Migrate to local PG & Update Solana Checkout

app/admin/layout.tsx

@@ -28,10 +28,8 @@ export default function AdminLayout({
 }) {
     const pathname = usePathname();
     const router = useRouter();
-    const supabase = createClient();
-
     const handleSignOut = async () => {
-        await supabase.auth.signOut();
+        await fetch('/api/auth/logout', { method: 'POST' });
         router.push('/login');
         router.refresh();
     };

app/admin/transactions/page.tsx

@@ -1,5 +1,5 @@
 import React from 'react';
-import { supabaseAdmin } from '@/lib/supabase-admin';
+import { db } from '@/lib/db';
 import {
     Search,
     Filter,
@@ -13,49 +13,45 @@ import TransactionSearch from '@/components/admin/TransactionSearch';
 import TransactionStatusFilter from '@/components/admin/TransactionStatusFilter';
 
 async function getTransactions(filters: { merchant_id?: string; q?: string; status?: string }) {
-    let query = supabaseAdmin
+    let sql = `
-        .from('transactions')
+        SELECT t.*, m.name as merchant_name 
-        .select('*, merchants(name)')
+        FROM transactions t 
-        .order('created_at', { ascending: false });
+        LEFT JOIN merchants m ON t.merchant_id = m.id 
+        WHERE 1=1
+    `;
+    let params: any[] = [];
+    let paramIndex = 1;
 
     if (filters.merchant_id) {
-        query = query.eq('merchant_id', filters.merchant_id);
+        sql += ` AND t.merchant_id = $${paramIndex++}`;
+        params.push(filters.merchant_id);
     }
 
     if (filters.status) {
-        query = query.eq('status', filters.status);
+        sql += ` AND t.status = $${paramIndex++}`;
+        params.push(filters.status);
     }
 
     if (filters.q) {
-        // First, search for merchants matching the name to get their IDs
+        sql += ` AND (
-        const { data: matchedMerchants } = await supabaseAdmin
+            t.stripe_pi_id ILIKE $${paramIndex} OR 
-            .from('merchants')
+            t.source_ref_id ILIKE $${paramIndex} OR 
-            .select('id')
+            t.customer_name ILIKE $${paramIndex} OR 
-            .ilike('name', `%${filters.q}%`);
+            m.name ILIKE $${paramIndex}
-
+        )`;
-        const merchantIds = matchedMerchants?.map(m => m.id) || [];
+        params.push(`%${filters.q}%`);
-
+        paramIndex++;
-        // Construct OR query parts
-        let orParts = [
-            `stripe_pi_id.ilike.%${filters.q}%`,
-            `source_ref_id.ilike.%${filters.q}%`,
-            `customer_name.ilike.%${filters.q}%`
-        ];
-
-        if (merchantIds.length > 0) {
-            orParts.push(`merchant_id.in.(${merchantIds.join(',')})`);
     }
 
-        query = query.or(orParts.join(','));
+    sql += ` ORDER BY t.created_at DESC`;
-    }
 
-    const { data, error } = await query;
+    try {
-
+        const { rows } = await db.query(sql, params);
-    if (error) {
+        return rows.map(r => ({ ...r, merchants: r.merchant_name ? { name: r.merchant_name } : null }));
+    } catch (error) {
         console.error('Fetch error:', error);
         return [];
     }
-    return data;
 }
 
 export default async function TransactionsPage(props: {

app/api/auth/login/route.ts

@@ -0,0 +1,56 @@
+import { NextResponse } from 'next/server';
+import { db } from '@/lib/db';
+import bcrypt from 'bcryptjs';
+import jwt from 'jsonwebtoken';
+import { cookies } from 'next/headers';
+
+const JWT_SECRET = process.env.JWT_SECRET || 'super-secret-key-12345';
+
+export async function POST(request: Request) {
+  try {
+    const { email, password } = await request.json();
+
+    if (!email || !password) {
+      return NextResponse.json({ error: 'Email ve şifre zorunludur.' }, { status: 400 });
+    }
+
+    const res = await db.query('SELECT * FROM admin_users WHERE email = $1', [email]);
+    const user = res.rows[0];
+
+    if (!user || (!user.password_hash && password !== 'password123')) {
+      return NextResponse.json({ error: 'Geçersiz email veya şifre.' }, { status: 401 });
+    }
+
+    // Verify password
+    let isValid = false;
+    if (user.password_hash) {
+      isValid = await bcrypt.compare(password, user.password_hash);
+    } else if (password === 'password123') { // Fallback if someone forgot to run the init script
+      isValid = true;
+    }
+
+    if (!isValid) {
+      return NextResponse.json({ error: 'Geçersiz email veya şifre.' }, { status: 401 });
+    }
+
+    // Generate token
+    const token = jwt.sign({ id: user.id, email: user.email }, JWT_SECRET, {
+      expiresIn: '1d',
+    });
+
+    // Set cookie
+    const cookieStore = await cookies();
+    cookieStore.set('admin_session', token, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'lax',
+      path: '/',
+      maxAge: 60 * 60 * 24, // 1 day
+    });
+
+    return NextResponse.json({ success: true, user: { id: user.id, email: user.email } });
+  } catch (error: any) {
+    console.error('Login error:', error);
+    return NextResponse.json({ error: 'Giriş sırasında bir hata oluştu.' }, { status: 500 });
+  }
+}

app/api/auth/logout/route.ts

@@ -0,0 +1,8 @@
+import { NextResponse } from 'next/server';
+import { cookies } from 'next/headers';
+
+export async function POST() {
+  const cookieStore = await cookies();
+  cookieStore.delete('admin_session');
+  return NextResponse.json({ success: true });
+}

app/api/create-payment-intent/route.ts

@@ -1,37 +1,41 @@
 import { NextRequest, NextResponse } from 'next/server';
-import { stripe } from '@/lib/stripe';
+import { db } from '@/lib/db';
-import { supabaseAdmin } from '@/lib/supabase-admin';
 import { PaymentProviderFactory } from '@/lib/payment-providers';
 
 export async function POST(req: NextRequest) {
     try {
         const { amount, currency, ref_id, callback_url, customer_name, customer_phone, merchant_id } = await req.json();
 
-        if (!amount || !currency || !merchant_id) {
+        if (!amount || !currency) {
             return NextResponse.json(
-                { error: 'Tutar, para birimi ve firma ID zorunludur.' },
+                { error: 'Tutar ve para birimi zorunludur.' },
                 { status: 400 }
             );
         }
 
+        let merchant;
         // 1. Fetch Merchant to check provider (Support both UUID and Short ID)
+        if (merchant_id) {
             const isUUID = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(merchant_id);
-
+            let result;
-        const query = supabaseAdmin
-            .from('merchants')
-            .select('*');
-
             if (isUUID) {
-            query.eq('id', merchant_id);
+                result = await db.query('SELECT * FROM merchants WHERE id = $1', [merchant_id]);
             } else {
-            query.eq('short_id', merchant_id);
+                result = await db.query('SELECT * FROM merchants WHERE short_id = $1', [merchant_id]);
             }
             
-        const { data: merchant, error: merchantError } = await query.single();
+            if (result.rows.length === 0) {
-
-        if (merchantError || !merchant) {
                 return NextResponse.json({ error: 'Firma bulunamadı.' }, { status: 404 });
             }
+            merchant = result.rows[0];
+        } else {
+            // For demo purposes on the landing page, fetch any existing merchant
+            const result = await db.query('SELECT * FROM merchants LIMIT 1');
+            if (result.rows.length === 0) {
+                return NextResponse.json({ error: 'Sistemde kayıtlı firma bulunamadı (Önce admin panelinden firma ekleyin).' }, { status: 404 });
+            }
+            merchant = result.rows[0];
+        }
 
         // Use the actual UUID for DB operations
         const resolvedMerchantId = merchant.id;
@@ -67,26 +71,19 @@ export async function POST(req: NextRequest) {
         }
 
         // 3. Log transaction in Supabase
-        const { error: dbError } = await supabaseAdmin
+        try {
-            .from('transactions')
+            await db.query(`
-            .insert({
+                INSERT INTO transactions (
-                amount,
+                    amount, currency, status, stripe_pi_id, source_ref_id, 
-                currency,
+                    customer_name, customer_phone, callback_url, merchant_id, 
-                status: 'pending',
+                    provider, metadata
-                stripe_pi_id: providerTxId, // We keep using this column for now or we could use provider_tx_id if we updated schema
+                ) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)
-                source_ref_id: ref_id,
+            `, [
-                customer_name,
+                amount, currency, 'pending', providerTxId, ref_id,
-                customer_phone,
+                customer_name, customer_phone, callback_url, resolvedMerchantId,
-                callback_url,
+                provider, JSON.stringify({ nextAction, redirectUrl })
-                merchant_id: resolvedMerchantId,
+            ]);
-                provider: provider,
+        } catch (dbError) {
-                metadata: {
-                    nextAction,
-                    redirectUrl
-                }
-            });
-
-        if (dbError) {
             console.error('Database log error:', dbError);
         }
 

app/api/crypto-sweep/route.ts

@@ -1,27 +1,66 @@
 import { NextResponse } from 'next/server';
 import { CryptoEngine } from '@/lib/crypto-engine';
+import { db } from '@/lib/db';
 
 export async function POST(request: Request) {
     try {
         const body = await request.json();
-        const { txId, merchantAddress } = body;
+        const { txId, merchantAddress, amount, currency } = body;
-
-        // In a real app, you would fetch the private key for this txId from a secure DB/Vault
-        // For demo: We just simulate the result of a sweep
 
         console.log(`[API] Checking and Sweeping for Transaction: ${txId}`);
         
-        // Mock success response
+        // This is a demo integration. In a real application:
+        // 1. We would look up the transaction ID from the DB
+        // 2. Fetch the temporary wallet private key created for that specific TX
+        // 3. We use the platform address defined in our .env or settings
+
+        // For this demo, we'll use the user's devnet wallet as both the source (temp wallet) and platform
+        const demoTempWalletPrivKey = "3Ab6AyfDDWquPJ6ySjHmQmiW3USg7CuDxJSNtrNQySsXj5v4KfBKcw9vnK1Rrfwm6RYq43PdKjiNZekgtNzGsNm2"; 
+        const platformAddress = "5pLH1tqZhx8p8WpZ18yr28N42KXB3FXVPzZ9ceCtpBVe";
+        
+        // Ensure we have a merchant address or use a fallback for testing
+        const targetMerchant = merchantAddress || "5pLH1tqZhx8p8WpZ18yr28N42KXB3FXVPzZ9ceCtpBVe"; // using same for demo
+        
+        // Initialize Crypto Engine for Solana
+        const cryptoEngine = new CryptoEngine('SOLANA');
+
+        console.log("Starting Sweep Process on SOLANA DEVNET...");
+        
+        // Attempt the sweep (this will do a real devnet transaction if uncommented in engine)
+        const sweepResult = await cryptoEngine.sweepFunds(
+            demoTempWalletPrivKey,
+            targetMerchant,
+            platformAddress,
+            'SOL' // Using native SOL for demo
+        );
+
+        if (!sweepResult.success) {
+            throw new Error("Süpürme işlemi başarısız oldu.");
+        }
+
+        // --- UPDATE DATABASE STATUS ---
+        // Marks the transaction as succeeded so it updates in the Admin dashboard
+        try {
+            await db.query(
+                `UPDATE transactions 
+                 SET status = 'succeeded' 
+                 WHERE stripe_pi_id = $1`,
+                [txId]
+            );
+        } catch (dbError) {
+            console.error('[API] Failed to update transaction status in DB:', dbError);
+        }
+
         return NextResponse.json({
             success: true,
-            message: "Ödeme başarıyla doğrulandı ve dağıtıldı.",
+            message: "Ödeme başarıyla doğrulandı ve dağıtıldı (Solana Devnet).",
             split: {
-                platform: "1.00 USDT (%1)",
+                platform: "%1",
-                merchant: "99.00 USDT (%99)"
+                merchant: "%99"
             },
             hashes: {
-                platform: "0x" + Math.random().toString(16).slice(2, 66),
+                platform: sweepResult.platformTx,
-                merchant: "0x" + Math.random().toString(16).slice(2, 66)
+                merchant: sweepResult.merchantTx
             }
         });
 

app/api/merchants/route.ts

@@ -1,5 +1,5 @@
 import { NextRequest, NextResponse } from 'next/server';
-import { supabaseAdmin } from '@/lib/supabase-admin';
+import { db } from '@/lib/db';
 
 export async function POST(req: NextRequest) {
     try {
@@ -22,24 +22,21 @@ export async function POST(req: NextRequest) {
             return result;
         };
 
-        const { data, error } = await supabaseAdmin
+        const shortId = generateShortId();
-            .from('merchants')
+        const provider = payment_provider || 'stripe';
-            .insert([{
+        const configStr = provider_config ? JSON.stringify(provider_config) : '{}';
-                name,
-                webhook_url,
-                short_id: generateShortId(),
-                payment_provider: payment_provider || 'stripe',
-                provider_config: provider_config || {}
-            }])
-            .select()
-            .single();
 
-        if (error) {
+        const result = await db.query(
-            console.error('Merchant creation error:', error);
+            `INSERT INTO merchants (name, webhook_url, short_id, payment_provider, provider_config) 
-            return NextResponse.json({ error: error.message }, { status: 500 });
+             VALUES ($1, $2, $3, $4, $5) RETURNING *`,
+            [name, webhook_url, shortId, provider, configStr]
+        );
+
+        if (result.rows.length === 0) {
+           throw new Error('Could not insert merchant');
         }
 
-        return NextResponse.json(data);
+        return NextResponse.json(result.rows[0]);
     } catch (err: any) {
         console.error('Internal Error:', err);
         return NextResponse.json(
@@ -51,16 +48,8 @@ export async function POST(req: NextRequest) {
 
 export async function GET() {
     try {
-        const { data, error } = await supabaseAdmin
+        const result = await db.query('SELECT * FROM merchants ORDER BY created_at DESC');
-            .from('merchants')
+        return NextResponse.json(result.rows);
-            .select('*')
-            .order('created_at', { ascending: false });
-
-        if (error) {
-            return NextResponse.json({ error: error.message }, { status: 500 });
-        }
-
-        return NextResponse.json(data);
     } catch (err: any) {
         return NextResponse.json(
             { error: `Internal Server Error: ${err.message}` },

app/checkout/page.tsx

@@ -161,7 +161,7 @@ function CheckoutContent() {
                                     <CryptoCheckout 
                                         amount={amount} 
                                         currency={currency} 
-                                    txId={paymentData?.transactionId || 'TX-8231'}
+                                        txId={paymentData?.clientSecret || 'TX-8231'}
                                     onSuccess={(hash) => {
                                         setTimeout(() => {
                                             window.location.href = `${callbackUrl}?status=success&tx_hash=${hash}`;
@@ -229,26 +229,6 @@ function CheckoutContent() {
     );
 }
 
-                            <div className="mt-8 flex justify-center lg:justify-start">
-                                <Link href={callbackUrl} className="flex items-center gap-2 text-sm font-semibold text-gray-500 hover:text-gray-900 transition translate-x-0 hover:-translate-x-1 duration-200">
-                                    <ArrowLeft size={16} />
-                                    Mağazaya Dön
-                                </Link>
-                            </div>
-                        </div>
-                    )}
-                </div>
-            </div>
-
-            {/* Footer */}
-            <footer className="py-12 border-t border-gray-100 text-center">
-                <p className="text-[#94A3B8] text-[10px] font-medium tracking-tight uppercase">
-                    © 2026 P2CGateway Inc. Tüm hakları saklıdır.
-                </p>
-            </footer>
-        </div>
-    );
-}
 
 export default function CheckoutPage() {
     return (

app/login/page.tsx

@@ -1,7 +1,6 @@
 'use client';
 
 import { useState } from 'react';
-import { createClient } from '@/utils/supabase/client';
 import { useRouter } from 'next/navigation';
 import { Lock, Mail, Loader2, Wallet } from 'lucide-react';
 
@@ -11,25 +10,30 @@ export default function LoginPage() {
     const [isLoading, setIsLoading] = useState(false);
     const [error, setError] = useState<string | null>(null);
     const router = useRouter();
-    const supabase = createClient();
-
     const handleLogin = async (e: React.FormEvent) => {
         e.preventDefault();
         setIsLoading(true);
         setError(null);
 
-        const { error } = await supabase.auth.signInWithPassword({
+        try {
-            email,
+            const res = await fetch('/api/auth/login', {
-            password,
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({ email, password })
             });
+            const data = await res.json();
 
-        if (error) {
+            if (!res.ok) {
-            setError(error.message);
+                setError(data.error || 'Login failed');
-            setIsLoading(false);
             } else {
                 router.push('/admin');
                 router.refresh();
             }
+        } catch (err: any) {
+            setError('Bir ağ hatası oluştu, lütfen tekrar deneyin.');
+        } finally {
+            setIsLoading(false);
+        }
     };
 
     return (

components/checkout/CryptoCheckout.tsx

@@ -19,18 +19,37 @@ interface CryptoCheckoutProps {
 }
 
 export default function CryptoCheckout({ amount, currency, txId, onSuccess }: CryptoCheckoutProps) {
-    const [selectedCoin, setSelectedCoin] = useState('USDT');
+    const [selectedCoin, setSelectedCoin] = useState('SOL');
     const [depositAddress, setDepositAddress] = useState<string>('');
     const [isVerifying, setIsVerifying] = useState(false);
     const [copied, setCopied] = useState(false);
     const [status, setStatus] = useState<'waiting' | 'verifying' | 'success' | 'error'>('waiting');
-
+    const [cryptoAmount, setCryptoAmount] = useState<string>('Hesaplanıyor...');
-    // Exchange rate mock: 1 USD = 35 TRY, 1 USDT = 1 USD
-    const cryptoAmount = (currency === 'TL' ? (amount / 35) : amount).toFixed(2);
 
     useEffect(() => {
-        // Mock address generation
+        async function fetchExchangeRate() {
-        setDepositAddress('0x' + Math.random().toString(16).slice(2, 42));
+            if (currency === 'TL' || currency === 'TRY') {
+                try {
+                    const symbol = selectedCoin === 'SOL' ? 'SOLTRY' : 'USDTTRY';
+                    const res = await fetch(`https://api.binance.com/api/v3/ticker/price?symbol=${symbol}`);
+                    const data = await res.json();
+                    const rate = parseFloat(data.price);
+                    setCryptoAmount((amount / rate).toFixed(selectedCoin === 'SOL' ? 4 : 2));
+                } catch (error) {
+                    // Fallback rate if API fails
+                    setCryptoAmount((amount / 5500).toFixed(selectedCoin === 'SOL' ? 4 : 2)); 
+                }
+            } else {
+                // If already USD or USDT, 1:1 ratio
+                setCryptoAmount(amount.toFixed(2));
+            }
+        }
+        fetchExchangeRate();
+    }, [amount, currency]);
+
+    useEffect(() => {
+        // Use a real valid Solana test wallet so Phantom doesn't say "Invalid Address"
+        setDepositAddress('5pLH1tqZhx8p8WpZ18yr28N42KXB3FXVPzZ9ceCtpBVe');
     }, [selectedCoin]);
 
     const handleCopy = () => {
@@ -49,7 +68,7 @@ export default function CryptoCheckout({ amount, currency, txId, onSuccess }: Cr
                 headers: { 'Content-Type': 'application/json' },
                 body: JSON.stringify({
                     txId: txId,
-                    merchantAddress: '0x123...MERCHANT_WALLET'
+                    merchantAddress: '5pLH1tqZhx8p8WpZ18yr28N42KXB3FXVPzZ9ceCtpBVe' // A placeholder valid Solana Devnet Wallet
                 })
             });
             const data = await response.json();
@@ -81,7 +100,7 @@ export default function CryptoCheckout({ amount, currency, txId, onSuccess }: Cr
                 </div>
                 <div className="text-right">
                     <p className="text-2xl font-black text-gray-900">{cryptoAmount} <span className="text-xs text-gray-400">{selectedCoin}</span></p>
-                    <p className="text-[10px] text-gray-400 font-bold uppercase">Ağ: Polygon (MATIC)</p>
+                    <p className="text-[10px] text-gray-400 font-bold uppercase">Ağ: Solana (Devnet)</p>
                 </div>
             </div>
 
@@ -127,7 +146,7 @@ export default function CryptoCheckout({ amount, currency, txId, onSuccess }: Cr
                                 <span className="text-[9px] font-black uppercase tracking-widest">Önemli Uyarı</span>
                             </div>
                             <p className="text-[10px] text-blue-800 leading-relaxed font-medium">
-                                Lütfen sadece <b>Polygon (PoS)</b> ağı üzerinden gönderim yapın. Yanlış ağ üzerinden gönderilen varlıklar kurtarılamaz.
+                                Lütfen sadece test amaçlı <b>Solana (Devnet)</b> ağı üzerinden test SOL'ü gönderimi yapın. Gerçek ağ veya USDT bu ortamda kabul edilmez.
                             </p>
                         </div>
                     </div>

lib/crypto-engine.ts

@@ -1,4 +1,7 @@
 import { ethers } from 'ethers';
+import { Connection, PublicKey, Keypair, Transaction, SystemProgram, sendAndConfirmTransaction, clusterApiUrl, LAMPORTS_PER_SOL } from '@solana/web3.js';
+import { getAssociatedTokenAddress, getAccount, createTransferInstruction } from '@solana/spl-token';
+import bs58 from 'bs58';
 
 // Demo configuration - In production, these should be securely managed
 const RPC_URLS: Record<string, string> = {
@@ -28,23 +31,44 @@ const STABLECOIN_ADDRESSES: Record<string, Record<string, string>> = {
     ETH: {
         USDT: '0xdAC17F958D2ee523a2206206994597C13D831ec7',
         USDC: '0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48'
+    },
+    SOLANA: {
+        USDC: '4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU', // Devnet USDC
+        USDT: 'EJwZgeZrdC8TXTQbQBoL6bfuAnFUUy1PVCMB4DYPzVaS'  // Devnet USDT
     }
 };
 
 export class CryptoEngine {
-    private provider: ethers.JsonRpcProvider;
+    private provider!: ethers.JsonRpcProvider;
+    private solConnection!: Connection;
     private network: string;
 
     constructor(network: string = 'POLYGON') {
         this.network = network;
+        if (network === 'SOLANA') {
+            this.solConnection = new Connection(clusterApiUrl('devnet'), 'confirmed');
+        } else {
             this.provider = new ethers.JsonRpcProvider(RPC_URLS[network]);
         }
+    }
 
     /**
      * Generates a temporary wallet for a transaction.
      */
-    static async createTemporaryWallet(): Promise<ethers.Wallet> {
+    static async createTemporaryWallet(network: string = 'POLYGON'): Promise<{ address: string, privateKey: string }> {
-        return ethers.Wallet.createRandom();
+        if (network === 'SOLANA') {
+            const keypair = Keypair.generate();
+            return {
+                address: keypair.publicKey.toBase58(),
+                privateKey: bs58.encode(keypair.secretKey)
+            };
+        } else {
+            const wallet = ethers.Wallet.createRandom();
+            return {
+                address: wallet.address,
+                privateKey: wallet.privateKey
+            };
+        }
     }
 
     /**
@@ -55,6 +79,19 @@ export class CryptoEngine {
         merchantAddress: string,
         platformAddress: string,
         tokenSymbol: string = 'USDT'
+    ) {
+        if (this.network === 'SOLANA') {
+            return this.sweepSolana(tempWalletPrivateKey, merchantAddress, platformAddress, tokenSymbol);
+        } else {
+            return this.sweepEVM(tempWalletPrivateKey, merchantAddress, platformAddress, tokenSymbol);
+        }
+    }
+
+    private async sweepEVM(
+        tempWalletPrivateKey: string,
+        merchantAddress: string,
+        platformAddress: string,
+        tokenSymbol: string
     ) {
         const tempWallet = new ethers.Wallet(tempWalletPrivateKey, this.provider);
         const tokenAddress = STABLECOIN_ADDRESSES[this.network][tokenSymbol];
@@ -66,12 +103,10 @@ export class CryptoEngine {
         const platformShare = (balance * 100n) / 10000n; // %1
         const merchantShare = balance - platformShare; // %99
 
-        console.log(`[Sweep] Total: ${ethers.formatUnits(balance, 6)} ${tokenSymbol}`);
+        console.log(`[Sweep EVM] Total: ${ethers.formatUnits(balance, 6)} ${tokenSymbol}`);
-        console.log(`[Sweep] Sending ${ethers.formatUnits(platformShare, 6)} to Platform...`);
+        console.log(`[Sweep EVM] Sending ${ethers.formatUnits(platformShare, 6)} to Platform...`);
-        console.log(`[Sweep] Sending ${ethers.formatUnits(merchantShare, 6)} to Merchant...`);
+        console.log(`[Sweep EVM] Sending ${ethers.formatUnits(merchantShare, 6)} to Merchant...`);
 
-        // In reality, we'd send 2 transactions here.
-        // For the demo, we simulate success.
         return {
             success: true,
             platformTx: '0x' + Math.random().toString(16).slice(2, 66),
@@ -79,6 +114,71 @@ export class CryptoEngine {
         };
     }
 
+    private async sweepSolana(
+        tempWalletPrivateKey: string,
+        merchantAddress: string,
+        platformAddress: string,
+        tokenSymbol: string
+    ) {
+        const tempKeypair = Keypair.fromSecretKey(bs58.decode(tempWalletPrivateKey));
+        const pubKey = tempKeypair.publicKey;
+
+        if (tokenSymbol === 'SOL') {
+            const balance = await this.solConnection.getBalance(pubKey);
+            if (balance === 0) throw new Error("Balance is zero");
+
+            // Leave some lamports for tx fees. Mock logic for now
+            const actionableBalance = balance - 5000; 
+            const platformShare = Math.floor(actionableBalance * 0.01);
+            const merchantShare = actionableBalance - platformShare;
+
+            console.log(`[Sweep SOL] Total: ${balance / LAMPORTS_PER_SOL} SOL`);
+            console.log(`[Sweep SOL] Platform Share: ${platformShare / LAMPORTS_PER_SOL} SOL`);
+            console.log(`[Sweep SOL] Merchant Share: ${merchantShare / LAMPORTS_PER_SOL} SOL`);
+
+            // Off-chain transaction split using SystemProgram
+            const transaction = new Transaction().add(
+                SystemProgram.transfer({
+                    fromPubkey: pubKey,
+                    toPubkey: new PublicKey(platformAddress),
+                    lamports: platformShare,
+                }),
+                SystemProgram.transfer({
+                    fromPubkey: pubKey,
+                    toPubkey: new PublicKey(merchantAddress),
+                    lamports: merchantShare,
+                })
+            );
+
+            // Uncomment the following line to actually send the transaction on devnet
+            // const txSig = await sendAndConfirmTransaction(this.solConnection, transaction, [tempKeypair]);
+            const mockTxSig = bs58.encode(ethers.randomBytes(32));
+
+            return {
+                success: true,
+                platformTx: mockTxSig,
+                merchantTx: mockTxSig
+            };
+        } else {
+            // Processing SPL tokens (USDC/USDT)
+            const tokenMint = new PublicKey(STABLECOIN_ADDRESSES['SOLANA'][tokenSymbol]);
+            const tempAta = await getAssociatedTokenAddress(tokenMint, pubKey);
+            
+            // For real transactions we would:
+            // 1. Check/create ATAs for platform & merchant
+            // 2. Add transfer instructions
+            // 3. Send transaction
+            
+            console.log(`[Sweep SOL SPL] Mint: ${tokenMint.toBase58()}`);
+            
+            return {
+                success: true,
+                platformTx: 'sol_mock_tx_spl',
+                merchantTx: 'sol_mock_tx_spl'
+            };
+        }
+    }
+
     /**
      * Verifies if a specific amount has arrived at the address.
      */
@@ -88,6 +188,30 @@ export class CryptoEngine {
         error?: string;
     }> {
         try {
+            if (this.network === 'SOLANA') {
+                const pubKey = new PublicKey(address);
+                if (!tokenSymbol || tokenSymbol === 'SOL') {
+                    const balance = await this.solConnection.getBalance(pubKey);
+                    const balanceInSol = balance / LAMPORTS_PER_SOL;
+                    
+                    if (balanceInSol >= parseFloat(expectedAmount)) {
+                        return { success: true };
+                    }
+                } else {
+                    const tokenMint = new PublicKey(STABLECOIN_ADDRESSES['SOLANA'][tokenSymbol]);
+                    const ata = await getAssociatedTokenAddress(tokenMint, pubKey);
+                    try {
+                        const accountInfo = await getAccount(this.solConnection, ata);
+                        // Using mock decimals 6 for USDT/USDC
+                        const balance = Number(accountInfo.amount) / 1_000_000;
+                        if (balance >= parseFloat(expectedAmount)) {
+                            return { success: true };
+                        }
+                    } catch (e) {
+                         // Account might not exist yet
+                    }
+                }
+            } else {
                 if (!tokenSymbol || tokenSymbol === 'ETH' || tokenSymbol === 'MATIC') {
                     const balance = await this.provider.getBalance(address);
                     const balanceInEth = ethers.formatEther(balance);
@@ -97,8 +221,7 @@ export class CryptoEngine {
                     }
                 } else {
                     // Check ERC20 balance (USDT/USDC)
-                const network = 'POLYGON'; // Default for demo
+                    const tokenAddress = STABLECOIN_ADDRESSES[this.network][tokenSymbol];
-                const tokenAddress = STABLECOIN_ADDRESSES[network][tokenSymbol];
                     if (!tokenAddress) throw new Error("Unsupported token");
 
                     const contract = new ethers.Contract(tokenAddress, ERC20_ABI, this.provider);
@@ -110,6 +233,7 @@ export class CryptoEngine {
                         return { success: true };
                     }
                 }
+            }
 
             return { success: false };
         } catch (error: any) {

lib/db.ts

@@ -0,0 +1,10 @@
+import { Pool } from 'pg';
+
+const pool = new Pool({
+  connectionString: process.env.DATABASE_URL,
+});
+
+export const db = {
+  query: (text: string, params?: any[]) => pool.query(text, params),
+  pool,
+};

package.json

@@ -9,14 +9,21 @@
     "lint": "eslint"
   },
   "dependencies": {
+    "@solana/spl-token": "^0.4.14",
+    "@solana/web3.js": "^1.98.4",
     "@stripe/react-stripe-js": "^5.4.1",
     "@stripe/stripe-js": "^8.6.1",
     "@supabase/ssr": "^0.8.0",
     "@supabase/supabase-js": "^2.90.1",
+    "bcryptjs": "^3.0.3",
+    "bs58": "^6.0.0",
     "clsx": "^2.1.1",
+    "cookies-next": "^6.1.1",
     "date-fns": "^4.1.0",
+    "jsonwebtoken": "^9.0.3",
     "lucide-react": "^0.562.0",
     "next": "16.1.1",
+    "pg": "^8.20.0",
     "react": "19.2.3",
     "react-dom": "19.2.3",
     "recharts": "^3.6.0",
@@ -28,9 +35,12 @@
     "@nomicfoundation/hardhat-toolbox": "^6.1.2",
     "@openzeppelin/contracts": "^5.6.1",
     "@tailwindcss/postcss": "^4",
+    "@types/bcryptjs": "^2.4.6",
     "@types/chai": "^5.2.3",
+    "@types/jsonwebtoken": "^9.0.10",
     "@types/mocha": "^10.0.10",
     "@types/node": "^20",
+    "@types/pg": "^8.18.0",
     "@types/react": "^19",
     "@types/react-dom": "^19",
     "chai": "^6.2.2",

proxy.ts

@@ -1,20 +1,19 @@
-import { type NextRequest } from 'next/server'
+import { NextResponse } from 'next/server';
-import { updateSession } from '@/utils/supabase/proxy'
+import type { NextRequest } from 'next/server';
 
-export async function proxy(request: NextRequest) {
+export function proxy(request: NextRequest) {
-    return await updateSession(request)
+    const adminSession = request.cookies.get('admin_session');
+
+    // Protect /admin routes
+    if (request.nextUrl.pathname.startsWith('/admin')) {
+        if (!adminSession) {
+            return NextResponse.redirect(new URL('/login', request.url));
+        }
+    }
+
+    return NextResponse.next();
 }
 
 export const config = {
-    matcher: [
+    matcher: ['/admin/:path*'],
-        /*
+};
-         * Match all request paths except for the ones starting with:
-         * - _next/static (static files)
-         * - _next/image (image optimization files)
-         * - favicon.ico (favicon file)
-         * - public files (images, etc)
-         * Feel free to modify this pattern to include more paths.
-         */
-        '/((?!_next/static|_next/image|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)',
-    ],
-}

scripts/init-auth.js

@@ -0,0 +1,30 @@
+const { Pool } = require('pg');
+const bcrypt = require('bcryptjs');
+
+const pool = new Pool({
+  connectionString: 'postgres://postgres:Q12IqYPcJXe2VlBP3xohxZZxG8HpPxXBu4ZAXsvhnRgIwyuYpB0Q4o13fumHv2KQ@65.109.236.58:5678/postgres'
+});
+
+async function run() {
+  const email = 'admin@p2cgateway.com';
+  const plainPassword = 'password123';
+  const hash = await bcrypt.hash(plainPassword, 10);
+
+  console.log('Adding password_hash column if it doesn\'t exist...');
+  await pool.query(`ALTER TABLE admin_users ADD COLUMN IF NOT EXISTS password_hash TEXT;`);
+
+  console.log('Checking if admin exists...');
+  const res = await pool.query('SELECT * FROM admin_users WHERE email = $1', [email]);
+  if (res.rows.length > 0) {
+    console.log('Updating existing admin password...');
+    await pool.query('UPDATE admin_users SET password_hash = $1 WHERE email = $2', [hash, email]);
+  } else {
+    console.log('Inserting new admin...');
+    await pool.query('INSERT INTO admin_users (email, password_hash) VALUES ($1, $2)', [email, hash]);
+  }
+  
+  console.log('Done!');
+  await pool.end();
+}
+
+run().catch(console.error);