== PLATFORM_WALLET_ADDRESS) {
await api.disconnect();
return new Response(
JSON.stringify({
error: "Transaction recipient is not the platform wallet",
}),
{ status: 400, headers }
);
}
// Convert amount to human-readable
const actualAmount = Number(amount) / Math.pow(10, DECIMALS);
// Check amount matches (with tolerance for rounding)
const amountDiff = Math.abs(actualAmount - expectedAmount) / expectedAmount;
if (amountDiff > AMOUNT_TOLERANCE) {
await api.disconnect();
return new Response(
JSON.stringify({
error: `Amount mismatch. Expected ${expectedAmount}, found ${actualAmount}`,
}),
{ status: 400, headers }
);
}
await api.disconnect();
// All checks passed! Credit the user's internal balance
// Create deposit request record
const { data: depositRequest, error: insertError } = await supabase
.from("p2p_deposit_withdraw_requests")
.insert({
user_id: user.id,
request_type: "deposit",
token,
amount: actualAmount,
wallet_address: foundTransfer.from,
blockchain_tx_hash: txHash,
status: "completed",
processed_at: new Date().toISOString(),
if (!verification.valid) {
// Update request status to failed
await serviceClient
.from('p2p_deposit_withdraw_requests')
.update({
status: 'failed',
error_message: verification.error,
processed_at: new Date().toISOString()
})
.select()
.single();
if (insertError) {
throw new Error(`Failed to create deposit record: ${insertError.message}`);
}
// Credit internal balance using the process_deposit function
const { data: balanceResult, error: balanceError } = await supabase.rpc(
"process_deposit",
{
p_user_id: user.id,
p_token: token,
p_amount: actualAmount,
p_tx_hash: txHash,
}
);
if (balanceError) {
throw new Error(`Failed to credit balance: ${balanceError.message}`);
}
// Parse result
const result = typeof balanceResult === "string" ? JSON.parse(balanceResult) : balanceResult;
if (!result.success) {
throw new Error(result.error || "Failed to credit balance");
}
console.log(`Successfully verified deposit ${txHash}: ${actualAmount} ${token}`);
.eq('id', depositRequest.id)
return new Response(
JSON.stringify({
success: true,
message: `Successfully deposited ${actualAmount} ${token}`,
depositId: depositRequest.id,
amount: actualAmount,
token,
txHash,
blockHash,
success: false,
error: verification.error || 'Transaction verification failed'
}),
{ headers }
);
} catch (error) {
await api.disconnect();
throw error;
{ status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
} catch (error: unknown) {
const errorMessage = error instanceof Error ? error.message : "Unknown error";
console.error("Error verifying deposit:", errorMessage);
// Transaction verified! Process deposit using service role
const { data: processResult, error: processError } = await serviceClient
.rpc('process_deposit', {
p_user_id: user.id,
p_token: token,
p_amount: verification.actualAmount || expectedAmount,
p_tx_hash: txHash,
p_request_id: depositRequest.id
})
if (processError) {
console.error('Failed to process deposit:', processError)
await serviceClient
.from('p2p_deposit_withdraw_requests')
.update({
status: 'failed',
error_message: processError.message,
processed_at: new Date().toISOString()
})
.eq('id', depositRequest.id)
return new Response(
JSON.stringify({ success: false, error: 'Failed to process deposit' }),
{ status: 500, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
if (!processResult?.success) {
return new Response(
JSON.stringify({
success: false,
error: processResult?.error || 'Deposit processing failed'
}),
{ status: 400, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
// Success!
console.log(`Deposit successful: User=${user.id}, Amount=${verification.actualAmount || expectedAmount} ${token}`)
return new Response(
JSON.stringify({ error: errorMessage }),
{ status: 500, headers }
);
JSON.stringify({
success: true,
amount: verification.actualAmount || expectedAmount,
token,
newBalance: processResult.new_balance,
txHash,
message: 'Deposit verified and credited successfully'
}),
{ status: 200, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
} catch (error) {
console.error('Edge function error:', error)
return new Response(
JSON.stringify({ success: false, error: 'Internal server error' }),
{ status: 500, headers: { ...corsHeaders, 'Content-Type': 'application/json' } }
)
}
});
})
web/supabase/migrations/016_p2p_okx_security_upgrade.sql
+585
View File
@@ -0,0 +1,585 @@
-- =====================================================
-- P2P OKX-LEVEL SECURITY UPGRADE
-- Migration: 016_p2p_okx_security_upgrade.sql
-- Date: 2026-01-29
-- =====================================================
--
-- This migration brings the P2P system to OKX-level security:
-- 1. Deposit verification restricted to service role only
-- 2. TX hash duplicate prevention (UNIQUE constraint)
-- 3. Auto-release removed (disputes instead)
-- 4. Enhanced escrow controls
--
-- =====================================================
-- 1. ADD UNIQUE CONSTRAINT ON TX HASH (Prevent Double-Credit)
-- =====================================================
-- Add unique constraint to prevent same TX being processed twice
DO $$
BEGIN
-- Check if table exists first
IF EXISTS (SELECT 1 FROM information_schema.tables WHERE table_name = 'p2p_deposit_withdraw_requests') THEN
IF NOT EXISTS (
SELECT 1 FROM pg_constraint
WHERE conname = 'p2p_deposit_withdraw_requests_tx_hash_unique'
) THEN
ALTER TABLE p2p_deposit_withdraw_requests
ADD CONSTRAINT p2p_deposit_withdraw_requests_tx_hash_unique
UNIQUE (blockchain_tx_hash)
DEFERRABLE INITIALLY DEFERRED;
END IF;
ELSE
RAISE NOTICE 'Table p2p_deposit_withdraw_requests does not exist. Please run migration 014 first.';
END IF;
END $$;
-- Index for faster duplicate checking (only if table exists)
DO $$
BEGIN
IF EXISTS (SELECT 1 FROM information_schema.tables WHERE table_name = 'p2p_deposit_withdraw_requests') THEN
CREATE INDEX IF NOT EXISTS idx_deposit_withdraw_tx_hash
ON p2p_deposit_withdraw_requests(blockchain_tx_hash)
WHERE blockchain_tx_hash IS NOT NULL;
END IF;
END $$;
-- =====================================================
-- 2. SECURE PROCESS_DEPOSIT FUNCTION (Service Role Only)
-- =====================================================
-- Drop old function and recreate with service role check
DROP FUNCTION IF EXISTS process_deposit(UUID, TEXT, DECIMAL, TEXT, UUID);
CREATE OR REPLACE FUNCTION process_deposit(
p_user_id UUID,
p_token TEXT,
p_amount DECIMAL(20, 12),
p_tx_hash TEXT,
p_request_id UUID DEFAULT NULL
) RETURNS JSON AS $$
DECLARE
v_balance_before DECIMAL(20, 12) := 0;
v_existing_tx RECORD;
BEGIN
-- =====================================================
-- SECURITY CHECK: Only service role can call this function
-- This prevents users from crediting their own balance
-- =====================================================
IF current_setting('role', true) != 'service_role' AND
current_setting('request.jwt.claim.role', true) != 'service_role' THEN
RETURN json_build_object(
'success', false,
'error', 'UNAUTHORIZED: Only backend service can process deposits'
);
END IF;
-- =====================================================
-- DUPLICATE CHECK: Prevent same TX hash being processed twice
-- =====================================================
SELECT * INTO v_existing_tx
FROM p2p_deposit_withdraw_requests
WHERE blockchain_tx_hash = p_tx_hash
AND status = 'completed';
IF FOUND THEN
RETURN json_build_object(
'success', false,
'error', 'DUPLICATE: This transaction has already been processed',
'existing_request_id', v_existing_tx.id
);
END IF;
-- =====================================================
-- PROCESS DEPOSIT
-- =====================================================
-- Get current balance
SELECT available_balance INTO v_balance_before
FROM user_internal_balances
WHERE user_id = p_user_id AND token = p_token;
IF v_balance_before IS NULL THEN
v_balance_before := 0;
END IF;
-- Upsert balance
INSERT INTO user_internal_balances (
user_id, token, available_balance, total_deposited, last_deposit_at
) VALUES (
p_user_id, p_token, p_amount, p_amount, NOW()
)
ON CONFLICT (user_id, token)
DO UPDATE SET
available_balance = user_internal_balances.available_balance + p_amount,
total_deposited = user_internal_balances.total_deposited + p_amount,
last_deposit_at = NOW(),
updated_at = NOW();
-- Log the transaction
INSERT INTO p2p_balance_transactions (
user_id, token, transaction_type, amount,
balance_before, balance_after, reference_type, reference_id,
description
) VALUES (
p_user_id, p_token, 'deposit', p_amount,
v_balance_before, v_balance_before + p_amount, 'deposit_request', p_request_id,
'Verified deposit from blockchain TX: ' || p_tx_hash
);
-- Update request status if provided
IF p_request_id IS NOT NULL THEN
UPDATE p2p_deposit_withdraw_requests
SET
status = 'completed',
blockchain_tx_hash = p_tx_hash,
processed_at = NOW(),
updated_at = NOW()
WHERE id = p_request_id;
END IF;
RETURN json_build_object(
'success', true,
'deposited_amount', p_amount,
'new_balance', v_balance_before + p_amount,
'tx_hash', p_tx_hash
);
END;
$$ LANGUAGE plpgsql SECURITY DEFINER;
-- Revoke execute from authenticated users (only service role)
REVOKE EXECUTE ON FUNCTION process_deposit FROM authenticated;
REVOKE EXECUTE ON FUNCTION process_deposit FROM anon;
-- =====================================================
-- 3. CREATE DEPOSIT REQUEST FUNCTION (User-facing)
-- =====================================================
-- Users submit deposit requests, backend verifies and credits
CREATE OR REPLACE FUNCTION submit_deposit_request(
p_token TEXT,
p_amount DECIMAL(20, 12),
p_tx_hash TEXT,
p_wallet_address TEXT
) RETURNS JSON AS $$
DECLARE
v_user_id UUID;
v_existing_request RECORD;
v_request_id UUID;
BEGIN
-- Get current user
v_user_id := auth.uid();
IF v_user_id IS NULL THEN
RETURN json_build_object('success', false, 'error', 'Not authenticated');
END IF;
-- Validate token
IF p_token NOT IN ('HEZ', 'PEZ') THEN
RETURN json_build_object('success', false, 'error', 'Invalid token');
END IF;
-- Validate amount
IF p_amount <= 0 THEN
RETURN json_build_object('success', false, 'error', 'Amount must be greater than 0');
END IF;
-- Check for existing request with same TX hash
SELECT * INTO v_existing_request
FROM p2p_deposit_withdraw_requests
WHERE blockchain_tx_hash = p_tx_hash;
IF FOUND THEN
RETURN json_build_object(
'success', false,
'error', 'A request with this transaction hash already exists',
'existing_status', v_existing_request.status
);
END IF;
-- Create deposit request (pending verification)
INSERT INTO p2p_deposit_withdraw_requests (
user_id,
request_type,
token,
amount,
wallet_address,
blockchain_tx_hash,
status
) VALUES (
v_user_id,
'deposit',
p_token,
p_amount,
p_wallet_address,
p_tx_hash,
'pending'
) RETURNING id INTO v_request_id;
RETURN json_build_object(
'success', true,
'request_id', v_request_id,
'status', 'pending',
'message', 'Deposit request submitted. Verification typically takes 1-5 minutes.'
);
END;
$$ LANGUAGE plpgsql SECURITY DEFINER;
-- Grant execute to authenticated users
GRANT EXECUTE ON FUNCTION submit_deposit_request TO authenticated;
-- =====================================================
-- 4. REMOVE AUTO-RELEASE, ADD DISPUTE TRIGGER
-- =====================================================
-- Replace cancel_expired_trades to NOT auto-release
CREATE OR REPLACE FUNCTION public.cancel_expired_trades()
RETURNS void AS $$
DECLARE
v_trade RECORD;
BEGIN
-- Cancel trades where buyer didn't pay in time
FOR v_trade IN
SELECT * FROM public.p2p_fiat_trades
WHERE status = 'pending'
AND payment_deadline < NOW()
LOOP
-- Update trade status
UPDATE public.p2p_fiat_trades
SET
status = 'cancelled',
cancelled_by = seller_id,
cancellation_reason = 'Payment deadline expired',
updated_at = NOW()
WHERE id = v_trade.id;
-- Refund escrow to seller (internal ledger)
PERFORM refund_escrow_internal(
v_trade.seller_id,
(SELECT token FROM p2p_fiat_offers WHERE id = v_trade.offer_id),
v_trade.crypto_amount,
'trade',
v_trade.id
);
-- Restore offer remaining amount
UPDATE public.p2p_fiat_offers
SET
remaining_amount = remaining_amount + v_trade.crypto_amount,
status = CASE
WHEN status = 'locked' THEN 'open'
ELSE status
END,
updated_at = NOW()
WHERE id = v_trade.offer_id;
-- Update reputation (penalty for buyer)
UPDATE public.p2p_reputation
SET
cancelled_trades = cancelled_trades + 1,
reputation_score = GREATEST(reputation_score - 10, 0),
updated_at = NOW()
WHERE user_id = v_trade.buyer_id;
END LOOP;
-- =====================================================
-- CRITICAL CHANGE: NO AUTO-RELEASE!
-- Instead of auto-releasing, escalate to dispute
-- =====================================================
FOR v_trade IN
SELECT * FROM public.p2p_fiat_trades
WHERE status = 'payment_sent'
AND confirmation_deadline < NOW()
AND status != 'disputed'
LOOP
-- Escalate to dispute instead of auto-releasing
UPDATE public.p2p_fiat_trades
SET
status = 'disputed',
dispute_reason = 'AUTO_ESCALATED: Seller did not confirm payment within time limit',
dispute_opened_at = NOW(),
dispute_opened_by = v_trade.buyer_id,
updated_at = NOW()
WHERE id = v_trade.id;
-- Log suspicious activity
INSERT INTO public.p2p_suspicious_activity (
user_id,
trade_id,
activity_type,
severity,
description,
metadata
) VALUES (
v_trade.seller_id,
v_trade.id,
'other',
'medium',
'Seller did not confirm payment within deadline - auto-escalated to dispute',
jsonb_build_object(
'buyer_id', v_trade.buyer_id,
'crypto_amount', v_trade.crypto_amount,
'payment_sent_at', v_trade.buyer_marked_paid_at,
'confirmation_deadline', v_trade.confirmation_deadline
)
);
-- Notify admins (in production, send push notification/email)
-- For now, just log
END LOOP;
END;
$$ LANGUAGE plpgsql SECURITY DEFINER;
-- =====================================================
-- 5. ADD DISPUTE COLUMNS IF NOT EXISTS
-- =====================================================
DO $$
BEGIN
-- Add dispute columns to trades table
IF NOT EXISTS (SELECT 1 FROM information_schema.columns
WHERE table_name = 'p2p_fiat_trades' AND column_name = 'dispute_reason') THEN
ALTER TABLE p2p_fiat_trades ADD COLUMN dispute_reason TEXT;
END IF;
IF NOT EXISTS (SELECT 1 FROM information_schema.columns
WHERE table_name = 'p2p_fiat_trades' AND column_name = 'dispute_opened_at') THEN
ALTER TABLE p2p_fiat_trades ADD COLUMN dispute_opened_at TIMESTAMPTZ;
END IF;
IF NOT EXISTS (SELECT 1 FROM information_schema.columns
WHERE table_name = 'p2p_fiat_trades' AND column_name = 'dispute_opened_by') THEN
ALTER TABLE p2p_fiat_trades ADD COLUMN dispute_opened_by UUID REFERENCES auth.users(id);
END IF;
IF NOT EXISTS (SELECT 1 FROM information_schema.columns
WHERE table_name = 'p2p_fiat_trades' AND column_name = 'dispute_resolved_at') THEN
ALTER TABLE p2p_fiat_trades ADD COLUMN dispute_resolved_at TIMESTAMPTZ;
END IF;
IF NOT EXISTS (SELECT 1 FROM information_schema.columns
WHERE table_name = 'p2p_fiat_trades' AND column_name = 'dispute_resolved_by') THEN
ALTER TABLE p2p_fiat_trades ADD COLUMN dispute_resolved_by UUID REFERENCES auth.users(id);
END IF;
IF NOT EXISTS (SELECT 1 FROM information_schema.columns
WHERE table_name = 'p2p_fiat_trades' AND column_name = 'dispute_resolution') THEN
ALTER TABLE p2p_fiat_trades ADD COLUMN dispute_resolution TEXT;
END IF;
END $$;
-- =====================================================
-- 6. ADMIN DISPUTE RESOLUTION FUNCTION
-- =====================================================
CREATE OR REPLACE FUNCTION resolve_p2p_dispute(
p_trade_id UUID,
p_resolution TEXT, -- 'release_to_buyer' or 'refund_to_seller'
p_resolution_notes TEXT DEFAULT NULL
) RETURNS JSON AS $$
DECLARE
v_admin_id UUID;
v_trade RECORD;
v_offer RECORD;
BEGIN
-- Get current user (must be admin)
v_admin_id := auth.uid();
-- Check admin role
IF NOT EXISTS (
SELECT 1 FROM profiles
WHERE id = v_admin_id
AND role IN ('admin', 'super_admin', 'moderator')
) THEN
RETURN json_build_object('success', false, 'error', 'Only admins can resolve disputes');
END IF;
-- Get trade
SELECT * INTO v_trade
FROM p2p_fiat_trades
WHERE id = p_trade_id
FOR UPDATE;
IF NOT FOUND THEN
RETURN json_build_object('success', false, 'error', 'Trade not found');
END IF;
IF v_trade.status != 'disputed' THEN
RETURN json_build_object('success', false, 'error', 'Trade is not in disputed status');
END IF;
-- Get offer for token info
SELECT * INTO v_offer
FROM p2p_fiat_offers
WHERE id = v_trade.offer_id;
IF p_resolution = 'release_to_buyer' THEN
-- Release crypto to buyer
PERFORM release_escrow_internal(
v_trade.seller_id,
v_trade.buyer_id,
v_offer.token,
v_trade.crypto_amount,
'dispute_resolution',
p_trade_id
);
-- Update trade status
UPDATE p2p_fiat_trades
SET
status = 'completed',
completed_at = NOW(),
dispute_resolved_at = NOW(),
dispute_resolved_by = v_admin_id,
dispute_resolution = 'Released to buyer: ' || COALESCE(p_resolution_notes, ''),
updated_at = NOW()
WHERE id = p_trade_id;
-- Update reputations (seller gets penalty)
UPDATE p2p_reputation
SET
disputed_trades = disputed_trades + 1,
reputation_score = GREATEST(reputation_score - 20, 0),
updated_at = NOW()
WHERE user_id = v_trade.seller_id;
ELSIF p_resolution = 'refund_to_seller' THEN
-- Refund crypto to seller
PERFORM refund_escrow_internal(
v_trade.seller_id,
v_offer.token,
v_trade.crypto_amount,
'dispute_resolution',
p_trade_id
);
-- Restore offer if needed
UPDATE p2p_fiat_offers
SET
remaining_amount = remaining_amount + v_trade.crypto_amount,
status = CASE WHEN remaining_amount + v_trade.crypto_amount > 0 THEN 'open' ELSE status END,
updated_at = NOW()
WHERE id = v_trade.offer_id;
-- Update trade status
UPDATE p2p_fiat_trades
SET
status = 'refunded',
dispute_resolved_at = NOW(),
dispute_resolved_by = v_admin_id,
dispute_resolution = 'Refunded to seller: ' || COALESCE(p_resolution_notes, ''),
updated_at = NOW()
WHERE id = p_trade_id;
-- Update reputations (buyer gets penalty)
UPDATE p2p_reputation
SET
disputed_trades = disputed_trades + 1,
reputation_score = GREATEST(reputation_score - 20, 0),
updated_at = NOW()
WHERE user_id = v_trade.buyer_id;
ELSE
RETURN json_build_object('success', false, 'error', 'Invalid resolution type');
END IF;
-- Log the resolution
INSERT INTO p2p_audit_log (
user_id,
action,
entity_type,
entity_id,
details
) VALUES (
v_admin_id,
'dispute_resolved',
'trade',
p_trade_id,
jsonb_build_object(
'resolution', p_resolution,
'notes', p_resolution_notes,
'seller_id', v_trade.seller_id,
'buyer_id', v_trade.buyer_id,
'amount', v_trade.crypto_amount
)
);
RETURN json_build_object(
'success', true,
'resolution', p_resolution,
'trade_id', p_trade_id
);
END;
$$ LANGUAGE plpgsql SECURITY DEFINER;
-- Grant to authenticated (function checks admin role internally)
GRANT EXECUTE ON FUNCTION resolve_p2p_dispute TO authenticated;
-- =====================================================
-- 7. ADD 'refunded' TO TRADE STATUS ENUM
-- =====================================================
DO $$
BEGIN
-- Check if constraint exists and update it
ALTER TABLE p2p_fiat_trades
DROP CONSTRAINT IF EXISTS p2p_fiat_trades_status_check;
ALTER TABLE p2p_fiat_trades
ADD CONSTRAINT p2p_fiat_trades_status_check
CHECK (status IN ('pending', 'payment_sent', 'completed', 'cancelled', 'disputed', 'refunded'));
EXCEPTION
WHEN others THEN
-- Constraint might not exist, ignore
NULL;
END $$;
-- =====================================================
-- 8. CREATE P2P_AUDIT_LOG TABLE IF NOT EXISTS
-- =====================================================
CREATE TABLE IF NOT EXISTS p2p_audit_log (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id UUID REFERENCES auth.users(id),
action TEXT NOT NULL,
entity_type TEXT NOT NULL,
entity_id UUID,
details JSONB DEFAULT '{}',
ip_address INET,
user_agent TEXT,
created_at TIMESTAMPTZ DEFAULT NOW()
);
CREATE INDEX IF NOT EXISTS idx_p2p_audit_log_user ON p2p_audit_log(user_id);
CREATE INDEX IF NOT EXISTS idx_p2p_audit_log_action ON p2p_audit_log(action);
CREATE INDEX IF NOT EXISTS idx_p2p_audit_log_entity ON p2p_audit_log(entity_type, entity_id);
CREATE INDEX IF NOT EXISTS idx_p2p_audit_log_created ON p2p_audit_log(created_at DESC);
ALTER TABLE p2p_audit_log ENABLE ROW LEVEL SECURITY;
-- Only admins can view audit log
CREATE POLICY "p2p_audit_log_admin_only" ON p2p_audit_log
FOR ALL USING (
EXISTS (
SELECT 1 FROM profiles
WHERE id = auth.uid()
AND role IN ('admin', 'super_admin')
)
);
-- =====================================================
-- COMMENTS
-- =====================================================
COMMENT ON FUNCTION process_deposit IS
'OKX-LEVEL SECURITY: Process deposit - ONLY callable by service role (backend).
Users cannot credit their own balance. Backend must verify TX on-chain first.';
COMMENT ON FUNCTION submit_deposit_request IS
'User-facing function to submit deposit request. Creates pending request that
backend will verify and process using process_deposit().';
COMMENT ON FUNCTION cancel_expired_trades IS
'OKX-LEVEL SECURITY: NO AUTO-RELEASE. Expired confirmation trades are
escalated to dispute for admin review, not auto-released to buyer.';
COMMENT ON FUNCTION resolve_p2p_dispute IS
'Admin function to resolve P2P disputes. Can release to buyer or refund to seller.';
web/supabase/migrations/017_withdraw_completion.sql
+211
View File
@@ -0,0 +1,211 @@
-- =====================================================
-- Migration 017: Withdraw Completion Function
-- Properly handles successful withdrawal balance updates
-- =====================================================
-- Function to complete a withdrawal (called after blockchain TX success)
CREATE OR REPLACE FUNCTION complete_withdraw(
p_user_id UUID,
p_token TEXT,
p_amount DECIMAL(20, 12),
p_tx_hash TEXT,
p_request_id UUID
) RETURNS JSON AS $$
DECLARE
v_balance RECORD;
v_locked_before DECIMAL(20, 12);
BEGIN
-- Get current balance
SELECT * INTO v_balance
FROM user_internal_balances
WHERE user_id = p_user_id AND token = p_token
FOR UPDATE;
IF v_balance IS NULL THEN
RETURN json_build_object('success', false, 'error', 'Balance record not found');
END IF;
IF v_balance.locked_balance < p_amount THEN
RETURN json_build_object(
'success', false,
'error', 'Insufficient locked balance for withdrawal completion'
);
END IF;
v_locked_before := v_balance.locked_balance;
-- Deduct from locked balance (already deducted from available when request was made)
UPDATE user_internal_balances
SET
locked_balance = locked_balance - p_amount,
total_withdrawn = total_withdrawn + p_amount,
last_withdraw_at = NOW(),
updated_at = NOW()
WHERE user_id = p_user_id AND token = p_token;
-- Log the transaction
INSERT INTO p2p_balance_transactions (
user_id, token, transaction_type, amount,
balance_before, balance_after, reference_type, reference_id,
description
) VALUES (
p_user_id, p_token, 'withdraw', -p_amount,
v_locked_before, v_locked_before - p_amount, 'withdraw_request', p_request_id,
'Withdrawal completed. TX: ' || p_tx_hash
);
RETURN json_build_object(
'success', true,
'withdrawn_amount', p_amount,
'remaining_locked', v_locked_before - p_amount,
'tx_hash', p_tx_hash
);
END;
$$ LANGUAGE plpgsql SECURITY DEFINER;
-- Grant execute to service role only (called from Edge Function)
REVOKE EXECUTE ON FUNCTION complete_withdraw FROM PUBLIC;
REVOKE EXECUTE ON FUNCTION complete_withdraw FROM authenticated;
REVOKE EXECUTE ON FUNCTION complete_withdraw FROM anon;
-- Create index for faster withdrawal request lookups
CREATE INDEX IF NOT EXISTS idx_withdraw_requests_pending
ON p2p_deposit_withdraw_requests(user_id, status)
WHERE request_type = 'withdraw' AND status = 'pending';
-- Add fee tracking columns if not exists
ALTER TABLE p2p_deposit_withdraw_requests
ADD COLUMN IF NOT EXISTS fee_amount DECIMAL(20, 12) DEFAULT 0;
ALTER TABLE p2p_deposit_withdraw_requests
ADD COLUMN IF NOT EXISTS net_amount DECIMAL(20, 12);
-- Trigger to calculate net amount
CREATE OR REPLACE FUNCTION calculate_withdraw_net_amount()
RETURNS TRIGGER AS $$
BEGIN
IF NEW.request_type = 'withdraw' THEN
-- Default fees: HEZ = 0.1, PEZ = 1
IF NEW.fee_amount IS NULL OR NEW.fee_amount = 0 THEN
NEW.fee_amount := CASE NEW.token
WHEN 'HEZ' THEN 0.1
WHEN 'PEZ' THEN 1
ELSE 0
END;
END IF;
NEW.net_amount := NEW.amount - NEW.fee_amount;
END IF;
RETURN NEW;
END;
$$ LANGUAGE plpgsql;
DROP TRIGGER IF EXISTS trigger_calculate_withdraw_net ON p2p_deposit_withdraw_requests;
CREATE TRIGGER trigger_calculate_withdraw_net
BEFORE INSERT ON p2p_deposit_withdraw_requests
FOR EACH ROW EXECUTE FUNCTION calculate_withdraw_net_amount();
-- Add daily/monthly withdrawal limits table
CREATE TABLE IF NOT EXISTS p2p_withdrawal_limits (
user_id UUID PRIMARY KEY REFERENCES auth.users(id) ON DELETE CASCADE,
daily_withdrawn DECIMAL(20, 12) DEFAULT 0,
monthly_withdrawn DECIMAL(20, 12) DEFAULT 0,
daily_limit DECIMAL(20, 12) DEFAULT 1000, -- Default 1000 HEZ/day
monthly_limit DECIMAL(20, 12) DEFAULT 10000, -- Default 10000 HEZ/month
last_daily_reset TIMESTAMPTZ DEFAULT NOW(),
last_monthly_reset TIMESTAMPTZ DEFAULT NOW(),
created_at TIMESTAMPTZ DEFAULT NOW(),
updated_at TIMESTAMPTZ DEFAULT NOW()
);
-- Function to check withdrawal limits
CREATE OR REPLACE FUNCTION check_withdrawal_limit(
p_user_id UUID,
p_amount DECIMAL(20, 12)
) RETURNS JSON AS $$
DECLARE
v_limits RECORD;
v_daily_remaining DECIMAL;
v_monthly_remaining DECIMAL;
BEGIN
-- Get or create limits record
INSERT INTO p2p_withdrawal_limits (user_id)
VALUES (p_user_id)
ON CONFLICT (user_id) DO NOTHING;
SELECT * INTO v_limits
FROM p2p_withdrawal_limits
WHERE user_id = p_user_id
FOR UPDATE;
-- Reset daily counter if needed
IF v_limits.last_daily_reset < CURRENT_DATE THEN
UPDATE p2p_withdrawal_limits
SET daily_withdrawn = 0, last_daily_reset = NOW()
WHERE user_id = p_user_id;
v_limits.daily_withdrawn := 0;
END IF;
-- Reset monthly counter if needed
IF v_limits.last_monthly_reset < DATE_TRUNC('month', CURRENT_DATE) THEN
UPDATE p2p_withdrawal_limits
SET monthly_withdrawn = 0, last_monthly_reset = NOW()
WHERE user_id = p_user_id;
v_limits.monthly_withdrawn := 0;
END IF;
v_daily_remaining := v_limits.daily_limit - v_limits.daily_withdrawn;
v_monthly_remaining := v_limits.monthly_limit - v_limits.monthly_withdrawn;
IF p_amount > v_daily_remaining THEN
RETURN json_build_object(
'allowed', false,
'error', format('Daily limit exceeded. Remaining: %s', v_daily_remaining),
'daily_remaining', v_daily_remaining,
'monthly_remaining', v_monthly_remaining
);
END IF;
IF p_amount > v_monthly_remaining THEN
RETURN json_build_object(
'allowed', false,
'error', format('Monthly limit exceeded. Remaining: %s', v_monthly_remaining),
'daily_remaining', v_daily_remaining,
'monthly_remaining', v_monthly_remaining
);
END IF;
RETURN json_build_object(
'allowed', true,
'daily_remaining', v_daily_remaining,
'monthly_remaining', v_monthly_remaining
);
END;
$$ LANGUAGE plpgsql SECURITY DEFINER;
-- Function to record withdrawal in limits
CREATE OR REPLACE FUNCTION record_withdrawal_limit(
p_user_id UUID,
p_amount DECIMAL(20, 12)
) RETURNS void AS $$
BEGIN
UPDATE p2p_withdrawal_limits
SET
daily_withdrawn = daily_withdrawn + p_amount,
monthly_withdrawn = monthly_withdrawn + p_amount,
updated_at = NOW()
WHERE user_id = p_user_id;
END;
$$ LANGUAGE plpgsql SECURITY DEFINER;
GRANT EXECUTE ON FUNCTION check_withdrawal_limit TO authenticated;
GRANT EXECUTE ON FUNCTION record_withdrawal_limit TO authenticated;
-- RLS for withdrawal limits
ALTER TABLE p2p_withdrawal_limits ENABLE ROW LEVEL SECURITY;
CREATE POLICY "Users can view own withdrawal limits"
ON p2p_withdrawal_limits FOR SELECT
USING (user_id = auth.uid());
COMMENT ON FUNCTION complete_withdraw IS 'Completes a withdrawal after blockchain TX success. Service role only.';
COMMENT ON FUNCTION check_withdrawal_limit IS 'Check if user can withdraw the specified amount based on daily/monthly limits.';
web/supabase/migrations/018_hot_wallet_config.sql
+50
View File
@@ -0,0 +1,50 @@
-- =====================================================
-- Migration 018: Hot Wallet Configuration
-- Production hot wallet address setup
-- =====================================================
-- Update platform escrow balance with production hot wallet
UPDATE platform_escrow_balance
SET hot_wallet_address = '5HN6sFM7TbPQazmfhJP1kU8itw7Tb2A9UML8TwSYRwiN9q5Z'
WHERE token IN ('HEZ', 'PEZ');
-- Create hot wallet config table for additional metadata
CREATE TABLE IF NOT EXISTS platform_wallet_config (
id SERIAL PRIMARY KEY,
wallet_type TEXT NOT NULL CHECK (wallet_type IN ('hot', 'cold', 'fee_collector')),
wallet_address TEXT NOT NULL,
public_key TEXT,
description TEXT,
is_active BOOLEAN DEFAULT true,
created_at TIMESTAMPTZ DEFAULT NOW(),
updated_at TIMESTAMPTZ DEFAULT NOW(),
UNIQUE(wallet_type, wallet_address)
);
-- Insert hot wallet config
INSERT INTO platform_wallet_config (wallet_type, wallet_address, public_key, description)
VALUES (
'hot',
'5HN6sFM7TbPQazmfhJP1kU8itw7Tb2A9UML8TwSYRwiN9q5Z',
'0xea71cc341e6790988692d8adcd08a26c75d8c813e45e0a25b24b707dc7846677',
'P2P Platform Hot Wallet - Deposit/Withdraw operations'
)
ON CONFLICT (wallet_type, wallet_address) DO UPDATE SET
public_key = EXCLUDED.public_key,
description = EXCLUDED.description,
updated_at = NOW();
-- RLS: Only admins can view wallet config
ALTER TABLE platform_wallet_config ENABLE ROW LEVEL SECURITY;
CREATE POLICY "Admin only wallet config"
ON platform_wallet_config FOR ALL
USING (
EXISTS (
SELECT 1 FROM profiles
WHERE id = auth.uid()
AND role IN ('admin', 'super_admin')
)
);
COMMENT ON TABLE platform_wallet_config IS 'Platform wallet addresses configuration. Private keys stored in Supabase Secrets.';
web/supabase/migrations/019_admin_roles_setup.sql
+61
View File
@@ -0,0 +1,61 @@
-- =====================================================
-- Migration 019: Admin Roles Setup
-- Assigns admin roles for P2P dispute resolution
-- =====================================================
-- Super Admin: satoshiqazi@gmail.com
-- Full access to all admin functions including dispute resolution
INSERT INTO public.admin_roles (user_id, role, granted_by)
SELECT
u.id,
'super_admin',
u.id
FROM auth.users u
WHERE u.email = 'satoshiqazi@gmail.com'
ON CONFLICT (user_id) DO UPDATE SET
role = 'super_admin',
updated_at = NOW();
-- Moderator: info@pezkuwichain.io
-- Can view and resolve disputes
INSERT INTO public.admin_roles (user_id, role, granted_by)
SELECT
u.id,
'moderator',
(SELECT id FROM auth.users WHERE email = 'satoshiqazi@gmail.com')
FROM auth.users u
WHERE u.email = 'info@pezkuwichain.io'
ON CONFLICT (user_id) DO UPDATE SET
role = 'moderator',
updated_at = NOW();
-- Verify the setup
DO $$
DECLARE
v_super_admin_count INT;
v_moderator_count INT;
BEGIN
SELECT COUNT(*) INTO v_super_admin_count
FROM admin_roles ar
JOIN auth.users u ON ar.user_id = u.id
WHERE u.email = 'satoshiqazi@gmail.com' AND ar.role = 'super_admin';
SELECT COUNT(*) INTO v_moderator_count
FROM admin_roles ar
JOIN auth.users u ON ar.user_id = u.id
WHERE u.email = 'info@pezkuwichain.io' AND ar.role = 'moderator';
IF v_super_admin_count = 1 THEN
RAISE NOTICE '✓ Super Admin assigned: satoshiqazi@gmail.com';
ELSE
RAISE WARNING '✗ Super Admin NOT found - user may not exist yet';
END IF;
IF v_moderator_count = 1 THEN
RAISE NOTICE '✓ Moderator assigned: info@pezkuwichain.io';
ELSE
RAISE WARNING '✗ Moderator NOT found - user may not exist yet';
END IF;
END $$;
COMMENT ON TABLE admin_roles IS 'Admin role assignments for P2P dispute resolution and platform management';
web/supabase/migrations/COMBINED_p2p_full_system.sql
+1678
View File
File diff suppressed because it is too large Load Diff