🚀 TON Bridge – instant cross‑chain exchange! ✅ Support for 200+ blockchains and 1200+ coins ✅ Best prices thanks to CEX / DEX aggregation ✅ Full security, no registration required
See IMPROVEMENTS.md for the project structure analysis and the proposed step-by-step roadmap (UX, performance, virality, security) addressing issue #1.
Requires Node.js 20.x (LTS Iron). Use nvm to match the pinned version:
nvm usenpm installCompiles assets/sass/style.scss → assets/css/style.css (minified, with sourcemap):
npm run build:cssRecompiles automatically on Sass file changes:
npm run watch:cssRuns all build steps (CSS compilation + Eleventy HTML generation with env injection):
npm run buildOutput goes to dist/.
All environment-specific identifiers are injected at build time via
Eleventy's data cascade (src/_data/env.js).
Copy .env.example to .env and fill in your values — .env is git-ignored and
must never be committed.
Use the currently registered production values in .env locally and in GitHub
Actions secrets for CI/deploy. This keeps the same working integrations without
embedding those values in committed templates. If the analytics JWT is rotated,
only update TG_ANALYTICS_TOKEN in .env and GitHub Secrets; no template edit is
needed.
| Variable | Description |
|---|---|
TG_ANALYTICS_TOKEN |
JWT for tganalytics.xyz, issued by @DataChief_bot. Rotate via the bot and invalidate the old token after each rotation. |
TG_ANALYTICS_APP_NAME |
Analytics identifier registered in @DataChief_bot (usually the bot username). |
YANDEX_METRIKA_ID |
Numeric counter ID from Yandex.Metrika. |
CHANGENOW_LINK_ID |
ChangeNOW partner link_id used in the exchange-widget iframe URLs. Obtain from your ChangeNOW partner account. |
BOT_USERNAME |
Telegram bot username (without @) used for deep links. |
cp .env.example .env
# Edit .env and fill in real values
npm run build # writes dist/*.html with all env values injected via EleventyThe Nunjucks templates (src/_includes/*.njk) reference {{ env.VAR_NAME }}.
The src/_data/env.js data file reads from .env (or process.env in CI)
and makes the values available to all templates. The build fails fast with a
clear error if any required variable is unset.
npm run check:envExits 0 if all required variables are set, exits 1 with a list of missing
variables otherwise. Useful for verifying your .env without running a full build.
Shared hosting deployments can be configured from a browser-based installer after uploading the generated files to a PHP 8.1+ hosting account with MySQL:
- Build locally with placeholder values or upload a prepared
dist/package. - Open
https://your-domain.example/path/installer/. - Select English or Russian in the installer header.
- Complete the requirements, Telegram mini-app, analytics, ChangeNOW, backend, and MySQL steps. Each field includes inline guidance; use provider dashboard values exactly as issued.
- The installer writes
.env,config/tonbridge.php,assets/js/tonbridge-config.js, updates deploy-time static placeholders, and createsinstaller/.installed. - Update BotFather with the final mini-app URL, then remove the
installer/directory from the hosting account.
Installer field notes:
| Field | How to fill it |
|---|---|
| Public app URL | HTTPS URL of the deployed app folder, without /installer. Example: https://example.com/bridge. |
| Telegram bot username | BotFather username without @. |
| Mini app short name | BotFather mini-app short name, usually app. |
| Admin Telegram IDs | Numeric Telegram user IDs separated by commas, not usernames. |
| Telegram Analytics token/app name | Values issued by @DataChief_bot for the mini app. |
| Yandex.Metrika counter ID | Numeric counter ID from the Yandex.Metrika dashboard. |
ChangeNOW link_id |
Partner identifier from the ChangeNOW partner dashboard. |
| MySQL host, database, username, password | Values from the hosting control panel after creating an empty database and user. |
| MySQL table prefix | Unique prefix for shared databases, for example tonbridge_. |
Generated files that can contain secrets are ignored by git. The committed
.htaccess and config/.htaccess files deny direct access to .env and
server-side config on Apache hosts.
Run the installer checks locally with:
npm run test:installerA gitleaks configuration is provided
at .gitleaks.toml. To prevent accidental secret commits, add it as a
pre-commit hook:
# Install gitleaks: https://github.com/gitleaks/gitleaks#installing
gitleaks protect --staged # run manually before each commit, or wire into pre-commit