Update files

backend/middleware/auth.js

@@ -50,14 +50,24 @@ const ensureUserSettings = async (user) => {
 const authenticate = async (req, res, next) => {
   try {
     const authHeader = req.headers.authorization || '';
+    let initDataRaw = null;
 
-    if (!authHeader.startsWith('tma ')) {
+    if (authHeader.startsWith('tma ')) {
+      initDataRaw = authHeader.slice(4).trim();
+    }
+
+    if (!initDataRaw) {
+      const headerInitData = req.headers['x-telegram-init-data'];
+      if (headerInitData && typeof headerInitData === 'string') {
+        initDataRaw = headerInitData.trim();
+      }
+    }
+
+    if (!initDataRaw) {
       logSecurityEvent('AUTH_TOKEN_MISSING', req);
       return res.status(401).json({ error: OFFICIAL_CLIENT_MESSAGE });
     }
 
-    const initDataRaw = authHeader.slice(4).trim();
-
     if (!initDataRaw) {
       logSecurityEvent('EMPTY_INITDATA', req);
       return res.status(401).json({ error: OFFICIAL_CLIENT_MESSAGE });

frontend/index.html

@@ -6,7 +6,21 @@
     <meta name="apple-mobile-web-app-capable" content="yes">
     <meta name="mobile-web-app-capable" content="yes">
     <title>NakamaHost</title>
-    <script src="https://telegram.org/js/telegram-web-app.js"></script>
+    <script>
+      (function () {
+        if (window.Telegram && window.Telegram.WebApp) {
+          return;
+        }
+        const script = document.createElement('script');
+        script.src = 'https://telegram.org/js/telegram-web-app.js';
+        script.onload = () => {
+          if (window.Telegram && window.Telegram.WebApp) {
+            window.Telegram.WebApp.ready?.();
+          }
+        };
+        document.head.appendChild(script);
+      })();
+    </script>
     <style>
       /* Предотвращение resize при открытии клавиатуры */
       html, body {

frontend/src/utils/api.js

@@ -23,6 +23,9 @@ api.interceptors.request.use((config) => {
     if (!config.headers.Authorization) {
       config.headers.Authorization = `tma ${initData}`;
     }
+    if (!config.headers['x-telegram-init-data']) {
+      config.headers['x-telegram-init-data'] = initData;
+    }
   }
   return config;
 });

moderation/frontend/index.html

@@ -5,7 +5,21 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
     <meta name="theme-color" content="#000000" />
     <title>Nakama Moderation</title>
-    <script src="https://telegram.org/js/telegram-web-app.js"></script>
+    <script>
+      (function () {
+        if (window.Telegram && window.Telegram.WebApp) {
+          return;
+        }
+        const script = document.createElement('script');
+        script.src = 'https://telegram.org/js/telegram-web-app.js';
+        script.onload = () => {
+          if (window.Telegram && window.Telegram.WebApp) {
+            window.Telegram.WebApp.ready?.();
+          }
+        };
+        document.head.appendChild(script);
+      })();
+    </script>
   </head>
   <body>
     <div id="root"></div>

moderation/frontend/src/utils/api.js

@@ -16,6 +16,9 @@ api.interceptors.request.use((config) => {
     if (!config.headers.Authorization) {
       config.headers.Authorization = `tma ${initData}`;
     }
+    if (!config.headers['x-telegram-init-data']) {
+      config.headers['x-telegram-init-data'] = initData;
+    }
   }
   return config;
 });