- Disabled the default menu button in the Telegram bot, allowing users to access the app via a direct link.
- Updated the initData validation process to ensure URL-decoded values are used in the data-check string.
- Enhanced error handling in the web application to provide more informative access denial messages.
- Removed unnecessary debug information from the access denied section in the web app.
- Cleaned up the web application code by removing unused functions and improving CSS styles for hidden elements.
- Introduced a new function to set the default menu button for the Telegram bot's Web App.
- Updated the initData validation process to provide detailed error messages for authorization failures.
- Refactored the validate_init_data function to return both username and reason for validation failure.
- Enhanced the web application to handle access denial more gracefully, providing users with hints on how to access the calendar.
- Improved the README with additional instructions for configuring the bot's menu button and Web App URL.
- Updated tests to reflect changes in the validation process and error handling.
- Improved formatting and readability in config.py and other files by adding line breaks.
- Introduced INIT_DATA_MAX_AGE_SECONDS to enforce replay protection for Telegram initData.
- Updated validate_init_data function to include max_age_seconds parameter for validation.
- Enhanced API to reject old initData based on the new max_age_seconds setting.
- Added tests for auth_date expiry and validation of initData in test_telegram_auth.py.
- Updated README with details on the new INIT_DATA_MAX_AGE_SECONDS configuration.
- Added ALLOWED_USERNAMES and ADMIN_USERNAMES to .env.example for user access control.
- Implemented validation of Telegram Web App initData in a new telegram_auth.py module.
- Enhanced API to check user access before fetching duties.
- Updated README with instructions for configuring miniapp access.
- Modified .dockerignore and .gitignore to include data directory and database files.
