Update configuration and access control for Telegram miniapp

- Added ALLOWED_USERNAMES and ADMIN_USERNAMES to .env.example for user access control.
- Implemented validation of Telegram Web App initData in a new telegram_auth.py module.
- Enhanced API to check user access before fetching duties.
- Updated README with instructions for configuring miniapp access.
- Modified .dockerignore and .gitignore to include data directory and database files.

README.md

@@ -33,6 +33,9 @@ A minimal Telegram bot boilerplate using [python-telegram-bot](https://github.co
    ```
    Edit `.env` and set `BOT_TOKEN` to the token from BotFather.
 
+5. **Miniapp access (calendar)**  
+   To allow access to the calendar miniapp, set `ALLOWED_USERNAMES` to a comma-separated list of Telegram usernames (without `@`). Users in `ADMIN_USERNAMES` also have access; the admin role is reserved for future bot commands and API features. If both are empty, no one can open the calendar.
+
 ## Run
 
 ```bash
@@ -60,7 +63,7 @@ Ensure `.env` exists (e.g. `cp .env.example .env`) and contains `BOT_TOKEN`.
 ## Project layout
 
 - `main.py` – Builds the `Application`, registers handlers, runs polling.
-- `config.py` – Loads `BOT_TOKEN` from env; exits if missing.
+- `config.py` – Loads `BOT_TOKEN`, `ALLOWED_USERNAMES`, `ADMIN_USERNAMES` from env; exits if `BOT_TOKEN` is missing.
 - `handlers/` – Command and error handlers; add new handlers here.
 - `requirements.txt` – Pinned dependencies (PTB with job-queue, python-dotenv).