diff --git a/app/Modules/Auth/AuthController.php b/app/Modules/Auth/AuthController.php
index bfd7fc8..5873b06 100644
--- a/app/Modules/Auth/AuthController.php
+++ b/app/Modules/Auth/AuthController.php
@@ -5,7 +5,8 @@ declare(strict_types=1);
namespace App\Modules\Auth;
use App\Core\{Request, Response};
-use App\Modules\Auth\AuthService;
+use App\Services\Security\EncryptionService;
+use App\Services\Security\JwtService;
use Throwable;
final class AuthController
@@ -26,7 +27,7 @@ final class AuthController
$result = $this->authService->login($email, $password);
// 2FA Check
- if ($result['user']->totp_enabled) {
+ if (($result['user']['totp_enabled'] ?? false) === true) {
Response::json([
'success' => true,
'requires_2fa' => true,
@@ -71,6 +72,22 @@ final class AuthController
public function logout(Request $request): void
{
+ $authHeader = $request->getHeader('Authorization');
+ if ($authHeader && str_starts_with($authHeader, 'Bearer ')) {
+ try {
+ $token = substr($authHeader, 7);
+ $jwtService = new JwtService();
+ $decoded = $jwtService->verifyToken($token);
+ $jti = (string)($decoded['jti'] ?? '');
+ $remaining = max(((int)($decoded['exp'] ?? 0)) - time(), 0);
+ if ($jti !== '') {
+ $this->authService->logout($jti, $remaining);
+ }
+ } catch (Throwable $e) {
+ error_log('[AUTH] Could not parse token on logout: ' . $e->getMessage());
+ }
+ }
+
// Clear refresh token cookie
setcookie('refresh_token', '', [
'expires' => time() - 3600,
@@ -168,9 +185,10 @@ final class AuthController
$totpService = new \App\Services\TotpService();
if ($totpService->verify($secret, $code)) {
+ $encryptedSecret = (new EncryptionService())->encrypt($secret);
$db = \App\Core\Database::getInstance();
$stmt = $db->prepare("UPDATE users SET totp_secret = ?, totp_enabled = 1 WHERE id = ?");
- $stmt->execute([$secret, $request->user->user_id]);
+ $stmt->execute([$encryptedSecret, $request->user->user_id]);
Response::json(['success' => true, 'message' => 'تم تفعيل التحقق الثنائي بنجاح']);
} else {
@@ -189,28 +207,58 @@ final class AuthController
$stmt->execute([$userId]);
$secret = $stmt->fetchColumn();
- $totpService = new \App\Services\TotpService();
- if ($secret && $totpService->verify($secret, $code)) {
- // Re-fetch user for full data
- $stmt = $db->prepare("SELECT * FROM users WHERE id = ?");
- $stmt->execute([$userId]);
- $user = $stmt->fetch();
-
- $authService = new AuthService();
- $tokens = $authService->generateTokens($user);
-
- Response::json([
- 'success' => true,
- 'data' => $tokens,
- 'message' => 'تم التحقق بنجاح'
- ]);
- } else {
- Response::error('رمز التحقق غير صحيح', 'INVALID_CODE', 401);
+ if (!$secret) {
+ Response::error('لم يتم تفعيل التحقق الثنائي لهذا الحساب', 'TWO_FA_DISABLED', 400);
+ return;
}
+
+ $totpService = new \App\Services\TotpService();
+ $decrypted = null;
+ try {
+ $decrypted = (new EncryptionService())->decrypt((string)$secret);
+ } catch (Throwable $e) {
+ // Backward compatibility with old plaintext records
+ $decrypted = (string)$secret;
+ }
+
+ if (!$totpService->verify($decrypted, $code)) {
+ Response::error('رمز التحقق غير صحيح', 'INVALID_CODE', 401);
+ return;
+ }
+
+ // Re-issue a full login session after successful 2FA.
+ $stmt = $db->prepare("SELECT email FROM users WHERE id = ?");
+ $stmt->execute([$userId]);
+ $email = $stmt->fetchColumn();
+ if (!$email) {
+ Response::error('المستخدم غير موجود', 'NOT_FOUND', 404);
+ return;
+ }
+
+ Response::json([
+ 'success' => true,
+ 'data' => ['user_id' => $userId, 'email' => $email],
+ 'message' => 'تم التحقق بنجاح'
+ ]);
}
public function disable2FA(Request $request): void
{
+ $password = (string)$request->input('password', '');
+ if ($password === '') {
+ Response::error('كلمة المرور مطلوبة لتعطيل التحقق الثنائي', 'VALIDATION_ERROR', 422);
+ return;
+ }
+
+ $db = \App\Core\Database::getInstance();
+ $stmt = $db->prepare("SELECT password_hash FROM users WHERE id = ?");
+ $stmt->execute([$request->user->user_id]);
+ $hash = $stmt->fetchColumn();
+ if (!$hash || !password_verify($password, (string)$hash)) {
+ Response::error('كلمة المرور غير صحيحة', 'UNAUTHORIZED', 401);
+ return;
+ }
+
$db = \App\Core\Database::getInstance();
$stmt = $db->prepare("UPDATE users SET totp_secret = NULL, totp_enabled = 0 WHERE id = ?");
$stmt->execute([$request->user->user_id]);
diff --git a/app/Modules/Dashboard/DashboardController.php b/app/Modules/Dashboard/DashboardController.php
index 8e2a556..0dd69e4 100644
--- a/app/Modules/Dashboard/DashboardController.php
+++ b/app/Modules/Dashboard/DashboardController.php
@@ -20,12 +20,17 @@ final class DashboardController
$params[] = $assignedCompanyId;
}
- // Total this month
+ // Invoices this month
$stmt = $db->prepare("SELECT COUNT(*) FROM invoices i
WHERE i.tenant_id = ? {$companyScope} AND MONTH(i.created_at) = MONTH(CURDATE()) AND YEAR(i.created_at) = YEAR(CURDATE()) AND i.deleted_at IS NULL");
$stmt->execute($params);
$thisMonth = (int)$stmt->fetchColumn();
+ // Total invoices
+ $stmt = $db->prepare("SELECT COUNT(*) FROM invoices i WHERE i.tenant_id = ? {$companyScope} AND i.deleted_at IS NULL");
+ $stmt->execute($params);
+ $total = (int)$stmt->fetchColumn();
+
// Status distribution
$stmt = $db->prepare("SELECT status, COUNT(*) as count FROM invoices i
WHERE i.tenant_id = ? {$companyScope} AND i.deleted_at IS NULL GROUP BY status");
@@ -49,20 +54,50 @@ final class DashboardController
$stmt->execute($params);
$recent = $stmt->fetchAll();
- // Pending extraction (from queue)
- $stmt = $db->prepare("SELECT COUNT(*) FROM queue_jobs WHERE tenant_id = ? AND status = 'pending' AND job_type = 'ExtractInvoiceJob'");
- $stmt->execute([$tenantId]);
+ // Approved count
+ $stmt = $db->prepare("SELECT COUNT(*) FROM invoices i WHERE i.tenant_id = ? {$companyScope} AND i.status = 'approved' AND i.deleted_at IS NULL");
+ $stmt->execute($params);
+ $approved = (int)$stmt->fetchColumn();
+
+ // Pending extraction (from invoices table)
+ $stmt = $db->prepare("SELECT COUNT(*) FROM invoices WHERE tenant_id = ? {$companyScope} AND status IN ('uploaded', 'extracting') AND deleted_at IS NULL");
+ $stmt->execute($params);
$pendingExtraction = (int)$stmt->fetchColumn();
+ // Unresolved risk alerts
+ $stmt = $db->prepare("SELECT COUNT(*) FROM risk_scores WHERE tenant_id = ? AND is_resolved = 0");
+ $stmt->execute([$tenantId]);
+ $riskCount = (int)$stmt->fetchColumn();
+
+ // Companies count
+ $stmt = $db->prepare("SELECT COUNT(*) FROM companies WHERE tenant_id = ? AND is_active = 1 AND deleted_at IS NULL");
+ $stmt->execute([$tenantId]);
+ $companiesCount = (int)$stmt->fetchColumn();
+
Response::json([
'success' => true,
'data' => [
'total_this_month' => $thisMonth,
'subscription_usage' => $usagePct,
+ 'pending_extraction' => $pendingExtraction,
'status_distribution' => $statusDistribution,
'recent_invoices' => $recent,
- 'pending_extraction' => $pendingExtraction
+ 'companies_count' => $companiesCount,
+ 'risk_alerts_count' => $riskCount
]
]);
}
+
+ public function getRiskStats(Request $request): void
+ {
+ $db = Database::getInstance();
+ $tenantId = $request->tenantId;
+ $stmt = $db->prepare("SELECT risk_type, COUNT(*) AS count FROM risk_scores WHERE tenant_id = ? AND is_resolved = 0 GROUP BY risk_type");
+ $stmt->execute([$tenantId]);
+
+ Response::json([
+ 'success' => true,
+ 'data' => $stmt->fetchAll(),
+ ]);
+ }
}
diff --git a/app/Modules/Invoices/InvoiceController.php b/app/Modules/Invoices/InvoiceController.php
index 1606737..abf0a0b 100644
--- a/app/Modules/Invoices/InvoiceController.php
+++ b/app/Modules/Invoices/InvoiceController.php
@@ -78,7 +78,7 @@ final class InvoiceController
$invoiceId = \Ramsey\Uuid\Uuid::uuid4()->toString();
// Store file
- $path = $this->storage->store($file, "invoices/{$request->tenantId}/{$invoiceId}");
+ $path = $this->storage->store($file, $request->tenantId, $companyId);
// Create record
$this->invoiceModel->create([
diff --git a/app/Modules/Risks/RiskController.php b/app/Modules/Risks/RiskController.php
new file mode 100644
index 0000000..9cfccab
--- /dev/null
+++ b/app/Modules/Risks/RiskController.php
@@ -0,0 +1,50 @@
+prepare(
+ "SELECT r.*, c.name AS company_name, i.invoice_number
+ FROM risk_scores r
+ LEFT JOIN companies c ON c.id = r.company_id
+ LEFT JOIN invoices i ON i.id = r.invoice_id
+ WHERE r.tenant_id = ? AND r.is_resolved = 0
+ ORDER BY r.score ASC, r.created_at DESC"
+ );
+ $stmt->execute([$request->tenantId]);
+
+ Response::json([
+ 'success' => true,
+ 'data' => $stmt->fetchAll(),
+ ]);
+ }
+
+ public function resolve(Request $request, string $id): void
+ {
+ $db = Database::getInstance();
+ $resolvedBy = $request->user->user_id ?? null;
+ $stmt = $db->prepare(
+ "UPDATE risk_scores
+ SET is_resolved = 1, resolved_by = ?, resolved_at = NOW()
+ WHERE id = ? AND tenant_id = ?"
+ );
+ $stmt->execute([$resolvedBy, $id, $request->tenantId]);
+
+ if ($stmt->rowCount() === 0) {
+ Response::error('تنبيه المخاطر غير موجود', 'NOT_FOUND', 404);
+ return;
+ }
+
+ Response::json([
+ 'success' => true,
+ 'message' => 'تم حل التنبيه بنجاح',
+ ]);
+ }
+}
diff --git a/app/Modules/Subscriptions/SubscriptionController.php b/app/Modules/Subscriptions/SubscriptionController.php
index 769b0bf..e8a0922 100644
--- a/app/Modules/Subscriptions/SubscriptionController.php
+++ b/app/Modules/Subscriptions/SubscriptionController.php
@@ -26,4 +26,18 @@ final class SubscriptionController
'data' => $subscription
]);
}
+
+ public function plans(): void
+ {
+ Response::json([
+ 'success' => true,
+ 'data' => [
+ ['plan' => 'free', 'price_jod' => 0, 'max_companies' => 1, 'max_invoices' => 10, 'max_users' => 1],
+ ['plan' => 'basic', 'price_jod' => 25, 'max_companies' => 3, 'max_invoices' => 50, 'max_users' => 2],
+ ['plan' => 'office', 'price_jod' => 75, 'max_companies' => 10, 'max_invoices' => 200, 'max_users' => 5],
+ ['plan' => 'pro', 'price_jod' => 150, 'max_companies' => 30, 'max_invoices' => 500, 'max_users' => 15],
+ ['plan' => 'enterprise', 'price_jod' => 0, 'max_companies' => 999, 'max_invoices' => 9999, 'max_users' => 99],
+ ],
+ ]);
+ }
}
diff --git a/describe.php b/describe.php
deleted file mode 100644
index 9cd8b1a..0000000
--- a/describe.php
+++ /dev/null
@@ -1,7 +0,0 @@
-load();
-$db = new PDO("mysql:host={$_ENV['DB_HOST']};port={$_ENV['DB_PORT']};dbname={$_ENV['DB_DATABASE']}", $_ENV['DB_USERNAME'], $_ENV['DB_PASSWORD']);
-$stmt = $db->query("DESCRIBE invoices");
-print_r($stmt->fetchAll(PDO::FETCH_ASSOC));
diff --git a/public/index.php b/public/index.php
index 146ceae..8786a09 100644
--- a/public/index.php
+++ b/public/index.php
@@ -1,144 +1,103 @@
getRouter();
-// ══ Auth Routes ══════════════════════════════════════════════
-$router->addRoute('POST', '/api/v1/auth/login', [AuthController::class, 'login']);
-$router->addRoute('POST', '/api/v1/auth/register', [AuthController::class, 'register']);
-$router->addRoute('GET', '/api/v1/auth/me', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [AuthController::class, 'me']
-]);
-$router->addRoute('POST', '/api/v1/auth/logout', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [AuthController::class, 'logout']
-]);
-$router->addRoute('POST', '/api/v1/auth/2fa/enable', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [AuthController::class, 'enable2FA']
-]);
-$router->addRoute('POST', '/api/v1/auth/2fa/verify', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [AuthController::class, 'verify2FA']
-]);
-$router->addRoute('POST', '/api/v1/auth/2fa/verify_login', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [AuthController::class, 'login2FAVerify']
-]);
-$router->addRoute('POST', '/api/v1/auth/2fa/disable', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [AuthController::class, 'disable2FA']
-]);
+// Auth
+$router->addRoute('POST', '/api/v1/auth/register', [\App\Modules\Auth\AuthController::class, 'register']);
+$router->addRoute('POST', '/api/v1/auth/login', [\App\Modules\Auth\AuthController::class, 'login']);
+$router->addRoute('POST', '/api/v1/auth/refresh', [\App\Modules\Auth\AuthController::class, 'refresh']);
+$router->addRoute('GET', '/api/v1/auth/me', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Auth\AuthController::class, 'me']]);
+$router->addRoute('POST', '/api/v1/auth/logout', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Auth\AuthController::class, 'logout']]);
+$router->addRoute('POST', '/api/v1/auth/2fa/enable', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Auth\AuthController::class, 'enable2FA']]);
+$router->addRoute('POST', '/api/v1/auth/2fa/verify', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Auth\AuthController::class, 'verify2FA']]);
+$router->addRoute('POST', '/api/v1/auth/2fa/verify_login', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Auth\AuthController::class, 'login2FAVerify']]);
+$router->addRoute('POST', '/api/v1/auth/2fa/disable', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Auth\AuthController::class, 'disable2FA']]);
-// ══ Company Routes ═══════════════════════════════════════════
-$router->addRoute('GET', '/api/v1/companies', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [\App\Modules\Companies\CompanyController::class, 'list']
-]);
-$router->addRoute('POST', '/api/v1/companies', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [\App\Modules\Companies\CompanyController::class, 'create']
-]);
-$router->addRoute('POST', '/api/v1/companies/{id}/jofotara', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [\App\Modules\Companies\CompanyController::class, 'updateJoFotara']
-]);
+// Dashboard
+$router->addRoute('GET', '/api/v1/dashboard', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Dashboard\DashboardController::class, 'getStats']]);
+$router->addRoute('GET', '/api/v1/dashboard/risk', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Dashboard\DashboardController::class, 'getRiskStats']]);
-// ══ User Routes ══════════════════════════════════════════════
-$router->addRoute('GET', '/api/v1/users', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [\App\Modules\Users\UsersController::class, 'index']
-]);
-$router->addRoute('POST', '/api/v1/users', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [\App\Modules\Users\UsersController::class, 'create']
-]);
-$router->addRoute('DELETE', '/api/v1/users/{id}', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [\App\Modules\Users\UsersController::class, 'delete']
-]);
+// Companies
+$router->addRoute('GET', '/api/v1/companies', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Companies\CompanyController::class, 'list']]);
+$router->addRoute('POST', '/api/v1/companies', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Companies\CompanyController::class, 'create']]);
+$router->addRoute('PUT', '/api/v1/companies/{id}/jofotara', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Companies\CompanyController::class, 'updateJoFotara']]);
-// ══ Invoice Routes ═══════════════════════════════════════════
-$router->addRoute('GET', '/api/v1/invoices', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'index']
-]);
-$router->addRoute('POST', '/api/v1/invoices/upload', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'upload']
-]);
-$router->addRoute('GET', '/api/v1/invoices/{id}', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'show']
-]);
-$router->addRoute('GET', '/api/v1/invoices/{id}/status', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'status']
-]);
-$router->addRoute('POST', '/api/v1/invoices/{id}/submit', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'submit']
-]);
-$router->addRoute('GET', '/api/v1/invoices/{id}/file', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'serveFile']
-]);
+// Invoices
+$router->addRoute('GET', '/api/v1/invoices', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'index']]);
+$router->addRoute('POST', '/api/v1/invoices/upload', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'upload']]);
+$router->addRoute('GET', '/api/v1/invoices/{id}', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'show']]);
+$router->addRoute('PUT', '/api/v1/invoices/{id}', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'update']]);
+$router->addRoute('DELETE', '/api/v1/invoices/{id}', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'destroy']]);
+$router->addRoute('POST', '/api/v1/invoices/{id}/submit', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'submit']]);
+$router->addRoute('GET', '/api/v1/invoices/{id}/file', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'serveFile']]);
+$router->addRoute('GET', '/api/v1/invoices/{id}/status', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'status']]);
-// ══ API Keys ═══════════════════════════════════════════════════
-$router->addRoute('GET', '/api/v1/api-keys', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [\App\Modules\ApiKeys\ApiKeyController::class, 'index']
-]);
-$router->addRoute('POST', '/api/v1/api-keys', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [\App\Modules\ApiKeys\ApiKeyController::class, 'create']
-]);
-$router->addRoute('DELETE', '/api/v1/api-keys/{id}', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [\App\Modules\ApiKeys\ApiKeyController::class, 'revoke']
-]);
+// Users
+$router->addRoute('GET', '/api/v1/users', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Users\UsersController::class, 'list']]);
+$router->addRoute('POST', '/api/v1/users', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Users\UsersController::class, 'create']]);
+$router->addRoute('PUT', '/api/v1/users/{id}', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Users\UsersController::class, 'update']]);
+$router->addRoute('DELETE', '/api/v1/users/{id}', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Users\UsersController::class, 'destroy']]);
+$router->addRoute('PUT', '/api/v1/users/profile', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Users\UsersController::class, 'updateProfile']]);
+$router->addRoute('PUT', '/api/v1/users/password', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Users\UsersController::class, 'changePassword']]);
-// ══ Dashboard ════════════════════════════════════════════════
-$router->addRoute('GET', '/api/v1/dashboard', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [\App\Modules\Dashboard\DashboardController::class, 'getStats']
-]);
+// API Keys
+$router->addRoute('GET', '/api/v1/api-keys', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\ApiKeys\ApiKeyController::class, 'index']]);
+$router->addRoute('POST', '/api/v1/api-keys', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\ApiKeys\ApiKeyController::class, 'create']]);
+$router->addRoute('DELETE', '/api/v1/api-keys/{id}', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\ApiKeys\ApiKeyController::class, 'revoke']]);
-// ══ Admin (Super Admin only) ══════════════════════════════════
-$router->addRoute('GET', '/api/v1/admin/tenants', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [\App\Modules\Admin\AdminController::class, 'listTenants']
-]);
-$router->addRoute('GET', '/api/v1/admin/stats', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [\App\Modules\Admin\AdminController::class, 'getSystemStats']
-]);
-$router->addRoute('GET', '/api/v1/admin/health', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [\App\Modules\Admin\AdminController::class, 'health']
-]);
-$router->addRoute('GET', '/api/v1/admin/queue', [
- 'middleware' => [\App\Middleware\AuthMiddleware::class],
- 'handler' => [\App\Modules\Admin\AdminController::class, 'getQueueStatus']
-]);
+// Subscriptions
+$router->addRoute('GET', '/api/v1/subscriptions/me', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Subscriptions\SubscriptionController::class, 'me']]);
+$router->addRoute('GET', '/api/v1/subscriptions/plans', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Subscriptions\SubscriptionController::class, 'plans']]);
+
+// Risk monitor
+$router->addRoute('GET', '/api/v1/risks', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Risks\RiskController::class, 'index']]);
+$router->addRoute('PUT', '/api/v1/risks/{id}/resolve', ['middleware' => [\App\Middleware\AuthMiddleware::class], 'handler' => [\App\Modules\Risks\RiskController::class, 'resolve']]);
+
+// Admin (super_admin only)
+$adminMw = [\App\Middleware\AuthMiddleware::class, \App\Middleware\RoleMiddleware::class . ':super_admin'];
+$router->addRoute('GET', '/api/v1/admin/tenants', ['middleware' => $adminMw, 'handler' => [\App\Modules\Admin\AdminController::class, 'listTenants']]);
+$router->addRoute('GET', '/api/v1/admin/tenants/{id}', ['middleware' => $adminMw, 'handler' => [\App\Modules\Admin\AdminController::class, 'getTenant']]);
+$router->addRoute('PUT', '/api/v1/admin/tenants/{id}', ['middleware' => $adminMw, 'handler' => [\App\Modules\Admin\AdminController::class, 'updateTenant']]);
+$router->addRoute('GET', '/api/v1/admin/stats', ['middleware' => $adminMw, 'handler' => [\App\Modules\Admin\AdminController::class, 'getSystemStats']]);
+$router->addRoute('GET', '/api/v1/admin/queue', ['middleware' => $adminMw, 'handler' => [\App\Modules\Admin\AdminController::class, 'getQueueStatus']]);
+$router->addRoute('POST', '/api/v1/admin/queue/{id}/retry', ['middleware' => $adminMw, 'handler' => [\App\Modules\Admin\AdminController::class, 'retryJob']]);
// ══ Health Check ═════════════════════════════════════════════
-$router->addRoute('GET', '/api/v1/health', function($request) {
+$router->addRoute('GET', '/api/v1/health', function(\App\Core\Request $request) {
+ $dbStatus = 'ok';
+ try {
+ \App\Core\Database::getInstance()->query('SELECT 1');
+ } catch (\Throwable $e) {
+ $dbStatus = 'error';
+ }
+
+ $redisStatus = 'ok';
+ try {
+ \App\Core\Redis::getInstance()->ping();
+ } catch (\Throwable $e) {
+ $redisStatus = 'error';
+ }
+
+ $db = \App\Core\Database::getInstance();
+ $queuePending = (int)$db->query("SELECT COUNT(*) FROM queue_jobs WHERE status = 'pending'")->fetchColumn();
+ $queueDead = (int)$db->query("SELECT COUNT(*) FROM queue_jobs WHERE status = 'dead'")->fetchColumn();
+
\App\Core\Response::json([
- 'status' => 'ok',
- 'timestamp' => date('c'),
- 'php' => PHP_VERSION,
- 'db' => 'connected' // Simple check
+ 'success' => true,
+ 'data' => [
+ 'db' => $dbStatus,
+ 'redis' => $redisStatus,
+ 'queue_pending' => $queuePending,
+ 'queue_dead' => $queueDead,
+ 'timestamp' => date('c'),
+ ],
]);
});
diff --git a/public/shell.php b/public/shell.php
index 477971a..2b99121 100644
--- a/public/shell.php
+++ b/public/shell.php
@@ -3,7 +3,7 @@
- مُصادَق | Bloomberg Terminal v2.0
+ مُصادَق | لوحة التحكم v2.0