From fc7c4c6561d59d8351299507e223c4d57513c7b7 Mon Sep 17 00:00:00 2001
From: glpshchn <464976@niuitmo.ru>
Date: Tue, 11 Nov 2025 01:48:18 +0300
Subject: [PATCH] Update files

---
 backend/middleware/auth.js           | 16 +++++++++++++---
 frontend/index.html                  | 16 +++++++++++++++-
 frontend/src/utils/api.js            |  3 +++
 moderation/frontend/index.html       | 16 +++++++++++++++-
 moderation/frontend/src/utils/api.js |  3 +++
 5 files changed, 49 insertions(+), 5 deletions(-)

diff --git a/backend/middleware/auth.js b/backend/middleware/auth.js
index 76123b5..5fdf166 100644
--- a/backend/middleware/auth.js
+++ b/backend/middleware/auth.js
@@ -50,14 +50,24 @@ const ensureUserSettings = async (user) => {
 const authenticate = async (req, res, next) => {
   try {
     const authHeader = req.headers.authorization || '';
+    let initDataRaw = null;
 
-    if (!authHeader.startsWith('tma ')) {
+    if (authHeader.startsWith('tma ')) {
+      initDataRaw = authHeader.slice(4).trim();
+    }
+
+    if (!initDataRaw) {
+      const headerInitData = req.headers['x-telegram-init-data'];
+      if (headerInitData && typeof headerInitData === 'string') {
+        initDataRaw = headerInitData.trim();
+      }
+    }
+
+    if (!initDataRaw) {
       logSecurityEvent('AUTH_TOKEN_MISSING', req);
       return res.status(401).json({ error: OFFICIAL_CLIENT_MESSAGE });
     }
 
-    const initDataRaw = authHeader.slice(4).trim();
-
     if (!initDataRaw) {
       logSecurityEvent('EMPTY_INITDATA', req);
       return res.status(401).json({ error: OFFICIAL_CLIENT_MESSAGE });
diff --git a/frontend/index.html b/frontend/index.html
index 53ed8b4..88eb600 100644
--- a/frontend/index.html
+++ b/frontend/index.html
@@ -6,7 +6,21 @@
     <meta name="apple-mobile-web-app-capable" content="yes">
     <meta name="mobile-web-app-capable" content="yes">
     <title>NakamaHost</title>
-    <script src="https://telegram.org/js/telegram-web-app.js"></script>
+    <script>
+      (function () {
+        if (window.Telegram && window.Telegram.WebApp) {
+          return;
+        }
+        const script = document.createElement('script');
+        script.src = 'https://telegram.org/js/telegram-web-app.js';
+        script.onload = () => {
+          if (window.Telegram && window.Telegram.WebApp) {
+            window.Telegram.WebApp.ready?.();
+          }
+        };
+        document.head.appendChild(script);
+      })();
+    </script>
     <style>
       /* Предотвращение resize при открытии клавиатуры */
       html, body {
diff --git a/frontend/src/utils/api.js b/frontend/src/utils/api.js
index 54c14b9..0afd2d1 100644
--- a/frontend/src/utils/api.js
+++ b/frontend/src/utils/api.js
@@ -23,6 +23,9 @@ api.interceptors.request.use((config) => {
     if (!config.headers.Authorization) {
       config.headers.Authorization = `tma ${initData}`;
     }
+    if (!config.headers['x-telegram-init-data']) {
+      config.headers['x-telegram-init-data'] = initData;
+    }
   }
   return config;
 });
diff --git a/moderation/frontend/index.html b/moderation/frontend/index.html
index 6f21784..757b1e3 100644
--- a/moderation/frontend/index.html
+++ b/moderation/frontend/index.html
@@ -5,7 +5,21 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
     <meta name="theme-color" content="#000000" />
     <title>Nakama Moderation</title>
-    <script src="https://telegram.org/js/telegram-web-app.js"></script>
+    <script>
+      (function () {
+        if (window.Telegram && window.Telegram.WebApp) {
+          return;
+        }
+        const script = document.createElement('script');
+        script.src = 'https://telegram.org/js/telegram-web-app.js';
+        script.onload = () => {
+          if (window.Telegram && window.Telegram.WebApp) {
+            window.Telegram.WebApp.ready?.();
+          }
+        };
+        document.head.appendChild(script);
+      })();
+    </script>
   </head>
   <body>
     <div id="root"></div>
diff --git a/moderation/frontend/src/utils/api.js b/moderation/frontend/src/utils/api.js
index 68128a0..015ed93 100644
--- a/moderation/frontend/src/utils/api.js
+++ b/moderation/frontend/src/utils/api.js
@@ -16,6 +16,9 @@ api.interceptors.request.use((config) => {
     if (!config.headers.Authorization) {
       config.headers.Authorization = `tma ${initData}`;
     }
+    if (!config.headers['x-telegram-init-data']) {
+      config.headers['x-telegram-init-data'] = initData;
+    }
   }
   return config;
 });