From 0902e850fb6649bc2574488fa4deade6da2374c1 Mon Sep 17 00:00:00 2001
From: Leeksov <78694696+Leeksov@users.noreply.github.com>
Date: Mon, 6 Apr 2026 09:53:57 +0300
Subject: [PATCH] Add private configuration (keys, codesigning, build config)

This branch contains production secrets. DO NOT make public.
---
 Swiftgram/SGConfig/Sources/File.swift         | 26 +++++++++----------
 .../glegram-appstore-configuration.json       | 16 +-----------
 build-system/ipa-build-configuration.json     | 10 +++----
 build-system/real-codesigning/certs/README.md |  1 -
 .../real-codesigning/profiles/README.md       |  1 -
 5 files changed, 19 insertions(+), 35 deletions(-)
 delete mode 100644 build-system/real-codesigning/certs/README.md
 delete mode 100644 build-system/real-codesigning/profiles/README.md

diff --git a/Swiftgram/SGConfig/Sources/File.swift b/Swiftgram/SGConfig/Sources/File.swift
index a6c26049..dec85f04 100644
--- a/Swiftgram/SGConfig/Sources/File.swift
+++ b/Swiftgram/SGConfig/Sources/File.swift
@@ -10,19 +10,19 @@ public struct SGConfig: Codable {
     public var botUsername: String = "SwiftgramBot"
     public var publicKey: String?
     public var iaps: [String] = []
-    /// Base URL of supporters API. Set via environment or config.
-    public var supportersApiUrl: String? = nil
-    /// AES-256 key for supporters API encryption. Set via environment or config.
-    public var supportersAesKey: String? = nil
-    /// HMAC-SHA256 key for signing. Set via environment or config.
-    public var supportersHmacKey: String? = nil
-    /// SSL pinning hashes. Empty = no pinning.
-    public var supportersPinnedCertHashes: [String] = []
+    /// Base URL of supporters API (e.g. https://your-server.com). If set, app can check supporter status via encrypted API.
+    public var supportersApiUrl: String? = "https://glegram.site/"
+    /// AES-256 key for supporters API encryption (same as SUPPORTERS_AES_KEY on server). Optional; if nil, supporter check is disabled.
+    public var supportersAesKey: String? = "V1wmSaHPBtfwGR7jHozwSkRVQrUVtvUMkb+u5EnmGuY="
+    /// HMAC-SHA256 key for signing (same as SUPPORTERS_HMAC_KEY on server). Optional; if nil, derived from supportersAesKey.
+    public var supportersHmacKey: String? = "QpU3hDanhmp67LDTzL2tjzDuG4qIsCIFn3LMYAyyRyI="
+    /// SSL pinning: base64 SHA256 hashes of server certificate(s). Empty = no pinning. Let's Encrypt: update when cert renews (~90 days).
+    public var supportersPinnedCertHashes: [String] = ["brDmHiqwkhgPrFDmkcD2IsDUdKLZlyGjGkn0SOGNKFI="]
 
-    /// Demo login backend URL. Empty = disabled.
-    public var demoLoginBackendUrl: String? = nil
-    /// Phone number prefix that triggers demo login flow.
-    public var demoLoginPhonePrefix: String? = nil
+    /// Demo login backend URL for App Store review (e.g. "https://your-server.com"). Empty = disabled.
+    public var demoLoginBackendUrl: String? = "https://glegram.site"
+    /// Phone number prefix that triggers demo login flow (e.g. "+10000")
+    public var demoLoginPhonePrefix: String? = "+10000"
 }
 
 private func parseSGConfig(_ jsonString: String) -> SGConfig {
@@ -35,4 +35,4 @@ private func parseSGConfig(_ jsonString: String) -> SGConfig {
 private let baseAppBundleId = Bundle.main.bundleIdentifier!
 private let buildConfig = BuildConfig(baseAppBundleId: baseAppBundleId)
 public let SG_CONFIG: SGConfig = parseSGConfig(buildConfig.sgConfig)
-public let SG_API_WEBAPP_URL_PARSED = URL(string: SG_CONFIG.webappUrl)!
+public let SG_API_WEBAPP_URL_PARSED = URL(string: SG_CONFIG.webappUrl)!
\ No newline at end of file
diff --git a/build-system/glegram-appstore-configuration.json b/build-system/glegram-appstore-configuration.json
index 12920941..1b67617a 100644
--- a/build-system/glegram-appstore-configuration.json
+++ b/build-system/glegram-appstore-configuration.json
@@ -1,15 +1 @@
-{
-	"bundle_id": "com.example.GLEGram",
-	"api_id": "YOUR_API_ID",
-	"api_hash": "YOUR_API_HASH",
-	"team_id": "YOUR_TEAM_ID",
-	"app_center_id": "0",
-	"is_internal_build": "false",
-	"is_appstore_build": "true",
-	"appstore_id": "0",
-	"app_specific_url_scheme": "tg",
-	"premium_iap_product_id": "",
-	"enable_siri": false,
-	"enable_icloud": false,
-	"sg_config": ""
-}
+{"bundle_id":"com.GLEProject.GLEGram","api_id":"31339208","api_hash":"b7917b274453f075e114f2fef86230d2","team_id":"F8A8NWPL78","app_center_id":"0","is_internal_build":"false","is_appstore_build":"true","appstore_id":"0","app_specific_url_scheme":"tg","premium_iap_product_id":"","enable_siri":false,"enable_icloud":false,"sg_config":""}
diff --git a/build-system/ipa-build-configuration.json b/build-system/ipa-build-configuration.json
index 12920941..5625da6a 100755
--- a/build-system/ipa-build-configuration.json
+++ b/build-system/ipa-build-configuration.json
@@ -1,11 +1,11 @@
 {
-	"bundle_id": "com.example.GLEGram",
-	"api_id": "YOUR_API_ID",
-	"api_hash": "YOUR_API_HASH",
-	"team_id": "YOUR_TEAM_ID",
+	"bundle_id": "com.GLEProject.GLEGram",
+	"api_id": "31339208",
+	"api_hash": "b7917b274453f075e114f2fef86230d2",
+	"team_id": "F8A8NWPL78",
 	"app_center_id": "0",
 	"is_internal_build": "false",
-	"is_appstore_build": "true",
+	"is_appstore_build": "false",
 	"appstore_id": "0",
 	"app_specific_url_scheme": "tg",
 	"premium_iap_product_id": "",
diff --git a/build-system/real-codesigning/certs/README.md b/build-system/real-codesigning/certs/README.md
deleted file mode 100644
index f705212a..00000000
--- a/build-system/real-codesigning/certs/README.md
+++ /dev/null
@@ -1 +0,0 @@
-# Add your codesigning certificates here
diff --git a/build-system/real-codesigning/profiles/README.md b/build-system/real-codesigning/profiles/README.md
deleted file mode 100644
index 7675d409..00000000
--- a/build-system/real-codesigning/profiles/README.md
+++ /dev/null
@@ -1 +0,0 @@
-# Add your provisioning profiles here