Hamza/musadaq-saas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-05-03 17:32:57

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-03 17:32:57 +03:00
parent 6a3e66ad49
commit 4b40b1185f
102 changed files with 525 additions and 11371 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
app/Core/Application.php
View File

@@ -1,87 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Core;
use Dotenv\Dotenv;
use App\Core\{Request, Response, Router, Container};
final class Application
{
private Container $container;
private Router $router;
public static ?array $config = null;
public function __construct(string $basePath)
{
// 1. Load Environment Variables
// In local dev, .env is in the project root. In production, it might be moved.
$dotenv = Dotenv::createImmutable($basePath);
$dotenv->load();
// 2. Set Timezone
date_default_timezone_set($_ENV['APP_TIMEZONE'] ?? 'Asia/Amman');
// 3. Initialize Core Components
$this->container = new Container();
// 4. Load Configurations
$this->loadConfigs($basePath);
$this->router = new Router($this->container);
// Register core services in container
$this->container->set(Container::class, $this->container);
$this->container->set(Router::class, $this->router);
}
private function loadConfigs(string $basePath): void
{
$configPath = $basePath . '/config';
$configs = [];
foreach (glob($configPath . '/*.php') as $file) {
$key = basename($file, '.php');
$configs[$key] = require $file;
}
self::$config = $configs;
$this->container->set('config', $configs);
}
public function getRouter(): Router
{
return $this->router;
}
public function run(): void
{
// 1. Security Headers
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: DENY');
header('X-XSS-Protection: 1; mode=block');
header('Strict-Transport-Security: max-age=31536000; includeSubDomains; preload');
header('Referrer-Policy: strict-origin-when-cross-origin');
header('Permissions-Policy: camera=(), microphone=(), geolocation=()');
header('Content-Security-Policy: default-src \'self\'; script-src \'self\' cdn.tailwindcss.com unpkg.com; style-src \'self\' \'unsafe-inline\' fonts.googleapis.com; font-src fonts.gstatic.com');
header_remove('X-Powered-By');
try {
$request = new Request();
$this->router->dispatch($request, $this->container);
} catch (\Throwable $e) {
// Global Exception Handler
Response::error(
'حدث خطأ غير متوقع في النظام',
'INTERNAL_SERVER_ERROR',
500,
[
'message' => $e->getMessage(),
'file' => $e->getFile(),
'line' => $e->getLine()
]
);
}
}
}

72
app/Core/Container.php
View File

@@ -1,72 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Core;
use Exception;
use ReflectionClass;
use ReflectionNamedType;
final class Container
{
private array $instances = [];
public function set(string $id, mixed $concrete): void
{
$this->instances[$id] = $concrete;
}
public function get(string $id): mixed
{
if (isset($this->instances[$id])) {
if ($this->instances[$id] instanceof \Closure) {
$this->instances[$id] = ($this->instances[$id])($this);
}
return $this->instances[$id];
}
return $this->resolve($id);
}
public function resolve(string $id): mixed
{
if (!class_exists($id)) {
throw new Exception("Class {$id} cannot be resolved.");
}
$reflection = new ReflectionClass($id);
if (!$reflection->isInstantiable()) {
throw new Exception("Class {$id} is not instantiable.");
}
$constructor = $reflection->getConstructor();
if (is_null($constructor)) {
return new $id();
}
$parameters = $constructor->getParameters();
$dependencies = [];
foreach ($parameters as $parameter) {
$type = $parameter->getType();
if (!$type instanceof ReflectionNamedType || $type->isBuiltin()) {
if ($parameter->isDefaultValueAvailable()) {
$dependencies[] = $parameter->getDefaultValue();
continue;
}
throw new Exception("Unable to resolve parameter '{$parameter->getName()}' in class {$id}");
}
$dependencies[] = $this->get($type->getName());
}
$instance = $reflection->newInstanceArgs($dependencies);
$this->instances[$id] = $instance;
return $instance;
}
}

37
app/Core/Database.php
View File

@@ -1,4 +1,7 @@
<?php
/**
* Simple PDO Database Wrapper
*/
declare(strict_types=1);
@@ -6,7 +9,6 @@ namespace App\Core;
use PDO;
use PDOException;
use Exception;
final class Database
{
@@ -15,24 +17,27 @@ final class Database
public static function getInstance(): PDO
{
if (self::$instance === null) {
$host = $_ENV['DB_HOST'];
$db = $_ENV['DB_DATABASE'];
$user = $_ENV['DB_USERNAME'];
$pass = $_ENV['DB_PASSWORD'];
$port = $_ENV['DB_PORT'];
$charset = $_ENV['DB_CHARSET'] ?? 'utf8mb4';
$dsn = "mysql:host=$host;dbname=$db;port=$port;charset=$charset";
$options = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
$config = require APP_PATH . '/config/database.php';
$dsn = sprintf(
"mysql:host=%s;port=%s;dbname=%s;charset=%s",
$config['host'],
$config['port'],
$config['database'],
$config['charset']
);
try {
self::$instance = new PDO($dsn, $user, $pass, $options);
self::$instance = new PDO($dsn, $config['username'], $config['password'], [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
]);
} catch (PDOException $e) {
throw new Exception("Database Connection Error: " . $e->getMessage());
http_response_code(500);
header('Content-Type: application/json');
echo json_encode(['success' => false, 'message' => 'Database connection failed']);
exit;
}
}

52
app/Core/JWT.php Normal file
View File

@@ -0,0 +1,52 @@
<?php
/**
* Simple JWT (HMAC SHA256)
*/
declare(strict_types=1);
namespace App\Core;
final class JWT
{
private static function base64UrlEncode(string $data): string
{
return str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($data));
}
private static function base64UrlDecode(string $data): string
{
return base64_decode(str_replace(['-', '_'], ['+', '/'], $data));
}
public static function encode(array $payload, string $secret): string
{
$header = json_encode(['typ' => 'JWT', 'alg' => 'HS256']);
$base64UrlHeader = self::base64UrlEncode($header);
$base64UrlPayload = self::base64UrlEncode(json_encode($payload));
$signature = hash_hmac('sha256', $base64UrlHeader . "." . $base64UrlPayload, $secret, true);
$base64UrlSignature = self::base64UrlEncode($signature);
return $base64UrlHeader . "." . $base64UrlPayload . "." . $base64UrlSignature;
}
public static function decode(string $token, string $secret): ?array
{
$parts = explode('.', $token);
if (count($parts) !== 3) return null;
[$header, $payload, $signature] = $parts;
$expectedSignature = self::base64UrlEncode(hash_hmac('sha256', $header . "." . $payload, $secret, true));
if (!hash_equals($expectedSignature, $signature)) return null;
$decodedPayload = json_decode(self::base64UrlDecode($payload), true);
// Check expiry
if (isset($decodedPayload['exp']) && $decodedPayload['exp'] < time()) return null;
return $decodedPayload;
}
}

33
app/Core/Redis.php
View File

@@ -1,33 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Core;
use Predis\Client;
use Exception;
final class Redis
{
private static ?Client $instance = null;
public static function getInstance(): Client
{
if (self::$instance === null) {
try {
self::$instance = new Client([
'scheme' => 'tcp',
'host' => $_ENV['REDIS_HOST'] ?? '127.0.0.1',
'port' => $_ENV['REDIS_PORT'] ?? 6379,
'password' => $_ENV['REDIS_PASSWORD'] ?: null,
]);
} catch (Exception $e) {
// If Redis fails, we might want to log it or handle gracefully
// depending on how critical it is.
throw new Exception("Redis Connection Error: " . $e->getMessage());
}
}
return self::$instance;
}
}

58
app/Core/Request.php
View File

@@ -1,58 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Core;
final class Request
{
private string $method;
private string $path;
private array $headers;
private array $queryParams;
private array $body;
private array $files;
public ?object $user = null; // Populated by AuthMiddleware
public ?string $tenantId = null; // Populated by TenantMiddleware
public function __construct()
{
$this->method = $_SERVER['REQUEST_METHOD'];
// Read API path from query string: index.php?route=/api/v1/auth/login
$this->path = $_GET['route'] ?? parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
$this->headers = getallheaders();
$this->queryParams = $_GET;
$this->files = $_FILES;
$contentType = $this->getHeader('Content-Type') ?? $_SERVER['CONTENT_TYPE'] ?? '';
if ($contentType && str_contains(strtolower($contentType), 'application/json')) {
$this->body = json_decode(file_get_contents('php://input'), true) ?? [];
} else {
$this->body = $_POST;
}
}
public function getMethod(): string { return $this->method; }
public function getPath(): string { return $this->path; }
public function getHeaders(): array { return $this->headers; }
public function getQueryParams(): array { return $this->queryParams; }
public function getBody(): array { return $this->body; }
public function getFiles(): array { return $this->files; }
public function getHeader(string $name): ?string
{
$name = strtolower($name);
foreach ($this->headers as $key => $value) {
if (strtolower($key) === $name) {
return $value;
}
}
return null;
}
public function input(string $key, mixed $default = null): mixed
{
return $this->body[$key] ?? $this->queryParams[$key] ?? $default;
}
}

45
app/Core/Response.php
View File

@@ -1,45 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Core;
final class Response
{
public static function json(array $data, int $status = 200, array $headers = []): void
{
self::send($data, $status, array_merge(['Content-Type' => 'application/json; charset=utf-8'], $headers));
}
public static function error(string $messageAr, string $code, int $status = 400, ?array $details = null): void
{
$data = [
'success' => false,
'error' => [
'message_ar' => $messageAr,
'code' => $code,
'details' => $details
]
];
self::json($data, $status);
}
private static function send(mixed $data, int $status, array $headers): void
{
http_response_code($status);
foreach ($headers as $name => $value) {
header("$name: $value");
}
// Apply Security Headers
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: DENY');
header('X-XSS-Protection: 1; mode=block');
header('Referrer-Policy: strict-origin-when-cross-origin');
header_remove('X-Powered-By');
echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
exit;
}
}

94
app/Core/Router.php
View File

@@ -1,94 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Core;
use FastRoute\RouteCollector;
use function FastRoute\simpleDispatcher;
final class Router
{
private array $routes = [];
public Container $container;
public function __construct(Container $container)
{
$this->container = $container;
}
public function addRoute(string $method, string $path, array|callable $handler): void
{
$this->routes[] = [$method, $path, $handler];
}
public function dispatch(Request $request): void
{
$dispatcher = simpleDispatcher(function (RouteCollector $r) {
foreach ($this->routes as $route) {
$r->addRoute($route[0], $route[1], $route[2]);
}
});
$routeInfo = $dispatcher->dispatch($request->getMethod(), $request->getPath());
switch ($routeInfo[0]) {
case \FastRoute\Dispatcher::NOT_FOUND:
Response::error('المسار غير موجود', 'NOT_FOUND', 404);
break;
case \FastRoute\Dispatcher::METHOD_NOT_ALLOWED:
Response::error('الطريقة غير مسموح بها', 'METHOD_NOT_ALLOWED', 405);
break;
case \FastRoute\Dispatcher::FOUND:
$handler = $routeInfo[1];
$vars = $routeInfo[2];
$this->executeHandler($handler, $request, $this->container, $vars);
break;
}
}
private function executeHandler(mixed $handler, Request $request, Container $container, array $vars): void
{
if (is_array($handler) && isset($handler['middleware'])) {
$middlewares = (array) $handler['middleware'];
$finalHandler = $handler['handler'];
$pipeline = $this->createPipeline($middlewares, $finalHandler, $container, $vars);
$pipeline($request);
} else {
$this->callHandler($handler, $request, $container, $vars);
}
}
private function createPipeline(array $middlewares, mixed $handler, Container $container, array $vars): callable
{
return array_reduce(
array_reverse($middlewares),
function ($next, $middleware) use ($container) {
return function ($request) use ($next, $middleware, $container) {
$parts = explode(':', $middleware);
$className = $parts[0];
$args = isset($parts[1]) ? explode(',', $parts[1]) : [];
$instance = $container->get($className);
return $instance->handle($request, $next, ...$args);
};
},
function ($request) use ($handler, $container, $vars) {
$this->callHandler($handler, $request, $container, $vars);
}
);
}
private function callHandler(mixed $handler, Request $request, Container $container, array $vars): void
{
if (is_array($handler)) {
[$controllerClass, $method] = $handler;
$controller = $container->get($controllerClass);
$controller->$method($request, ...array_values($vars));
} else {
$handler($request, ...array_values($vars));
}
}
}

21
app/Core/Security.php Normal file
View File

@@ -0,0 +1,21 @@
<?php
/**
* Simple Security Helpers
*/
declare(strict_types=1);
namespace App\Core;
final class Security
{
public static function sanitize(string $data): string
{
return htmlspecialchars(strip_tags(trim($data)));
}
public static function generateRandomString(int $length = 32): string
{
return bin2hex(random_bytes($length / 2));
}
}

25
app/Core/Validator.php Normal file
View File

@@ -0,0 +1,25 @@
<?php
/**
* Simple Data Validator
*/
declare(strict_types=1);
namespace App\Core;
final class Validator
{
public static function validate(array $data, array $rules): array
{
$errors = [];
foreach ($rules as $field => $rule) {
if (str_contains($rule, 'required') && (empty($data[$field]) && $data[$field] !== '0')) {
$errors[$field] = "The {$field} field is required.";
}
if (str_contains($rule, 'email') && !empty($data[$field]) && !filter_var($data[$field], FILTER_VALIDATE_EMAIL)) {
$errors[$field] = "The {$field} must be a valid email address.";
}
}
return $errors;
}
}

37
app/Core/helpers.php
View File

@@ -1,37 +0,0 @@
<?php
declare(strict_types=1);
if (!function_exists('config')) {
/**
* Get a configuration value using dot notation.
* Example: config('app.name')
*/
function config(string $key, mixed $default = null): mixed
{
$configs = \App\Core\Application::$config;
if ($configs === null) {
return $default;
}
$parts = explode('.', $key);
$value = $configs;
foreach ($parts as $part) {
if (!isset($value[$part])) {
return $default;
}
$value = $value[$part];
}
return $value;
}
}
if (!function_exists('env')) {
function env(string $key, mixed $default = null): mixed
{
return $_ENV[$key] ?? $default;
}
}

53
app/Middleware/AuthMiddleware.php
View File

@@ -1,53 +1,34 @@
<?php
/**
* Simple Authentication Middleware
*/
declare(strict_types=1);
namespace App\Middleware;
use App\Core\{Request, Response};
use App\Services\Security\JwtService;
use Exception;
use App\Core\JWT;
final class AuthMiddleware
{
public function __construct(private readonly JwtService $jwtService) {}
public function handle(Request $request, callable $next): mixed
public static function check(): array
{
$authHeader = $request->getHeader('Authorization');
if (!$authHeader || !str_starts_with($authHeader, 'Bearer ')) {
Response::error('يجب تسجيل الدخول للوصول إلى هذا المورد', 'UNAUTHORIZED', 401);
return null;
$headers = getallheaders();
$authHeader = $headers['Authorization'] ?? $headers['authorization'] ?? '';
if (!str_starts_with($authHeader, 'Bearer ')) {
json_error('Unauthorized: Missing or invalid token', 401);
}
$token = substr($authHeader, 7);
try {
$decoded = $this->jwtService->verifyToken($token);
// Check if JTI is blacklisted
$jti = $decoded['jti'] ?? null;
if ($jti) {
try {
$redis = \App\Core\Redis::getInstance();
if ($redis->exists('jwt_blacklist:' . $jti)) {
Response::error('الجلسة منتهية، يرجى تسجيل الدخول من جديد', 'TOKEN_REVOKED', 401);
return null;
}
} catch (\Throwable $e) {
// Redis down — allow (fail open, log security event)
error_log('[AUTH] JWT blacklist check failed: ' . $e->getMessage());
}
}
$request->user = (object) $decoded;
$request->tenantId = $decoded['tenant_id'] ?? null;
} catch (Exception $e) {
Response::error('جلسة العمل منتهية أو غير صالحة', 'UNAUTHORIZED', 401);
return null;
$secret = env('JWT_SECRET');
$decoded = JWT::decode($token, $secret);
if (!$decoded) {
json_error('Unauthorized: Invalid or expired token', 401);
}
return $next($request);
return $decoded;
}
}

43
app/Middleware/CsrfMiddleware.php
View File

@@ -1,43 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Middleware;
use App\Core\{Request, Response};
final class CsrfMiddleware
{
public function handle(Request $request, callable $next): mixed
{
// Skip CSRF check for safe methods
if (in_array($request->getMethod(), ['GET', 'HEAD', 'OPTIONS'])) {
return $next($request);
}
// For APIs, we often use a custom header or check origin
// If we use sessions for tokens:
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
$token = $request->getHeader('X-CSRF-TOKEN') ?: ($request->getBody()['_csrf'] ?? null);
$sessionToken = $_SESSION['csrf_token'] ?? null;
if (!$token || !$sessionToken || !hash_equals($sessionToken, $token)) {
// For now, if we are purely API with Bearer token, we might skip this.
// But if the request has a session or cookie, it's mandatory.
// If the Authorization header is present, we might assume it's an API call
// that is naturally protected against CSRF if not using cookies for Auth.
if ($request->getHeader('Authorization')) {
return $next($request);
}
Response::error('رمز الحماية (CSRF) غير صالح أو مفقود', 'CSRF_INVALID', 403);
return null;
}
return $next($request);
}
}

60
app/Middleware/HmacMiddleware.php
View File

@@ -1,60 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Middleware;
use App\Core\{Request, Response, Redis};
use App\Services\Security\HmacService;
use App\Core\Database;
final class HmacMiddleware
{
public function __construct(private readonly HmacService $hmac) {}
public function handle(Request $request, callable $next): mixed
{
$publicKey = $request->getHeader('X-Api-Key');
$signature = $request->getHeader('X-Signature');
$timestamp = $request->getHeader('X-Timestamp');
$nonce = $request->getHeader('X-Nonce');
if (!$publicKey || !$signature || !$timestamp || !$nonce) {
Response::error('بيانات التوقيع (HMAC) ناقصة', 'HMAC_MISSING', 401);
return null;
}
// 1. Lookup Secret by Public Key
$db = Database::getInstance();
$stmt = $db->prepare("SELECT secret_hash, tenant_id FROM api_keys WHERE public_key = ? AND is_active = 1 LIMIT 1");
$stmt->execute([$publicKey]);
$apiKey = $stmt->fetch();
if (!$apiKey) {
Response::error('مفتاح API غير صالح', 'HMAC_INVALID_KEY', 401);
return null;
}
// 2. Verify Signature
// Note: secret_hash in DB is the actual secret for signing
$isValid = $this->hmac->verify(
$apiKey['secret_hash'],
$request->getMethod(),
$request->getPath(),
$timestamp,
$nonce,
json_encode($request->getBody()),
$signature
);
if (!$isValid) {
Response::error('توقيع الطلب غير صحيح', 'HMAC_INVALID_SIGNATURE', 401);
return null;
}
// 3. Set context
$request->tenantId = $apiKey['tenant_id'];
return $next($request);
}
}

59
app/Middleware/RateLimitMiddleware.php
View File

@@ -1,36 +1,53 @@
<?php
/**
* Simple Rate Limiting Middleware
*/
declare(strict_types=1);
namespace App\Middleware;
use App\Core\{Request, Response, Redis};
final class RateLimitMiddleware
{
/**
* @param int $limit Requests allowed
* @param int $window Seconds window
* Basic file-based rate limiter to keep dependencies zero.
* In a production multi-server setup, switch this to Redis/DB.
*/
public function handle(Request $request, callable $next, int $limit = 60, int $window = 60): mixed
public static function check(int $maxRequests = 60, int $timeWindow = 60): void
{
$redis = Redis::getInstance();
$ip = $_SERVER['REMOTE_ADDR'];
$key = "ratelimit:" . md5($request->getPath() . "|" . $ip);
$current = $redis->get($key);
if ($current && (int)$current >= $limit) {
Response::error('لقد تجاوزت الحد المسموح من الطلبات، يرجى المحاولة لاحقاً', 'RATE_LIMIT_EXCEEDED', 429);
return null;
$ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
$cacheDir = STORAGE_PATH . '/cache';
$cacheFile = $cacheDir . '/rate_limit_' . md5($ip) . '.json';
// Ensure cache directory exists
if (!is_dir($cacheDir)) {
mkdir($cacheDir, 0755, true);
}
if (!$current) {
$redis->setex($key, $window, 1);
} else {
$redis->incr($key);
$now = time();
$requests = [];
// Read existing requests if file exists and is writable
if (file_exists($cacheFile)) {
$content = file_get_contents($cacheFile);
if ($content !== false) {
$data = json_decode($content, true);
if (is_array($data)) {
// Filter out requests older than the time window
$requests = array_filter($data, fn($timestamp) => $timestamp > ($now - $timeWindow));
}
}
}
return $next($request);
// Check limit
if (count($requests) >= $maxRequests) {
json_error('Too Many Requests. Please try again later.', 429);
}
// Add current request
$requests[] = $now;
// Save back to file
file_put_contents($cacheFile, json_encode(array_values($requests)));
}
}

37
app/Middleware/RoleMiddleware.php
View File

@@ -1,37 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Middleware;
use App\Core\{Request, Response};
final class RoleMiddleware
{
/**
* Handle the request.
*
* @param Request $request
* @param callable $next
* @param string ...$roles
* @return mixed
*/
public function handle(Request $request, callable $next, string ...$roles): mixed
{
$user = $request->user ?? null;
if (!$user) {
Response::error('يجب تسجيل الدخول للوصول إلى هذا المورد', 'UNAUTHORIZED', 401);
return null;
}
// Check if user role is in the allowed roles
// $user->role is an object property since we cast it in AuthMiddleware
if (!in_array($user->role, $roles)) {
Response::error('غير مسموح لك بالقيام بهذا الإجراء', 'FORBIDDEN', 403);
return null;
}
return $next($request);
}
}

43
app/Middleware/TenantMiddleware.php
View File

@@ -1,43 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Middleware;
use App\Core\{Request, Response, Database};
final class TenantMiddleware
{
public function handle(Request $request, callable $next): mixed
{
$tenantId = $request->tenantId ?? null;
if (!$tenantId) {
Response::error('المستأجر غير معروف', 'TENANT_NOT_FOUND', 400);
return null;
}
// Check if tenant exists and is active
try {
$db = Database::getInstance();
$stmt = $db->prepare("SELECT status FROM tenants WHERE id = ? AND deleted_at IS NULL");
$stmt->execute([$tenantId]);
$tenant = $stmt->fetch();
if (!$tenant) {
Response::error('المستأجر غير موجود', 'TENANT_NOT_FOUND', 404);
return null;
}
if ($tenant['status'] === 'suspended') {
Response::error('تم إيقاف حساب المستأجر', 'TENANT_SUSPENDED', 403);
return null;
}
} catch (\Exception $e) {
Response::error('خطأ في الاتصال بقاعدة البيانات', 'DATABASE_ERROR', 500);
return null;
}
return $next($request);
}
}

66
app/Models/BaseModel.php
View File

@@ -1,66 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Models;
use App\Core\Database;
use PDO;
abstract class BaseModel
{
protected string $table;
protected string $primaryKey = 'id';
protected array $fillable = [];
protected function db(): PDO
{
return Database::getInstance();
}
public function find(string $id): ?array
{
$stmt = $this->db()->prepare("SELECT * FROM {$this->table} WHERE {$this->primaryKey} = ? AND deleted_at IS NULL LIMIT 1");
$stmt->execute([$id]);
return $stmt->fetch() ?: null;
}
public function create(array $data): string|bool
{
$columns = implode(', ', array_keys($data));
$placeholders = implode(', ', array_fill(0, count($data), '?'));
$sql = "INSERT INTO {$this->table} ({$columns}) VALUES ({$placeholders})";
$stmt = $this->db()->prepare($sql);
if ($stmt->execute(array_values($data))) {
return $data[$this->primaryKey] ?? $this->db()->lastInsertId();
}
return false;
}
public function update(string $id, array $data): bool
{
$sets = [];
foreach (array_keys($data) as $column) {
$sets[] = "{$column} = ?";
}
$setString = implode(', ', $sets);
$sql = "UPDATE {$this->table} SET {$setString} WHERE {$this->primaryKey} = ?";
$stmt = $this->db()->prepare($sql);
$params = array_values($data);
$params[] = $id;
return $stmt->execute($params);
}
public function delete(string $id): bool
{
$sql = "UPDATE {$this->table} SET deleted_at = NOW() WHERE {$this->primaryKey} = ?";
$stmt = $this->db()->prepare($sql);
return $stmt->execute([$id]);
}
}

83
app/Modules/AI/AIController.php
View File

@@ -1,83 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\AI;
use App\Core\{Request, Response, Database};
use GuzzleHttp\Client;
use Throwable;
final class AIController
{
private Client $httpClient;
private string $apiKey;
private string $model;
public function __construct()
{
$this->httpClient = new Client();
$this->apiKey = $_ENV['GEMINI_API_KEY'] ?? '';
$this->model = $_ENV['GEMINI_MODEL'] ?? 'gemini-2.0-flash';
}
public function query(Request $request): void
{
$userQuery = $request->input('query');
if (!$userQuery) {
Response::error('يرجى تقديم استفسار', 'MISSING_QUERY', 422);
return;
}
try {
// 1. Fetch current context data (Summary of stats)
$stats = $this->getQuickStats($request->tenantId);
// 2. Ask Gemini to interpret and answer
$prompt = "You are Musadaq AI Assistant for a Jordanian E-Invoicing SaaS. " .
"The user is asking: \"{$userQuery}\". " .
"Current User Context: Tenant ID {$request->tenantId}. " .
"Current Data Summary: " . json_encode($stats) . ". " .
"Answer the user in a friendly Arabic tone (Jordanian dialect is okay). " .
"Keep it professional and concise. If you don't have the specific data, say so politely.";
$response = $this->httpClient->post("https://generativelanguage.googleapis.com/v1beta/models/{$this->model}:generateContent?key={$this->apiKey}", [
'json' => [
'contents' => [['parts' => [['text' => $prompt]]]]
]
]);
$data = json_decode($response->getBody()->getContents(), true);
$answer = $data['candidates'][0]['content']['parts'][0]['text'] ?? 'عذراً، لم أستطع فهم الاستفسار حالياً.';
Response::json([
'success' => true,
'data' => [
'answer' => $answer
]
]);
} catch (Throwable $e) {
Response::error('فشل معالجة الاستعلام الذكي', 'AI_QUERY_FAILED', 500, [
'error' => $e->getMessage()
]);
}
}
private function getQuickStats(string $tenantId): array
{
$db = Database::getInstance();
$totalInvoices = $db->prepare("SELECT COUNT(*) as total FROM invoices WHERE tenant_id = ?");
$totalInvoices->execute([$tenantId]);
$approvedCount = $db->prepare("SELECT COUNT(*) as total FROM invoices WHERE tenant_id = ? AND status = 'approved'");
$approvedCount->execute([$tenantId]);
return [
'total_invoices' => $totalInvoices->fetch()['total'],
'approved_invoices' => $approvedCount->fetch()['total'],
'current_month' => date('F Y')
];
}
}

76
app/Modules/Admin/AdminController.php
View File

@@ -1,76 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\Admin;
use App\Core\{Request, Response, Database};
final class AdminController
{
public function listTenants(Request $request): void
{
if ($request->user->role !== 'super_admin') {
Response::error('غير مصرح لك بالوصول لهذه البيانات', 'FORBIDDEN', 403);
return;
}
$db = Database::getInstance();
$stmt = $db->prepare("SELECT t.*, (SELECT COUNT(*) FROM invoices WHERE tenant_id = t.id) as invoice_count FROM tenants t");
$stmt->execute();
$tenants = $stmt->fetchAll();
Response::json(['success' => true, 'data' => $tenants]);
}
public function getSystemStats(Request $request): void
{
if ($request->user->role !== 'super_admin') {
Response::error('Forbidden', 'FORBIDDEN', 403);
return;
}
$db = Database::getInstance();
$stats = [
'total_tenants' => (int)$db->query("SELECT COUNT(*) FROM tenants")->fetchColumn(),
'total_invoices' => (int)$db->query("SELECT COUNT(*) FROM invoices")->fetchColumn(),
'total_users' => (int)$db->query("SELECT COUNT(*) FROM users")->fetchColumn(),
'active_subscriptions' => (int)$db->query("SELECT COUNT(*) FROM subscriptions WHERE status = 'active'")->fetchColumn()
];
Response::json(['success' => true, 'data' => $stats]);
}
public function getQueueStatus(Request $request): void
{
if ($request->user->role !== 'super_admin') {
Response::error('Forbidden', 'FORBIDDEN', 403);
return;
}
$db = Database::getInstance();
$stmt = $db->prepare("SELECT status, COUNT(*) as count FROM queue_jobs GROUP BY status");
$stmt->execute();
$counts = $stmt->fetchAll();
Response::json(['success' => true, 'data' => $counts]);
}
public function health(Request $request): void
{
$dbStatus = 'ok';
try { Database::getInstance()->query("SELECT 1"); } catch (\Throwable $e) { $dbStatus = 'error'; }
$redisStatus = 'ok';
try { \App\Core\Redis::getInstance()->ping(); } catch (\Throwable $e) { $redisStatus = 'error'; }
Response::json([
'success' => true,
'data' => [
'database' => $dbStatus,
'redis' => $redisStatus,
'php_version' => PHP_VERSION,
'server_time' => date('Y-m-d H:i:s')
]
]);
}
}

63
app/Modules/ApiKeys/ApiKeyController.php
View File

@@ -1,63 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\ApiKeys;
use App\Core\{Request, Response, Database};
final class ApiKeyController
{
public function index(Request $request): void
{
$tenantId = $request->tenantId;
$db = Database::getInstance();
$stmt = $db->prepare("SELECT id, public_key, name, is_active, created_at FROM api_keys WHERE tenant_id = ? AND is_active = 1");
$stmt->execute([$tenantId]);
$keys = $stmt->fetchAll();
Response::json(['success' => true, 'data' => $keys]);
}
public function create(Request $request): void
{
$tenantId = $request->tenantId;
$data = $request->getBody();
$name = $data['name'] ?? 'Default Key';
$publicKey = bin2hex(random_bytes(16)); // 32 chars
$secret = bin2hex(random_bytes(32)); // 64 chars
$db = Database::getInstance();
$stmt = $db->prepare("INSERT INTO api_keys (id, tenant_id, name, public_key, secret_hash, is_active, created_at) VALUES (?, ?, ?, ?, ?, 1, NOW())");
$id = \Ramsey\Uuid\Uuid::uuid4()->toString();
$stmt->execute([
$id,
$tenantId,
$name,
$publicKey,
password_hash($secret, PASSWORD_BCRYPT)
]);
Response::json([
'success' => true,
'message' => 'تم إنشاء مفتاح API بنجاح. يرجى حفظ السر (Secret) الآن لأنه لن يظهر مرة أخرى.',
'data' => [
'id' => $id,
'public_key' => $publicKey,
'secret' => $secret
]
], 201);
}
public function revoke(Request $request, string $id): void
{
$tenantId = $request->tenantId;
$db = Database::getInstance();
$stmt = $db->prepare("UPDATE api_keys SET is_active = 0 WHERE id = ? AND tenant_id = ?");
$stmt->execute([$id, $tenantId]);
Response::json(['success' => true, 'message' => 'تم إيقاف مفتاح API بنجاح']);
}
}

19
app/Modules/ApiKeys/ApiKeyModel.php
View File

@@ -1,19 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\ApiKeys;
use App\Models\BaseModel;
final class ApiKeyModel extends BaseModel
{
protected string $table = 'api_keys';
public function findAllByTenant(string $tenantId): array
{
$stmt = $this->db()->prepare("SELECT id, name, prefix, expires_at, last_used_at, is_active, created_at FROM {$this->table} WHERE tenant_id = ? AND deleted_at IS NULL");
$stmt->execute([$tenantId]);
return $stmt->fetchAll();
}
}

189
app/Modules/Auth/AuthController.php
View File

@@ -1,189 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\Auth;
use App\Core\{Request, Response};
use App\Modules\Auth\AuthService;
use Throwable;
final class AuthController
{
public function __construct(private readonly AuthService $authService) {}
public function login(Request $request): void
{
$email = $request->input('email');
$password = $request->input('password');
if (!$email || !$password) {
Response::error('يرجى إدخال البريد الإلكتروني وكلمة المرور', 'VALIDATION_ERROR', 422);
return;
}
try {
$result = $this->authService->login($email, $password);
// 2FA Check
if ($result['user']->totp_enabled) {
Response::json([
'success' => true,
'requires_2fa' => true,
'temp_token' => $result['access_token']
]);
return;
}
// Set refresh token in HttpOnly cookie
setcookie('refresh_token', $result['refresh_token'], [
'expires' => time() + (60 * 60 * 24 * 7),
'path' => '/api/v1/auth/refresh',
'httponly' => true,
'samesite' => 'Strict',
'secure' => true
]);
unset($result['refresh_token']);
Response::json([
'success' => true,
'data' => $result,
'message' => 'تم تسجيل الدخول بنجاح'
]);
} catch (Throwable $e) {
Response::error($e->getMessage(), 'AUTH_FAILED', 401);
}
}
public function me(Request $request): void
{
$db = \App\Core\Database::getInstance();
$stmt = $db->prepare("SELECT id, tenant_id, name, email, role, totp_enabled FROM users WHERE id = ?");
$stmt->execute([$request->user->user_id]);
$user = $stmt->fetch();
Response::json([
'success' => true,
'data' => $user
]);
}
public function logout(Request $request): void
{
// Clear refresh token cookie
setcookie('refresh_token', '', [
'expires' => time() - 3600,
'path' => '/api/v1/auth/refresh',
'httponly' => true,
'samesite' => 'Strict',
'secure' => true
]);
Response::json([
'success' => true,
'message' => 'تم تسجيل الخروج بنجاح'
]);
}
public function refresh(Request $request): void
{
$refreshToken = $_COOKIE['refresh_token'] ?? null;
if (!$refreshToken) {
Response::error('رمز التجديد مفقود', 'UNAUTHORIZED', 401);
return;
}
try {
$result = $this->authService->refresh($refreshToken);
// Set new refresh token in HttpOnly cookie
setcookie('refresh_token', $result['refresh_token'], [
'expires' => time() + (60 * 60 * 24 * 7),
'path' => '/api/v1/auth/refresh',
'httponly' => true,
'samesite' => 'Strict',
'secure' => true
]);
unset($result['refresh_token']);
Response::json([
'success' => true,
'data' => $result,
'message' => 'تم تجديد الجلسة بنجاح'
]);
} catch (Throwable $e) {
Response::error($e->getMessage(), 'REFRESH_FAILED', 401);
}
}
public function register(Request $request): void
{
try {
$result = $this->authService->register($request->getBody());
// Set refresh token in HttpOnly cookie
setcookie('refresh_token', $result['refresh_token'], [
'expires' => time() + (60 * 60 * 24 * 7),
'path' => '/api/v1/auth/refresh',
'httponly' => true,
'samesite' => 'Strict',
'secure' => true
]);
unset($result['refresh_token']);
Response::json([
'success' => true,
'data' => $result,
'message' => 'تم إنشاء الحساب وتسجيل الدخول بنجاح'
]);
} catch (Throwable $e) {
Response::error($e->getMessage(), 'REGISTRATION_FAILED', 400);
}
}
public function enable2FA(Request $request): void
{
$user = $request->user;
$totpService = new \App\Services\TotpService();
$secret = $totpService->generateSecret();
$qrUrl = $totpService->getQrCodeUrl($user->email, $secret);
Response::json([
'success' => true,
'data' => [
'secret' => $secret,
'qr_url' => $qrUrl
]
]);
}
public function verify2FA(Request $request): void
{
$data = $request->getBody();
$code = $data['code'] ?? '';
$secret = $data['secret'] ?? '';
$totpService = new \App\Services\TotpService();
if ($totpService->verify($secret, $code)) {
$db = \App\Core\Database::getInstance();
$stmt = $db->prepare("UPDATE users SET totp_secret = ?, totp_enabled = 1 WHERE id = ?");
$stmt->execute([$secret, $request->user->user_id]);
Response::json(['success' => true, 'message' => 'تم تفعيل التحقق الثنائي بنجاح']);
} else {
Response::error('رمز التحقق غير صحيح', 'INVALID_CODE', 400);
}
}
public function disable2FA(Request $request): void
{
$db = \App\Core\Database::getInstance();
$stmt = $db->prepare("UPDATE users SET totp_secret = NULL, totp_enabled = 0 WHERE id = ?");
$stmt->execute([$request->user->user_id]);
Response::json(['success' => true, 'message' => 'تم تعطيل التحقق الثنائي']);
}
}

157
app/Modules/Auth/AuthService.php
View File

@@ -1,157 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\Auth;
use App\Modules\Users\UserModel;
use App\Modules\Tenants\TenantModel;
use App\Modules\Subscriptions\SubscriptionModel;
use App\Services\Security\JwtService;
use Ramsey\Uuid\Uuid;
use Exception;
final class AuthService
{
public function __construct(
private readonly UserModel $userModel,
private readonly JwtService $jwtService,
private readonly TenantModel $tenantModel,
private readonly SubscriptionModel $subscriptionModel
) {}
public function login(string $email, string $password): array
{
$user = $this->userModel->findByEmail($email);
if (!$user || !password_verify($password, $user['password_hash'])) {
throw new Exception("البريد الإلكتروني أو كلمة المرور غير صحيحة");
}
if (!$user['is_active']) {
throw new Exception("هذا الحساب معطل حالياً");
}
$accessToken = $this->jwtService->issueAccessToken([
'user_id' => $user['id'],
'tenant_id' => $user['tenant_id'],
'role' => $user['role'],
'assigned_company_id' => $user['assigned_company_id']
]);
$refreshToken = $this->jwtService->issueRefreshToken($user['id']);
// Update refresh token hash in DB
$this->userModel->update($user['id'], [
'refresh_token_hash' => password_hash($refreshToken, PASSWORD_BCRYPT),
'last_login_at' => date('Y-m-d H:i:s'),
'last_login_ip' => $_SERVER['REMOTE_ADDR'] ?? null
]);
return [
'access_token' => $accessToken,
'refresh_token' => $refreshToken,
'user' => [
'id' => $user['id'],
'name' => $user['name'],
'email' => $user['email'],
'role' => $user['role'],
'assigned_company_id' => $user['assigned_company_id']
]
];
}
public function refresh(string $refreshToken): array
{
$parts = explode('.', $refreshToken);
if (count($parts) !== 2) {
throw new Exception("رمز التجديد غير صالحة");
}
[$userId, $random] = $parts;
$user = $this->userModel->find($userId);
if (!$user || !$user['is_active']) {
throw new Exception("المستخدم غير موجود أو معطل");
}
if (!$user['refresh_token_hash'] || !password_verify($refreshToken, $user['refresh_token_hash'])) {
throw new Exception("جلسة العمل منتهية، يرجى تسجيل الدخول مرة أخرى");
}
$accessToken = $this->jwtService->issueAccessToken([
'user_id' => $user['id'],
'tenant_id' => $user['tenant_id'],
'role' => $user['role'],
'assigned_company_id' => $user['assigned_company_id']
]);
$newRefreshToken = $this->jwtService->issueRefreshToken($user['id']);
$this->userModel->update($user['id'], [
'refresh_token_hash' => password_hash($newRefreshToken, PASSWORD_BCRYPT)
]);
return [
'access_token' => $accessToken,
'refresh_token' => $newRefreshToken,
'user' => [
'id' => $user['id'],
'name' => $user['name'],
'email' => $user['email'],
'role' => $user['role'],
'assigned_company_id' => $user['assigned_company_id']
]
];
}
public function register(array $data): array
{
// 1. Check if tenant already exists
if ($this->tenantModel->findByEmail($data['email'])) {
throw new Exception("هذا البريد الإلكتروني مسجل مسبقاً");
}
$tenantId = Uuid::uuid4()->toString();
$userId = Uuid::uuid4()->toString();
// 2. Create Tenant
$this->tenantModel->create([
'id' => $tenantId,
'name' => $data['tenant_name'],
'email' => $data['email'],
'status' => 'trial',
'trial_ends_at' => date('Y-m-d H:i:s', strtotime('+14 days'))
]);
// 3. Create Subscription
$this->subscriptionModel->create([
'tenant_id' => $tenantId,
'plan' => 'basic',
'status' => 'trial'
]);
// 4. Create User
$this->userModel->create([
'id' => $userId,
'tenant_id' => $tenantId,
'name' => $data['user_name'],
'email' => $data['email'],
'password_hash' => password_hash($data['password'], PASSWORD_ARGON2ID),
'role' => 'admin',
'is_active' => 1
]);
return $this->login($data['email'], $data['password']);
}
public function logout(string $jti, int $remaining): void
{
// Blacklist the JTI for its remaining lifetime
try {
$redis = \App\Core\Redis::getInstance();
$redis->setex('jwt_blacklist:' . $jti, max($remaining, 1), '1');
} catch (\Throwable $e) {
error_log('[AUTH] Could not blacklist JTI: ' . $e->getMessage());
}
}
}

75
app/Modules/Companies/CompanyController.php
View File

@@ -1,75 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\Companies;
use App\Core\{Request, Response};
use App\Modules\Companies\{CompanyModel, CompanyService};
use Throwable;
final class CompanyController
{
public function __construct(
private readonly CompanyModel $companyModel,
private readonly CompanyService $companyService
) {}
public function list(Request $request): void
{
$tenantId = $request->tenantId;
$role = $request->user->role ?? 'viewer';
$assignedCompanyId = $request->user->assigned_company_id ?? null;
if ($role === 'super_admin') {
$companies = $this->companyModel->findByTenant($tenantId);
} else {
// Filter by assigned company
$db = \App\Core\Database::getInstance();
$stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND id = ? AND deleted_at IS NULL");
$stmt->execute([$tenantId, $assignedCompanyId]);
$companies = $stmt->fetchAll();
}
Response::json([
'success' => true,
'data' => $companies
]);
}
public function create(Request $request): void
{
$data = $request->getBody();
$data['tenant_id'] = $request->tenantId;
try {
$companyId = $this->companyService->createCompany($data);
Response::json([
'success' => true,
'data' => ['id' => $companyId],
'message' => 'تم إضافة الشركة بنجاح'
], 201);
} catch (Throwable $e) {
Response::error('فشل إضافة الشركة', 'CREATE_FAILED', 500);
}
}
public function updateJoFotara(Request $request, string $id): void
{
$data = [
'jofotara_client_id' => $request->input('client_id'),
'jofotara_secret_key' => $request->input('secret_key'),
'is_jofotara_linked' => 1
];
try {
$this->companyService->updateJoFotara($id, $data);
Response::json([
'success' => true,
'message' => 'تم تحديث بيانات جو-فواتير بنجاح'
]);
} catch (Throwable $e) {
Response::error('فشل تحديث البيانات', 'UPDATE_FAILED', 500);
}
}
}

19
app/Modules/Companies/CompanyModel.php
View File

@@ -1,19 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\Companies;
use App\Models\BaseModel;
final class CompanyModel extends BaseModel
{
protected string $table = 'companies';
public function findByTenant(string $tenantId): array
{
$stmt = $this->db()->prepare("SELECT * FROM {$this->table} WHERE tenant_id = ? AND deleted_at IS NULL");
$stmt->execute([$tenantId]);
return $stmt->fetchAll();
}
}

62
app/Modules/Companies/CompanyService.php
View File

@@ -1,62 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\Companies;
use App\Services\Security\EncryptionService;
use App\Modules\Companies\CompanyModel;
use Ramsey\Uuid\Uuid;
final class CompanyService
{
public function __construct(
private readonly CompanyModel $companyModel,
private readonly EncryptionService $encryption
) {}
public function createCompany(array $data): string
{
if (!isset($data['id'])) {
$data['id'] = Uuid::uuid4()->toString();
}
// Encrypt sensitive JoFotara credentials
if (isset($data['jofotara_client_id'])) {
$data['jofotara_client_id_encrypted'] = $this->encryption->encrypt($data['jofotara_client_id']);
unset($data['jofotara_client_id']);
}
if (isset($data['jofotara_secret_key'])) {
$data['jofotara_secret_key_encrypted'] = $this->encryption->encrypt($data['jofotara_secret_key']);
unset($data['jofotara_secret_key']);
}
return (string)$this->companyModel->create($data);
}
public function updateJoFotara(string $id, array $data): bool
{
if (isset($data['jofotara_client_id'])) {
$data['jofotara_client_id_encrypted'] = $this->encryption->encrypt($data['jofotara_client_id']);
unset($data['jofotara_client_id']);
}
if (isset($data['jofotara_secret_key'])) {
$data['jofotara_secret_key_encrypted'] = $this->encryption->encrypt($data['jofotara_secret_key']);
unset($data['jofotara_secret_key']);
}
return $this->companyModel->update($id, $data);
}
public function getJoFotaraCredentials(string $companyId): array
{
$company = $this->companyModel->find($companyId);
if (!$company) return [];
return [
'clientId' => $company['jofotara_client_id_encrypted'] ? $this->encryption->decrypt($company['jofotara_client_id_encrypted']) : null,
'secretKey' => $company['jofotara_secret_key_encrypted'] ? $this->encryption->decrypt($company['jofotara_secret_key_encrypted']) : null,
];
}
}

89
app/Modules/Dashboard/DashboardController.php
View File

@@ -1,89 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\Dashboard;
use App\Core\{Request, Response, Database};
final class DashboardController
{
public function getStats(Request $request): void
{
$tenantId = $request->tenantId;
$role = $request->user->role ?? 'viewer';
$assignedCompanyId = $request->user->assigned_company_id ?? null;
$db = Database::getInstance();
// Build scope: accountants see only their company, admins see all tenant companies
$companyScope = '';
$params = [$tenantId];
if ($role === 'accountant' && $assignedCompanyId) {
$companyScope = ' AND i.company_id = ?';
$params[] = $assignedCompanyId;
}
// Invoices this month
$stmt = $db->prepare("SELECT COUNT(*) as c FROM invoices i
WHERE i.tenant_id = ? {$companyScope} AND MONTH(i.created_at) = MONTH(CURDATE()) AND YEAR(i.created_at) = YEAR(CURDATE()) AND i.deleted_at IS NULL");
$stmt->execute($params);
$thisMonth = (int)$stmt->fetchColumn();
// Total invoices
$stmt = $db->prepare("SELECT COUNT(*) as c FROM invoices i WHERE i.tenant_id = ? {$companyScope} AND i.deleted_at IS NULL");
$stmt->execute($params);
$total = (int)$stmt->fetchColumn();
// Status distribution
$stmt = $db->prepare("SELECT status, COUNT(*) as count FROM invoices i
WHERE i.tenant_id = ? {$companyScope} AND i.deleted_at IS NULL GROUP BY status");
$stmt->execute($params);
$statusDistribution = $stmt->fetchAll();
// Approved count
$stmt = $db->prepare("SELECT COUNT(*) FROM invoices i
WHERE i.tenant_id = ? {$companyScope} AND i.status = 'approved' AND i.deleted_at IS NULL");
$stmt->execute($params);
$approved = (int)$stmt->fetchColumn();
// Companies count
$stmt = $db->prepare("SELECT COUNT(*) FROM companies WHERE tenant_id = ? AND is_active = 1 AND deleted_at IS NULL");
$stmt->execute([$tenantId]);
$companiesCount = (int)$stmt->fetchColumn();
// Subscription usage
$stmt = $db->prepare("SELECT max_invoices_per_month, invoices_used_this_month FROM subscriptions WHERE tenant_id = ?");
$stmt->execute([$tenantId]);
$sub = $stmt->fetch();
$usagePct = $sub && $sub['max_invoices_per_month'] > 0
? round(($sub['invoices_used_this_month'] / $sub['max_invoices_per_month']) * 100)
: 0;
// Recent invoices with company name
$stmt = $db->prepare("SELECT i.id, i.invoice_number, i.invoice_date, i.grand_total, i.status, i.created_at, c.name as company_name
FROM invoices i
JOIN companies c ON i.company_id = c.id
WHERE i.tenant_id = ? {$companyScope} AND i.deleted_at IS NULL
ORDER BY i.created_at DESC LIMIT 10");
$stmt->execute($params);
$recent = $stmt->fetchAll();
// Unresolved risk flags
$stmt = $db->prepare("SELECT COUNT(*) FROM risk_scores WHERE tenant_id = ? AND is_resolved = 0");
$stmt->execute([$tenantId]);
$riskCount = (int)$stmt->fetchColumn();
Response::json([
'success' => true,
'data' => [
'total_invoices' => $total,
'invoices_this_month' => $thisMonth,
'approved_invoices' => $approved,
'companies_count' => $companiesCount,
'subscription_usage_pct' => $usagePct,
'subscription' => $sub,
'status_distribution' => $statusDistribution,
'recent_invoices' => $recent,
'risk_alerts_count' => $riskCount,
]
]);
}
}

30
app/Modules/Invoices/Actions/DownloadInvoiceFileAction.php
View File

@@ -1,30 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\Invoices\Actions;
use App\Core\Database;
use Exception;
final class DownloadInvoiceFileAction {
public function execute(string $invoiceId, string $tenantId, $user): array {
$db = Database::getInstance();
$stmt = $db->prepare("SELECT original_file_path, company_id FROM invoices WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL LIMIT 1");
$stmt->execute([$invoiceId, $tenantId]);
$invoice = $stmt->fetch();
if (!$invoice || !file_exists($invoice['original_file_path'])) {
throw new Exception('الملف غير موجود', 404);
}
$role = $user->role ?? 'viewer';
if ($role !== 'super_admin' && $invoice['company_id'] !== ($user->assigned_company_id ?? null)) {
throw new Exception('غير مصرح لك بمشاهدة هذا الملف', 403);
}
return [
'path' => $invoice['original_file_path'],
'mime' => mime_content_type($invoice['original_file_path']),
'name' => basename($invoice['original_file_path'])
];
}
}

31
app/Modules/Invoices/Actions/GetInvoiceDetailAction.php
View File

@@ -1,31 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\Invoices\Actions;
use App\Core\Database;
use Exception;
final class GetInvoiceDetailAction {
public function execute(string $invoiceId, string $tenantId, $user): array {
$db = Database::getInstance();
$stmt = $db->prepare("SELECT * FROM invoices WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL LIMIT 1");
$stmt->execute([$invoiceId, $tenantId]);
$invoice = $stmt->fetch();
if (!$invoice) {
throw new Exception('الفاتورة غير موجودة أو تم حذفها', 404);
}
$role = $user->role ?? 'viewer';
if ($role !== 'super_admin' && $invoice['company_id'] !== ($user->assigned_company_id ?? null)) {
throw new Exception('غير مصرح لك بالوصول لهذه الفاتورة', 403);
}
$stmt = $db->prepare("SELECT * FROM invoice_lines WHERE invoice_id = ? ORDER BY line_number ASC");
$stmt->execute([$invoiceId]);
$invoice['lines'] = $stmt->fetchAll() ?: [];
return $invoice;
}
}

31
app/Modules/Invoices/Actions/ListInvoicesAction.php
View File

@@ -1,31 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\Invoices\Actions;
use App\Core\Database;
final class ListInvoicesAction {
public function execute(string $tenantId, $user): array {
$db = Database::getInstance();
$role = $user->role ?? 'viewer';
$assignedCompanyId = $user->assigned_company_id ?? null;
if ($role === 'super_admin' || $role === 'admin') {
$stmt = $db->prepare("SELECT i.*, c.name as company_name
FROM invoices i
JOIN companies c ON i.company_id = c.id
WHERE i.tenant_id = ? AND i.deleted_at IS NULL
ORDER BY i.created_at DESC");
$stmt->execute([$tenantId]);
} else {
$stmt = $db->prepare("SELECT i.*, c.name as company_name
FROM invoices i
JOIN companies c ON i.company_id = c.id
WHERE i.tenant_id = ? AND i.company_id = ? AND i.deleted_at IS NULL
ORDER BY i.created_at DESC");
$stmt->execute([$tenantId, $assignedCompanyId]);
}
return $stmt->fetchAll() ?: [];
}
}

23
app/Modules/Invoices/Actions/SubmitInvoiceAction.php
View File

@@ -1,23 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\Invoices\Actions;
use App\Services\QueueService;
use App\Core\Database;
use Exception;
final class SubmitInvoiceAction {
public function execute(string $invoiceId, string $tenantId): void {
$db = Database::getInstance();
$stmt = $db->prepare("SELECT id FROM invoices WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL LIMIT 1");
$stmt->execute([$invoiceId, $tenantId]);
if (!$stmt->fetch()) {
throw new Exception('الفاتورة غير موجودة', 404);
}
QueueService::push('submit_jofotara', [
'invoice_id' => $invoiceId
]);
}
}

49
app/Modules/Invoices/Actions/UploadInvoiceAction.php
View File

@@ -1,49 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\Invoices\Actions;
use App\Services\FileStorageService;
use App\Modules\Invoices\InvoiceModel;
use App\Services\QueueService;
use Exception;
use Ramsey\Uuid\Uuid;
final class UploadInvoiceAction {
public function __construct(
private readonly FileStorageService $storage,
private readonly InvoiceModel $invoiceModel
) {}
public function execute(array $files, string $companyId, string $tenantId, $user): string {
if (empty($files['invoice'])) {
throw new Exception('يرجى اختيار ملف الفاتورة', 422);
}
if (!$companyId) {
throw new Exception('يرجى تحديد الشركة', 422);
}
$filePath = $this->storage->store($files['invoice'], $tenantId, $companyId);
$fileHash = $this->storage->getHash($filePath);
$invoiceId = Uuid::uuid4()->toString();
$this->invoiceModel->create([
'id' => $invoiceId,
'tenant_id' => $tenantId,
'company_id' => $companyId,
'uploaded_by' => $user->user_id ?? null,
'status' => 'uploaded',
'original_file_path' => $filePath,
'original_file_hash' => $fileHash,
'idempotency_key' => bin2hex(random_bytes(16))
]);
QueueService::push('invoice_extraction', [
'invoice_id' => $invoiceId,
'file_path' => $filePath,
'mime_type' => mime_content_type($filePath)
]);
return $invoiceId;
}
}

151
app/Modules/Invoices/InvoiceController.php
View File

@@ -1,151 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\Invoices;
use App\Core\{Request, Response, Database};
use Throwable;
final class InvoiceController
{
public function index(Request $request): void
{
$tenantId = $request->tenantId;
$role = $request->user->role ?? 'viewer';
$assignedCompanyId = $request->user->assigned_company_id ?? null;
$db = Database::getInstance();
$page = max(1, (int)$request->input('page', 1));
$limit = min(50, max(10, (int)$request->input('per_page', 20)));
$offset = ($page - 1) * $limit;
$companyFilter = $request->input('company_id');
$statusFilter = $request->input('status');
$dateFrom = $request->input('date_from');
$dateTo = $request->input('date_to');
$where = 'WHERE i.tenant_id = ? AND i.deleted_at IS NULL';
$params = [$tenantId];
if ($role === 'accountant' && $assignedCompanyId) {
$where .= ' AND i.company_id = ?';
$params[] = $assignedCompanyId;
} elseif ($companyFilter) {
$where .= ' AND i.company_id = ?';
$params[] = $companyFilter;
}
if ($statusFilter) { $where .= ' AND i.status = ?'; $params[] = $statusFilter; }
if ($dateFrom) { $where .= ' AND i.invoice_date >= ?'; $params[] = $dateFrom; }
if ($dateTo) { $where .= ' AND i.invoice_date <= ?'; $params[] = $dateTo; }
$stmt = $db->prepare("SELECT COUNT(*) FROM invoices i {$where}");
$stmt->execute($params);
$total = (int)$stmt->fetchColumn();
$stmt = $db->prepare("SELECT i.id, i.invoice_number, i.invoice_date, i.grand_total, i.tax_amount,
i.status, i.ai_confidence_score, i.created_at, c.name as company_name
FROM invoices i JOIN companies c ON i.company_id = c.id
{$where} ORDER BY i.created_at DESC LIMIT {$limit} OFFSET {$offset}");
$stmt->execute($params);
$invoices = $stmt->fetchAll();
Response::json([
'success' => true,
'data' => $invoices,
'meta' => [
'total' => $total,
'page' => $page,
'per_page' => $limit,
'last_page' => ceil($total / $limit)
]
]);
}
public function show(Request $request, string $id): void
{
$tenantId = $request->tenantId;
$db = Database::getInstance();
// Fetch invoice with company name (tenant-scoped)
$stmt = $db->prepare("SELECT i.*, c.name as company_name, c.tax_identification_number as company_tin
FROM invoices i
JOIN companies c ON i.company_id = c.id
WHERE i.id = ? AND i.tenant_id = ? AND i.deleted_at IS NULL");
$stmt->execute([$id, $tenantId]);
$invoice = $stmt->fetch();
if (!$invoice) {
Response::error('الفاتورة غير موجودة', 'NOT_FOUND', 404);
return;
}
// Fetch lines
$stmt = $db->prepare("SELECT * FROM invoice_lines WHERE invoice_id = ? ORDER BY line_number ASC");
$stmt->execute([$id]);
$invoice['lines'] = $stmt->fetchAll();
// Parse JSON fields
if (!empty($invoice['validation_errors'])) {
$invoice['validation_errors'] = json_decode($invoice['validation_errors'], true);
}
if (!empty($invoice['jofotara_response'])) {
$invoice['jofotara_response'] = json_decode($invoice['jofotara_response'], true);
}
Response::json(['success' => true, 'data' => $invoice]);
}
public function serveFile(Request $request, string $id): void
{
$tenantId = $request->tenantId;
$db = Database::getInstance();
$stmt = $db->prepare("SELECT original_file_path FROM invoices WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL");
$stmt->execute([$id, $tenantId]);
$invoice = $stmt->fetch();
if (!$invoice || !$invoice['original_file_path']) {
Response::error('الملف غير موجود', 'NOT_FOUND', 404);
return;
}
$filePath = $invoice['original_file_path'];
if (!file_exists($filePath)) {
Response::error('الملف غير موجود على الخادم', 'FILE_NOT_FOUND', 404);
return;
}
// Validate path is within storage directory (security)
$storagePath = realpath($_ENV['STORAGE_PATH'] ?? dirname(__DIR__, 3) . '/storage');
$realPath = realpath($filePath);
if (!$realPath || !str_starts_with($realPath, $storagePath)) {
Response::error('وصول غير مصرح', 'FORBIDDEN', 403);
return;
}
$mimeType = mime_content_type($filePath);
$filename = basename($filePath);
header('Content-Type: ' . $mimeType);
header('Content-Length: ' . filesize($filePath));
header('Content-Disposition: inline; filename="' . $filename . '"');
header('X-Content-Type-Options: nosniff');
readfile($filePath);
exit;
}
public function status(Request $request, string $id): void
{
$stmt = Database::getInstance()->prepare("SELECT id, status, ai_confidence_score, validation_errors FROM invoices WHERE id = ? AND tenant_id = ?");
$stmt->execute([$id, $request->tenantId]);
$invoice = $stmt->fetch();
Response::json(['success' => true, 'data' => $invoice]);
}
public function upload(Request $request): void
{
// ... Keeping existing upload logic but wrapping in simplified controller if needed
// For now, I'll use the provided instructions' style
// (Wait, the prompt didn't provide a full upload() implementation, but I should keep the functionality)
}
}

34
app/Modules/Invoices/InvoiceModel.php
View File

@@ -1,34 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\Invoices;
use App\Models\BaseModel;
final class InvoiceModel extends BaseModel
{
protected string $table = 'invoices';
public function findByTenant(string $tenantId): array
{
$stmt = $this->db()->prepare("SELECT * FROM {$this->table} WHERE tenant_id = ? AND deleted_at IS NULL ORDER BY created_at DESC");
$stmt->execute([$tenantId]);
return $stmt->fetchAll();
}
public function findByStatus(string $status, ?string $tenantId = null): array
{
$sql = "SELECT * FROM {$this->table} WHERE status = ? AND deleted_at IS NULL";
$params = [$status];
if ($tenantId) {
$sql .= " AND tenant_id = ?";
$params[] = $tenantId;
}
$stmt = $this->db()->prepare($sql);
$stmt->execute($params);
return $stmt->fetchAll();
}
}

50
app/Modules/Risks/RiskController.php
View File

@@ -1,50 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\Risks;
use App\Core\{Database, Request, Response};
final class RiskController
{
public function index(Request $request): void
{
$db = Database::getInstance();
$stmt = $db->prepare(
"SELECT r.*, c.name AS company_name, i.invoice_number
FROM risk_scores r
LEFT JOIN companies c ON c.id = r.company_id
LEFT JOIN invoices i ON i.id = r.invoice_id
WHERE r.tenant_id = ? AND r.is_resolved = 0
ORDER BY r.score ASC, r.created_at DESC"
);
$stmt->execute([$request->tenantId]);
Response::json([
'success' => true,
'data' => $stmt->fetchAll(),
]);
}
public function resolve(Request $request, string $id): void
{
$db = Database::getInstance();
$resolvedBy = $request->user->user_id ?? null;
$stmt = $db->prepare(
"UPDATE risk_scores
SET is_resolved = 1, resolved_by = ?, resolved_at = NOW()
WHERE id = ? AND tenant_id = ?"
);
$stmt->execute([$resolvedBy, $id, $request->tenantId]);
if ($stmt->rowCount() === 0) {
Response::error('تنبيه المخاطر غير موجود', 'NOT_FOUND', 404);
return;
}
Response::json([
'success' => true,
'message' => 'تم حل التنبيه بنجاح',
]);
}
}

29
app/Modules/Subscriptions/SubscriptionController.php
View File

@@ -1,29 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\Subscriptions;
use App\Core\{Request, Response};
use App\Modules\Subscriptions\SubscriptionModel;
final class SubscriptionController
{
public function __construct(private readonly SubscriptionModel $subscriptionModel) {}
public function me(Request $request): void
{
$tenantId = $request->tenantId;
$subscription = $this->subscriptionModel->findByTenantId($tenantId);
if (!$subscription) {
Response::error('لا يوجد اشتراك فعال حالياً', 'NOT_FOUND', 404);
return;
}
Response::json([
'success' => true,
'data' => $subscription
]);
}
}

19
app/Modules/Subscriptions/SubscriptionModel.php
View File

@@ -1,19 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\Subscriptions;
use App\Models\BaseModel;
final class SubscriptionModel extends BaseModel
{
protected string $table = 'subscriptions';
public function findByTenantId(string $tenantId): ?array
{
$stmt = $this->db()->prepare("SELECT * FROM {$this->table} WHERE tenant_id = ? LIMIT 1");
$stmt->execute([$tenantId]);
return $stmt->fetch() ?: null;
}
}

29
app/Modules/Tenants/TenantController.php
View File

@@ -1,29 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\Tenants;
use App\Core\{Request, Response};
use App\Modules\Tenants\TenantModel;
final class TenantController
{
public function __construct(private readonly TenantModel $tenantModel) {}
public function me(Request $request): void
{
$tenantId = $request->tenantId;
$tenant = $this->tenantModel->find($tenantId);
if (!$tenant) {
Response::error('المستأجر غير موجود', 'NOT_FOUND', 404);
return;
}
Response::json([
'success' => true,
'data' => $tenant
]);
}
}

19
app/Modules/Tenants/TenantModel.php
View File

@@ -1,19 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\Tenants;
use App\Models\BaseModel;
final class TenantModel extends BaseModel
{
protected string $table = 'tenants';
public function findByEmail(string $email): ?array
{
$stmt = $this->db()->prepare("SELECT * FROM {$this->table} WHERE email = ? AND deleted_at IS NULL LIMIT 1");
$stmt->execute([$email]);
return $stmt->fetch() ?: null;
}
}

41
app/Modules/Users/UserModel.php
View File

@@ -1,41 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\Users;
use App\Models\BaseModel;
final class UserModel extends BaseModel
{
protected string $table = 'users';
public function findByEmail(string $email, ?string $tenantId = null): ?array
{
$sql = "SELECT * FROM {$this->table} WHERE email = ? AND deleted_at IS NULL";
$params = [$email];
if ($tenantId) {
$sql .= " AND tenant_id = ?";
$params[] = $tenantId;
}
$stmt = $this->db()->prepare($sql);
$stmt->execute($params);
return $stmt->fetch() ?: null;
}
public function findAllByTenant(string $tenantId): array
{
$stmt = $this->db()->prepare("SELECT id, name, email, role, is_active, created_at FROM {$this->table} WHERE tenant_id = ? AND deleted_at IS NULL");
$stmt->execute([$tenantId]);
return $stmt->fetchAll();
}
public function findById(string $id, string $tenantId): ?array
{
$stmt = $this->db()->prepare("SELECT id, name, email, role, is_active, created_at FROM {$this->table} WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL LIMIT 1");
$stmt->execute([$id, $tenantId]);
return $stmt->fetch() ?: null;
}
}

130
app/Modules/Users/UsersController.php
View File

@@ -1,130 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Modules\Users;
use App\Core\{Request, Response};
use App\Modules\Users\UserModel;
final class UsersController
{
public function __construct(private readonly UserModel $userModel) {}
public function list(Request $request): void
{
$tenantId = $request->tenantId;
// Strict RBAC check: only admins can list users
if ($request->user->role !== 'admin' && $request->user->role !== 'super_admin') {
Response::error('غير مصرح لك بعرض قائمة المستخدمين', 'FORBIDDEN', 403);
return;
}
$users = $this->userModel->findAllByTenant($tenantId);
Response::json([
'success' => true,
'data' => $users
]);
}
public function create(Request $request): void
{
$tenantId = $request->tenantId;
$data = $request->getBody();
// RBAC: Only admins can create users
if ($request->user->role !== 'admin' && $request->user->role !== 'super_admin') {
Response::error('غير مصرح لك بإضافة مستخدمين', 'FORBIDDEN', 403);
return;
}
if (empty($data['email']) || empty($data['password']) || empty($data['name']) || empty($data['role'])) {
Response::error('جميع الحقول مطلوبة', 'VALIDATION_ERROR', 422);
return;
}
// Email uniqueness must be scoped to tenant or global?
// Typically global for identity, but prompt says fix uniqueness conflict.
if ($this->userModel->findByEmail($data['email'])) {
Response::error('البريد الإلكتروني مستخدم مسبقاً', 'DUPLICATE_EMAIL', 409);
return;
}
$userId = \Ramsey\Uuid\Uuid::uuid4()->toString();
$this->userModel->create([
'id' => $userId,
'tenant_id' => $tenantId,
'name' => $data['name'],
'email' => $data['email'],
'password_hash' => password_hash($data['password'], PASSWORD_ARGON2ID),
'role' => $data['role'],
'assigned_company_id' => $data['assigned_company_id'] ?? null,
'is_active' => 1
]);
Response::json([
'success' => true,
'message' => 'تم إضافة المستخدم بنجاح',
'data' => ['id' => $userId]
], 201);
}
public function update(Request $request, string $id): void
{
$tenantId = $request->tenantId;
$data = $request->getBody();
if ($request->user->role !== 'admin' && $request->user->role !== 'super_admin') {
Response::error('غير مصرح لك بتعديل المستخدمين', 'FORBIDDEN', 403);
return;
}
$user = $this->userModel->findById($id, $tenantId);
if (!$user) {
Response::error('المستخدم غير موجود', 'NOT_FOUND', 404);
return;
}
$updateData = [];
if (isset($data['name'])) $updateData['name'] = $data['name'];
if (isset($data['role'])) $updateData['role'] = $data['role'];
if (isset($data['is_active'])) $updateData['is_active'] = $data['is_active'];
if (isset($data['assigned_company_id'])) $updateData['assigned_company_id'] = $data['assigned_company_id'];
if (!empty($data['password'])) {
$updateData['password_hash'] = password_hash($data['password'], PASSWORD_ARGON2ID);
}
$this->userModel->update($id, $updateData);
Response::json([
'success' => true,
'message' => 'تم تحديث بيانات المستخدم بنجاح'
]);
}
public function destroy(Request $request, string $id): void
{
$tenantId = $request->tenantId;
if ($request->user->role !== 'admin' && $request->user->role !== 'super_admin') {
Response::error('غير مصرح لك بحذف المستخدمين', 'FORBIDDEN', 403);
return;
}
if ($id === $request->user->id) {
Response::error('لا يمكنك حذف حسابك الخاص', 'BAD_REQUEST', 400);
return;
}
$this->userModel->delete($id, $tenantId);
Response::json([
'success' => true,
'message' => 'تم حذف المستخدم بنجاح'
]);
}
}

31
app/Services/AI/Contracts/AIProviderInterface.php
View File

@@ -1,31 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services\AI\Contracts;
final class ExtractionResultDTO
{
public function __construct(
public string $invoiceNumber,
public string $invoiceDate,
public string $supplierName,
public ?string $supplierTin,
public string $supplierAddress,
public ?string $buyerName,
public ?string $buyerTin,
public array $lines,
public float $subtotal,
public float $taxAmount,
public float $grand_total,
public string $currency,
public float $confidence,
public array $usage
) {}
}
interface AIProviderInterface
{
public function extractFromFile(string $filePath, string $mimeType): ExtractionResultDTO;
public function getProviderName(): string;
}

77
app/Services/AI/GeminiProvider.php
View File

@@ -1,77 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services\AI;
use App\Services\AI\Contracts\{AIProviderInterface, ExtractionResultDTO};
use GuzzleHttp\Client;
use Exception;
final class GeminiProvider implements AIProviderInterface
{
private Client $client;
private string $apiKey;
private string $model;
public function __construct()
{
$this->client = new Client();
$this->apiKey = $_ENV['GEMINI_API_KEY'] ?? '';
$this->model = $_ENV['GEMINI_MODEL'] ?? 'gemini-2.0-flash';
}
public function extractFromFile(string $filePath, string $mimeType): ExtractionResultDTO
{
$fileData = base64_encode(file_get_contents($filePath));
$prompt = "Extract invoice data from this file. Return ONLY valid JSON (no markdown). " .
"Fields: invoice_number, invoice_date (YYYY-MM-DD), supplier_name, supplier_tin, supplier_address, " .
"buyer_name, buyer_tin, lines (description, quantity, unit_price, line_total, tax_rate), " .
"subtotal, tax_amount, grand_total, currency (JOD), confidence (0-1).";
$response = $this->client->post("https://generativelanguage.googleapis.com/v1beta/models/{$this->model}:generateContent?key={$this->apiKey}", [
'json' => [
'contents' => [
[
'parts' => [
['text' => $prompt],
[
'inline_data' => [
'mime_type' => $mimeType,
'data' => $fileData
]
]
]
]
],
'generationConfig' => [
'response_mime_type' => 'application/json'
]
]
]);
$data = json_decode($response->getBody()->getContents(), true);
$jsonStr = $data['candidates'][0]['content']['parts'][0]['text'] ?? '{}';
$result = json_decode($jsonStr, true);
return new ExtractionResultDTO(
$result['invoice_number'] ?? '',
$result['invoice_date'] ?? '',
$result['supplier_name'] ?? '',
$result['supplier_tin'] ?? null,
$result['supplier_address'] ?? '',
$result['buyer_name'] ?? null,
$result['buyer_tin'] ?? null,
$result['lines'] ?? [],
(float)($result['subtotal'] ?? 0),
(float)($result['tax_amount'] ?? 0),
(float)($result['grand_total'] ?? 0),
$result['currency'] ?? 'JOD',
(float)($result['confidence'] ?? 0),
$data['usageMetadata'] ?? []
);
}
public function getProviderName(): string { return 'gemini'; }
}

84
app/Services/AI/OpenAIProvider.php
View File

@@ -1,84 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services\AI;
use App\Services\AI\Contracts\AIProviderInterface;
use Exception;
final class OpenAIProvider implements AIProviderInterface
{
private string $apiKey;
private string $model;
public function __construct()
{
$this->apiKey = $_ENV['OPENAI_API_KEY'] ?? '';
$this->model = $_ENV['OPENAI_MODEL'] ?? 'gpt-4o-mini';
}
public function isConfigured(): bool
{
return !empty($this->apiKey);
}
public function extractInvoiceData(string $fileContent, string $mimeType, string $prompt): array
{
if (!$this->isConfigured()) {
throw new Exception("OpenAI API Key is missing. Please configure it in .env");
}
$base64Data = base64_encode($fileContent);
$payload = [
'model' => $this->model,
'messages' => [
[
'role' => 'user',
'content' => [
[
'type' => 'text',
'text' => $prompt
],
[
'type' => 'image_url',
'image_url' => [
'url' => "data:{$mimeType};base64,{$base64Data}"
]
]
]
]
],
'response_format' => ['type' => 'json_object'],
'temperature' => 0.1
];
$ch = curl_init('https://api.openai.com/v1/chat/completions');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Content-Type: application/json',
"Authorization: Bearer {$this->apiKey}"
]);
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($httpCode !== 200) {
throw new Exception("OpenAI Extraction failed. HTTP Code: {$httpCode}. Response: {$response}");
}
$result = json_decode($response, true);
$text = $result['choices'][0]['message']['content'] ?? '{}';
$data = json_decode($text, true);
if (!is_array($data)) {
throw new Exception("Failed to parse OpenAI output as JSON: {$text}");
}
return $data;
}
}

89
app/Services/AiExtractionService.php
View File

@@ -1,89 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services;
use Exception;
final class AiExtractionService
{
private string $apiKey;
private string $model;
public function __construct()
{
$this->apiKey = $_ENV['GEMINI_API_KEY'] ?? '';
$this->model = $_ENV['GEMINI_MODEL'] ?? 'gemini-2.0-flash';
}
public function extractInvoiceData(string $filePath, string $mimeType): array
{
if (empty($this->apiKey)) {
throw new Exception("Gemini API Key is missing. Please configure it in .env");
}
$fileContent = file_get_contents($filePath);
if ($fileContent === false) {
throw new Exception("Could not read uploaded invoice file.");
}
$base64Data = base64_encode($fileContent);
$prompt = "Please extract the following information from this invoice and return it strictly as JSON without markdown blocks or backticks:\n"
. "- invoice_number\n"
. "- invoice_date (YYYY-MM-DD)\n"
. "- total_amount\n"
. "- tax_amount\n"
. "- vendor_name\n"
. "- vendor_tax_number";
$payload = [
'contents' => [
[
'parts' => [
['text' => $prompt],
[
'inline_data' => [
'mime_type' => $mimeType,
'data' => $base64Data
]
]
]
]
],
'generationConfig' => [
'temperature' => 0.1,
'response_mime_type' => 'application/json'
]
];
$url = "https://generativelanguage.googleapis.com/v1beta/models/{$this->model}:generateContent?key={$this->apiKey}";
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Content-Type: application/json'
]);
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($httpCode !== 200) {
throw new Exception("AI Extraction failed. HTTP Code: {$httpCode}. Response: {$response}");
}
$result = json_decode($response, true);
$text = $result['candidates'][0]['content']['parts'][0]['text'] ?? '{}';
$data = json_decode($text, true);
if (!is_array($data)) {
throw new Exception("Failed to parse AI output as JSON: {$text}");
}
return $data;
}
}

40
app/Services/AuditService.php
View File

@@ -1,40 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services;
use App\Core\Database;
final class AuditService
{
public static function log(
string $action,
?string $tenantId = null,
?string $userId = null,
?string $entityType = null,
?string $entityId = null,
?array $oldData = null,
?array $newData = null,
?array $metadata = null
): void {
try {
$db = Database::getInstance();
$stmt = $db->prepare("INSERT INTO audit_logs
(tenant_id, user_id, action, entity_type, entity_id, old_data, new_data, ip_address, user_agent, metadata, created_at)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW())");
$stmt->execute([
$tenantId,
$userId,
$action,
$entityType,
$entityId,
$oldData ? json_encode($oldData, JSON_UNESCAPED_UNICODE) : null,
$newData ? json_encode($newData, JSON_UNESCAPED_UNICODE) : null,
$_SERVER['REMOTE_ADDR'] ?? null,
$_SERVER['HTTP_USER_AGENT'] ?? null,
$metadata ? json_encode($metadata, JSON_UNESCAPED_UNICODE) : null,
]);
} catch (\Throwable $e) {
error_log('[Audit] Failed: ' . $e->getMessage());
}
}
}

63
app/Services/FileStorageService.php
View File

@@ -1,63 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services;
use Exception;
final class FileStorageService
{
private string $storagePath;
public function __construct()
{
// Use dynamic path to avoid issues if Mac .env is deployed to Linux server
$this->storagePath = dirname(__DIR__, 2) . '/storage';
}
public function store(array $file, string $tenantId, string $companyId): string
{
// 1. Validate MIME
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_file($finfo, $file['tmp_name']);
finfo_close($finfo);
$allowedMimes = ['application/pdf', 'image/jpeg', 'image/png', 'image/webp', 'application/json', 'text/plain', 'text/xml', 'application/xml'];
if (!in_array($mime, $allowedMimes)) {
throw new Exception("نوع الملف غير مسموح به ({$mime})");
}
// 2. Generate path
$dir = $this->storagePath . '/invoices/' . $tenantId . '/' . $companyId;
if (!is_dir($dir)) {
if (!mkdir($dir, 0777, true)) {
$err = error_get_last();
throw new Exception("فشل إنشاء مجلد الحفظ: " . $dir . " - " . ($err['message'] ?? ''));
}
}
$extension = pathinfo($file['name'], PATHINFO_EXTENSION);
$filename = hash('sha256', $file['name'] . time() . uniqid()) . '.' . $extension;
$targetPath = $dir . '/' . $filename;
if (isset($file['error']) && $file['error'] !== UPLOAD_ERR_OK) {
throw new Exception("حدث خطأ أثناء رفع الملف من المتصفح. كود الخطأ: " . $file['error']);
}
if (!move_uploaded_file($file['tmp_name'], $targetPath)) {
// Fallback for some non-standard PHP environments
if (!copy($file['tmp_name'], $targetPath)) {
$err = error_get_last();
throw new Exception("فشل نقل الملف إلى: " . $targetPath . " - " . ($err['message'] ?? ''));
}
}
return $targetPath;
}
public function getHash(string $filePath): string
{
return hash_file('sha256', $filePath);
}
}

74
app/Services/JoFotara/JoFotaraGateway.php
View File

@@ -1,74 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services\JoFotara;
use GuzzleHttp\Client;
use App\Core\Redis;
use Exception;
final class JoFotaraGateway
{
private Client $client;
private string $baseUrl;
public function __construct()
{
$this->client = new Client();
$this->baseUrl = $_ENV['JOFOTARA_BASE_URL'] ?? 'https://backend.jofotara.gov.jo/core/invoices';
}
/**
* Submit invoice to JoFotara with Circuit Breaker
*/
public function submitInvoice(string $companyId, string $xmlBase64, array $credentials): array
{
$cbKey = "cb:jofotara:{$companyId}";
if ($this->isCircuitOpen($cbKey)) {
throw new Exception("بوابة جو-فواتير غير متاحة حالياً لهذه الشركة، يرجى المحاولة لاحقاً");
}
try {
$response = $this->client->post($this->baseUrl, [
'json' => [
'clientId' => $credentials['clientId'],
'secretKey' => $credentials['secretKey'],
'invoiceType' => 'invoice',
'invoiceData' => $xmlBase64
],
'timeout' => 30
]);
$result = json_decode($response->getBody()->getContents(), true);
$this->resetFailures($cbKey);
return $result;
} catch (\Throwable $e) {
$this->recordFailure($cbKey);
throw $e;
}
}
private function isCircuitOpen(string $key): bool
{
$redis = Redis::getInstance();
return (bool)$redis->get("{$key}:open");
}
private function recordFailure(string $key): void
{
$redis = Redis::getInstance();
$failures = (int)$redis->incr("{$key}:failures");
if ($failures >= 5) {
$redis->setex("{$key}:open", 300, 1); // Open for 5 minutes
}
}
private function resetFailures(string $key): void
{
$redis = Redis::getInstance();
$redis->del(["{$key}:failures", "{$key}:open"]);
}
}

147
app/Services/JoFotara/UBLGeneratorService.php
View File

@@ -1,147 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services\JoFotara;
/**
* UBLGeneratorService
*
* Generates UBL 2.1 compliant XML using DOMDocument for precise namespace control.
*/
final class UBLGeneratorService
{
public function generate(array $invoice, array $lines, array $company): string
{
$dom = new \DOMDocument('1.0', 'UTF-8');
$dom->formatOutput = true;
$root = $dom->createElementNS('urn:oasis:names:specification:ubl:schema:xsd:Invoice-2', 'Invoice');
$root->setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:cac', 'urn:oasis:names:specification:ubl:schema:xsd:CommonAggregateComponents-2');
$root->setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:cbc', 'urn:oasis:names:specification:ubl:schema:xsd:CommonBasicComponents-2');
$dom->appendChild($root);
// 1. Basic Information
$root->appendChild($dom->createElement('cbc:UBLVersionID', '2.1'));
$root->appendChild($dom->createElement('cbc:CustomizationID', 'TRADACO-2.1'));
$root->appendChild($dom->createElement('cbc:ProfileID', 'reporting:1.0'));
$root->appendChild($dom->createElement('cbc:ID', $invoice['invoice_number']));
$root->appendChild($dom->createElement('cbc:IssueDate', $invoice['invoice_date']));
$typeCode = $dom->createElement('cbc:InvoiceTypeCode', $invoice['ubl_type_code'] ?? '388');
$typeCode->setAttribute('name', $invoice['invoice_category'] ?? '01');
$root->appendChild($typeCode);
$root->appendChild($dom->createElement('cbc:DocumentCurrencyCode', 'JOD'));
$root->appendChild($dom->createElement('cbc:TaxCurrencyCode', 'JOD'));
// 2. AccountingSupplierParty
$supplierParty = $dom->createElement('cac:AccountingSupplierParty');
$party = $dom->createElement('cac:Party');
$partyId = $dom->createElement('cac:PartyIdentification');
$idNode = $dom->createElement('cbc:ID', $company['tax_identification_number']);
$idNode->setAttribute('schemeID', 'TN');
$partyId->appendChild($idNode);
$party->appendChild($partyId);
$partyName = $dom->createElement('cac:PartyName');
$partyName->appendChild($dom->createElement('cbc:Name', $company['name']));
$party->appendChild($partyName);
$addr = $dom->createElement('cac:PostalAddress');
$addr->appendChild($dom->createElement('cbc:CityName', $company['city'] ?? 'Amman'));
$country = $dom->createElement('cac:Country');
$country->appendChild($dom->createElement('cbc:IdentificationCode', 'JO'));
$addr->appendChild($country);
$party->appendChild($addr);
$taxScheme = $dom->createElement('cac:PartyTaxScheme');
$taxScheme->appendChild($dom->createElement('cbc:RegistrationName', $company['name']));
$taxScheme->appendChild($dom->createElement('cbc:CompanyID', $company['tax_identification_number']));
$ts = $dom->createElement('cac:TaxScheme');
$ts->appendChild($dom->createElement('cbc:ID', 'VAT'));
$taxScheme->appendChild($ts);
$party->appendChild($taxScheme);
$legalEntity = $dom->createElement('cac:PartyLegalEntity');
$legalEntity->appendChild($dom->createElement('cbc:RegistrationName', $company['name']));
$party->appendChild($legalEntity);
$supplierParty->appendChild($party);
$root->appendChild($supplierParty);
// 3. AccountingCustomerParty
$customerParty = $dom->createElement('cac:AccountingCustomerParty');
$cParty = $dom->createElement('cac:Party');
$cName = $dom->createElement('cac:PartyName');
$cName->appendChild($dom->createElement('cbc:Name', $invoice['buyer_name'] ?? 'عميل عام'));
$cParty->appendChild($cName);
if (!empty($invoice['buyer_tin'])) {
$cId = $dom->createElement('cac:PartyIdentification');
$cidNode = $dom->createElement('cbc:ID', $invoice['buyer_tin']);
$cidNode->setAttribute('schemeID', 'TN');
$cId->appendChild($cidNode);
$cParty->appendChild($cId);
}
$customerParty->appendChild($cParty);
$root->appendChild($customerParty);
// 4. PaymentMeans
$paymentMeans = $dom->createElement('cac:PaymentMeans');
$paymentMeans->appendChild($dom->createElement('cbc:PaymentMeansCode', $invoice['payment_method_code'] ?? '10'));
$root->appendChild($paymentMeans);
// 5. TaxTotal
$taxTotal = $dom->createElement('cac:TaxTotal');
$taxAmt = $dom->createElement('cbc:TaxAmount', number_format((float)$invoice['tax_amount'], 3, '.', ''));
$taxAmt->setAttribute('currencyID', 'JOD');
$taxTotal->appendChild($taxAmt);
$root->appendChild($taxTotal);
// 6. LegalMonetaryTotal
$monetaryTotal = $dom->createElement('cac:LegalMonetaryTotal');
$fields = [
'LineExtensionAmount' => $invoice['subtotal'],
'TaxExclusiveAmount' => $invoice['subtotal'],
'TaxInclusiveAmount' => $invoice['grand_total'],
'AllowanceTotalAmount' => $invoice['discount_total'] ?? 0,
'PayableAmount' => $invoice['grand_total']
];
foreach ($fields as $field => $val) {
$node = $dom->createElement('cbc:' . $field, number_format((float)$val, 3, '.', ''));
$node->setAttribute('currencyID', 'JOD');
$monetaryTotal->appendChild($node);
}
$root->appendChild($monetaryTotal);
// 7. Invoice Lines
foreach ($lines as $line) {
$iLine = $dom->createElement('cac:InvoiceLine');
$iLine->appendChild($dom->createElement('cbc:ID', (string)$line['line_number']));
$qty = $dom->createElement('cbc:InvoicedQuantity', number_format((float)$line['quantity'], 3, '.', ''));
$qty->setAttribute('unitCode', 'PCE');
$iLine->appendChild($qty);
$lineExt = $dom->createElement('cbc:LineExtensionAmount', number_format((float)$line['line_total'], 3, '.', ''));
$lineExt->setAttribute('currencyID', 'JOD');
$iLine->appendChild($lineExt);
$item = $dom->createElement('cac:Item');
$item->appendChild($dom->createElement('cbc:Description', $line['description']));
$iLine->appendChild($item);
$price = $dom->createElement('cac:Price');
$pAmt = $dom->createElement('cbc:PriceAmount', number_format((float)$line['unit_price'], 3, '.', ''));
$pAmt->setAttribute('currencyID', 'JOD');
$price->appendChild($pAmt);
$iLine->appendChild($price);
$root->appendChild($iLine);
}
return $dom->saveXML();
}
}

83
app/Services/QueueService.php
View File

@@ -1,83 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services;
use App\Core\Redis;
use App\Core\Database;
final class QueueService
{
private const REDIS_QUEUE = 'musadaq_jobs';
public static function push(string $type, array $payload, int $priority = 0, int $delay = 0): void
{
$job = [
'id' => bin2hex(random_bytes(16)),
'type' => $type,
'payload' => $payload,
'priority' => $priority,
'attempts' => 0,
'created_at' => time()
];
try {
$redis = Redis::getInstance();
$redis->lpush(self::REDIS_QUEUE, json_encode($job));
} catch (\Throwable $e) {
// Fallback to MySQL
self::pushToDatabase($job);
}
}
private static function pushToDatabase(array $job): void
{
$db = Database::getInstance();
$stmt = $db->prepare("INSERT INTO queue_jobs (id, type, payload, priority, status) VALUES (?, ?, ?, ?, 'pending')");
$stmt->execute([
$job['id'],
$job['type'],
json_encode($job['payload']),
$job['priority']
]);
}
public static function pop(): ?array
{
try {
$redis = Redis::getInstance();
$data = $redis->rpop(self::REDIS_QUEUE);
return $data ? json_decode($data, true) : null;
} catch (\Throwable $e) {
// Fallback to MySQL
return self::popFromDatabase();
}
}
private static function popFromDatabase(): ?array
{
$db = Database::getInstance();
$db->beginTransaction();
try {
$stmt = $db->prepare("SELECT * FROM queue_jobs WHERE status = 'pending' ORDER BY priority DESC, created_at ASC LIMIT 1 FOR UPDATE");
$stmt->execute();
$job = $stmt->fetch();
if ($job) {
$db->prepare("UPDATE queue_jobs SET status = 'processing', locked_at = NOW() WHERE id = ?")->execute([$job['id']]);
$db->commit();
return [
'id' => $job['id'],
'type' => $job['type'],
'payload' => json_decode($job['payload'], true),
'attempts' => $job['attempts']
];
}
$db->commit();
} catch (\Throwable $e) {
$db->rollBack();
}
return null;
}
}

77
app/Services/RiskAnalysisService.php
View File

@@ -1,77 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services;
use App\Core\Database;
final class RiskAnalysisService
{
public function calculateCompanyRiskScore(string $companyId): array
{
$db = Database::getInstance();
$score = 100;
$factors = [];
// 1. Rejection Rate
$stmt = $db->prepare("SELECT status, COUNT(*) as count FROM invoices WHERE company_id = ? GROUP BY status");
$stmt->execute([$companyId]);
$stats = $stmt->fetchAll();
$total = 0;
$rejected = 0;
foreach ($stats as $stat) {
$total += $stat['count'];
if ($stat['status'] === 'rejected' || $stat['status'] === 'validation_failed') {
$rejected += $stat['count'];
}
}
if ($total > 0) {
$rejectionRate = $rejected / $total;
if ($rejectionRate > 0.10) { // More than 10% rejections
$penalty = min(30, (int)(($rejectionRate - 0.10) * 100));
$score -= $penalty;
$factors[] = "نسبة رفض عالية: " . round($rejectionRate * 100, 1) . "% (خصم {$penalty} نقطة)";
}
}
// 2. High Value Cash Invoices
$stmt = $db->prepare("SELECT COUNT(*) as count FROM invoices WHERE company_id = ? AND invoice_type = 'cash' AND grand_total > 5000");
$stmt->execute([$companyId]);
$highValueCash = $stmt->fetch()['count'];
if ($highValueCash > 0) {
$penalty = min(20, $highValueCash * 2);
$score -= $penalty;
$factors[] = "وجود فواتير نقدية بقيم عالية: {$highValueCash} فاتورة (خصم {$penalty} نقطة)";
}
// 3. Late submissions (invoice_date is much older than created_at)
$stmt = $db->prepare("SELECT COUNT(*) as count FROM invoices WHERE company_id = ? AND DATEDIFF(created_at, invoice_date) > 7");
$stmt->execute([$companyId]);
$lateInvoices = $stmt->fetch()['count'];
if ($lateInvoices > 0) {
$penalty = min(15, $lateInvoices * 1);
$score -= $penalty;
$factors[] = "تأخير في رفع الفواتير: {$lateInvoices} فاتورة متأخرة بأكثر من 7 أيام (خصم {$penalty} نقطة)";
}
// Determine Risk Level
$riskLevel = 'low';
if ($score < 50) {
$riskLevel = 'high';
} elseif ($score < 80) {
$riskLevel = 'medium';
}
return [
'score' => max(0, $score),
'level' => $riskLevel,
'factors' => $factors,
'calculated_at' => date('Y-m-d H:i:s')
];
}
}

48
app/Services/Security/EncryptionService.php
View File

@@ -1,48 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services\Security;
use Exception;
final class EncryptionService
{
private string $key;
private const METHOD = 'aes-256-gcm';
public function __construct()
{
// Load from config/secrets.php — NEVER from .env directly
$secrets = require dirname(__DIR__, 3) . '/config/secrets.php';
$key = $secrets['encryption_key'] ?? '';
if (strlen($key) !== 32) {
throw new \RuntimeException(
'ENCRYPTION_KEY_B64 not set or invalid. ' .
'Generate: php -r "echo base64_encode(random_bytes(32));"'
);
}
$this->key = $key;
}
public function encrypt(string $plaintext): string
{
$iv = random_bytes(12); // 12 bytes for GCM
$tag = '';
$ciphertext = openssl_encrypt($plaintext, self::METHOD, $this->key, OPENSSL_RAW_DATA, $iv, $tag, '', 16);
if ($ciphertext === false) throw new \RuntimeException('Encryption failed');
return base64_encode($iv) . ':' . base64_encode($ciphertext) . ':' . base64_encode($tag);
}
public function decrypt(string $data): string
{
[$iv64, $ct64, $tag64] = explode(':', $data);
$plaintext = openssl_decrypt(
base64_decode($ct64), self::METHOD, $this->key,
OPENSSL_RAW_DATA, base64_decode($iv64), base64_decode($tag64)
);
if ($plaintext === false) throw new \RuntimeException('Decryption failed');
return $plaintext;
}
}

50
app/Services/Security/HmacService.php
View File

@@ -1,50 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services\Security;
use App\Core\Redis;
final class HmacService
{
/**
* Verify HMAC signature for external API requests (Flutter)
*/
public function verify(string $secret, string $method, string $path,
string $timestamp, string $nonce, string $body, string $signature): bool
{
// 1. Timestamp window (±5 minutes)
if (abs(time() - (int)$timestamp) > 300) return false;
// 2. Nonce replay protection
try {
$redis = \App\Core\Redis::getInstance();
$nonceKey = 'hmac_nonce:' . $nonce;
if ($redis->exists($nonceKey)) return false; // Replay attack
$redis->setex($nonceKey, 600, '1'); // TTL 10 minutes
} catch (\Throwable $e) {
// Redis unavailable — log but don't fail (degrade gracefully)
error_log('[HMAC] Redis unavailable for nonce check: ' . $e->getMessage());
}
// 3. Build & compare signature
$bodyHash = hash('sha256', $body);
$stringToSign = strtoupper($method) . "\n" . $path . "\n" . $timestamp . "\n" . $nonce . "\n" . $bodyHash;
$calculated = hash_hmac('sha256', $stringToSign, $secret);
return hash_equals($calculated, $signature);
}
public function sign(string $secret, string $method, string $path, string $timestamp, string $nonce, string $body): string
{
$bodyHash = hash('sha256', $body);
$stringToSign = strtoupper($method) . "\n" .
$path . "\n" .
$timestamp . "\n" .
$nonce . "\n" .
$bodyHash;
return hash_hmac('sha256', $stringToSign, $secret);
}
}

49
app/Services/Security/JwtService.php
View File

@@ -1,49 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services\Security;
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
use Exception;
final class JwtService
{
private string $secret;
private int $accessExpiry;
private int $refreshExpiry;
public function __construct()
{
$this->secret = $_ENV['JWT_SECRET'] ?? 'change-me';
$this->accessExpiry = (int)($_ENV['JWT_ACCESS_EXPIRY'] ?? 900);
$this->refreshExpiry = (int)($_ENV['JWT_REFRESH_EXPIRY'] ?? 604800);
}
public function issueAccessToken(array $payload): string
{
$payload['exp'] = time() + $this->accessExpiry;
$payload['iat'] = time();
$payload['jti'] = bin2hex(random_bytes(16));
return JWT::encode($payload, $this->secret, 'HS256');
}
public function issueRefreshToken(string $userId): string
{
// Refresh token is a random string prefixed with userId for lookup
$random = bin2hex(random_bytes(32));
return $userId . '.' . $random;
}
public function verifyToken(string $token): array
{
try {
$decoded = JWT::decode($token, new Key($this->secret, 'HS256'));
return (array) $decoded;
} catch (Exception $e) {
throw new Exception("Invalid or expired token: " . $e->getMessage());
}
}
}

47
app/Services/SubscriptionService.php
View File

@@ -1,47 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services;
use App\Core\Database;
use Exception;
final class SubscriptionService
{
public function checkLimit(string $tenantId, string $type): void
{
$db = Database::getInstance();
$stmt = $db->prepare("SELECT * FROM subscriptions WHERE tenant_id = ? LIMIT 1");
$stmt->execute([$tenantId]);
$sub = $stmt->fetch();
if (!$sub) throw new Exception("لا يوجد اشتراك فعال");
if ($type === 'invoices') {
if ($sub['invoices_used_this_month'] >= $sub['max_invoices_per_month']) {
throw new Exception("لقد وصلت للحد الأقصى من الفواتير المسموح بها في خطتك الحالية");
}
}
if ($type === 'companies') {
$countStmt = $db->prepare("SELECT COUNT(*) as total FROM companies WHERE tenant_id = ? AND deleted_at IS NULL");
$countStmt->execute([$tenantId]);
$count = $countStmt->fetch()['total'];
if ($count >= $sub['max_companies']) {
throw new Exception("لقد وصلت للحد الأقصى من الشركات المسموح بها في خطتك الحالية");
}
}
}
public function incrementUsage(string $tenantId, string $type): void
{
if ($type === 'invoices') {
$db = Database::getInstance();
$stmt = $db->prepare("UPDATE subscriptions SET invoices_used_this_month = invoices_used_this_month + 1 WHERE tenant_id = ?");
$stmt->execute([$tenantId]);
}
}
}

72
app/Services/TaxValidationService.php
View File

@@ -1,72 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services;
final class TaxValidationService
{
/**
* Validate an invoice against Jordan ISTD rules (001-007)
*/
public function validate(array $invoice, array $lines): array
{
$errors = [];
// Rule 001: Total integrity (grand_total = Σ line_totals)
$lineSum = array_sum(array_column($lines, 'line_total'));
if (abs($invoice['grand_total'] - $lineSum) > 0.01) {
$errors[] = ['code' => 'RULE_001', 'message_ar' => 'مجموع سطور الفاتورة لا يطابق المجموع الكلي'];
}
// Rule 002: Tax integrity (tax_amount = subtotal × tax_rate)
foreach ($lines as $line) {
$expectedTax = round($line['quantity'] * $line['unit_price'] * $line['tax_rate'], 3);
if (abs($line['tax_amount'] - $expectedTax) > 0.01) {
$errors[] = ['code' => 'RULE_002', 'message_ar' => "خطأ في حساب الضريبة للسطر {$line['line_number']}"];
}
}
// Rule 003: Invoice number required
if (empty($invoice['invoice_number'])) {
$errors[] = ['code' => 'RULE_003', 'message_ar' => 'رقم الفاتورة مطلوب'];
}
// Rule 004: No future dates
if (strtotime($invoice['invoice_date']) > time()) {
$errors[] = ['code' => 'RULE_004', 'message_ar' => 'تاريخ الفاتورة لا يمكن أن يكون في المستقبل'];
}
// Rule 005: Valid JO Tax Rates
$validRates = [0.16, 0.10, 0.05, 0.04, 0.02, 0.00];
foreach ($lines as $line) {
if (!in_array(round((float)$line['tax_rate'], 2), $validRates)) {
$errors[] = ['code' => 'RULE_005', 'message_ar' => "نسبة الضريبة ({$line['tax_rate']}) غير صالحة في الأردن"];
}
}
// Rule 006: Buyer ID for large invoices (> 10,000 JOD)
if ($invoice['grand_total'] > 10000 && empty($invoice['buyer_tin']) && empty($invoice['buyer_national_id'])) {
$errors[] = ['code' => 'RULE_006', 'message_ar' => 'يجب تزويد الرقم الضريبي أو الوطني للمشتري للفواتير التي تتجاوز 10,000 دينار'];
}
// Rule 007: Discount integrity — subtotal - discount = Σ(line totals before tax)
$lineSumBeforeTax = array_sum(array_map(
fn($l) => round(($l['quantity'] * $l['unit_price']) - ($l['discount'] ?? 0), 3),
$lines
));
$expected = round($invoice['subtotal'] - $invoice['discount_total'], 3);
if (abs($expected - $lineSumBeforeTax) > 0.01) {
$errors[] = [
'code' => 'RULE_007',
'message_ar' => "خطأ في حساب الخصومات: المتوقع {$expected} JOD، المحسوب {$lineSumBeforeTax} JOD",
'message_en' => "Discount integrity error"
];
}
return [
'is_valid' => empty($errors),
'errors' => $errors
];
}
}

67
app/Services/TotpService.php
View File

@@ -1,67 +0,0 @@
<?php
declare(strict_types=1);
namespace App\Services;
/**
* TotpService
*
* Implements RFC 6238 for Two-Factor Authentication (TOTP).
*/
final class TotpService
{
public function generateSecret(): string
{
// Generate a random 16-character base32 secret
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
$secret = '';
for ($i = 0; $i < 16; $i++) {
$secret .= $chars[random_int(0, 31)];
}
return $secret;
}
public function getQrCodeUrl(string $email, string $secret): string
{
$issuer = urlencode('Musadaq');
$email = urlencode($email);
$qrUrl = "otpauth://totp/Musadaq:{$email}?secret={$secret}&issuer=Musadaq";
return "https://api.qrserver.com/v1/create-qr-code/?size=200x200&data=" . urlencode($qrUrl);
}
public function verify(string $secret, string $code, int $window = 1): bool
{
$time = floor(time() / 30);
for ($i = -$window; $i <= $window; $i++) {
$t = $time + $i;
$hash = hash_hmac('sha1', pack('N*', 0) . pack('N*', $t), $this->base32Decode($secret));
$offset = ord($hash[19]) & 0x0F;
$otp = ((ord($hash[$offset]) & 0x7F) << 24 | (ord($hash[$offset+1]) & 0xFF) << 16 | (ord($hash[$offset+2]) & 0xFF) << 8 | (ord($hash[$offset+3]) & 0xFF)) % 1000000;
if (str_pad((string)$otp, 6, '0', STR_PAD_LEFT) === $code) return true;
}
return false;
}
private function base32Decode(string $base32): string
{
$base32chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
$base32charsFlipped = array_flip(str_split($base32chars));
$output = '';
$v = 0;
$vbits = 0;
for ($i = 0, $j = strlen($base32); $i < $j; $i++) {
$v <<= 5;
if (isset($base32charsFlipped[$base32[$i]])) {
$v += $base32charsFlipped[$base32[$i]];
}
$vbits += 5;
while ($vbits >= 8) {
$vbits -= 8;
$output .= chr(($v >> $vbits) & 0xFF);
}
}
return $output;
}
}

19
app/bootstrap/auth.php Normal file
View File

@@ -0,0 +1,19 @@
<?php
/**
* Global Auth State (Optional Helper)
*/
declare(strict_types=1);
// This can be used to store the current user globally if needed
// after successful middleware check.
$GLOBALS['current_user'] = null;
function current_user() {
return $GLOBALS['current_user'];
}
function set_current_user(array $user) {
$GLOBALS['current_user'] = $user;
}

21
app/bootstrap/env.php Normal file
View File

@@ -0,0 +1,21 @@
<?php
/**
* Simple .env Loader
*/
if (file_exists(ROOT_PATH . '/.env')) {
$lines = file(ROOT_PATH . '/.env', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
foreach ($lines as $line) {
if (str_starts_with(trim($line), '#')) continue;
list($name, $value) = explode('=', $line, 2);
$name = trim($name);
$value = trim($value, " \t\n\r\0\x0B\"'");
if (!array_key_exists($name, $_SERVER) && !array_key_exists($name, $_ENV)) {
putenv(sprintf('%s=%s', $name, $value));
$_ENV[$name] = $value;
$_SERVER[$name] = $value;
}
}
}

29
app/bootstrap/init.php Normal file
View File

@@ -0,0 +1,29 @@
<?php
/**
* Simple Bootstrap Initialization
*/
declare(strict_types=1);
// 1. Constants
define('ROOT_PATH', dirname(__DIR__, 2));
define('APP_PATH', ROOT_PATH . '/app');
define('STORAGE_PATH', ROOT_PATH . '/storage');
// 2. Load Environment Variables
require_once APP_PATH . '/bootstrap/env.php';
// 3. Common Helpers
require_once APP_PATH . '/helpers/helpers.php';
// 4. Core Classes (Manual autoload for simplicity)
require_once APP_PATH . '/core/Database.php';
require_once APP_PATH . '/core/JWT.php';
require_once APP_PATH . '/core/Security.php';
require_once APP_PATH . '/core/Validator.php';
// 5. Response Utility
require_once APP_PATH . '/bootstrap/response.php';
// 6. Auth Session/State (Simple)
require_once APP_PATH . '/bootstrap/auth.php';

25
app/bootstrap/response.php Normal file
View File

@@ -0,0 +1,25 @@
<?php
/**
* Standardized JSON Responses
*/
function json_response(bool $success, $data = null, ?string $message = null, int $code = 200) {
header('Content-Type: application/json; charset=utf-8');
http_response_code($code);
echo json_encode([
'success' => $success,
'data' => $data,
'message' => $message,
'timestamp' => date('c')
], JSON_UNESCAPED_UNICODE);
exit;
}
function json_error(string $message, int $code = 400, $errors = null) {
json_response(false, $errors, $message, $code);
}
function json_success($data = null, ?string $message = 'Success', int $code = 200) {
json_response(true, $data, $message, $code);
}

13
app/config/database.php Normal file
View File

@@ -0,0 +1,13 @@
<?php
/**
* Database Configuration
*/
return [
'host' => $_ENV['DB_HOST'] ?? '127.0.0.1',
'port' => $_ENV['DB_PORT'] ?? '3306',
'database' => $_ENV['DB_DATABASE'] ?? 'musadaqDb',
'username' => $_ENV['DB_USERNAME'] ?? 'musadaqUser',
'password' => $_ENV['DB_PASSWORD'] ?? '',
'charset' => $_ENV['DB_CHARSET'] ?? 'utf8mb4',
];

34
app/helpers/helpers.php Normal file
View File

@@ -0,0 +1,34 @@
<?php
/**
* Global Helper Functions
*/
if (!function_exists('env')) {
function env(string $key, $default = null) {
return $_ENV[$key] ?? $default;
}
}
if (!function_exists('input')) {
function input(string $key = null, $default = null) {
static $inputData = null;
if ($inputData === null) {
$json = file_get_contents('php://input');
$inputData = array_merge($_GET, $_POST, json_decode($json, true) ?? []);
}
if ($key === null) return $inputData;
return $inputData[$key] ?? $default;
}
}
if (!function_exists('dd')) {
function dd(...$vars) {
foreach ($vars as $v) {
echo "<pre>";
var_dump($v);
echo "</pre>";
}
die();
}
}

58
app/modules_app/auth/login.php Normal file
View File

@@ -0,0 +1,58 @@
<?php
/**
* Auth Login Endpoint
*/
use App\Core\Database;
use App\Core\JWT;
use App\Core\Validator;
$data = input();
// 1. Validation
$errors = Validator::validate($data, [
'email' => 'required|email',
'password' => 'required'
]);
if ($errors) {
json_error('Validation Failed', 422, $errors);
}
$email = $data['email'];
$password = $data['password'];
// 2. DB Check
$db = Database::getInstance();
$stmt = $db->prepare("SELECT * FROM users WHERE email = ? LIMIT 1");
$stmt->execute([$email]);
$user = $stmt->fetch();
if (!$user || !password_verify($password, $user['password_hash'])) {
json_error('بيانات الدخول غير صحيحة', 401);
}
// 3. Issue Token
$secret = env('JWT_SECRET', 'super-secret-key');
$payload = [
'user_id' => $user['id'],
'role' => $user['role'],
'exp' => time() + (15 * 60) // 15 minutes
];
$token = JWT::encode($payload, $secret);
// 4. Update Refresh Token (Simple stored in DB as requested)
$refreshToken = bin2hex(random_bytes(32));
$stmt = $db->prepare("UPDATE users SET refresh_token = ? WHERE id = ?");
$stmt->execute([$refreshToken, $user['id']]);
json_success([
'access_token' => $token,
'refresh_token' => $refreshToken,
'user' => [
'id' => $user['id'],
'name' => $user['name'],
'email' => $user['email']
]
], 'تم تسجيل الدخول بنجاح');

18
app/modules_app/auth/logout.php Normal file
View File

@@ -0,0 +1,18 @@
<?php
/**
* Auth Logout Endpoint
*/
use App\Core\Database;
use App\Middleware\AuthMiddleware;
// 1. Check Authentication
$decoded = AuthMiddleware::check();
$userId = $decoded['user_id'];
// 2. Invalidate Refresh Token
$db = Database::getInstance();
$stmt = $db->prepare("UPDATE users SET refresh_token = NULL WHERE id = ?");
$stmt->execute([$userId]);
json_success(null, 'تم تسجيل الخروج بنجاح');

41
app/modules_app/auth/refresh.php Normal file
View File

@@ -0,0 +1,41 @@
<?php
/**
* Auth Refresh Endpoint
*/
use App\Core\Database;
use App\Core\JWT;
$data = input();
$refreshToken = $data['refresh_token'] ?? null;
if (!$refreshToken) {
json_error('Refresh token is required', 400);
}
$db = Database::getInstance();
$stmt = $db->prepare("SELECT * FROM users WHERE refresh_token = ? LIMIT 1");
$stmt->execute([$refreshToken]);
$user = $stmt->fetch();
if (!$user) {
json_error('Invalid refresh token', 401);
}
$secret = env('JWT_SECRET', 'super-secret-key');
$payload = [
'user_id' => $user['id'],
'role' => $user['role'],
'exp' => time() + (15 * 60)
];
$newToken = JWT::encode($payload, $secret);
$newRefreshToken = bin2hex(random_bytes(32));
$stmt = $db->prepare("UPDATE users SET refresh_token = ? WHERE id = ?");
$stmt->execute([$newRefreshToken, $user['id']]);
json_success([
'access_token' => $newToken,
'refresh_token' => $newRefreshToken
], 'تم تجديد الجلسة بنجاح');

28
app/modules_app/trips/index.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
/**
* Trips List Endpoint (Example Module)
*/
use App\Core\Database;
use App\Middleware\AuthMiddleware;
use App\Middleware\RateLimitMiddleware;
// 1. Rate Limiting (e.g., 30 requests per minute)
RateLimitMiddleware::check(30, 60);
// 2. Auth Check
$decoded = AuthMiddleware::check();
// 3. Fetch Data
// Note: Assumes a 'trips' table exists based on the requested structure
$db = Database::getInstance();
try {
$stmt = $db->prepare("SELECT * FROM trips WHERE user_id = ? ORDER BY created_at DESC");
$stmt->execute([$decoded['user_id']]);
$trips = $stmt->fetchAll();
json_success($trips);
} catch (\PDOException $e) {
// If table doesn't exist, return empty for the sake of the skeleton
json_success([], 'Trips table not found, returning empty array for demonstration.');
}

23
app/modules_app/users/index.php Normal file
View File

@@ -0,0 +1,23 @@
<?php
/**
* Users List Endpoint
*/
use App\Core\Database;
use App\Middleware\AuthMiddleware;
// 1. Auth Check
$decoded = AuthMiddleware::check();
// 2. Simple Role-Based Access Control (RBAC)
if ($decoded['role'] !== 'super_admin' && $decoded['role'] !== 'admin') {
json_error('غير مصرح لك بالوصول لهذه البيانات', 403);
}
// 3. Fetch Data
$db = Database::getInstance();
$stmt = $db->prepare("SELECT id, name, email, role, is_active, created_at FROM users");
$stmt->execute();
$users = $stmt->fetchAll();
json_success($users);

10
config/app.php
View File

@@ -1,10 +0,0 @@
<?php
declare(strict_types=1);
return [
'name' => $_ENV['APP_NAME'] ?? 'مُصادَق',
'env' => $_ENV['APP_ENV'] ?? 'production',
'url' => $_ENV['APP_URL'] ?? 'https://musadeq2.intaleqapp.com',
'timezone' => $_ENV['APP_TIMEZONE'] ?? 'Asia/Amman',
];

11
config/auth.php
View File

@@ -1,11 +0,0 @@
<?php
declare(strict_types=1);
return [
'jwt' => [
'secret' => $_ENV['JWT_SECRET'] ?? '',
'access_expiry' => (int)($_ENV['JWT_ACCESS_EXPIRY'] ?? 900),
'refresh_expiry' => (int)($_ENV['JWT_REFRESH_EXPIRY'] ?? 604800),
],
];

12
config/database.php
View File

@@ -1,12 +0,0 @@
<?php
declare(strict_types=1);
return [
'host' => $_ENV['DB_HOST'] ?? '127.0.0.1',
'port' => $_ENV['DB_PORT'] ?? '3306',
'database' => $_ENV['DB_DATABASE'] ?? 'musadaq_db',
'username' => $_ENV['DB_USERNAME'] ?? 'musadaq_user',
'password' => $_ENV['DB_PASSWORD'] ?? '',
'charset' => $_ENV['DB_CHARSET'] ?? 'utf8mb4',
];

7
config/secrets.php
View File

@@ -1,7 +0,0 @@
<?php
// ⚠️ This file must NEVER be committed to Git
// Add to .gitignore: config/secrets.php
return [
// Generated for Musadaq Security Hardening
'encryption_key' => base64_decode($_ENV['ENCRYPTION_KEY_B64'] ?? '0AEcpckd2g6eMA3ofBXRpgrDbV6ExWkB+D1Hl5pE+I0='),
];

28
config/services.php
View File

@@ -1,28 +0,0 @@
<?php
declare(strict_types=1);
return [
'ai' => [
'gemini' => [
'key' => $_ENV['GEMINI_API_KEY'] ?? '',
'model' => $_ENV['GEMINI_MODEL'] ?? 'gemini-2.0-flash',
],
'openai' => [
'key' => $_ENV['OPENAI_API_KEY'] ?? '',
'model' => $_ENV['OPENAI_MODEL'] ?? 'gpt-4o',
],
],
'jofotara' => [
'base_url' => $_ENV['JOFOTARA_BASE_URL'] ?? 'https://backend.jofotara.gov.jo/core/invoices',
'env' => $_ENV['JOFOTARA_ENV'] ?? 'production',
],
'mail' => [
'host' => $_ENV['MAIL_HOST'] ?? '',
'port' => (int)($_ENV['MAIL_PORT'] ?? 587),
'username' => $_ENV['MAIL_USERNAME'] ?? '',
'password' => $_ENV['MAIL_PASSWORD'] ?? '',
'from' => $_ENV['MAIL_FROM'] ?? 'noreply@musadaq.app',
'from_name' => $_ENV['MAIL_FROM_NAME'] ?? 'مُصادَق',
],
];

41
database/migrations/001_initial_schema.sql
View File

@@ -1,41 +0,0 @@
-- ─── Tenants ──────────────────────────────────────────────
CREATE TABLE IF NOT EXISTS tenants (
id CHAR(36) NOT NULL DEFAULT (UUID()),
name VARCHAR(255) NOT NULL,
email VARCHAR(255) NOT NULL,
phone VARCHAR(20) NULL,
status ENUM('active','suspended','trial') NOT NULL DEFAULT 'trial',
trial_ends_at DATETIME NULL,
settings JSON DEFAULT (JSON_OBJECT()),
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
deleted_at DATETIME NULL,
PRIMARY KEY (id),
UNIQUE KEY uq_tenants_email (email)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- ─── Users ────────────────────────────────────────────────
CREATE TABLE IF NOT EXISTS users (
id CHAR(36) NOT NULL DEFAULT (UUID()),
tenant_id CHAR(36) NOT NULL,
name VARCHAR(255) NOT NULL,
email VARCHAR(255) NOT NULL,
password_hash VARCHAR(255) NOT NULL,
role ENUM('super_admin','admin','accountant','employee','viewer') NOT NULL,
assigned_company_id CHAR(36) NULL,
refresh_token_hash VARCHAR(255) NULL,
totp_secret VARCHAR(64) NULL,
totp_enabled TINYINT(1) NOT NULL DEFAULT 0,
is_active TINYINT(1) NOT NULL DEFAULT 1,
email_verified_at DATETIME NULL,
last_login_at DATETIME NULL,
last_login_ip VARCHAR(45) NULL,
failed_login_count INT NOT NULL DEFAULT 0,
locked_until DATETIME NULL,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
deleted_at DATETIME NULL,
PRIMARY KEY (id),
UNIQUE KEY uq_tenant_email (tenant_id, email),
CONSTRAINT fk_users_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

47
database/migrations/002_core_modules.sql
View File

@@ -1,47 +0,0 @@
-- ─── Companies ────────────────────────────────────────────
CREATE TABLE IF NOT EXISTS companies (
id CHAR(36) NOT NULL DEFAULT (UUID()),
tenant_id CHAR(36) NOT NULL,
name VARCHAR(255) NOT NULL,
name_en VARCHAR(255) NULL,
tax_identification_number VARCHAR(20) NOT NULL,
commercial_registration_number VARCHAR(50) NULL,
address TEXT NULL,
city VARCHAR(100) NULL,
contact_email VARCHAR(255) NULL,
contact_phone VARCHAR(20) NULL,
jofotara_client_id_encrypted TEXT NULL,
jofotara_secret_key_encrypted TEXT NULL,
jofotara_income_source_sequence VARCHAR(50) NULL,
certificate_path VARCHAR(255) NULL,
certificate_password_encrypted TEXT NULL,
is_jofotara_linked TINYINT(1) NOT NULL DEFAULT 0,
is_active TINYINT(1) NOT NULL DEFAULT 1,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
deleted_at DATETIME NULL,
PRIMARY KEY (id),
INDEX idx_companies_tenant (tenant_id),
INDEX idx_companies_tin (tax_identification_number),
CONSTRAINT fk_companies_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- ─── Subscriptions ────────────────────────────────────────
CREATE TABLE IF NOT EXISTS subscriptions (
id CHAR(36) NOT NULL DEFAULT (UUID()),
tenant_id CHAR(36) NOT NULL,
plan ENUM('free','basic','office','pro','enterprise') NOT NULL DEFAULT 'basic',
max_companies INT NOT NULL DEFAULT 3,
max_invoices_per_month INT NOT NULL DEFAULT 50,
max_users INT NOT NULL DEFAULT 2,
price_jod DECIMAL(10,2) NOT NULL DEFAULT 0.00,
invoices_used_this_month INT NOT NULL DEFAULT 0,
status ENUM('active','past_due','cancelled','trial') NOT NULL DEFAULT 'active',
current_period_start DATETIME NULL,
current_period_end DATETIME NULL,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
PRIMARY KEY (id),
UNIQUE KEY uq_sub_tenant (tenant_id),
CONSTRAINT fk_sub_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

69
database/migrations/003_invoices.sql
View File

@@ -1,69 +0,0 @@
-- ─── Invoices ─────────────────────────────────────────────
CREATE TABLE IF NOT EXISTS invoices (
id CHAR(36) NOT NULL DEFAULT (UUID()),
tenant_id CHAR(36) NOT NULL,
company_id CHAR(36) NOT NULL,
uploaded_by CHAR(36) NULL,
invoice_number VARCHAR(100) NULL,
invoice_date DATE NULL,
invoice_type ENUM('cash','credit') NOT NULL DEFAULT 'cash',
ubl_type_code CHAR(3) NOT NULL DEFAULT '388',
payment_method_code CHAR(3) NOT NULL DEFAULT '013',
supplier_tin VARCHAR(20) NULL,
supplier_name VARCHAR(255) NULL,
supplier_address TEXT NULL,
buyer_tin VARCHAR(20) NULL,
buyer_national_id VARCHAR(20) NULL,
buyer_name VARCHAR(255) NULL,
subtotal DECIMAL(15,3) NOT NULL DEFAULT 0,
discount_total DECIMAL(15,3) NOT NULL DEFAULT 0,
tax_amount DECIMAL(15,3) NOT NULL DEFAULT 0,
grand_total DECIMAL(15,3) NOT NULL DEFAULT 0,
currency_code CHAR(3) NOT NULL DEFAULT 'JOD',
status ENUM('uploaded','extracting','extracted','validated',
'validation_failed','submitting','approved','rejected')
NOT NULL DEFAULT 'uploaded',
original_file_path TEXT NULL,
original_file_hash VARCHAR(64) NULL,
invoice_category VARCHAR(20) NOT NULL DEFAULT 'simplified',
validation_errors JSON NULL,
qr_code TEXT NULL,
jofotara_response JSON NULL,
ai_provider VARCHAR(20) NULL,
ai_confidence_score DECIMAL(4,3) NULL,
ai_prompt_tokens INT NOT NULL DEFAULT 0,
ai_completion_tokens INT NOT NULL DEFAULT 0,
ai_total_cost DECIMAL(10,6) NOT NULL DEFAULT 0,
ai_raw_response JSON NULL,
idempotency_key VARCHAR(64) NULL,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
deleted_at DATETIME NULL,
PRIMARY KEY (id),
UNIQUE KEY uq_idempotency (idempotency_key),
INDEX idx_invoices_tenant (tenant_id),
INDEX idx_invoices_company (company_id),
INDEX idx_invoices_status (status),
INDEX idx_invoices_date (invoice_date),
INDEX idx_invoices_file_hash (original_file_hash),
CONSTRAINT fk_inv_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE,
CONSTRAINT fk_inv_company FOREIGN KEY (company_id) REFERENCES companies(id) ON DELETE CASCADE,
CONSTRAINT fk_inv_user FOREIGN KEY (uploaded_by) REFERENCES users(id) ON DELETE SET NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- ─── Invoice Lines ────────────────────────────────────────
CREATE TABLE IF NOT EXISTS invoice_lines (
id CHAR(36) NOT NULL DEFAULT (UUID()),
invoice_id CHAR(36) NOT NULL,
line_number INT NOT NULL,
description TEXT NOT NULL,
quantity DECIMAL(15,3) NOT NULL,
unit_price DECIMAL(15,3) NOT NULL,
discount DECIMAL(15,3) NOT NULL DEFAULT 0,
tax_rate DECIMAL(5,4) NOT NULL,
tax_amount DECIMAL(15,3) NOT NULL DEFAULT 0,
line_total DECIMAL(15,3) NOT NULL,
PRIMARY KEY (id),
INDEX idx_lines_invoice (invoice_id),
CONSTRAINT fk_lines_invoice FOREIGN KEY (invoice_id) REFERENCES invoices(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

80
database/migrations/004_system.sql
View File

@@ -1,80 +0,0 @@
-- ─── Audit Logs ───────────────────────────────────────────
CREATE TABLE IF NOT EXISTS audit_logs (
id CHAR(36) NOT NULL DEFAULT (UUID()),
tenant_id CHAR(36) NULL,
user_id CHAR(36) NULL,
action VARCHAR(100) NOT NULL,
entity_type VARCHAR(50) NULL,
entity_id CHAR(36) NULL,
old_data JSON NULL,
new_data JSON NULL,
ip_address VARCHAR(45) NULL,
user_agent TEXT NULL,
metadata JSON NULL,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (id),
INDEX idx_audit_tenant (tenant_id),
INDEX idx_audit_action (action),
INDEX idx_audit_created (created_at)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- ─── Risk Scores ──────────────────────────────────────────
CREATE TABLE IF NOT EXISTS risk_scores (
id CHAR(36) NOT NULL DEFAULT (UUID()),
tenant_id CHAR(36) NOT NULL,
company_id CHAR(36) NOT NULL,
invoice_id CHAR(36) NULL,
risk_type VARCHAR(50) NOT NULL,
score TINYINT UNSIGNED NOT NULL,
reason TEXT NOT NULL,
is_resolved TINYINT(1) NOT NULL DEFAULT 0,
resolved_by CHAR(36) NULL,
resolved_at DATETIME NULL,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (id),
INDEX idx_risk_tenant (tenant_id),
INDEX idx_risk_unresolved (is_resolved),
CONSTRAINT fk_risk_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE,
CONSTRAINT fk_risk_company FOREIGN KEY (company_id) REFERENCES companies(id) ON DELETE CASCADE,
CONSTRAINT fk_risk_invoice FOREIGN KEY (invoice_id) REFERENCES invoices(id) ON DELETE SET NULL,
CONSTRAINT fk_risk_resolver FOREIGN KEY (resolved_by) REFERENCES users(id) ON DELETE SET NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- ─── Queue Jobs ───────────────────────────────────────────
CREATE TABLE IF NOT EXISTS queue_jobs (
id CHAR(36) NOT NULL DEFAULT (UUID()),
type VARCHAR(100) NOT NULL,
payload JSON NOT NULL,
priority INT NOT NULL DEFAULT 0,
attempts INT NOT NULL DEFAULT 0,
max_attempts INT NOT NULL DEFAULT 3,
status ENUM('pending','processing','completed','failed','dead')
NOT NULL DEFAULT 'pending',
error TEXT NULL,
locked_at DATETIME NULL,
locked_by VARCHAR(100) NULL,
scheduled_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
completed_at DATETIME NULL,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (id),
INDEX idx_queue_pending (status, priority DESC, scheduled_at)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- ─── API Keys ─────────────────────────────────────────────
CREATE TABLE IF NOT EXISTS api_keys (
id CHAR(36) NOT NULL DEFAULT (UUID()),
tenant_id CHAR(36) NOT NULL,
user_id CHAR(36) NOT NULL,
name VARCHAR(100) NOT NULL,
public_key VARCHAR(64) NOT NULL,
secret_hash VARCHAR(255) NOT NULL,
permissions JSON DEFAULT (JSON_ARRAY('invoices:read','invoices:upload')),
last_used_at DATETIME NULL,
is_active TINYINT(1) NOT NULL DEFAULT 1,
expires_at DATETIME NULL,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (id),
UNIQUE KEY uq_api_public_key (public_key),
CONSTRAINT fk_apikeys_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE,
CONSTRAINT fk_apikeys_user FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

12
database/migrations/005_notifications.sql
View File

@@ -1,12 +0,0 @@
CREATE TABLE IF NOT EXISTS notifications (
id CHAR(36) NOT NULL DEFAULT (UUID()),
user_id CHAR(36) NOT NULL,
title VARCHAR(255) NOT NULL,
message TEXT NOT NULL,
type ENUM('info','success','warning','error') NOT NULL DEFAULT 'info',
is_read TINYINT(1) NOT NULL DEFAULT 0,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (id),
INDEX idx_notif_user (user_id),
CONSTRAINT fk_notif_user FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

260
database/schema.sql
View File

@@ -1,260 +0,0 @@
SET NAMES utf8mb4;
SET CHARACTER SET utf8mb4;
-- ─── Tenants ──────────────────────────────────────────────
CREATE TABLE tenants (
id CHAR(36) NOT NULL DEFAULT (UUID()),
name VARCHAR(255) NOT NULL,
email VARCHAR(255) NOT NULL,
phone VARCHAR(20) NULL,
status ENUM('active','suspended','trial') NOT NULL DEFAULT 'trial',
trial_ends_at DATETIME NULL,
settings JSON DEFAULT (JSON_OBJECT()),
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
deleted_at DATETIME NULL,
PRIMARY KEY (id),
UNIQUE KEY uq_tenants_email (email)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- ─── Users ────────────────────────────────────────────────
CREATE TABLE users (
id CHAR(36) NOT NULL DEFAULT (UUID()),
tenant_id CHAR(36) NOT NULL,
name VARCHAR(255) NOT NULL,
email VARCHAR(255) NOT NULL,
password_hash VARCHAR(255) NOT NULL,
role ENUM('super_admin','admin','accountant','employee','viewer') NOT NULL,
assigned_company_id CHAR(36) NULL,
refresh_token_hash VARCHAR(255) NULL,
totp_secret VARCHAR(64) NULL,
totp_enabled TINYINT(1) NOT NULL DEFAULT 0,
is_active TINYINT(1) NOT NULL DEFAULT 1,
email_verified_at DATETIME NULL,
last_login_at DATETIME NULL,
last_login_ip VARCHAR(45) NULL,
failed_login_count INT NOT NULL DEFAULT 0,
locked_until DATETIME NULL,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
deleted_at DATETIME NULL,
PRIMARY KEY (id),
UNIQUE KEY uq_tenant_email (tenant_id, email),
CONSTRAINT fk_users_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- ─── API Keys ─────────────────────────────────────────────
CREATE TABLE api_keys (
id CHAR(36) NOT NULL DEFAULT (UUID()),
tenant_id CHAR(36) NOT NULL,
user_id CHAR(36) NOT NULL,
name VARCHAR(100) NOT NULL,
public_key VARCHAR(64) NOT NULL,
secret_hash VARCHAR(255) NOT NULL,
permissions JSON DEFAULT (JSON_ARRAY('invoices:read','invoices:upload')),
last_used_at DATETIME NULL,
is_active TINYINT(1) NOT NULL DEFAULT 1,
expires_at DATETIME NULL,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (id),
UNIQUE KEY uq_api_public_key (public_key),
CONSTRAINT fk_apikeys_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE,
CONSTRAINT fk_apikeys_user FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- ─── Companies ────────────────────────────────────────────
CREATE TABLE companies (
id CHAR(36) NOT NULL DEFAULT (UUID()),
tenant_id CHAR(36) NOT NULL,
name VARCHAR(255) NOT NULL,
name_en VARCHAR(255) NULL,
tax_identification_number VARCHAR(20) NOT NULL,
commercial_registration_number VARCHAR(50) NULL,
address TEXT NULL,
city VARCHAR(100) NULL,
contact_email VARCHAR(255) NULL,
contact_phone VARCHAR(20) NULL,
jofotara_client_id_encrypted TEXT NULL,
jofotara_secret_key_encrypted TEXT NULL,
jofotara_income_source_sequence VARCHAR(50) NULL,
certificate_path VARCHAR(255) NULL,
certificate_password_encrypted TEXT NULL,
is_jofotara_linked TINYINT(1) NOT NULL DEFAULT 0,
is_active TINYINT(1) NOT NULL DEFAULT 1,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
deleted_at DATETIME NULL,
PRIMARY KEY (id),
INDEX idx_companies_tenant (tenant_id),
INDEX idx_companies_tin (tax_identification_number),
CONSTRAINT fk_companies_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- ─── Subscriptions ────────────────────────────────────────
CREATE TABLE subscriptions (
id CHAR(36) NOT NULL DEFAULT (UUID()),
tenant_id CHAR(36) NOT NULL,
plan ENUM('free','basic','office','pro','enterprise') NOT NULL DEFAULT 'basic',
max_companies INT NOT NULL DEFAULT 3,
max_invoices_per_month INT NOT NULL DEFAULT 50,
max_users INT NOT NULL DEFAULT 2,
price_jod DECIMAL(10,2) NOT NULL DEFAULT 0.00,
invoices_used_this_month INT NOT NULL DEFAULT 0,
status ENUM('active','past_due','cancelled','trial') NOT NULL DEFAULT 'active',
current_period_start DATETIME NULL,
current_period_end DATETIME NULL,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
PRIMARY KEY (id),
UNIQUE KEY uq_sub_tenant (tenant_id),
CONSTRAINT fk_sub_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- ─── Invoices ─────────────────────────────────────────────
CREATE TABLE invoices (
id CHAR(36) NOT NULL DEFAULT (UUID()),
tenant_id CHAR(36) NOT NULL,
company_id CHAR(36) NOT NULL,
uploaded_by CHAR(36) NULL,
invoice_number VARCHAR(100) NULL,
invoice_date DATE NULL,
invoice_type ENUM('cash','credit') NOT NULL DEFAULT 'cash',
ubl_type_code CHAR(3) NOT NULL DEFAULT '388',
payment_method_code CHAR(3) NOT NULL DEFAULT '013',
supplier_tin VARCHAR(20) NULL,
supplier_name VARCHAR(255) NULL,
supplier_address TEXT NULL,
buyer_tin VARCHAR(20) NULL,
buyer_national_id VARCHAR(20) NULL,
buyer_name VARCHAR(255) NULL,
subtotal DECIMAL(15,3) NOT NULL DEFAULT 0,
discount_total DECIMAL(15,3) NOT NULL DEFAULT 0,
tax_amount DECIMAL(15,3) NOT NULL DEFAULT 0,
grand_total DECIMAL(15,3) NOT NULL DEFAULT 0,
currency_code CHAR(3) NOT NULL DEFAULT 'JOD',
status ENUM('uploaded','extracting','extracted','validated',
'validation_failed','submitting','approved','rejected')
NOT NULL DEFAULT 'uploaded',
original_file_path TEXT NULL,
original_file_hash VARCHAR(64) NULL,
invoice_category VARCHAR(20) NOT NULL DEFAULT 'simplified',
validation_errors JSON NULL,
qr_code TEXT NULL,
jofotara_response JSON NULL,
ai_provider VARCHAR(20) NULL,
ai_confidence_score DECIMAL(4,3) NULL,
ai_prompt_tokens INT NOT NULL DEFAULT 0,
ai_completion_tokens INT NOT NULL DEFAULT 0,
ai_total_cost DECIMAL(10,6) NOT NULL DEFAULT 0,
ai_raw_response JSON NULL,
idempotency_key VARCHAR(64) NULL,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
deleted_at DATETIME NULL,
PRIMARY KEY (id),
UNIQUE KEY uq_idempotency (idempotency_key),
INDEX idx_invoices_tenant (tenant_id),
INDEX idx_invoices_company (company_id),
INDEX idx_invoices_status (status),
INDEX idx_invoices_date (invoice_date),
INDEX idx_invoices_file_hash (original_file_hash),
CONSTRAINT fk_inv_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE,
CONSTRAINT fk_inv_company FOREIGN KEY (company_id) REFERENCES companies(id) ON DELETE CASCADE,
CONSTRAINT fk_inv_user FOREIGN KEY (uploaded_by) REFERENCES users(id) ON DELETE SET NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- ─── Invoice Lines ────────────────────────────────────────
CREATE TABLE invoice_lines (
id CHAR(36) NOT NULL DEFAULT (UUID()),
invoice_id CHAR(36) NOT NULL,
line_number INT NOT NULL,
description TEXT NOT NULL,
quantity DECIMAL(15,3) NOT NULL,
unit_price DECIMAL(15,3) NOT NULL,
discount DECIMAL(15,3) NOT NULL DEFAULT 0,
tax_rate DECIMAL(5,4) NOT NULL,
tax_amount DECIMAL(15,3) NOT NULL DEFAULT 0,
line_total DECIMAL(15,3) NOT NULL,
PRIMARY KEY (id),
INDEX idx_lines_invoice (invoice_id),
CONSTRAINT fk_lines_invoice FOREIGN KEY (invoice_id) REFERENCES invoices(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- ─── Audit Logs ───────────────────────────────────────────
CREATE TABLE audit_logs (
id CHAR(36) NOT NULL DEFAULT (UUID()),
tenant_id CHAR(36) NULL,
user_id CHAR(36) NULL,
action VARCHAR(100) NOT NULL,
entity_type VARCHAR(50) NULL,
entity_id CHAR(36) NULL,
old_data JSON NULL,
new_data JSON NULL,
ip_address VARCHAR(45) NULL,
user_agent TEXT NULL,
metadata JSON NULL,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (id),
INDEX idx_audit_tenant (tenant_id),
INDEX idx_audit_action (action),
INDEX idx_audit_created (created_at)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- ─── Risk Scores ──────────────────────────────────────────
CREATE TABLE risk_scores (
id CHAR(36) NOT NULL DEFAULT (UUID()),
tenant_id CHAR(36) NOT NULL,
company_id CHAR(36) NOT NULL,
invoice_id CHAR(36) NULL,
risk_type VARCHAR(50) NOT NULL,
risk_level ENUM('low', 'medium', 'high', 'critical') NOT NULL DEFAULT 'low',
score TINYINT UNSIGNED NOT NULL,
reason TEXT NOT NULL,
factors JSON NULL,
is_resolved TINYINT(1) NOT NULL DEFAULT 0,
resolved_by CHAR(36) NULL,
resolved_at DATETIME NULL,
calculated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (id),
INDEX idx_risk_tenant (tenant_id),
INDEX idx_risk_unresolved (is_resolved),
CONSTRAINT fk_risk_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE,
CONSTRAINT fk_risk_company FOREIGN KEY (company_id) REFERENCES companies(id) ON DELETE CASCADE,
CONSTRAINT fk_risk_invoice FOREIGN KEY (invoice_id) REFERENCES invoices(id) ON DELETE SET NULL,
CONSTRAINT fk_risk_resolver FOREIGN KEY (resolved_by) REFERENCES users(id) ON DELETE SET NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- ─── Notifications ────────────────────────────────────────
CREATE TABLE notifications (
id CHAR(36) NOT NULL DEFAULT (UUID()),
user_id CHAR(36) NOT NULL,
title VARCHAR(255) NOT NULL,
message TEXT NOT NULL,
type VARCHAR(50) NOT NULL DEFAULT 'info',
is_read TINYINT(1) NOT NULL DEFAULT 0,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (id),
INDEX idx_notifications_user (user_id),
CONSTRAINT fk_notifications_user FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- ─── Queue Jobs (MySQL fallback when Redis unavailable) ───
CREATE TABLE queue_jobs (
id CHAR(36) NOT NULL DEFAULT (UUID()),
type VARCHAR(100) NOT NULL,
payload JSON NOT NULL,
priority INT NOT NULL DEFAULT 0,
attempts INT NOT NULL DEFAULT 0,
max_attempts INT NOT NULL DEFAULT 3,
status ENUM('pending','processing','completed','failed','dead')
NOT NULL DEFAULT 'pending',
error TEXT NULL,
locked_at DATETIME NULL,
locked_by VARCHAR(100) NULL,
scheduled_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
completed_at DATETIME NULL,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (id),
INDEX idx_queue_pending (status, priority DESC, scheduled_at)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

5894
musadaq_full_code.md
View File

File diff suppressed because it is too large Load Diff

18
phpunit.xml
View File

@@ -1,18 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/11.0/phpunit.xsd"
bootstrap="vendor/autoload.php"
colors="true">
<testsuites>
<testsuite name="Unit">
<directory>tests/Unit</directory>
</testsuite>
<testsuite name="Feature">
<directory>tests/Feature</directory>
</testsuite>
</testsuites>
<php>
<env name="APP_ENV" value="testing"/>
<env name="DB_DATABASE" value="musadeq_test"/>
</php>
</phpunit>

85
public/assets/css/app.css
View File

@@ -1,85 +0,0 @@
@import url('https://fonts.googleapis.com/css2?family=IBM+Plex+Sans+Arabic:wght@400;500;600;700&family=JetBrains+Mono&family=Inter:wght@400;500;600&display=swap');
:root {
--primary: #10b981;
--primary-hover: #059669;
--primary-muted: rgba(16,185,129,0.1);
--danger: #ef4444;
--warning: #f59e0b;
--info: #3b82f6;
--success: #22c55e;
/* Dark (default) */
--bg-app: #0a0f1a;
--bg-card: rgba(15,23,42,0.8);
--bg-sidebar: #060b14;
--bg-input: rgba(15,23,42,0.6);
--border: rgba(51,65,85,0.6);
--text-primary: #f1f5f9;
--text-secondary: #94a3b8;
--text-muted: #475569;
--glass: rgba(15,23,42,0.6);
--glass-border: rgba(255,255,255,0.06);
--shadow-glow: 0 0 40px rgba(16,185,129,0.08);
}
[data-theme="light"] {
--bg-app: #f1f5f9;
--bg-card: #ffffff;
--bg-sidebar: #ffffff;
--bg-input: #f8fafc;
--border: #e2e8f0;
--text-primary: #0f172a;
--text-secondary: #475569;
--text-muted: #94a3b8;
--glass: rgba(255,255,255,0.8);
--glass-border: rgba(0,0,0,0.04);
--shadow-glow: 0 4px 24px rgba(0,0,0,0.06);
}
* {
margin: 0;
padding: 0;
box-sizing: border-box;
font-family: 'Inter', 'IBM Plex Sans Arabic', sans-serif;
}
body {
background-color: var(--bg-app);
color: var(--text-primary);
direction: rtl;
min-height: 100vh;
overflow-x: hidden;
transition: background-color 0.3s, color 0.3s;
}
/* Glassmorphism Utilities */
.glass {
background: var(--glass);
backdrop-filter: blur(12px);
-webkit-backdrop-filter: blur(12px);
border: 1px solid var(--glass-border);
}
.glow {
box-shadow: var(--shadow-glow);
}
/* Custom Scrollbar */
::-webkit-scrollbar {
width: 6px;
}
::-webkit-scrollbar-track {
background: transparent;
}
::-webkit-scrollbar-thumb {
background: var(--border);
border-radius: 10px;
}
::-webkit-scrollbar-thumb:hover {
background: var(--text-muted);
}
/* RTL Specifics */
[dir="rtl"] .ml-auto { margin-right: auto; margin-left: 0; }
[dir="rtl"] .mr-auto { margin-left: auto; margin-right: 0; }

55
public/assets/js/api.js
View File

@@ -1,55 +0,0 @@
const API = {
baseUrl: '/api/v1',
async request(endpoint, options = {}) {
const url = `${this.baseUrl}${endpoint}`;
const token = localStorage.getItem('access_token');
const headers = {
'Accept': 'application/json',
...(options.body instanceof FormData ? {} : { 'Content-Type': 'application/json' }),
...(token ? { 'Authorization': `Bearer ${token}` } : {}),
...options.headers
};
const response = await fetch(url, { ...options, headers });
if (response.status === 401 && !options._retry) {
// Attempt token refresh
const refreshed = await this.refresh();
if (refreshed) {
return this.request(endpoint, { ...options, _retry: true });
}
}
const data = await response.json();
if (!response.ok) {
throw new Error(data.message || 'حدث خطأ ما');
}
return data;
},
async login(email, password) {
const data = await this.request('/auth/login', {
method: 'POST',
body: JSON.stringify({ email, password })
});
localStorage.setItem('access_token', data.data.access_token);
return data;
},
async refresh() {
try {
const data = await fetch(`${this.baseUrl}/auth/refresh`, { method: 'POST' });
if (data.ok) {
const result = await data.json();
localStorage.setItem('access_token', result.data.access_token);
return true;
}
} catch (e) {
console.error('Refresh failed', e);
}
localStorage.removeItem('access_token');
return false;
}
};

102
public/index.html
View File

@@ -1,102 +0,0 @@
<!DOCTYPE html>
<html lang="ar" dir="rtl" x-data="{ darkMode: true }" :class="{ 'dark': darkMode }">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>مُصادَق — أتمتة الفواتير الضريبية</title>
<script src="https://cdn.tailwindcss.com"></script>
<script defer src="https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js"></script>
<link href="https://fonts.googleapis.com/css2?family=Outfit:wght@300;400;600;700&family=Noto+Sans+Arabic:wght@300;400;600;700&display=swap" rel="stylesheet">
<style>
[x-cloak] { display: none !important; }
body { font-family: 'Noto Sans Arabic', 'Outfit', sans-serif; }
.glass { background: rgba(255, 255, 255, 0.05); backdrop-filter: blur(10px); border: 1px solid rgba(255, 255, 255, 0.1); }
.dark .glass { background: rgba(0, 0, 0, 0.2); border: 1px solid rgba(255, 255, 255, 0.05); }
</style>
<script>
tailwind.config = {
darkMode: 'class',
theme: {
extend: {
colors: {
primary: { 50: '#f0f9ff', 100: '#e0f2fe', 200: '#bae6fd', 300: '#7dd3fc', 400: '#38bdf8', 500: '#0ea5e9', 600: '#0284c7', 700: '#0369a1', 800: '#075985', 900: '#0c4a6e' },
accent: '#FFD700'
}
}
}
}
</script>
</head>
<body class="bg-gray-50 dark:bg-slate-950 text-slate-900 dark:text-slate-100 min-h-screen transition-colors duration-500 overflow-x-hidden">
<!-- Navbar -->
<nav class="sticky top-0 z-50 glass px-6 py-4 flex justify-between items-center mx-4 mt-4 rounded-2xl shadow-xl">
<div class="flex items-center gap-3">
<div class="w-10 h-10 bg-gradient-to-br from-primary-500 to-indigo-600 rounded-xl flex items-center justify-center shadow-lg shadow-primary-500/30">
<span class="text-white font-bold text-xl">م</span>
</div>
<h1 class="text-2xl font-bold tracking-tight bg-clip-text text-transparent bg-gradient-to-r from-primary-600 to-indigo-500 dark:from-primary-400 dark:to-indigo-400">مُصادَق</h1>
</div>
<div class="flex items-center gap-4">
<button @click="darkMode = !darkMode" class="p-2 rounded-full hover:bg-gray-200 dark:hover:bg-slate-800 transition-all">
<template x-if="!darkMode">
<svg class="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M20.354 15.354A9 9 0 018.646 3.646 9.003 9.003 0 0012 21a9.003 9.003 0 008.354-5.646z"></path></svg>
</template>
<template x-if="darkMode">
<svg class="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 3v1m0 16v1m9-9h-1M4 12H3m15.364-6.364l-.707.707M6.343 17.657l-.707.707M16.071 16.071l.707.707M7.929 7.929l.707-.707M12 8a4 4 0 100 8 4 4 0 000-8z"></path></svg>
</template>
</button>
<a href="index.php" class="px-6 py-2 bg-primary-600 hover:bg-primary-700 text-white rounded-xl font-semibold transition-all shadow-lg shadow-primary-600/20">دخول</a>
</div>
</nav>
<!-- Main Content -->
<main class="container mx-auto px-4 py-12">
<section class="text-center py-20 relative">
<div class="absolute -top-20 left-1/2 -translate-x-1/2 w-64 h-64 bg-primary-500/20 blur-[100px] rounded-full"></div>
<h2 class="text-5xl md:text-7xl font-extrabold mb-6 leading-tight">
أتمتة <span class="text-primary-500">الفواتير</span> <br>بذكاء اصطناعي فائق
</h2>
<p class="text-xl text-slate-600 dark:text-slate-400 max-w-2xl mx-auto mb-10 leading-relaxed">
مُصادَق هو شريكك التقني المعتمد للربط مع نظام "جوفوتارا" الأردني، استخرج بيانات فواتيرك آلياً وامتثل للأنظمة الضريبية بثوانٍ.
</p>
<div class="flex flex-wrap justify-center gap-4">
<button class="px-10 py-4 bg-slate-900 dark:bg-white dark:text-slate-900 text-white rounded-2xl font-bold text-lg hover:scale-105 transition-all shadow-2xl">ابدأ التجربة المجانية</button>
<button class="px-10 py-4 glass rounded-2xl font-bold text-lg hover:bg-gray-100 dark:hover:bg-slate-800 transition-all">شاهد العرض</button>
</div>
</section>
<!-- Features Grid -->
<section class="grid md:grid-cols-3 gap-8 py-20">
<div class="p-8 glass rounded-3xl hover:-translate-y-2 transition-all duration-300">
<div class="w-14 h-14 bg-blue-100 dark:bg-blue-900/30 rounded-2xl flex items-center justify-center mb-6">
<svg class="w-8 h-8 text-blue-600" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M13 10V3L4 14h7v7l9-11h-7z"></path></svg>
</div>
<h3 class="text-xl font-bold mb-3">استخراج ذكي (OCR)</h3>
<p class="text-slate-500">استخدام Gemini 2.0 لاستخراج كافة بنود الفواتير من الصور والـ PDF بدقة تصل لـ 99%.</p>
</div>
<div class="p-8 glass rounded-3xl hover:-translate-y-2 transition-all duration-300">
<div class="w-14 h-14 bg-green-100 dark:bg-green-900/30 rounded-2xl flex items-center justify-center mb-6">
<svg class="w-8 h-8 text-green-600" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12l2 2 4-4m5.618-4.016A11.955 11.955 0 0112 2.944a11.955 11.955 0 01-8.618 3.04A12.02 12.02 0 003 9c0 5.591 3.824 10.29 9 11.622 5.176-1.332 9-6.03 9-11.622 0-1.042-.133-2.052-.382-3.016z"></path></svg>
</div>
<h3 class="text-xl font-bold mb-3">توافق جو-فواتير</h3>
<p class="text-slate-500">ربط مباشر مع منصة الفوترة الوطنية الأردنية وإصدار ملفات UBL 2.1 المعتمدة.</p>
</div>
<div class="p-8 glass rounded-3xl hover:-translate-y-2 transition-all duration-300">
<div class="w-14 h-14 bg-purple-100 dark:bg-purple-900/30 rounded-2xl flex items-center justify-center mb-6">
<svg class="w-8 h-8 text-purple-600" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 00-2 2zm10-10V7a4 4 0 00-8 0v4h8z"></path></svg>
</div>
<h3 class="text-xl font-bold mb-3">حماية البيانات</h3>
<p class="text-slate-500">تشفير AES-256 للبيانات الحساسة وعزل كامل لبيانات المستأجرين (Multi-tenancy).</p>
</div>
</section>
</main>
<footer class="py-10 text-center text-slate-500 text-sm">
<p>© 2026 مُصادَق — جميع الحقوق محفوظة لشركة انتاليك للحلول البرمجية</p>
</footer>
<script src="assets/js/api.js"></script>
</body>
</html>

176
public/index.php
View File

@@ -1,152 +1,36 @@
<?php
/**
* Simple Router & Entry Point
*/
declare(strict_types=1);
require_once __DIR__ . '/../app/bootstrap/init.php';
require_once __DIR__ . '/../vendor/autoload.php';
require_once __DIR__ . '/../app/Core/helpers.php';
$uri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
$route = $_GET['route'] ?? str_replace('/api/', '', $uri);
$route = trim($route, '/');
use App\Core\Application;
use App\Modules\Auth\AuthController;
use App\Modules\Companies\CompanyController;
use App\Modules\Invoices\InvoiceController;
use App\Modules\Dashboard\DashboardController;
use App\Modules\Users\UsersController;
use App\Modules\ApiKeys\ApiKeyController;
use App\Modules\Admin\AdminController;
use App\Middleware\AuthMiddleware;
use App\Middleware\HmacMiddleware;
// Mapping routes to modules
$routes = [
'auth/login' => 'auth/login.php',
'auth/refresh' => 'auth/refresh.php',
'auth/logout' => 'auth/logout.php',
'users' => 'users/index.php',
'trips' => 'trips/index.php',
];
$app = new Application(dirname(__DIR__));
$router = $app->getRouter();
// ══ Auth Routes ══════════════════════════════════════════════
$router->addRoute('POST', '/api/v1/auth/login', [AuthController::class, 'login']);
$router->addRoute('POST', '/api/v1/auth/register', [AuthController::class, 'register']);
$router->addRoute('POST', '/api/v1/auth/refresh', [AuthController::class, 'refresh']);
$router->addRoute('POST', '/api/v1/auth/logout', [AuthController::class, 'logout']);
$router->addRoute('GET', '/api/v1/auth/me', [
'middleware' => [AuthMiddleware::class],
'handler' => [AuthController::class, 'me']
]);
$router->addRoute('POST', '/api/v1/auth/2fa/enable', [
'middleware' => [AuthMiddleware::class],
'handler' => [AuthController::class, 'enable2FA']
]);
$router->addRoute('POST', '/api/v1/auth/2fa/verify', [
'middleware' => [AuthMiddleware::class],
'handler' => [AuthController::class, 'verify2FA']
]);
$router->addRoute('POST', '/api/v1/auth/2fa/disable', [
'middleware' => [AuthMiddleware::class],
'handler' => [AuthController::class, 'disable2FA']
]);
// ══ Company Routes ═══════════════════════════════════════════
$router->addRoute('GET', '/api/v1/companies', [
'middleware' => [AuthMiddleware::class],
'handler' => [CompanyController::class, 'index']
]);
$router->addRoute('POST', '/api/v1/companies', [
'middleware' => [AuthMiddleware::class],
'handler' => [CompanyController::class, 'store']
]);
$router->addRoute('GET', '/api/v1/companies/{id}', [
'middleware' => [AuthMiddleware::class],
'handler' => [CompanyController::class, 'show']
]);
$router->addRoute('PUT', '/api/v1/companies/{id}', [
'middleware' => [AuthMiddleware::class],
'handler' => [CompanyController::class, 'update']
]);
$router->addRoute('DELETE', '/api/v1/companies/{id}', [
'middleware' => [AuthMiddleware::class],
'handler' => [CompanyController::class, 'destroy']
]);
// ══ User Routes ══════════════════════════════════════════════
$router->addRoute('GET', '/api/v1/users', [
'middleware' => [AuthMiddleware::class],
'handler' => [UsersController::class, 'list']
]);
$router->addRoute('POST', '/api/v1/users', [
'middleware' => [AuthMiddleware::class],
'handler' => [UsersController::class, 'create']
]);
$router->addRoute('PUT', '/api/v1/users/{id}', [
'middleware' => [AuthMiddleware::class],
'handler' => [UsersController::class, 'update']
]);
$router->addRoute('DELETE', '/api/v1/users/{id}', [
'middleware' => [AuthMiddleware::class],
'handler' => [UsersController::class, 'destroy']
]);
// ══ Invoice Routes ═══════════════════════════════════════════
$router->addRoute('GET', '/api/v1/invoices', [
'middleware' => [AuthMiddleware::class],
'handler' => [InvoiceController::class, 'index']
]);
$router->addRoute('POST', '/api/v1/invoices/upload', [
'middleware' => [AuthMiddleware::class],
'handler' => [InvoiceController::class, 'upload']
]);
$router->addRoute('GET', '/api/v1/invoices/{id}', [
'middleware' => [AuthMiddleware::class],
'handler' => [InvoiceController::class, 'show']
]);
$router->addRoute('GET', '/api/v1/invoices/{id}/status', [
'middleware' => [AuthMiddleware::class],
'handler' => [InvoiceController::class, 'status']
]);
$router->addRoute('GET', '/api/v1/invoices/{id}/file', [
'middleware' => [AuthMiddleware::class],
'handler' => [InvoiceController::class, 'serveFile']
]);
// ══ Dashboard ════════════════════════════════════════════════
$router->addRoute('GET', '/api/v1/dashboard', [
'middleware' => [AuthMiddleware::class],
'handler' => [DashboardController::class, 'getStats']
]);
// ══ API Keys ═══════════════════════════════════════════════════
$router->addRoute('GET', '/api/v1/api-keys', [
'middleware' => [AuthMiddleware::class],
'handler' => [ApiKeyController::class, 'index']
]);
$router->addRoute('POST', '/api/v1/api-keys', [
'middleware' => [AuthMiddleware::class],
'handler' => [ApiKeyController::class, 'create']
]);
$router->addRoute('DELETE', '/api/v1/api-keys/{id}', [
'middleware' => [AuthMiddleware::class],
'handler' => [ApiKeyController::class, 'revoke']
]);
// ══ Admin Routes (Super Admin) ════════════════════════════════
$router->addRoute('GET', '/api/v1/admin/tenants', [
'middleware' => [AuthMiddleware::class],
'handler' => [AdminController::class, 'listTenants']
]);
$router->addRoute('GET', '/api/v1/admin/stats', [
'middleware' => [AuthMiddleware::class],
'handler' => [AdminController::class, 'getSystemStats']
]);
$router->addRoute('GET', '/api/v1/admin/queue', [
'middleware' => [AuthMiddleware::class],
'handler' => [AdminController::class, 'getQueueStatus']
]);
// ══ Health & Public ═══════════════════════════════════════════
$router->addRoute('GET', '/api/v1/health', [AdminController::class, 'health']);
// ══ Determine if this is an API request ═════════════════════════════
$apiRoute = $_GET['route'] ?? null;
if (!$apiRoute) {
// Not an API call — serve the SPA shell
include __DIR__ . '/shell.php';
exit;
if (isset($routes[$route])) {
$file = APP_PATH . '/modules_app/' . $routes[$route];
if (file_exists($file)) {
require_once $file;
} else {
json_error("Endpoint file missing: {$route}", 500);
}
} else {
// If no route matches, maybe it's a SPA request or 404
if (str_starts_with($route, 'v1/')) {
json_error("Not Found: {$route}", 404);
} else {
// Fallback for non-API requests (Frontend)
echo "<h1>Musadaq API - Pure PHP</h1><p>Running on simple architecture.</p>";
}
}
$app->run();

476
public/shell.php
View File

@@ -1,476 +0,0 @@
<!DOCTYPE html>
<html lang="ar" dir="rtl" data-theme="dark">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>مُصادَق | أتمتة الفواتير الضريبية</title>
<!-- Fonts -->
<link href="https://fonts.googleapis.com/css2?family=IBM+Plex+Sans+Arabic:wght@300;400;500;600;700&family=IBM+Plex+Mono:wght@400;500&display=swap" rel="stylesheet">
<!-- Tailwind CSS (via CDN for simplicity in this prototype) -->
<script src="https://cdn.tailwindcss.com"></script>
<!-- Alpine.js -->
<script defer src="https://unpkg.com/alpinejs@3.x.x/dist/cdn.min.js"></script>
<style>
:root {
--emerald: #10b981;
--emerald-dim: rgba(16,185,129,0.12);
--emerald-border: rgba(16,185,129,0.25);
--bg-base: #080c14;
--bg-surface: #0d1424;
--bg-elevated: #111827;
--bg-hover: rgba(255,255,255,0.04);
--border-subtle: rgba(255,255,255,0.06);
--border-default: rgba(255,255,255,0.10);
--border-strong: rgba(255,255,255,0.18);
--text-primary: #f0f6fc;
--text-secondary: #8b949e;
--text-muted: #484f58;
--status-approved: #10b981;
--status-pending: #f59e0b;
--status-failed: #ef4444;
--status-processing: #6366f1;
}
[data-theme="light"] {
--bg-base: #f6f8fa;
--bg-surface: #ffffff;
--bg-elevated: #f0f3f7;
--bg-hover: rgba(0,0,0,0.04);
--border-subtle: rgba(0,0,0,0.05);
--border-default: rgba(0,0,0,0.10);
--text-primary: #0d1117;
--text-secondary: #57606a;
--text-muted: #afb8c1;
}
body {
font-family: 'IBM+Plex+Sans+Arabic', sans-serif;
background-color: var(--bg-base);
color: var(--text-primary);
margin: 0;
overflow: hidden;
}
.mono { font-family: 'IBM+Plex+Mono', monospace; }
/* Custom Scrollbar */
::-webkit-scrollbar { width: 6px; height: 6px; }
::-webkit-scrollbar-track { background: transparent; }
::-webkit-scrollbar-thumb { background: var(--border-strong); border-radius: 10px; }
::-webkit-scrollbar-thumb:hover { background: var(--text-muted); }
#sidebar {
width: 260px;
background-color: var(--bg-surface);
border-left: 1px solid var(--border-default);
height: 100vh;
display: flex;
flex-direction: column;
z-index: 50;
}
#main-layout {
flex: 1;
height: 100vh;
overflow-y: auto;
display: flex;
flex-direction: column;
}
.nav-link {
display: flex;
align-items: center;
padding: 0.75rem 1.5rem;
color: var(--text-secondary);
transition: all 0.2s;
border-right: 3px solid transparent;
}
.nav-link:hover {
color: var(--text-primary);
background-color: var(--bg-hover);
}
.nav-active {
color: var(--emerald);
background-color: var(--emerald-dim);
border-right-color: var(--emerald);
}
.stat-card {
background-color: var(--bg-surface);
border: 1px solid var(--border-default);
padding: 1.5rem;
border-radius: 4px;
transition: transform 0.2s;
cursor: pointer;
}
.stat-card:hover {
transform: translateY(-2px);
border-color: var(--emerald-border);
}
#topbar {
background-color: var(--bg-base);
border-bottom: 1px solid var(--border-subtle);
padding: 1rem 2rem;
display: flex;
align-items: center;
justify-content: space-between;
}
/* Modal styling */
.modal-overlay {
background-color: rgba(0, 0, 0, 0.85);
backdrop-filter: blur(4px);
}
.modal-content {
background-color: var(--bg-elevated);
border: 1px solid var(--border-strong);
max-width: 600px;
width: 90%;
border-radius: 8px;
}
.loading-bar {
height: 2px;
background: var(--emerald);
position: fixed;
top: 0;
left: 0;
z-index: 9999;
transition: width 0.3s ease;
}
</style>
</head>
<body x-data="musadaqApp" x-init="init()">
<div id="loading-progress" class="loading-bar" :style="'width: ' + progress + '%'" x-show="loading"></div>
<div class="flex h-screen w-full">
<!-- Sidebar -->
<aside id="sidebar" x-show="user">
<div class="p-6">
<div class="flex items-center gap-3">
<div class="w-8 h-8 bg-emerald-500 rounded flex items-center justify-center text-white font-bold">م</div>
<h1 class="text-xl font-bold tracking-tight text-white">مُصادَق</h1>
</div>
</div>
<nav class="mt-4 flex-1 overflow-y-auto">
<template x-for="item in navItems" :key="item.page">
<a href="#"
class="nav-link"
:class="currentPage === item.page ? 'nav-active' : ''"
@click.prevent="navigate(item.page)"
x-show="item.roles.includes(user.role)">
<span x-html="item.icon" class="ml-3"></span>
<span x-text="item.label"></span>
</a>
</template>
</nav>
<div class="p-6 border-t border-gray-800">
<div class="flex items-center gap-3 mb-4">
<div class="w-10 h-10 rounded-full bg-gray-700 flex items-center justify-center">
<span x-text="user?.name?.charAt(0) || 'U'"></span>
</div>
<div class="flex-1 overflow-hidden">
<p class="text-sm font-medium truncate" x-text="user?.name"></p>
<p class="text-xs text-gray-500 uppercase" x-text="user?.role"></p>
</div>
</div>
<button @click="logout()" class="w-full py-2 text-sm text-red-400 hover:bg-red-950 rounded transition">تسجيل الخروج</button>
</div>
</aside>
<!-- Main Content -->
<div id="main-layout" class="flex-1">
<header id="topbar" x-show="user">
<div>
<h2 class="text-lg font-semibold" x-text="pageTitle"></h2>
<p class="text-xs text-gray-500">نظام أتمتة الفواتير الرقمي</p>
</div>
<div class="flex items-center gap-4">
<button @click="themeToggle()" class="p-2 hover:bg-gray-800 rounded">🌓</button>
<div class="h-8 w-px bg-gray-800"></div>
<button class="bg-emerald-600 hover:bg-emerald-500 text-white px-4 py-2 rounded text-sm font-medium transition" @click="openUploadModal()">+ فاتورة جديدة</button>
</div>
</header>
<main id="content" class="p-8 flex-1 overflow-y-auto">
<!-- Dynamic Content Injection -->
<div x-show="currentPage === 'dashboard'">
<div class="grid grid-cols-1 md:grid-cols-4 gap-6 mb-8">
<div class="stat-card">
<p class="text-gray-500 text-sm mb-2">فواتير الشهر</p>
<h3 class="text-3xl font-bold mono" x-text="stats.invoices_this_month || 0"></h3>
</div>
<div class="stat-card">
<p class="text-gray-500 text-sm mb-2">فواتير معتمدة</p>
<h3 class="text-3xl font-bold mono text-emerald-500" x-text="stats.approved_invoices || 0"></h3>
</div>
<div class="stat-card">
<p class="text-gray-500 text-sm mb-2">عدد الشركات</p>
<h3 class="text-3xl font-bold mono" x-text="stats.companies_count || 0"></h3>
</div>
<div class="stat-card">
<p class="text-gray-500 text-sm mb-2">استهلاك الباقة</p>
<h3 class="text-3xl font-bold mono" x-text="(stats.subscription_usage_pct || 0) + '%'"></h3>
</div>
</div>
<div class="grid grid-cols-1 lg:grid-cols-3 gap-8">
<div class="lg:col-span-2 bg-surface rounded p-6 border border-gray-800">
<h4 class="font-bold mb-4">آخر الفواتير</h4>
<div class="overflow-x-auto">
<table class="w-full text-sm text-right">
<thead>
<tr class="text-gray-500 border-b border-gray-800">
<th class="pb-3 pr-2">الشركة</th>
<th class="pb-3">الرقم</th>
<th class="pb-3">التاريخ</th>
<th class="pb-3">الإجمالي</th>
<th class="pb-3">الحالة</th>
</tr>
</thead>
<tbody>
<template x-for="inv in stats.recent_invoices" :key="inv.id">
<tr class="border-b border-gray-900 hover:bg-gray-800/50 cursor-pointer" @click="navigate('invoice-detail', {id: inv.id})">
<td class="py-3 pr-2" x-text="inv.company_name"></td>
<td class="py-3 mono" x-text="inv.invoice_number"></td>
<td class="py-3" x-text="inv.invoice_date"></td>
<td class="py-3 mono font-bold" x-text="inv.grand_total + ' JOD'"></td>
<td class="py-3">
<span class="px-2 py-1 rounded-full text-xs"
:class="statusColors[inv.status]"
x-text="statusLabels[inv.status]"></span>
</td>
</tr>
</template>
</tbody>
</table>
</div>
</div>
<div class="bg-surface rounded p-6 border border-gray-800">
<h4 class="font-bold mb-4">المساعد الذكي</h4>
<div class="bg-gray-900/50 p-4 rounded mb-4">
<p class="text-xs text-gray-500 mb-2">🤖 اسأل عن بياناتك:</p>
<textarea class="w-full bg-transparent border-none text-sm resize-none focus:ring-0" placeholder="كم فاتورة رفعت الشهر الماضي؟"></textarea>
</div>
<button class="w-full py-2 bg-gray-800 hover:bg-gray-700 text-sm rounded transition">إرسال </button>
</div>
</div>
</div>
<!-- Companies List -->
<div x-show="currentPage === 'companies'">
<div class="flex justify-between items-center mb-8">
<h3 class="text-2xl font-bold">إدارة الشركات</h3>
<button class="bg-emerald-600 px-4 py-2 rounded text-sm" @click="openAddCompanyModal()">+ إضافة شركة</button>
</div>
<div class="grid grid-cols-1 md:grid-cols-2 gap-6">
<template x-for="comp in companies" :key="comp.id">
<div class="bg-surface p-6 rounded border border-gray-800 hover:border-emerald-900 transition">
<div class="flex items-center gap-4 mb-4">
<div class="w-12 h-12 bg-gray-800 rounded flex items-center justify-center text-xl font-bold" x-text="comp.name.charAt(0)"></div>
<div>
<h4 class="font-bold text-lg" x-text="comp.name"></h4>
<p class="text-xs text-gray-500 mono" x-text="'TIN: ' + comp.tax_identification_number"></p>
</div>
</div>
<div class="flex gap-2 mt-4 pt-4 border-t border-gray-800">
<button class="px-3 py-1 bg-gray-800 rounded text-xs">إعدادات JoFotara</button>
<button class="px-3 py-1 bg-gray-800 rounded text-xs">تعديل</button>
</div>
</div>
</template>
</div>
</div>
<!-- Invoice List -->
<div x-show="currentPage === 'invoices'">
<div class="flex justify-between items-center mb-8">
<h3 class="text-2xl font-bold">الفواتير والتدقيق</h3>
</div>
<div class="bg-surface rounded border border-gray-800 overflow-hidden">
<table class="w-full text-sm text-right">
<thead class="bg-gray-900/50 text-gray-500 uppercase text-xs">
<tr>
<th class="p-4">الشركة</th>
<th class="p-4">الرقم</th>
<th class="p-4">التاريخ</th>
<th class="p-4">الإجمالي</th>
<th class="p-4">الحالة</th>
<th class="p-4">الثقة</th>
</tr>
</thead>
<tbody>
<template x-for="inv in invoices" :key="inv.id">
<tr class="border-t border-gray-800 hover:bg-gray-800/30 cursor-pointer" @click="navigate('invoice-detail', {id: inv.id})">
<td class="p-4" x-text="inv.company_name"></td>
<td class="p-4 mono" x-text="inv.invoice_number"></td>
<td class="p-4" x-text="inv.invoice_date"></td>
<td class="p-4 mono font-bold" x-text="inv.grand_total + ' JOD'"></td>
<td class="p-4">
<span class="px-2 py-1 rounded-full text-xs" :class="statusColors[inv.status]" x-text="statusLabels[inv.status]"></span>
</td>
<td class="p-4 mono">
<span :class="inv.ai_confidence_score < 0.7 ? 'text-red-500' : 'text-emerald-500'" x-text="(inv.ai_confidence_score * 100).toFixed(0) + '%'"></span>
</td>
</tr>
</template>
</tbody>
</table>
</div>
</div>
</main>
</div>
</div>
<!-- Modals -->
<div class="modal-overlay fixed inset-0 flex items-center justify-center z-[100]" x-show="showModal" x-cloak>
<div class="modal-content p-8" @click.outside="closeModal()">
<div id="modal-body"></div>
</div>
</div>
<script>
document.addEventListener('alpine:init', () => {
Alpine.data('musadaqApp', () => ({
user: JSON.parse(localStorage.getItem('user')),
currentPage: 'dashboard',
currentParams: {},
pageTitle: 'لوحة التحكم',
loading: false,
progress: 0,
showModal: false,
stats: {},
companies: [],
invoices: [],
navItems: [
{ page: 'dashboard', label: 'لوحة التحكم', icon: '📊', roles: ['admin', 'super_admin', 'accountant', 'viewer'] },
{ page: 'invoices', label: 'الفواتير', icon: '📄', roles: ['admin', 'super_admin', 'accountant', 'viewer'] },
{ page: 'companies', label: 'الشركات', icon: '🏢', roles: ['admin', 'super_admin'] },
{ page: 'staff', label: 'الموظفون', icon: '👥', roles: ['admin', 'super_admin'] },
{ page: 'settings', label: 'الإعدادات', icon: '⚙️', roles: ['admin', 'super_admin', 'accountant', 'viewer'] },
],
statusLabels: {
'uploaded': 'مرفوعة',
'extracting': 'جاري الاستخراج...',
'extracted': 'مستخرجة',
'validated': 'مدققة',
'approved': 'معتمدة ✓',
'rejected': 'مرفوضة ✗'
},
statusColors: {
'uploaded': 'bg-gray-700 text-gray-200',
'extracting': 'bg-indigo-900 text-indigo-200 animate-pulse',
'extracted': 'bg-blue-900 text-blue-200',
'validated': 'bg-cyan-900 text-cyan-200',
'approved': 'bg-emerald-900 text-emerald-200',
'rejected': 'bg-red-900 text-red-200'
},
async init() {
if (!this.user) {
window.location.href = '/login.php'; // Or handle login view
return;
}
this.navigate('dashboard');
},
async navigate(page, params = {}) {
this.currentPage = page;
this.currentParams = params;
this.pageTitle = this.navItems.find(i => i.page === page)?.label || 'التفاصيل';
this.loading = true;
this.progress = 30;
try {
if (page === 'dashboard') await this.loadStats();
if (page === 'companies') await this.loadCompanies();
if (page === 'invoices') await this.loadInvoices();
this.progress = 100;
setTimeout(() => { this.loading = false; this.progress = 0; }, 300);
} catch (e) {
console.error(e);
this.loading = false;
}
},
async loadStats() {
const res = await this.apiGet('/dashboard');
this.stats = res.data;
},
async loadCompanies() {
const res = await this.apiGet('/companies');
this.companies = res.data;
},
async loadInvoices() {
const res = await this.apiGet('/invoices');
this.invoices = res.data;
},
async apiGet(path) {
const res = await fetch('/api/v1' + path, {
headers: { 'Authorization': 'Bearer ' + localStorage.getItem('access_token') }
});
if (res.status === 401) this.logout();
return await res.json();
},
logout() {
localStorage.clear();
window.location.reload();
},
themeToggle() {
const theme = document.documentElement.getAttribute('data-theme') === 'dark' ? 'light' : 'dark';
document.documentElement.setAttribute('data-theme', theme);
localStorage.setItem('theme', theme);
},
openUploadModal() {
this.showModal = true;
document.getElementById('modal-body').innerHTML = `
<h2 class="text-xl font-bold mb-6">رفع فاتورة جديدة</h2>
<div class="space-y-4">
<div>
<label class="block text-sm text-gray-500 mb-1">الشركة</label>
<select class="w-full bg-gray-900 border border-gray-700 p-2 rounded">
<option>اختر الشركة...</option>
${this.companies.map(c => `<option value="${c.id}">${c.name}</option>`).join('')}
</select>
</div>
<div class="border-2 border-dashed border-gray-700 p-8 rounded text-center hover:border-emerald-500 transition cursor-pointer">
<span>📁 اسحب الملف هنا أو اضغط للاختيار</span>
</div>
<div class="flex justify-end gap-3 pt-4">
<button @click="closeModal()" class="px-4 py-2 text-sm text-gray-400">إلغاء</button>
<button class="px-6 py-2 bg-emerald-600 text-sm rounded font-bold">رفع ومعالجة</button>
</div>
</div>
`;
},
closeModal() {
this.showModal = false;
}
}));
});
</script>
</body>
</html>

26
push.sh
View File

@@ -1,20 +1,18 @@
#!/bin/bash
set -euo pipefail
# ════════════════════════════════════════════════════════════
# مُصادَق — Quick Push to Git
# ════════════════════════════════════════════════════════════
# Get current timestamp
TIMESTAMP=$(date "+%Y-%m-%d %H:%M:%S")
COMMIT_MSG="${1:-🚀 مُصادَق: تحديث برمجي جديد $(date '+%Y-%m-%d %H:%M')}"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "📦 جاري رفع التعديلات إلى Git..."
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "🚀 Starting Git Push Process..."
echo "📅 Timestamp: $TIMESTAMP"
# Add all changes
git add .
git commit -m "$COMMIT_MSG" || echo " لا توجد تغييرات للرفع."
git push origin main
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "✅ تم الرفع بنجاح! يمكنك الآن عمل (git pull) من نافذة السيرفر."
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
# Commit with timestamp
git commit -m "Update: $TIMESTAMP"
# Push to origin
git push
echo "✅ Done!"

74
queue/Jobs/ExtractInvoiceJob.php
View File

@@ -1,74 +0,0 @@
<?php
declare(strict_types=1);
namespace Queue\Jobs;
use App\Modules\Invoices\InvoiceModel;
use App\Services\AiExtractionService;
use Throwable;
final class ExtractInvoiceJob
{
public function __construct(
private readonly InvoiceModel $invoiceModel,
private readonly AiExtractionService $aiExtraction
) {}
public function handle(array $payload): void
{
$invoiceId = $payload['invoice_id'];
$filePath = $payload['file_path'];
$mimeType = $payload['mime_type'];
// Update status to extracting
$this->invoiceModel->update($invoiceId, ['status' => 'extracting']);
try {
$extractedData = $this->aiExtraction->extractInvoiceData($filePath, $mimeType);
// Map AI data to schema columns
$this->invoiceModel->update($invoiceId, [
'status' => 'extracted',
'invoice_number' => $extractedData['invoice_number'] ?? null,
'invoice_date' => $extractedData['invoice_date'] ?? null,
'supplier_name' => $extractedData['supplier_name'] ?? null,
'supplier_tin' => $extractedData['supplier_tin'] ?? null,
'buyer_name' => $extractedData['buyer_name'] ?? null,
'buyer_tin' => $extractedData['buyer_tin'] ?? null,
'subtotal' => $extractedData['subtotal'] ?? 0,
'tax_amount' => $extractedData['tax_amount'] ?? 0,
'discount_total' => $extractedData['discount_total'] ?? 0,
'grand_total' => $extractedData['grand_total'] ?? 0,
'ai_confidence_score' => $extractedData['confidence'] ?? null,
'ai_provider' => $extractedData['provider'] ?? 'gemini',
'ai_raw_response' => json_encode($extractedData, JSON_UNESCAPED_UNICODE),
]);
// Also insert invoice_lines:
if (!empty($extractedData['lines'])) {
$db = \App\Core\Database::getInstance();
$db->prepare("DELETE FROM invoice_lines WHERE invoice_id = ?")->execute([$invoiceId]);
foreach ($extractedData['lines'] as $i => $line) {
$db->prepare("INSERT INTO invoice_lines (id, invoice_id, line_number, description, quantity, unit_price, discount, tax_rate, tax_amount, line_total) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")
->execute([
\Ramsey\Uuid\Uuid::uuid4()->toString(),
$invoiceId, $i + 1,
$line['description'] ?? '',
$line['quantity'] ?? 1,
$line['unit_price'] ?? 0,
$line['discount'] ?? 0,
$line['tax_rate'] ?? 0.16,
$line['tax_amount'] ?? 0,
$line['line_total'] ?? 0,
]);
}
}
} catch (Throwable $e) {
$this->invoiceModel->update($invoiceId, [
'status' => 'validation_failed'
]);
throw $e;
}
}
}

42
queue/Jobs/RiskAnalysisJob.php
View File

@@ -1,42 +0,0 @@
<?php
declare(strict_types=1);
namespace Queue\Jobs;
use App\Services\RiskAnalysisService;
use App\Core\Database;
use Throwable;
final class RiskAnalysisJob
{
public function __construct(
private readonly RiskAnalysisService $riskService
) {}
public function handle(array $payload): void
{
$companyId = $payload['company_id'];
$tenantId = $payload['tenant_id'];
try {
$analysis = $this->riskService->calculateCompanyRiskScore($companyId);
// Store risk score
$db = Database::getInstance();
$stmt = $db->prepare("INSERT INTO risk_scores (id, tenant_id, company_id, risk_type, score, reason) VALUES (?, ?, ?, ?, ?, ?)");
$stmt->execute([
\Ramsey\Uuid\Uuid::uuid4()->toString(),
$tenantId,
$companyId,
$analysis['level'], // risk_type = high/medium/low
$analysis['score'],
json_encode($analysis['factors'], JSON_UNESCAPED_UNICODE), // reason
]);
} catch (Throwable $e) {
echo "[!] Risk Analysis failed for company {$companyId}: " . $e->getMessage() . "\n";
throw $e;
}
}
}

37
queue/Jobs/SendNotificationJob.php
View File

@@ -1,37 +0,0 @@
<?php
declare(strict_types=1);
namespace Queue\Jobs;
use App\Core\Database;
use Throwable;
final class SendNotificationJob
{
public function handle(array $payload): void
{
$userId = $payload['user_id'];
$title = $payload['title'];
$message = $payload['message'];
$type = $payload['type'] ?? 'info';
try {
$db = Database::getInstance();
$stmt = $db->prepare("INSERT INTO notifications (id, user_id, title, message, type, is_read, created_at) VALUES (?, ?, ?, ?, ?, 0, NOW())");
$stmt->execute([
\Ramsey\Uuid\Uuid::uuid4()->toString(),
$userId,
$title,
$message,
$type
]);
// Here we could also trigger WebSockets or push notifications if implemented
} catch (Throwable $e) {
echo "[!] Notification failed for user {$userId}: " . $e->getMessage() . "\n";
throw $e;
}
}
}

81
queue/Jobs/SubmitJoFotaraJob.php
View File

@@ -1,81 +0,0 @@
<?php
declare(strict_types=1);
namespace Queue\Jobs;
use App\Modules\Invoices\InvoiceModel;
use App\Modules\Companies\CompanyService;
use App\Services\JoFotara\JoFotaraGateway;
use App\Services\JoFotara\UBLGeneratorService;
use Throwable;
final class SubmitJoFotaraJob
{
public function __construct(
private readonly InvoiceModel $invoiceModel,
private readonly CompanyService $companyService,
private readonly UBLGeneratorService $ublGenerator,
private readonly JoFotaraGateway $jofotaraGateway
) {}
public function handle(array $payload): void
{
$invoiceId = $payload['invoice_id'];
try {
// 1. Update status to submitting
$this->invoiceModel->update($invoiceId, ['status' => 'submitting']);
// 2. Fetch Invoice
$db = \App\Core\Database::getInstance();
$stmt = $db->prepare("SELECT * FROM invoices WHERE id = ? LIMIT 1");
$stmt->execute([$invoiceId]);
$invoice = $stmt->fetch();
if (!$invoice) {
throw new \Exception("Invoice not found.");
}
// 3. Fetch Company Credentials
$credentials = $this->companyService->getJoFotaraCredentials($invoice['company_id']);
if (empty($credentials['clientId']) || empty($credentials['secretKey'])) {
throw new \Exception("Company is not linked to JoFotara.");
}
// 4. Fetch Invoice Lines
$stmt = $db->prepare("SELECT * FROM invoice_lines WHERE invoice_id = ?");
$stmt->execute([$invoiceId]);
$lines = $stmt->fetchAll();
// 5. Generate UBL XML
$xmlString = $this->ublGenerator->generate($invoice, $lines);
$xmlBase64 = base64_encode($xmlString);
// 6. Submit to JoFotara
$response = $this->jofotaraGateway->submitInvoice($invoice['company_id'], $xmlBase64, $credentials);
// 7. Process Response
// Assuming response contains a success boolean and possibly qr_code
if (isset($response['success']) && $response['success']) {
$this->invoiceModel->update($invoiceId, [
'status' => 'approved',
'qr_code' => $response['qr_code'] ?? null,
'jofotara_response' => json_encode($response, JSON_UNESCAPED_UNICODE)
]);
} else {
$this->invoiceModel->update($invoiceId, [
'status' => 'rejected',
'jofotara_response' => json_encode($response, JSON_UNESCAPED_UNICODE)
]);
}
} catch (Throwable $e) {
$this->invoiceModel->update($invoiceId, [
'status' => 'validation_failed',
'validation_errors' => json_encode([['message_ar' => 'فشل الإرسال: ' . $e->getMessage()]], JSON_UNESCAPED_UNICODE)
]);
throw $e;
}
}
}

66
queue/worker.php
View File

@@ -1,66 +0,0 @@
<?php
declare(strict_types=1);
require_once __DIR__ . '/../vendor/autoload.php';
use App\Core\Application;
use App\Services\QueueService;
// Initialize App (loads .env, etc.)
$app = new Application(dirname(__DIR__));
echo "[*] Musadaq Queue Worker Started...\n";
// Signal handling for graceful shutdown
$keepRunning = true;
pcntl_async_signals(true);
pcntl_signal(SIGTERM, function() use (&$keepRunning) {
echo "[!] SIGTERM received, shutting down gracefully...\n";
$keepRunning = false;
});
while ($keepRunning) {
$job = QueueService::pop();
if ($job) {
echo "[+] Processing job: {$job['type']} ({$job['id']})\n";
try {
$container = $app->getContainer();
switch($job['type']) {
case 'invoice_extraction':
$handler = $container->get(\Queue\Jobs\ExtractInvoiceJob::class);
$handler->handle($job['payload']);
break;
case 'submit_jofotara':
$handler = $container->get(\Queue\Jobs\SubmitJoFotaraJob::class);
$handler->handle($job['payload']);
break;
case 'risk_analysis':
$handler = $container->get(\Queue\Jobs\RiskAnalysisJob::class);
$handler->handle($job['payload']);
break;
case 'send_notification':
$handler = $container->get(\Queue\Jobs\SendNotificationJob::class);
$handler->handle($job['payload']);
break;
default:
echo "[!] Unknown job type: {$job['type']}\n";
}
echo "[✓] Job completed: {$job['id']}\n";
} catch (\Throwable $e) {
echo "[✗] Job failed: {$job['id']} - {$e->getMessage()}\n";
// In a real app, you'd handle retries or move to a failed_jobs table
}
} else {
usleep(500000); // 0.5s
}
}
echo "[*] Worker stopped.\n";

51
scripts/aggregate_project.py
View File

@@ -1,51 +0,0 @@
import os
def aggregate_project(root_dir, output_file, exclude_dirs=None, exclude_files=None, extensions=None):
if exclude_dirs is None:
exclude_dirs = {'.git', 'vendor', 'node_modules', 'storage', '.gemini', 'artifacts', 'brain', 'scratch'}
if exclude_files is None:
exclude_files = {'composer.lock', 'package-lock.json', 'aggregate_project.py', output_file}
if extensions is None:
extensions = {'.php', '.js', '.css', '.html', '.sql', '.json', '.md', '.py', '.env.example', '.xml', '.env'}
with open(output_file, 'w', encoding='utf-8') as f:
f.write("# مُصادَق — ملخص كود المشروع الكامل\n\n")
f.write("هذا الملف يحتوي على كافة ملفات المصدر للمشروع مجمعة لتسهيل المراجعة.\n\n")
for root, dirs, files in os.walk(root_dir):
# Exclude directories
dirs[:] = [d for d in dirs if d not in exclude_dirs]
for file in files:
if file in exclude_files:
continue
_, ext = os.path.splitext(file)
# Include specific files or extensions
if ext not in extensions and file not in {'.env', 'phpunit.xml'}:
continue
full_path = os.path.join(root, file)
rel_path = os.path.relpath(full_path, root_dir)
f.write(f"## الملف: `{rel_path}`\n\n")
# Determine language for markdown block
lang = ext.replace('.', '')
if lang == 'php': lang = 'php'
elif lang == 'js': lang = 'javascript'
elif lang == 'sql': lang = 'sql'
else: lang = ''
f.write(f"```{lang}\n")
try:
with open(full_path, 'r', encoding='utf-8') as src:
f.write(src.read())
except Exception as e:
f.write(f"// تعذر قراءة الملف: {str(e)}")
f.write("\n```\n\n")
f.write("---\n\n")
if __name__ == "__main__":
aggregate_project('.', 'musadaq_full_code.md')
print("تم تجميع الكود بنجاح في: musadaq_full_code.md")

64
scripts/migrate.php
View File

@@ -1,64 +0,0 @@
<?php
declare(strict_types=1);
require_once __DIR__ . '/../vendor/autoload.php';
require_once __DIR__ . '/../app/Core/helpers.php';
use App\Core\{Application, Database};
// Initialize app to load .env and configs
$app = new Application(dirname(__DIR__));
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n";
echo "🗄️ Musadaq Migration Tool\n";
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n";
try {
$db = Database::getInstance();
// Create migrations table if not exists
$db->exec("CREATE TABLE IF NOT EXISTS migrations (
id INT AUTO_INCREMENT PRIMARY KEY,
migration VARCHAR(255) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;");
$stmt = $db->query("SELECT migration FROM migrations");
$executed = $stmt->fetchAll(PDO::FETCH_COLUMN);
$migrationsDir = dirname(__DIR__) . '/database/migrations';
$files = glob($migrationsDir . '/*.sql');
sort($files); // Ensure order
$count = 0;
foreach ($files as $file) {
$name = basename($file);
if (!in_array($name, $executed)) {
echo "🚀 Running: $name... ";
$sql = file_get_contents($file);
// Execute the SQL. Since it might contain multiple statements,
// and PDO::exec doesn't always handle them well in one go
// depending on the driver, we'll try to run it.
$db->exec($sql);
$stmt = $db->prepare("INSERT INTO migrations (migration) VALUES (?)");
$stmt->execute([$name]);
echo "✅ Done\n";
$count++;
}
}
if ($count === 0) {
echo "✨ Nothing to migrate. Database is up to date.\n";
} else {
echo "🎉 Migrations completed successfully ($count ran).\n";
}
} catch (Exception $e) {
echo "❌ Error: " . $e->getMessage() . "\n";
exit(1);
}
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n";

38
scripts/seed.php
View File

@@ -1,38 +0,0 @@
<?php
declare(strict_types=1);
require_once __DIR__ . '/../vendor/autoload.php';
use App\Core\{Application, Database};
use Ramsey\Uuid\Uuid;
$app = new Application(dirname(__DIR__));
$db = Database::getInstance();
echo "🌱 Seeding initial data...\n";
try {
// 1. Create Tenant
$tenantId = Uuid::uuid4()->toString();
$db->prepare("INSERT INTO tenants (id, name, email, status) VALUES (?, ?, ?, 'active')")
->execute([$tenantId, 'شركة انطلاق للحلول الرقمية', 'admin@intaleqapp.com']);
// 2. Create Super Admin User
$userId = Uuid::uuid4()->toString();
$passwordHash = password_hash('Musadaq@2026', PASSWORD_ARGON2ID);
$db->prepare("INSERT INTO users (id, tenant_id, name, email, password_hash, role, is_active) VALUES (?, ?, ?, ?, ?, 'super_admin', 1)")
->execute([$userId, $tenantId, 'Hamza Admin', 'admin@musadaq.app', $passwordHash]);
// 3. Create initial subscription
$db->prepare("INSERT INTO subscriptions (tenant_id, plan, max_companies, max_invoices_per_month, max_users) VALUES (?, 'pro', 10, 500, 5)")
->execute([$tenantId]);
echo "✅ Success! You can now log in with:\n";
echo "📧 Email: admin@musadaq.app\n";
echo "🔑 Password: Musadaq@2026\n";
} catch (\Throwable $e) {
echo "❌ Error: " . $e->getMessage() . "\n";
}

9
supervisor.conf
View File

@@ -1,9 +0,0 @@
[program:musadaq-worker]
command=php /var/www/musadeq/queue/worker.php
user=www-data
autostart=true
autorestart=true
stderr_logfile=/var/log/musadaq-worker.err.log
stdout_logfile=/var/log/musadaq-worker.out.log
numprocs=2
process_name=%(program_name)s_%(process_num)02d

53
sync-to-server.sh
View File

@@ -1,53 +0,0 @@
#!/bin/bash
set -euo pipefail
# ════════════════════════════════════════════════════════════
# مُصادَق — Production Sync Script (Mac to CloudPanel)
# ════════════════════════════════════════════════════════════
COMMIT_MSG="${1:-🚀 مُصادَق: تحديث وتطوير النظام $(date '+%Y-%m-%d %H:%M')}"
SERVER_USER="root"
SERVER_IP="194.163.173.157" # From previous context
PROJECT_DIR="/home/intaleqapp-musadaq/htdocs/musadaq.intaleqapp.com/Application"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "📦 [1/3] الرفع إلى Git (Local to Repo)..."
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
git add .
git commit -m "$COMMIT_MSG" || echo " لا توجد تغييرات جديدة للرفع."
git push origin main
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "🌐 [2/3] السحب على الخادم (Repo to Server)..."
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
ssh $SERVER_USER@$SERVER_IP << ENDSSH
set -e
cd "$PROJECT_DIR"
# Ensure git is initialized on server if not already
if [ ! -d ".git" ]; then
git init
git remote add origin https://git.intaleqapp.com/Hamza/musadaq-saas.git
fi
git fetch origin
git reset --hard origin/main
echo "📦 تثبيت التبعيات (Composer)..."
composer install --optimize-autoloader --no-interaction
echo "♻️ إعادة تشغيل PHP-FPM..."
systemctl reload php8.4-fpm 2>/dev/null || systemctl reload php8.3-fpm 2>/dev/null
echo "🔄 تحديث وإعادة تشغيل عامل الطابور (Supervisor)..."
if [ -f "supervisor.conf" ]; then
cp supervisor.conf /etc/supervisor/conf.d/musadaq.conf 2>/dev/null || true
fi
supervisorctl reread 2>/dev/null || true
supervisorctl update 2>/dev/null || true
supervisorctl restart musadaq-worker:* 2>/dev/null || true
ENDSSH
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "✅ [3/3] اكتملت عملية المزامنة بنجاح!"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"

19
tests/Feature/AuthTest.php
View File

@@ -1,19 +0,0 @@
<?php
declare(strict_types=1);
namespace Tests\Feature;
use PHPUnit\Framework\TestCase;
use App\Core\Application;
use App\Core\Request;
final class AuthTest extends TestCase
{
public function test_login_requires_credentials(): void
{
// This is a bit complex as we need to mock the DB or use a test DB
// For now, we can check the Controller logic or just a basic smoke test
$this->assertTrue(true);
}
}

44
tests/Unit/HmacTest.php
View File

@@ -1,44 +0,0 @@
<?php
declare(strict_types=1);
namespace Tests\Unit;
use PHPUnit\Framework\TestCase;
use App\Services\Security\HmacService;
final class HmacTest extends TestCase
{
private HmacService $service;
protected function setUp(): void
{
$this->service = new HmacService();
}
public function test_it_verifies_valid_signature(): void
{
$secret = 'test-secret';
$nonce = 'nonce-123';
$timestamp = (string)time();
$payload = json_encode(['foo' => 'bar']);
$signature = $this->service->sign($secret, 'POST', '/api/v1/test', $timestamp, $nonce, $payload);
$this->assertTrue($this->service->verify($secret, 'POST', '/api/v1/test', $timestamp, $nonce, $payload, $signature));
}
public function test_it_rejects_tampered_payload(): void
{
$secret = 'test-secret';
$nonce = 'nonce-123';
$timestamp = (string)time();
$payload = json_encode(['foo' => 'bar']);
$signature = $this->service->sign($secret, 'POST', '/api/v1/test', $timestamp, $nonce, $payload);
$tamperedPayload = json_encode(['foo' => 'baz']);
$this->assertFalse($this->service->verify($secret, 'POST', '/api/v1/test', $timestamp, $nonce, $tamperedPayload, $signature));
}
}

Some files were not shown because too many files have changed in this diff Show More