@www.hyperlinks.space/program-kit 1.2.91881 → 7.8.3

package/ai/transmitter.ts

@@ -0,0 +1,367 @@
+import type { AiMode, AiRequestBase, AiResponseBase, ThreadContext } from "./openai.js";
+import { callOpenAiChat, callOpenAiChatStream } from "./openai.js";
+import {
+  getTokenBySymbol,
+  normalizeSymbol,
+  type TokenSearchResult,
+} from "../blockchain/coffee.js";
+import {
+  insertMessage,
+  getThreadHistory,
+  type Message,
+} from "../database/messages.js";
+
+export type AiRequest = AiRequestBase & {
+  mode?: AiMode;
+};
+
+export type AiResponse = AiResponseBase;
+
+const HISTORY_LIMIT = 50;
+
+function formatHistoryForInput(history: Message[]): string {
+  if (history.length === 0) return "";
+  const lines = history.map((m) => {
+    const role = m.role === "user" ? "user" : m.role === "assistant" ? "assistant" : "system";
+    const content = (m.content ?? "").trim();
+    return `${role}: ${content}`;
+  });
+  return "Previous conversation:\n" + lines.join("\n") + "\n\n";
+}
+
+/** Claim by insert; return skipped response if another instance won. */
+async function claimUserMessage(
+  thread: ThreadContext,
+  content: string,
+): Promise<AiResponse | null> {
+  const inserted = await insertMessage({
+    user_telegram: thread.user_telegram,
+    thread_id: thread.thread_id,
+    type: thread.type,
+    role: "user",
+    content,
+    telegram_update_id: thread.telegram_update_id ?? undefined,
+  });
+  if (inserted === null) {
+    return {
+      ok: false,
+      provider: "openai",
+      mode: "chat",
+      skipped: true,
+    };
+  }
+  return null;
+}
+
+async function persistAssistantMessage(
+  thread: ThreadContext,
+  content: string,
+): Promise<void> {
+  await insertMessage({
+    user_telegram: thread.user_telegram,
+    thread_id: thread.thread_id,
+    type: thread.type,
+    role: "assistant",
+    content,
+  });
+}
+
+function extractSymbolCandidate(input: string): string | null {
+  const raw = input.trim();
+  if (!raw) return null;
+
+  // Simple patterns like "USDT", "$USDT", "USDT on TON".
+  const parts = raw.split(/\s+/);
+  const first = parts[0]?.replace(/^\$/g, "") ?? "";
+  const normalized = normalizeSymbol(first);
+  return normalized || null;
+}
+
+function buildTokenFactsBlock(symbol: string, token: any): string {
+  const lines: string[] = [];
+
+  const sym = token?.symbol ?? symbol;
+  const name = token?.name ?? null;
+  const address = token?.id ?? token?.address ?? null;
+  const type = token?.type ?? "token";
+  const decimals = token?.decimals ?? token?.metadata?.decimals ?? null;
+  const verification =
+    token?.verification ?? token?.metadata?.verification ?? null;
+
+  const market = token?.market_stats ?? {};
+  const holders =
+    market?.holders_count ?? token?.holders ?? market?.holders ?? null;
+  const priceUsd = market?.price_usd ?? null;
+  const mcap = market?.mcap ?? market?.fdmc ?? null;
+  const volume24h = market?.volume_usd_24h ?? null;
+
+  lines.push(`Symbol: ${sym}`);
+  if (name) {
+    lines.push(`Name: ${name}`);
+  }
+  lines.push(`Type: ${type}`);
+  lines.push(`Blockchain: TON`);
+  if (address) {
+    lines.push(`Address: ${address}`);
+  }
+  if (decimals != null) {
+    lines.push(`Decimals: ${decimals}`);
+  }
+  if (verification) {
+    lines.push(`Verification: ${verification}`);
+  }
+  if (holders != null) {
+    lines.push(`Holders: ${holders}`);
+  }
+  if (priceUsd != null) {
+    lines.push(`Price (USD): ${priceUsd}`);
+  }
+  if (mcap != null) {
+    lines.push(`Market cap (USD): ${mcap}`);
+  }
+  if (volume24h != null) {
+    lines.push(`24h volume (USD): ${volume24h}`);
+  }
+
+  return lines.join("\n");
+}
+
+async function handleTokenInfo(
+  request: AiRequest,
+): Promise<AiResponse> {
+  const trimmed = request.input?.trim() ?? "";
+  const symbolCandidate = extractSymbolCandidate(trimmed);
+
+  if (!symbolCandidate) {
+    return {
+      ok: false,
+      provider: "openai",
+      mode: "token_info",
+      error: "Could not detect a token symbol. Try sending something like USDT.",
+    };
+  }
+
+  const tokenResult: TokenSearchResult = await getTokenBySymbol(
+    symbolCandidate,
+  );
+
+  if (!tokenResult.ok) {
+    return {
+      ok: false,
+      provider: "openai",
+      mode: "token_info",
+      error:
+        tokenResult.error === "not_found"
+          ? `Token ${symbolCandidate} was not found on TON.`
+          : "Token service is temporarily unavailable.",
+      meta: {
+        symbol: symbolCandidate,
+        reason: tokenResult.reason,
+        status_code: tokenResult.status_code,
+      },
+    };
+  }
+
+  const token = tokenResult.data;
+  const facts = buildTokenFactsBlock(symbolCandidate, token);
+
+  const promptParts = [
+    "You are a concise TON token analyst.",
+    "",
+    "Facts about the token:",
+    facts,
+    "",
+    "User question or context:",
+    trimmed,
+  ];
+
+  const composedInput = promptParts.join("\n");
+
+  const result = await callOpenAiChat("token_info", {
+    input: composedInput,
+    userId: request.userId,
+    context: {
+      ...request.context,
+      symbol: symbolCandidate,
+      token,
+      source: "swap.coffee",
+    },
+    instructions: request.instructions,
+  });
+
+  return {
+    ...result,
+    mode: "token_info",
+    meta: {
+      ...(result.meta ?? {}),
+      symbol: symbolCandidate,
+      token,
+    },
+  };
+}
+
+export async function transmit(request: AiRequest): Promise<AiResponse> {
+  const mode: AiMode = request.mode ?? "chat";
+  const thread = request.threadContext;
+
+  if (thread && !thread.skipClaim) {
+    const skipped = await claimUserMessage(thread, request.input);
+    if (skipped) return skipped;
+  }
+
+  if (mode === "token_info") {
+    const result = await handleTokenInfo(request);
+    if (result.ok && result.output_text && thread) {
+      await persistAssistantMessage(thread, result.output_text);
+    }
+    return result;
+  }
+
+  let input = request.input;
+  if (thread) {
+    const history = await getThreadHistory({
+      user_telegram: thread.user_telegram,
+      thread_id: thread.thread_id,
+      type: thread.type,
+      limit: HISTORY_LIMIT,
+    });
+    input = formatHistoryForInput(history) + "Current message:\nuser: " + request.input;
+  }
+
+  const result = await callOpenAiChat(mode, {
+    input,
+    userId: request.userId,
+    context: request.context,
+    instructions: request.instructions,
+  });
+
+  if (result.ok && result.output_text && thread) {
+    await persistAssistantMessage(thread, result.output_text);
+  }
+  return result;
+}
+
+/** Stream AI response; onDelta(accumulatedText) is called for each chunk. Only the final OpenAI call is streamed. */
+export async function transmitStream(
+  request: AiRequest,
+  onDelta: (text: string) => void | Promise<void>,
+  opts?: { isCancelled?: () => boolean; getAbortSignal?: () => Promise<boolean> },
+): Promise<AiResponse> {
+  const mode: AiMode = request.mode ?? "chat";
+  const thread = request.threadContext;
+
+  if (thread && !thread.skipClaim) {
+    const skipped = await claimUserMessage(thread, request.input);
+    if (skipped) return skipped;
+  }
+
+  if (mode === "token_info") {
+    const tokenResult = await (async () => {
+      const trimmed = request.input?.trim() ?? "";
+      const symbolCandidate = extractSymbolCandidate(trimmed);
+      if (!symbolCandidate) {
+        return null;
+      }
+      return getTokenBySymbol(symbolCandidate);
+    })();
+
+    if (!tokenResult) {
+      return {
+        ok: false,
+        provider: "openai",
+        mode: "token_info",
+        error: "Could not detect a token symbol. Try sending something like USDT.",
+      };
+    }
+    if (!tokenResult.ok) {
+      const symbolCandidate = extractSymbolCandidate(request.input?.trim() ?? "");
+      return {
+        ok: false,
+        provider: "openai",
+        mode: "token_info",
+        error:
+          tokenResult.error === "not_found"
+            ? `Token ${symbolCandidate ?? ""} was not found on TON.`
+            : "Token service is temporarily unavailable.",
+        meta: {
+          symbol: tokenResult.symbol,
+          reason: tokenResult.reason,
+          status_code: tokenResult.status_code,
+        },
+      };
+    }
+
+    const token = tokenResult.data;
+    const symbolCandidate = extractSymbolCandidate(request.input?.trim() ?? "")!;
+    const facts = buildTokenFactsBlock(symbolCandidate, token);
+    const trimmed = request.input?.trim() ?? "";
+    const promptParts = [
+      "You are a concise TON token analyst.",
+      "",
+      "Facts about the token:",
+      facts,
+      "",
+      "User question or context:",
+      trimmed,
+    ];
+    const composedInput = promptParts.join("\n");
+
+    const result = await callOpenAiChatStream(
+      "token_info",
+      {
+        input: composedInput,
+        userId: request.userId,
+        context: {
+          ...request.context,
+          symbol: symbolCandidate,
+          token,
+          source: "swap.coffee",
+        },
+        instructions: request.instructions,
+      },
+      onDelta,
+      opts,
+    );
+
+    if (result.ok && result.output_text && thread) {
+      await persistAssistantMessage(thread, result.output_text);
+    }
+    return {
+      ...result,
+      mode: "token_info",
+      meta: {
+        ...(result.meta ?? {}),
+        symbol: symbolCandidate,
+        token,
+      },
+    };
+  }
+
+  let input = request.input;
+  if (thread) {
+    const history = await getThreadHistory({
+      user_telegram: thread.user_telegram,
+      thread_id: thread.thread_id,
+      type: thread.type,
+      limit: HISTORY_LIMIT,
+    });
+    input = formatHistoryForInput(history) + "Current message:\nuser: " + request.input;
+  }
+
+  const result = await callOpenAiChatStream(
+    mode,
+    {
+      input,
+      userId: request.userId,
+      context: request.context,
+      instructions: request.instructions,
+    },
+    onDelta,
+    opts,
+  );
+
+  if (result.ok && result.output_text && thread) {
+    await persistAssistantMessage(thread, result.output_text);
+  }
+  return result;
+}

package/api/{base.ts → _base.ts}

@@ -5,7 +5,7 @@
  * - EXPO_PUBLIC_API_BASE_URL (explicit override for any environment)
  * - React Native / Expo Go dev: derive from dev server host (port 3000)
  * - Browser:
- *   - In dev: map localhost/LAN + dev port (8081/19000/19006) → port 3000
+ *   - In dev: map localhost/LAN + dev port (8081/19000/19006) -> port 3000
  *   - In prod: window.location.origin (e.g. https://hsbexpo.vercel.app)
  * - Node (no window): Vercel host if available, otherwise http://localhost:3000
  */

package/api/wallet/_auth.ts

@@ -0,0 +1,143 @@
+import crypto from 'crypto';
+import { normalizeUsername } from '../../database/users.js';
+
+type TelegramUserPayload = {
+  username?: string;
+  language_code?: string;
+  [key: string]: unknown;
+};
+
+type VerifiedInitData = {
+  user?: TelegramUserPayload;
+  [key: string]: unknown;
+};
+
+const TELEGRAM_WEBAPP_PUBLIC_KEY_RAW = Buffer.from(
+  'e7bf03a2fa4602af4580703d88dda5bb59f32ed8b02a56c187fe7d34caed242d',
+  'hex',
+);
+const ED25519_SPKI_HEADER = Buffer.from('302a300506032b6570032100', 'hex');
+const TELEGRAM_WEBAPP_PUBLIC_KEY = crypto.createPublicKey({
+  key: Buffer.concat([
+    ED25519_SPKI_HEADER,
+    Buffer.from([0]),
+    TELEGRAM_WEBAPP_PUBLIC_KEY_RAW,
+  ]),
+  format: 'der',
+  type: 'spki',
+});
+
+function verifyTelegramWebAppInitData(
+  initData: string,
+  botToken: string,
+  maxAgeSeconds: number = 24 * 3600,
+): VerifiedInitData | null {
+  if (!initData || !botToken) return null;
+  try {
+    const params = new URLSearchParams(initData);
+    const data: Record<string, string> = {};
+    for (const [key, value] of params.entries()) data[key] = value;
+
+    const authDateStr = data.auth_date;
+    if (authDateStr) {
+      const authDate = Number(authDateStr);
+      if (!Number.isFinite(authDate)) return null;
+      const now = Math.floor(Date.now() / 1000);
+      if (authDate > now + 60) return null;
+      if (maxAgeSeconds != null && now - authDate > maxAgeSeconds) return null;
+    }
+
+    const receivedHash = data.hash;
+    const receivedSignature = data.signature;
+
+    if (receivedHash) {
+      const dataForHash = { ...data };
+      delete dataForHash.hash;
+      const sorted = Object.keys(dataForHash)
+        .sort()
+        .map((k) => `${k}=${dataForHash[k]}`)
+        .join('\n');
+      const dataCheckString = Buffer.from(sorted, 'utf8');
+      const secretKey = crypto
+        .createHmac('sha256', 'WebAppData')
+        .update(botToken)
+        .digest();
+      const computedHash = crypto
+        .createHmac('sha256', secretKey)
+        .update(dataCheckString)
+        .digest('hex');
+      const valid =
+        receivedHash.length === computedHash.length &&
+        crypto.timingSafeEqual(
+          Buffer.from(receivedHash, 'hex'),
+          Buffer.from(computedHash, 'hex'),
+        );
+      if (!valid) return null;
+    } else if (receivedSignature) {
+      const botId = botToken.split(':')[0];
+      if (!botId) return null;
+      const dataForSig = { ...data };
+      delete dataForSig.hash;
+      delete dataForSig.signature;
+      const sorted = Object.keys(dataForSig)
+        .sort()
+        .map((k) => `${k}=${dataForSig[k]}`)
+        .join('\n');
+      const dataCheckString = `${botId}:WebAppData\n${sorted}`;
+      const base64 = receivedSignature.replace(/-/g, '+').replace(/_/g, '/');
+      const pad = (4 - (base64.length % 4)) % 4;
+      const sigBuffer = Buffer.from(base64 + '='.repeat(pad), 'base64');
+      const ok = crypto.verify(
+        null,
+        Buffer.from(dataCheckString, 'utf8'),
+        TELEGRAM_WEBAPP_PUBLIC_KEY,
+        sigBuffer,
+      );
+      if (!ok) return null;
+    } else {
+      return null;
+    }
+
+    const result: VerifiedInitData = { ...data };
+    delete result.hash;
+    delete result.signature;
+    if (data.user) {
+      try {
+        result.user = JSON.parse(data.user) as TelegramUserPayload;
+      } catch {
+        return null;
+      }
+    }
+    return result;
+  } catch {
+    return null;
+  }
+}
+
+export type AuthResult = {
+  telegramUsername: string;
+  locale: string | null;
+};
+
+export function authByInitData(initData: string): AuthResult {
+  const botToken = (process.env.BOT_TOKEN || '').trim();
+  if (!botToken) {
+    throw new Error('bot_token_not_configured');
+  }
+  const verified = verifyTelegramWebAppInitData(initData, botToken);
+  if (!verified) {
+    throw new Error('invalid_initdata');
+  }
+  const user =
+    verified.user && typeof verified.user === 'object'
+      ? (verified.user as TelegramUserPayload)
+      : {};
+  const telegramUsername = normalizeUsername(user.username);
+  if (!telegramUsername) {
+    throw new Error('username_required');
+  }
+  const locale =
+    typeof user.language_code === 'string' ? user.language_code : null;
+  return { telegramUsername, locale };
+}
+

package/api/wallet/register.ts

@@ -0,0 +1,151 @@
+import { registerWallet } from '../../database/wallets.js';
+import { upsertUserFromTma } from '../../database/users.js';
+import { authByInitData } from './_auth.js';
+
+const JSON_HEADERS = { 'Content-Type': 'application/json' };
+
+function jsonResponse(body: object, status: number): Response {
+  return new Response(JSON.stringify(body), { status, headers: JSON_HEADERS });
+}
+
+type RegisterRequestBody = {
+  initData?: unknown;
+  wallet_address?: unknown;
+  wallet_blockchain?: unknown;
+  wallet_net?: unknown;
+  type?: unknown;
+  label?: unknown;
+  source?: unknown;
+  [key: string]: unknown;
+};
+
+async function getBody(
+  request:
+    | Request
+    | {
+        json?: () => Promise<unknown>;
+        body?: unknown;
+      },
+): Promise<unknown> {
+  if (typeof (request as { json?: () => Promise<unknown> }).json === 'function') {
+    return (request as Request).json();
+  }
+  return (request as { body?: unknown }).body ?? null;
+}
+
+function hasSensitiveFields(body: RegisterRequestBody): boolean {
+  const forbidden = [
+    'mnemonic',
+    'seed',
+    'private_key',
+    'secret',
+    'secret_key',
+    'wallet_master_key',
+    'wallet_seed_cipher',
+  ];
+  return forbidden.some((key) => key in body);
+}
+
+function toTrimmedString(value: unknown): string {
+  return typeof value === 'string' ? value.trim() : '';
+}
+
+async function handler(request: Request): Promise<Response> {
+  const method = (request as { method?: string }).method ?? request.method;
+  if (method === 'GET') {
+    return jsonResponse(
+      {
+        ok: true,
+        endpoint: 'wallet/register',
+        use: 'POST with initData + public wallet fields',
+      },
+      200,
+    );
+  }
+  if (method !== 'POST') {
+    return new Response('Method Not Allowed', { status: 405 });
+  }
+
+  const rawBody = (await getBody(request)) as RegisterRequestBody | null;
+  if (!rawBody || typeof rawBody !== 'object') {
+    return jsonResponse({ ok: false, error: 'bad_json' }, 400);
+  }
+  if (hasSensitiveFields(rawBody)) {
+    return jsonResponse(
+      { ok: false, error: 'sensitive_fields_not_allowed' },
+      400,
+    );
+  }
+
+  const initData = toTrimmedString(rawBody.initData);
+  if (!initData) return jsonResponse({ ok: false, error: 'missing_initData' }, 400);
+
+  try {
+    const auth = authByInitData(initData);
+    await upsertUserFromTma({
+      telegramUsername: auth.telegramUsername,
+      locale: auth.locale,
+    });
+
+    const wallet_address = toTrimmedString(rawBody.wallet_address);
+    const wallet_blockchain = toTrimmedString(rawBody.wallet_blockchain);
+    const wallet_net = toTrimmedString(rawBody.wallet_net);
+    const type = toTrimmedString(rawBody.type);
+    const label = toTrimmedString(rawBody.label);
+    const source = toTrimmedString(rawBody.source);
+
+    if (!wallet_address || !wallet_blockchain || !wallet_net || !type) {
+      return jsonResponse(
+        {
+          ok: false,
+          error:
+            'required_fields_missing (wallet_address, wallet_blockchain, wallet_net, type)',
+        },
+        400,
+      );
+    }
+
+    const wallet = await registerWallet({
+      telegramUsername: auth.telegramUsername,
+      walletAddress: wallet_address,
+      walletBlockchain: wallet_blockchain,
+      walletNet: wallet_net,
+      type,
+      label: label || null,
+      source: source || null,
+      isDefault: true,
+    });
+
+    if (!wallet) {
+      return jsonResponse({ ok: false, error: 'wallet_register_failed' }, 500);
+    }
+
+    return jsonResponse(
+      {
+        ok: true,
+        telegram_username: auth.telegramUsername,
+        has_wallet: true,
+        wallet: {
+          id: wallet.id,
+          wallet_address: wallet.wallet_address,
+          wallet_blockchain: wallet.wallet_blockchain,
+          wallet_net: wallet.wallet_net,
+          type: wallet.type,
+          label: wallet.label,
+          is_default: wallet.is_default,
+          source: wallet.source,
+        },
+      },
+      200,
+    );
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : 'internal_error';
+    const status = msg === 'bot_token_not_configured' ? 500 : msg === 'invalid_initdata' ? 401 : 400;
+    return jsonResponse({ ok: false, error: msg }, status);
+  }
+}
+
+export default handler;
+export const GET = handler;
+export const POST = handler;
+