From 4b40b1185ff8aa159c20afe7d8c518de90228ad8 Mon Sep 17 00:00:00 2001 From: Hamza-Ayed Date: Sun, 3 May 2026 17:32:57 +0300 Subject: [PATCH] Update: 2026-05-03 17:32:57 --- app/Core/Application.php | 87 - app/Core/Container.php | 72 - app/Core/Database.php | 37 +- app/Core/JWT.php | 52 + app/Core/Redis.php | 33 - app/Core/Request.php | 58 - app/Core/Response.php | 45 - app/Core/Router.php | 94 - app/Core/Security.php | 21 + app/Core/Validator.php | 25 + app/Core/helpers.php | 37 - app/Middleware/AuthMiddleware.php | 53 +- app/Middleware/CsrfMiddleware.php | 43 - app/Middleware/HmacMiddleware.php | 60 - app/Middleware/RateLimitMiddleware.php | 59 +- app/Middleware/RoleMiddleware.php | 37 - app/Middleware/TenantMiddleware.php | 43 - app/Models/BaseModel.php | 66 - app/Modules/AI/AIController.php | 83 - app/Modules/Admin/AdminController.php | 76 - app/Modules/ApiKeys/ApiKeyController.php | 63 - app/Modules/ApiKeys/ApiKeyModel.php | 19 - app/Modules/Auth/AuthController.php | 189 - app/Modules/Auth/AuthService.php | 157 - app/Modules/Companies/CompanyController.php | 75 - app/Modules/Companies/CompanyModel.php | 19 - app/Modules/Companies/CompanyService.php | 62 - app/Modules/Dashboard/DashboardController.php | 89 - .../Actions/DownloadInvoiceFileAction.php | 30 - .../Actions/GetInvoiceDetailAction.php | 31 - .../Invoices/Actions/ListInvoicesAction.php | 31 - .../Invoices/Actions/SubmitInvoiceAction.php | 23 - .../Invoices/Actions/UploadInvoiceAction.php | 49 - app/Modules/Invoices/InvoiceController.php | 151 - app/Modules/Invoices/InvoiceModel.php | 34 - app/Modules/Risks/RiskController.php | 50 - .../Subscriptions/SubscriptionController.php | 29 - .../Subscriptions/SubscriptionModel.php | 19 - app/Modules/Tenants/TenantController.php | 29 - app/Modules/Tenants/TenantModel.php | 19 - app/Modules/Users/UserModel.php | 41 - app/Modules/Users/UsersController.php | 130 - .../AI/Contracts/AIProviderInterface.php | 31 - app/Services/AI/GeminiProvider.php | 77 - app/Services/AI/OpenAIProvider.php | 84 - app/Services/AiExtractionService.php | 89 - app/Services/AuditService.php | 40 - app/Services/FileStorageService.php | 63 - app/Services/JoFotara/JoFotaraGateway.php | 74 - app/Services/JoFotara/UBLGeneratorService.php | 147 - app/Services/QueueService.php | 83 - app/Services/RiskAnalysisService.php | 77 - app/Services/Security/EncryptionService.php | 48 - app/Services/Security/HmacService.php | 50 - app/Services/Security/JwtService.php | 49 - app/Services/SubscriptionService.php | 47 - app/Services/TaxValidationService.php | 72 - app/Services/TotpService.php | 67 - app/bootstrap/auth.php | 19 + app/bootstrap/env.php | 21 + app/bootstrap/init.php | 29 + app/bootstrap/response.php | 25 + app/config/database.php | 13 + app/helpers/helpers.php | 34 + app/modules_app/auth/login.php | 58 + app/modules_app/auth/logout.php | 18 + app/modules_app/auth/refresh.php | 41 + app/modules_app/trips/index.php | 28 + app/modules_app/users/index.php | 23 + config/app.php | 10 - config/auth.php | 11 - config/database.php | 12 - config/secrets.php | 7 - config/services.php | 28 - database/migrations/001_initial_schema.sql | 41 - database/migrations/002_core_modules.sql | 47 - database/migrations/003_invoices.sql | 69 - database/migrations/004_system.sql | 80 - database/migrations/005_notifications.sql | 12 - database/schema.sql | 260 - musadaq_full_code.md | 5894 ----------------- phpunit.xml | 18 - public/assets/css/app.css | 85 - public/assets/js/api.js | 55 - public/index.html | 102 - public/index.php | 176 +- public/shell.php | 476 -- push.sh | 26 +- queue/Jobs/ExtractInvoiceJob.php | 74 - queue/Jobs/RiskAnalysisJob.php | 42 - queue/Jobs/SendNotificationJob.php | 37 - queue/Jobs/SubmitJoFotaraJob.php | 81 - queue/worker.php | 66 - scripts/aggregate_project.py | 51 - scripts/migrate.php | 64 - scripts/seed.php | 38 - supervisor.conf | 9 - sync-to-server.sh | 53 - tests/Feature/AuthTest.php | 19 - tests/Unit/HmacTest.php | 44 - tests/Unit/TaxValidationTest.php | 52 - tests/Unit/TotpServiceTest.php | 30 - 102 files changed, 525 insertions(+), 11371 deletions(-) delete mode 100644 app/Core/Application.php delete mode 100644 app/Core/Container.php create mode 100644 app/Core/JWT.php delete mode 100644 app/Core/Redis.php delete mode 100644 app/Core/Request.php delete mode 100644 app/Core/Response.php delete mode 100644 app/Core/Router.php create mode 100644 app/Core/Security.php create mode 100644 app/Core/Validator.php delete mode 100644 app/Core/helpers.php delete mode 100644 app/Middleware/CsrfMiddleware.php delete mode 100644 app/Middleware/HmacMiddleware.php delete mode 100644 app/Middleware/RoleMiddleware.php delete mode 100644 app/Middleware/TenantMiddleware.php delete mode 100644 app/Models/BaseModel.php delete mode 100644 app/Modules/AI/AIController.php delete mode 100644 app/Modules/Admin/AdminController.php delete mode 100644 app/Modules/ApiKeys/ApiKeyController.php delete mode 100644 app/Modules/ApiKeys/ApiKeyModel.php delete mode 100644 app/Modules/Auth/AuthController.php delete mode 100644 app/Modules/Auth/AuthService.php delete mode 100644 app/Modules/Companies/CompanyController.php delete mode 100644 app/Modules/Companies/CompanyModel.php delete mode 100644 app/Modules/Companies/CompanyService.php delete mode 100644 app/Modules/Dashboard/DashboardController.php delete mode 100644 app/Modules/Invoices/Actions/DownloadInvoiceFileAction.php delete mode 100644 app/Modules/Invoices/Actions/GetInvoiceDetailAction.php delete mode 100644 app/Modules/Invoices/Actions/ListInvoicesAction.php delete mode 100644 app/Modules/Invoices/Actions/SubmitInvoiceAction.php delete mode 100644 app/Modules/Invoices/Actions/UploadInvoiceAction.php delete mode 100644 app/Modules/Invoices/InvoiceController.php delete mode 100644 app/Modules/Invoices/InvoiceModel.php delete mode 100644 app/Modules/Risks/RiskController.php delete mode 100644 app/Modules/Subscriptions/SubscriptionController.php delete mode 100644 app/Modules/Subscriptions/SubscriptionModel.php delete mode 100644 app/Modules/Tenants/TenantController.php delete mode 100644 app/Modules/Tenants/TenantModel.php delete mode 100644 app/Modules/Users/UserModel.php delete mode 100644 app/Modules/Users/UsersController.php delete mode 100644 app/Services/AI/Contracts/AIProviderInterface.php delete mode 100644 app/Services/AI/GeminiProvider.php delete mode 100644 app/Services/AI/OpenAIProvider.php delete mode 100644 app/Services/AiExtractionService.php delete mode 100644 app/Services/AuditService.php delete mode 100644 app/Services/FileStorageService.php delete mode 100644 app/Services/JoFotara/JoFotaraGateway.php delete mode 100644 app/Services/JoFotara/UBLGeneratorService.php delete mode 100644 app/Services/QueueService.php delete mode 100644 app/Services/RiskAnalysisService.php delete mode 100644 app/Services/Security/EncryptionService.php delete mode 100644 app/Services/Security/HmacService.php delete mode 100644 app/Services/Security/JwtService.php delete mode 100644 app/Services/SubscriptionService.php delete mode 100644 app/Services/TaxValidationService.php delete mode 100644 app/Services/TotpService.php create mode 100644 app/bootstrap/auth.php create mode 100644 app/bootstrap/env.php create mode 100644 app/bootstrap/init.php create mode 100644 app/bootstrap/response.php create mode 100644 app/config/database.php create mode 100644 app/helpers/helpers.php create mode 100644 app/modules_app/auth/login.php create mode 100644 app/modules_app/auth/logout.php create mode 100644 app/modules_app/auth/refresh.php create mode 100644 app/modules_app/trips/index.php create mode 100644 app/modules_app/users/index.php delete mode 100644 config/app.php delete mode 100644 config/auth.php delete mode 100644 config/database.php delete mode 100644 config/secrets.php delete mode 100644 config/services.php delete mode 100644 database/migrations/001_initial_schema.sql delete mode 100644 database/migrations/002_core_modules.sql delete mode 100644 database/migrations/003_invoices.sql delete mode 100644 database/migrations/004_system.sql delete mode 100644 database/migrations/005_notifications.sql delete mode 100644 database/schema.sql delete mode 100644 musadaq_full_code.md delete mode 100644 phpunit.xml delete mode 100644 public/assets/css/app.css delete mode 100644 public/assets/js/api.js delete mode 100644 public/index.html delete mode 100644 public/shell.php delete mode 100644 queue/Jobs/ExtractInvoiceJob.php delete mode 100644 queue/Jobs/RiskAnalysisJob.php delete mode 100644 queue/Jobs/SendNotificationJob.php delete mode 100644 queue/Jobs/SubmitJoFotaraJob.php delete mode 100644 queue/worker.php delete mode 100644 scripts/aggregate_project.py delete mode 100644 scripts/migrate.php delete mode 100644 scripts/seed.php delete mode 100644 supervisor.conf delete mode 100755 sync-to-server.sh delete mode 100644 tests/Feature/AuthTest.php delete mode 100644 tests/Unit/HmacTest.php delete mode 100644 tests/Unit/TaxValidationTest.php delete mode 100644 tests/Unit/TotpServiceTest.php diff --git a/app/Core/Application.php b/app/Core/Application.php deleted file mode 100644 index c6f7ace..0000000 --- a/app/Core/Application.php +++ /dev/null @@ -1,87 +0,0 @@ -load(); - - // 2. Set Timezone - date_default_timezone_set($_ENV['APP_TIMEZONE'] ?? 'Asia/Amman'); - - // 3. Initialize Core Components - $this->container = new Container(); - - // 4. Load Configurations - $this->loadConfigs($basePath); - - $this->router = new Router($this->container); - - // Register core services in container - $this->container->set(Container::class, $this->container); - $this->container->set(Router::class, $this->router); - } - - private function loadConfigs(string $basePath): void - { - $configPath = $basePath . '/config'; - $configs = []; - - foreach (glob($configPath . '/*.php') as $file) { - $key = basename($file, '.php'); - $configs[$key] = require $file; - } - - self::$config = $configs; - $this->container->set('config', $configs); - } - - public function getRouter(): Router - { - return $this->router; - } - - public function run(): void - { - // 1. Security Headers - header('X-Content-Type-Options: nosniff'); - header('X-Frame-Options: DENY'); - header('X-XSS-Protection: 1; mode=block'); - header('Strict-Transport-Security: max-age=31536000; includeSubDomains; preload'); - header('Referrer-Policy: strict-origin-when-cross-origin'); - header('Permissions-Policy: camera=(), microphone=(), geolocation=()'); - header('Content-Security-Policy: default-src \'self\'; script-src \'self\' cdn.tailwindcss.com unpkg.com; style-src \'self\' \'unsafe-inline\' fonts.googleapis.com; font-src fonts.gstatic.com'); - header_remove('X-Powered-By'); - - try { - $request = new Request(); - $this->router->dispatch($request, $this->container); - } catch (\Throwable $e) { - // Global Exception Handler - Response::error( - 'حدث خطأ غير متوقع في النظام', - 'INTERNAL_SERVER_ERROR', - 500, - [ - 'message' => $e->getMessage(), - 'file' => $e->getFile(), - 'line' => $e->getLine() - ] - ); - } - } -} diff --git a/app/Core/Container.php b/app/Core/Container.php deleted file mode 100644 index 28c62ab..0000000 --- a/app/Core/Container.php +++ /dev/null @@ -1,72 +0,0 @@ -instances[$id] = $concrete; - } - - public function get(string $id): mixed - { - if (isset($this->instances[$id])) { - if ($this->instances[$id] instanceof \Closure) { - $this->instances[$id] = ($this->instances[$id])($this); - } - return $this->instances[$id]; - } - - return $this->resolve($id); - } - - public function resolve(string $id): mixed - { - if (!class_exists($id)) { - throw new Exception("Class {$id} cannot be resolved."); - } - - $reflection = new ReflectionClass($id); - - if (!$reflection->isInstantiable()) { - throw new Exception("Class {$id} is not instantiable."); - } - - $constructor = $reflection->getConstructor(); - - if (is_null($constructor)) { - return new $id(); - } - - $parameters = $constructor->getParameters(); - $dependencies = []; - - foreach ($parameters as $parameter) { - $type = $parameter->getType(); - - if (!$type instanceof ReflectionNamedType || $type->isBuiltin()) { - if ($parameter->isDefaultValueAvailable()) { - $dependencies[] = $parameter->getDefaultValue(); - continue; - } - throw new Exception("Unable to resolve parameter '{$parameter->getName()}' in class {$id}"); - } - - $dependencies[] = $this->get($type->getName()); - } - - $instance = $reflection->newInstanceArgs($dependencies); - $this->instances[$id] = $instance; - - return $instance; - } -} diff --git a/app/Core/Database.php b/app/Core/Database.php index 93c8c76..d4bdb9d 100644 --- a/app/Core/Database.php +++ b/app/Core/Database.php @@ -1,4 +1,7 @@ PDO::ERRMODE_EXCEPTION, - PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, - PDO::ATTR_EMULATE_PREPARES => false, - ]; + $config = require APP_PATH . '/config/database.php'; + + $dsn = sprintf( + "mysql:host=%s;port=%s;dbname=%s;charset=%s", + $config['host'], + $config['port'], + $config['database'], + $config['charset'] + ); try { - self::$instance = new PDO($dsn, $user, $pass, $options); + self::$instance = new PDO($dsn, $config['username'], $config['password'], [ + PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, + PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, + PDO::ATTR_EMULATE_PREPARES => false, + ]); } catch (PDOException $e) { - throw new Exception("Database Connection Error: " . $e->getMessage()); + http_response_code(500); + header('Content-Type: application/json'); + echo json_encode(['success' => false, 'message' => 'Database connection failed']); + exit; } } diff --git a/app/Core/JWT.php b/app/Core/JWT.php new file mode 100644 index 0000000..670f203 --- /dev/null +++ b/app/Core/JWT.php @@ -0,0 +1,52 @@ + 'JWT', 'alg' => 'HS256']); + $base64UrlHeader = self::base64UrlEncode($header); + $base64UrlPayload = self::base64UrlEncode(json_encode($payload)); + + $signature = hash_hmac('sha256', $base64UrlHeader . "." . $base64UrlPayload, $secret, true); + $base64UrlSignature = self::base64UrlEncode($signature); + + return $base64UrlHeader . "." . $base64UrlPayload . "." . $base64UrlSignature; + } + + public static function decode(string $token, string $secret): ?array + { + $parts = explode('.', $token); + if (count($parts) !== 3) return null; + + [$header, $payload, $signature] = $parts; + + $expectedSignature = self::base64UrlEncode(hash_hmac('sha256', $header . "." . $payload, $secret, true)); + + if (!hash_equals($expectedSignature, $signature)) return null; + + $decodedPayload = json_decode(self::base64UrlDecode($payload), true); + + // Check expiry + if (isset($decodedPayload['exp']) && $decodedPayload['exp'] < time()) return null; + + return $decodedPayload; + } +} diff --git a/app/Core/Redis.php b/app/Core/Redis.php deleted file mode 100644 index 7f6f224..0000000 --- a/app/Core/Redis.php +++ /dev/null @@ -1,33 +0,0 @@ - 'tcp', - 'host' => $_ENV['REDIS_HOST'] ?? '127.0.0.1', - 'port' => $_ENV['REDIS_PORT'] ?? 6379, - 'password' => $_ENV['REDIS_PASSWORD'] ?: null, - ]); - } catch (Exception $e) { - // If Redis fails, we might want to log it or handle gracefully - // depending on how critical it is. - throw new Exception("Redis Connection Error: " . $e->getMessage()); - } - } - - return self::$instance; - } -} diff --git a/app/Core/Request.php b/app/Core/Request.php deleted file mode 100644 index fb82505..0000000 --- a/app/Core/Request.php +++ /dev/null @@ -1,58 +0,0 @@ -method = $_SERVER['REQUEST_METHOD']; - - // Read API path from query string: index.php?route=/api/v1/auth/login - $this->path = $_GET['route'] ?? parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH); - $this->headers = getallheaders(); - $this->queryParams = $_GET; - $this->files = $_FILES; - - $contentType = $this->getHeader('Content-Type') ?? $_SERVER['CONTENT_TYPE'] ?? ''; - if ($contentType && str_contains(strtolower($contentType), 'application/json')) { - $this->body = json_decode(file_get_contents('php://input'), true) ?? []; - } else { - $this->body = $_POST; - } - } - - public function getMethod(): string { return $this->method; } - public function getPath(): string { return $this->path; } - public function getHeaders(): array { return $this->headers; } - public function getQueryParams(): array { return $this->queryParams; } - public function getBody(): array { return $this->body; } - public function getFiles(): array { return $this->files; } - - public function getHeader(string $name): ?string - { - $name = strtolower($name); - foreach ($this->headers as $key => $value) { - if (strtolower($key) === $name) { - return $value; - } - } - return null; - } - - public function input(string $key, mixed $default = null): mixed - { - return $this->body[$key] ?? $this->queryParams[$key] ?? $default; - } -} diff --git a/app/Core/Response.php b/app/Core/Response.php deleted file mode 100644 index 1fc90d9..0000000 --- a/app/Core/Response.php +++ /dev/null @@ -1,45 +0,0 @@ - 'application/json; charset=utf-8'], $headers)); - } - - public static function error(string $messageAr, string $code, int $status = 400, ?array $details = null): void - { - $data = [ - 'success' => false, - 'error' => [ - 'message_ar' => $messageAr, - 'code' => $code, - 'details' => $details - ] - ]; - self::json($data, $status); - } - - private static function send(mixed $data, int $status, array $headers): void - { - http_response_code($status); - - foreach ($headers as $name => $value) { - header("$name: $value"); - } - - // Apply Security Headers - header('X-Content-Type-Options: nosniff'); - header('X-Frame-Options: DENY'); - header('X-XSS-Protection: 1; mode=block'); - header('Referrer-Policy: strict-origin-when-cross-origin'); - header_remove('X-Powered-By'); - - echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT); - exit; - } -} diff --git a/app/Core/Router.php b/app/Core/Router.php deleted file mode 100644 index 3a5b2c0..0000000 --- a/app/Core/Router.php +++ /dev/null @@ -1,94 +0,0 @@ -container = $container; - } - - public function addRoute(string $method, string $path, array|callable $handler): void - { - $this->routes[] = [$method, $path, $handler]; - } - - public function dispatch(Request $request): void - { - $dispatcher = simpleDispatcher(function (RouteCollector $r) { - foreach ($this->routes as $route) { - $r->addRoute($route[0], $route[1], $route[2]); - } - }); - - $routeInfo = $dispatcher->dispatch($request->getMethod(), $request->getPath()); - - switch ($routeInfo[0]) { - case \FastRoute\Dispatcher::NOT_FOUND: - Response::error('المسار غير موجود', 'NOT_FOUND', 404); - break; - case \FastRoute\Dispatcher::METHOD_NOT_ALLOWED: - Response::error('الطريقة غير مسموح بها', 'METHOD_NOT_ALLOWED', 405); - break; - case \FastRoute\Dispatcher::FOUND: - $handler = $routeInfo[1]; - $vars = $routeInfo[2]; - - $this->executeHandler($handler, $request, $this->container, $vars); - break; - } - } - - private function executeHandler(mixed $handler, Request $request, Container $container, array $vars): void - { - if (is_array($handler) && isset($handler['middleware'])) { - $middlewares = (array) $handler['middleware']; - $finalHandler = $handler['handler']; - - $pipeline = $this->createPipeline($middlewares, $finalHandler, $container, $vars); - $pipeline($request); - } else { - $this->callHandler($handler, $request, $container, $vars); - } - } - - private function createPipeline(array $middlewares, mixed $handler, Container $container, array $vars): callable - { - return array_reduce( - array_reverse($middlewares), - function ($next, $middleware) use ($container) { - return function ($request) use ($next, $middleware, $container) { - $parts = explode(':', $middleware); - $className = $parts[0]; - $args = isset($parts[1]) ? explode(',', $parts[1]) : []; - - $instance = $container->get($className); - return $instance->handle($request, $next, ...$args); - }; - }, - function ($request) use ($handler, $container, $vars) { - $this->callHandler($handler, $request, $container, $vars); - } - ); - } - - private function callHandler(mixed $handler, Request $request, Container $container, array $vars): void - { - if (is_array($handler)) { - [$controllerClass, $method] = $handler; - $controller = $container->get($controllerClass); - $controller->$method($request, ...array_values($vars)); - } else { - $handler($request, ...array_values($vars)); - } - } -} diff --git a/app/Core/Security.php b/app/Core/Security.php new file mode 100644 index 0000000..a68fdf9 --- /dev/null +++ b/app/Core/Security.php @@ -0,0 +1,21 @@ + $rule) { + if (str_contains($rule, 'required') && (empty($data[$field]) && $data[$field] !== '0')) { + $errors[$field] = "The {$field} field is required."; + } + if (str_contains($rule, 'email') && !empty($data[$field]) && !filter_var($data[$field], FILTER_VALIDATE_EMAIL)) { + $errors[$field] = "The {$field} must be a valid email address."; + } + } + return $errors; + } +} diff --git a/app/Core/helpers.php b/app/Core/helpers.php deleted file mode 100644 index 5d29393..0000000 --- a/app/Core/helpers.php +++ /dev/null @@ -1,37 +0,0 @@ -getHeader('Authorization'); - - if (!$authHeader || !str_starts_with($authHeader, 'Bearer ')) { - Response::error('يجب تسجيل الدخول للوصول إلى هذا المورد', 'UNAUTHORIZED', 401); - return null; + $headers = getallheaders(); + $authHeader = $headers['Authorization'] ?? $headers['authorization'] ?? ''; + + if (!str_starts_with($authHeader, 'Bearer ')) { + json_error('Unauthorized: Missing or invalid token', 401); } $token = substr($authHeader, 7); - - try { - $decoded = $this->jwtService->verifyToken($token); - - // Check if JTI is blacklisted - $jti = $decoded['jti'] ?? null; - if ($jti) { - try { - $redis = \App\Core\Redis::getInstance(); - if ($redis->exists('jwt_blacklist:' . $jti)) { - Response::error('الجلسة منتهية، يرجى تسجيل الدخول من جديد', 'TOKEN_REVOKED', 401); - return null; - } - } catch (\Throwable $e) { - // Redis down — allow (fail open, log security event) - error_log('[AUTH] JWT blacklist check failed: ' . $e->getMessage()); - } - } - - $request->user = (object) $decoded; - $request->tenantId = $decoded['tenant_id'] ?? null; - } catch (Exception $e) { - Response::error('جلسة العمل منتهية أو غير صالحة', 'UNAUTHORIZED', 401); - return null; + $secret = env('JWT_SECRET'); + + $decoded = JWT::decode($token, $secret); + + if (!$decoded) { + json_error('Unauthorized: Invalid or expired token', 401); } - return $next($request); + return $decoded; } } diff --git a/app/Middleware/CsrfMiddleware.php b/app/Middleware/CsrfMiddleware.php deleted file mode 100644 index de08be3..0000000 --- a/app/Middleware/CsrfMiddleware.php +++ /dev/null @@ -1,43 +0,0 @@ -getMethod(), ['GET', 'HEAD', 'OPTIONS'])) { - return $next($request); - } - - // For APIs, we often use a custom header or check origin - // If we use sessions for tokens: - if (session_status() === PHP_SESSION_NONE) { - session_start(); - } - - $token = $request->getHeader('X-CSRF-TOKEN') ?: ($request->getBody()['_csrf'] ?? null); - $sessionToken = $_SESSION['csrf_token'] ?? null; - - if (!$token || !$sessionToken || !hash_equals($sessionToken, $token)) { - // For now, if we are purely API with Bearer token, we might skip this. - // But if the request has a session or cookie, it's mandatory. - - // If the Authorization header is present, we might assume it's an API call - // that is naturally protected against CSRF if not using cookies for Auth. - if ($request->getHeader('Authorization')) { - return $next($request); - } - - Response::error('رمز الحماية (CSRF) غير صالح أو مفقود', 'CSRF_INVALID', 403); - return null; - } - - return $next($request); - } -} diff --git a/app/Middleware/HmacMiddleware.php b/app/Middleware/HmacMiddleware.php deleted file mode 100644 index 78c674d..0000000 --- a/app/Middleware/HmacMiddleware.php +++ /dev/null @@ -1,60 +0,0 @@ -getHeader('X-Api-Key'); - $signature = $request->getHeader('X-Signature'); - $timestamp = $request->getHeader('X-Timestamp'); - $nonce = $request->getHeader('X-Nonce'); - - if (!$publicKey || !$signature || !$timestamp || !$nonce) { - Response::error('بيانات التوقيع (HMAC) ناقصة', 'HMAC_MISSING', 401); - return null; - } - - // 1. Lookup Secret by Public Key - $db = Database::getInstance(); - $stmt = $db->prepare("SELECT secret_hash, tenant_id FROM api_keys WHERE public_key = ? AND is_active = 1 LIMIT 1"); - $stmt->execute([$publicKey]); - $apiKey = $stmt->fetch(); - - if (!$apiKey) { - Response::error('مفتاح API غير صالح', 'HMAC_INVALID_KEY', 401); - return null; - } - - // 2. Verify Signature - // Note: secret_hash in DB is the actual secret for signing - $isValid = $this->hmac->verify( - $apiKey['secret_hash'], - $request->getMethod(), - $request->getPath(), - $timestamp, - $nonce, - json_encode($request->getBody()), - $signature - ); - - if (!$isValid) { - Response::error('توقيع الطلب غير صحيح', 'HMAC_INVALID_SIGNATURE', 401); - return null; - } - - // 3. Set context - $request->tenantId = $apiKey['tenant_id']; - - return $next($request); - } -} diff --git a/app/Middleware/RateLimitMiddleware.php b/app/Middleware/RateLimitMiddleware.php index 7f1c37d..32480d8 100644 --- a/app/Middleware/RateLimitMiddleware.php +++ b/app/Middleware/RateLimitMiddleware.php @@ -1,36 +1,53 @@ getPath() . "|" . $ip); - - $current = $redis->get($key); - - if ($current && (int)$current >= $limit) { - Response::error('لقد تجاوزت الحد المسموح من الطلبات، يرجى المحاولة لاحقاً', 'RATE_LIMIT_EXCEEDED', 429); - return null; + $ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown'; + $cacheDir = STORAGE_PATH . '/cache'; + $cacheFile = $cacheDir . '/rate_limit_' . md5($ip) . '.json'; + + // Ensure cache directory exists + if (!is_dir($cacheDir)) { + mkdir($cacheDir, 0755, true); } - - if (!$current) { - $redis->setex($key, $window, 1); - } else { - $redis->incr($key); + + $now = time(); + $requests = []; + + // Read existing requests if file exists and is writable + if (file_exists($cacheFile)) { + $content = file_get_contents($cacheFile); + if ($content !== false) { + $data = json_decode($content, true); + if (is_array($data)) { + // Filter out requests older than the time window + $requests = array_filter($data, fn($timestamp) => $timestamp > ($now - $timeWindow)); + } + } } - - return $next($request); + + // Check limit + if (count($requests) >= $maxRequests) { + json_error('Too Many Requests. Please try again later.', 429); + } + + // Add current request + $requests[] = $now; + + // Save back to file + file_put_contents($cacheFile, json_encode(array_values($requests))); } } diff --git a/app/Middleware/RoleMiddleware.php b/app/Middleware/RoleMiddleware.php deleted file mode 100644 index 24f1512..0000000 --- a/app/Middleware/RoleMiddleware.php +++ /dev/null @@ -1,37 +0,0 @@ -user ?? null; - - if (!$user) { - Response::error('يجب تسجيل الدخول للوصول إلى هذا المورد', 'UNAUTHORIZED', 401); - return null; - } - - // Check if user role is in the allowed roles - // $user->role is an object property since we cast it in AuthMiddleware - if (!in_array($user->role, $roles)) { - Response::error('غير مسموح لك بالقيام بهذا الإجراء', 'FORBIDDEN', 403); - return null; - } - - return $next($request); - } -} diff --git a/app/Middleware/TenantMiddleware.php b/app/Middleware/TenantMiddleware.php deleted file mode 100644 index 7ec756b..0000000 --- a/app/Middleware/TenantMiddleware.php +++ /dev/null @@ -1,43 +0,0 @@ -tenantId ?? null; - - if (!$tenantId) { - Response::error('المستأجر غير معروف', 'TENANT_NOT_FOUND', 400); - return null; - } - - // Check if tenant exists and is active - try { - $db = Database::getInstance(); - $stmt = $db->prepare("SELECT status FROM tenants WHERE id = ? AND deleted_at IS NULL"); - $stmt->execute([$tenantId]); - $tenant = $stmt->fetch(); - - if (!$tenant) { - Response::error('المستأجر غير موجود', 'TENANT_NOT_FOUND', 404); - return null; - } - - if ($tenant['status'] === 'suspended') { - Response::error('تم إيقاف حساب المستأجر', 'TENANT_SUSPENDED', 403); - return null; - } - } catch (\Exception $e) { - Response::error('خطأ في الاتصال بقاعدة البيانات', 'DATABASE_ERROR', 500); - return null; - } - - return $next($request); - } -} diff --git a/app/Models/BaseModel.php b/app/Models/BaseModel.php deleted file mode 100644 index f4bba1e..0000000 --- a/app/Models/BaseModel.php +++ /dev/null @@ -1,66 +0,0 @@ -db()->prepare("SELECT * FROM {$this->table} WHERE {$this->primaryKey} = ? AND deleted_at IS NULL LIMIT 1"); - $stmt->execute([$id]); - return $stmt->fetch() ?: null; - } - - public function create(array $data): string|bool - { - $columns = implode(', ', array_keys($data)); - $placeholders = implode(', ', array_fill(0, count($data), '?')); - - $sql = "INSERT INTO {$this->table} ({$columns}) VALUES ({$placeholders})"; - $stmt = $this->db()->prepare($sql); - - if ($stmt->execute(array_values($data))) { - return $data[$this->primaryKey] ?? $this->db()->lastInsertId(); - } - - return false; - } - - public function update(string $id, array $data): bool - { - $sets = []; - foreach (array_keys($data) as $column) { - $sets[] = "{$column} = ?"; - } - $setString = implode(', ', $sets); - - $sql = "UPDATE {$this->table} SET {$setString} WHERE {$this->primaryKey} = ?"; - $stmt = $this->db()->prepare($sql); - - $params = array_values($data); - $params[] = $id; - - return $stmt->execute($params); - } - - public function delete(string $id): bool - { - $sql = "UPDATE {$this->table} SET deleted_at = NOW() WHERE {$this->primaryKey} = ?"; - $stmt = $this->db()->prepare($sql); - return $stmt->execute([$id]); - } -} diff --git a/app/Modules/AI/AIController.php b/app/Modules/AI/AIController.php deleted file mode 100644 index d7d38ad..0000000 --- a/app/Modules/AI/AIController.php +++ /dev/null @@ -1,83 +0,0 @@ -httpClient = new Client(); - $this->apiKey = $_ENV['GEMINI_API_KEY'] ?? ''; - $this->model = $_ENV['GEMINI_MODEL'] ?? 'gemini-2.0-flash'; - } - - public function query(Request $request): void - { - $userQuery = $request->input('query'); - if (!$userQuery) { - Response::error('يرجى تقديم استفسار', 'MISSING_QUERY', 422); - return; - } - - try { - // 1. Fetch current context data (Summary of stats) - $stats = $this->getQuickStats($request->tenantId); - - // 2. Ask Gemini to interpret and answer - $prompt = "You are Musadaq AI Assistant for a Jordanian E-Invoicing SaaS. " . - "The user is asking: \"{$userQuery}\". " . - "Current User Context: Tenant ID {$request->tenantId}. " . - "Current Data Summary: " . json_encode($stats) . ". " . - "Answer the user in a friendly Arabic tone (Jordanian dialect is okay). " . - "Keep it professional and concise. If you don't have the specific data, say so politely."; - - $response = $this->httpClient->post("https://generativelanguage.googleapis.com/v1beta/models/{$this->model}:generateContent?key={$this->apiKey}", [ - 'json' => [ - 'contents' => [['parts' => [['text' => $prompt]]]] - ] - ]); - - $data = json_decode($response->getBody()->getContents(), true); - $answer = $data['candidates'][0]['content']['parts'][0]['text'] ?? 'عذراً، لم أستطع فهم الاستفسار حالياً.'; - - Response::json([ - 'success' => true, - 'data' => [ - 'answer' => $answer - ] - ]); - - } catch (Throwable $e) { - Response::error('فشل معالجة الاستعلام الذكي', 'AI_QUERY_FAILED', 500, [ - 'error' => $e->getMessage() - ]); - } - } - - private function getQuickStats(string $tenantId): array - { - $db = Database::getInstance(); - - $totalInvoices = $db->prepare("SELECT COUNT(*) as total FROM invoices WHERE tenant_id = ?"); - $totalInvoices->execute([$tenantId]); - - $approvedCount = $db->prepare("SELECT COUNT(*) as total FROM invoices WHERE tenant_id = ? AND status = 'approved'"); - $approvedCount->execute([$tenantId]); - - return [ - 'total_invoices' => $totalInvoices->fetch()['total'], - 'approved_invoices' => $approvedCount->fetch()['total'], - 'current_month' => date('F Y') - ]; - } -} diff --git a/app/Modules/Admin/AdminController.php b/app/Modules/Admin/AdminController.php deleted file mode 100644 index e9e2d17..0000000 --- a/app/Modules/Admin/AdminController.php +++ /dev/null @@ -1,76 +0,0 @@ -user->role !== 'super_admin') { - Response::error('غير مصرح لك بالوصول لهذه البيانات', 'FORBIDDEN', 403); - return; - } - - $db = Database::getInstance(); - $stmt = $db->prepare("SELECT t.*, (SELECT COUNT(*) FROM invoices WHERE tenant_id = t.id) as invoice_count FROM tenants t"); - $stmt->execute(); - $tenants = $stmt->fetchAll(); - - Response::json(['success' => true, 'data' => $tenants]); - } - - public function getSystemStats(Request $request): void - { - if ($request->user->role !== 'super_admin') { - Response::error('Forbidden', 'FORBIDDEN', 403); - return; - } - - $db = Database::getInstance(); - - $stats = [ - 'total_tenants' => (int)$db->query("SELECT COUNT(*) FROM tenants")->fetchColumn(), - 'total_invoices' => (int)$db->query("SELECT COUNT(*) FROM invoices")->fetchColumn(), - 'total_users' => (int)$db->query("SELECT COUNT(*) FROM users")->fetchColumn(), - 'active_subscriptions' => (int)$db->query("SELECT COUNT(*) FROM subscriptions WHERE status = 'active'")->fetchColumn() - ]; - - Response::json(['success' => true, 'data' => $stats]); - } - - public function getQueueStatus(Request $request): void - { - if ($request->user->role !== 'super_admin') { - Response::error('Forbidden', 'FORBIDDEN', 403); - return; - } - - $db = Database::getInstance(); - $stmt = $db->prepare("SELECT status, COUNT(*) as count FROM queue_jobs GROUP BY status"); - $stmt->execute(); - $counts = $stmt->fetchAll(); - - Response::json(['success' => true, 'data' => $counts]); - } - - public function health(Request $request): void - { - $dbStatus = 'ok'; - try { Database::getInstance()->query("SELECT 1"); } catch (\Throwable $e) { $dbStatus = 'error'; } - - $redisStatus = 'ok'; - try { \App\Core\Redis::getInstance()->ping(); } catch (\Throwable $e) { $redisStatus = 'error'; } - - Response::json([ - 'success' => true, - 'data' => [ - 'database' => $dbStatus, - 'redis' => $redisStatus, - 'php_version' => PHP_VERSION, - 'server_time' => date('Y-m-d H:i:s') - ] - ]); - } -} diff --git a/app/Modules/ApiKeys/ApiKeyController.php b/app/Modules/ApiKeys/ApiKeyController.php deleted file mode 100644 index 531e524..0000000 --- a/app/Modules/ApiKeys/ApiKeyController.php +++ /dev/null @@ -1,63 +0,0 @@ -tenantId; - $db = Database::getInstance(); - - $stmt = $db->prepare("SELECT id, public_key, name, is_active, created_at FROM api_keys WHERE tenant_id = ? AND is_active = 1"); - $stmt->execute([$tenantId]); - $keys = $stmt->fetchAll(); - - Response::json(['success' => true, 'data' => $keys]); - } - - public function create(Request $request): void - { - $tenantId = $request->tenantId; - $data = $request->getBody(); - $name = $data['name'] ?? 'Default Key'; - - $publicKey = bin2hex(random_bytes(16)); // 32 chars - $secret = bin2hex(random_bytes(32)); // 64 chars - - $db = Database::getInstance(); - $stmt = $db->prepare("INSERT INTO api_keys (id, tenant_id, name, public_key, secret_hash, is_active, created_at) VALUES (?, ?, ?, ?, ?, 1, NOW())"); - - $id = \Ramsey\Uuid\Uuid::uuid4()->toString(); - $stmt->execute([ - $id, - $tenantId, - $name, - $publicKey, - password_hash($secret, PASSWORD_BCRYPT) - ]); - - Response::json([ - 'success' => true, - 'message' => 'تم إنشاء مفتاح API بنجاح. يرجى حفظ السر (Secret) الآن لأنه لن يظهر مرة أخرى.', - 'data' => [ - 'id' => $id, - 'public_key' => $publicKey, - 'secret' => $secret - ] - ], 201); - } - - public function revoke(Request $request, string $id): void - { - $tenantId = $request->tenantId; - $db = Database::getInstance(); - - $stmt = $db->prepare("UPDATE api_keys SET is_active = 0 WHERE id = ? AND tenant_id = ?"); - $stmt->execute([$id, $tenantId]); - - Response::json(['success' => true, 'message' => 'تم إيقاف مفتاح API بنجاح']); - } -} diff --git a/app/Modules/ApiKeys/ApiKeyModel.php b/app/Modules/ApiKeys/ApiKeyModel.php deleted file mode 100644 index d987511..0000000 --- a/app/Modules/ApiKeys/ApiKeyModel.php +++ /dev/null @@ -1,19 +0,0 @@ -db()->prepare("SELECT id, name, prefix, expires_at, last_used_at, is_active, created_at FROM {$this->table} WHERE tenant_id = ? AND deleted_at IS NULL"); - $stmt->execute([$tenantId]); - return $stmt->fetchAll(); - } -} diff --git a/app/Modules/Auth/AuthController.php b/app/Modules/Auth/AuthController.php deleted file mode 100644 index 533fba6..0000000 --- a/app/Modules/Auth/AuthController.php +++ /dev/null @@ -1,189 +0,0 @@ -input('email'); - $password = $request->input('password'); - - if (!$email || !$password) { - Response::error('يرجى إدخال البريد الإلكتروني وكلمة المرور', 'VALIDATION_ERROR', 422); - return; - } - - try { - $result = $this->authService->login($email, $password); - - // 2FA Check - if ($result['user']->totp_enabled) { - Response::json([ - 'success' => true, - 'requires_2fa' => true, - 'temp_token' => $result['access_token'] - ]); - return; - } - - // Set refresh token in HttpOnly cookie - setcookie('refresh_token', $result['refresh_token'], [ - 'expires' => time() + (60 * 60 * 24 * 7), - 'path' => '/api/v1/auth/refresh', - 'httponly' => true, - 'samesite' => 'Strict', - 'secure' => true - ]); - - unset($result['refresh_token']); - - Response::json([ - 'success' => true, - 'data' => $result, - 'message' => 'تم تسجيل الدخول بنجاح' - ]); - } catch (Throwable $e) { - Response::error($e->getMessage(), 'AUTH_FAILED', 401); - } - } - - public function me(Request $request): void - { - $db = \App\Core\Database::getInstance(); - $stmt = $db->prepare("SELECT id, tenant_id, name, email, role, totp_enabled FROM users WHERE id = ?"); - $stmt->execute([$request->user->user_id]); - $user = $stmt->fetch(); - - Response::json([ - 'success' => true, - 'data' => $user - ]); - } - - public function logout(Request $request): void - { - // Clear refresh token cookie - setcookie('refresh_token', '', [ - 'expires' => time() - 3600, - 'path' => '/api/v1/auth/refresh', - 'httponly' => true, - 'samesite' => 'Strict', - 'secure' => true - ]); - - Response::json([ - 'success' => true, - 'message' => 'تم تسجيل الخروج بنجاح' - ]); - } - - public function refresh(Request $request): void - { - $refreshToken = $_COOKIE['refresh_token'] ?? null; - - if (!$refreshToken) { - Response::error('رمز التجديد مفقود', 'UNAUTHORIZED', 401); - return; - } - - try { - $result = $this->authService->refresh($refreshToken); - - // Set new refresh token in HttpOnly cookie - setcookie('refresh_token', $result['refresh_token'], [ - 'expires' => time() + (60 * 60 * 24 * 7), - 'path' => '/api/v1/auth/refresh', - 'httponly' => true, - 'samesite' => 'Strict', - 'secure' => true - ]); - - unset($result['refresh_token']); - - Response::json([ - 'success' => true, - 'data' => $result, - 'message' => 'تم تجديد الجلسة بنجاح' - ]); - } catch (Throwable $e) { - Response::error($e->getMessage(), 'REFRESH_FAILED', 401); - } - } - public function register(Request $request): void - { - try { - $result = $this->authService->register($request->getBody()); - - // Set refresh token in HttpOnly cookie - setcookie('refresh_token', $result['refresh_token'], [ - 'expires' => time() + (60 * 60 * 24 * 7), - 'path' => '/api/v1/auth/refresh', - 'httponly' => true, - 'samesite' => 'Strict', - 'secure' => true - ]); - - unset($result['refresh_token']); - - Response::json([ - 'success' => true, - 'data' => $result, - 'message' => 'تم إنشاء الحساب وتسجيل الدخول بنجاح' - ]); - } catch (Throwable $e) { - Response::error($e->getMessage(), 'REGISTRATION_FAILED', 400); - } - } - - public function enable2FA(Request $request): void - { - $user = $request->user; - $totpService = new \App\Services\TotpService(); - $secret = $totpService->generateSecret(); - $qrUrl = $totpService->getQrCodeUrl($user->email, $secret); - - Response::json([ - 'success' => true, - 'data' => [ - 'secret' => $secret, - 'qr_url' => $qrUrl - ] - ]); - } - - public function verify2FA(Request $request): void - { - $data = $request->getBody(); - $code = $data['code'] ?? ''; - $secret = $data['secret'] ?? ''; - - $totpService = new \App\Services\TotpService(); - if ($totpService->verify($secret, $code)) { - $db = \App\Core\Database::getInstance(); - $stmt = $db->prepare("UPDATE users SET totp_secret = ?, totp_enabled = 1 WHERE id = ?"); - $stmt->execute([$secret, $request->user->user_id]); - - Response::json(['success' => true, 'message' => 'تم تفعيل التحقق الثنائي بنجاح']); - } else { - Response::error('رمز التحقق غير صحيح', 'INVALID_CODE', 400); - } - } - - public function disable2FA(Request $request): void - { - $db = \App\Core\Database::getInstance(); - $stmt = $db->prepare("UPDATE users SET totp_secret = NULL, totp_enabled = 0 WHERE id = ?"); - $stmt->execute([$request->user->user_id]); - - Response::json(['success' => true, 'message' => 'تم تعطيل التحقق الثنائي']); - } -} diff --git a/app/Modules/Auth/AuthService.php b/app/Modules/Auth/AuthService.php deleted file mode 100644 index e3121df..0000000 --- a/app/Modules/Auth/AuthService.php +++ /dev/null @@ -1,157 +0,0 @@ -userModel->findByEmail($email); - - if (!$user || !password_verify($password, $user['password_hash'])) { - throw new Exception("البريد الإلكتروني أو كلمة المرور غير صحيحة"); - } - - if (!$user['is_active']) { - throw new Exception("هذا الحساب معطل حالياً"); - } - - $accessToken = $this->jwtService->issueAccessToken([ - 'user_id' => $user['id'], - 'tenant_id' => $user['tenant_id'], - 'role' => $user['role'], - 'assigned_company_id' => $user['assigned_company_id'] - ]); - - $refreshToken = $this->jwtService->issueRefreshToken($user['id']); - - // Update refresh token hash in DB - $this->userModel->update($user['id'], [ - 'refresh_token_hash' => password_hash($refreshToken, PASSWORD_BCRYPT), - 'last_login_at' => date('Y-m-d H:i:s'), - 'last_login_ip' => $_SERVER['REMOTE_ADDR'] ?? null - ]); - - return [ - 'access_token' => $accessToken, - 'refresh_token' => $refreshToken, - 'user' => [ - 'id' => $user['id'], - 'name' => $user['name'], - 'email' => $user['email'], - 'role' => $user['role'], - 'assigned_company_id' => $user['assigned_company_id'] - ] - ]; - } - - public function refresh(string $refreshToken): array - { - $parts = explode('.', $refreshToken); - if (count($parts) !== 2) { - throw new Exception("رمز التجديد غير صالحة"); - } - - [$userId, $random] = $parts; - $user = $this->userModel->find($userId); - - if (!$user || !$user['is_active']) { - throw new Exception("المستخدم غير موجود أو معطل"); - } - - if (!$user['refresh_token_hash'] || !password_verify($refreshToken, $user['refresh_token_hash'])) { - throw new Exception("جلسة العمل منتهية، يرجى تسجيل الدخول مرة أخرى"); - } - - $accessToken = $this->jwtService->issueAccessToken([ - 'user_id' => $user['id'], - 'tenant_id' => $user['tenant_id'], - 'role' => $user['role'], - 'assigned_company_id' => $user['assigned_company_id'] - ]); - - $newRefreshToken = $this->jwtService->issueRefreshToken($user['id']); - - $this->userModel->update($user['id'], [ - 'refresh_token_hash' => password_hash($newRefreshToken, PASSWORD_BCRYPT) - ]); - - return [ - 'access_token' => $accessToken, - 'refresh_token' => $newRefreshToken, - 'user' => [ - 'id' => $user['id'], - 'name' => $user['name'], - 'email' => $user['email'], - 'role' => $user['role'], - 'assigned_company_id' => $user['assigned_company_id'] - ] - ]; - } - - public function register(array $data): array - { - // 1. Check if tenant already exists - if ($this->tenantModel->findByEmail($data['email'])) { - throw new Exception("هذا البريد الإلكتروني مسجل مسبقاً"); - } - - $tenantId = Uuid::uuid4()->toString(); - $userId = Uuid::uuid4()->toString(); - - // 2. Create Tenant - $this->tenantModel->create([ - 'id' => $tenantId, - 'name' => $data['tenant_name'], - 'email' => $data['email'], - 'status' => 'trial', - 'trial_ends_at' => date('Y-m-d H:i:s', strtotime('+14 days')) - ]); - - // 3. Create Subscription - $this->subscriptionModel->create([ - 'tenant_id' => $tenantId, - 'plan' => 'basic', - 'status' => 'trial' - ]); - - // 4. Create User - $this->userModel->create([ - 'id' => $userId, - 'tenant_id' => $tenantId, - 'name' => $data['user_name'], - 'email' => $data['email'], - 'password_hash' => password_hash($data['password'], PASSWORD_ARGON2ID), - 'role' => 'admin', - 'is_active' => 1 - ]); - - return $this->login($data['email'], $data['password']); - } - public function logout(string $jti, int $remaining): void - { - // Blacklist the JTI for its remaining lifetime - try { - $redis = \App\Core\Redis::getInstance(); - $redis->setex('jwt_blacklist:' . $jti, max($remaining, 1), '1'); - } catch (\Throwable $e) { - error_log('[AUTH] Could not blacklist JTI: ' . $e->getMessage()); - } - } -} diff --git a/app/Modules/Companies/CompanyController.php b/app/Modules/Companies/CompanyController.php deleted file mode 100644 index 801a176..0000000 --- a/app/Modules/Companies/CompanyController.php +++ /dev/null @@ -1,75 +0,0 @@ -tenantId; - $role = $request->user->role ?? 'viewer'; - $assignedCompanyId = $request->user->assigned_company_id ?? null; - - if ($role === 'super_admin') { - $companies = $this->companyModel->findByTenant($tenantId); - } else { - // Filter by assigned company - $db = \App\Core\Database::getInstance(); - $stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND id = ? AND deleted_at IS NULL"); - $stmt->execute([$tenantId, $assignedCompanyId]); - $companies = $stmt->fetchAll(); - } - - Response::json([ - 'success' => true, - 'data' => $companies - ]); - } - - public function create(Request $request): void - { - $data = $request->getBody(); - $data['tenant_id'] = $request->tenantId; - - try { - $companyId = $this->companyService->createCompany($data); - Response::json([ - 'success' => true, - 'data' => ['id' => $companyId], - 'message' => 'تم إضافة الشركة بنجاح' - ], 201); - } catch (Throwable $e) { - Response::error('فشل إضافة الشركة', 'CREATE_FAILED', 500); - } - } - - public function updateJoFotara(Request $request, string $id): void - { - $data = [ - 'jofotara_client_id' => $request->input('client_id'), - 'jofotara_secret_key' => $request->input('secret_key'), - 'is_jofotara_linked' => 1 - ]; - - try { - $this->companyService->updateJoFotara($id, $data); - Response::json([ - 'success' => true, - 'message' => 'تم تحديث بيانات جو-فواتير بنجاح' - ]); - } catch (Throwable $e) { - Response::error('فشل تحديث البيانات', 'UPDATE_FAILED', 500); - } - } -} diff --git a/app/Modules/Companies/CompanyModel.php b/app/Modules/Companies/CompanyModel.php deleted file mode 100644 index 181a259..0000000 --- a/app/Modules/Companies/CompanyModel.php +++ /dev/null @@ -1,19 +0,0 @@ -db()->prepare("SELECT * FROM {$this->table} WHERE tenant_id = ? AND deleted_at IS NULL"); - $stmt->execute([$tenantId]); - return $stmt->fetchAll(); - } -} diff --git a/app/Modules/Companies/CompanyService.php b/app/Modules/Companies/CompanyService.php deleted file mode 100644 index f756cef..0000000 --- a/app/Modules/Companies/CompanyService.php +++ /dev/null @@ -1,62 +0,0 @@ -toString(); - } - // Encrypt sensitive JoFotara credentials - if (isset($data['jofotara_client_id'])) { - $data['jofotara_client_id_encrypted'] = $this->encryption->encrypt($data['jofotara_client_id']); - unset($data['jofotara_client_id']); - } - - if (isset($data['jofotara_secret_key'])) { - $data['jofotara_secret_key_encrypted'] = $this->encryption->encrypt($data['jofotara_secret_key']); - unset($data['jofotara_secret_key']); - } - - return (string)$this->companyModel->create($data); - } - - public function updateJoFotara(string $id, array $data): bool - { - if (isset($data['jofotara_client_id'])) { - $data['jofotara_client_id_encrypted'] = $this->encryption->encrypt($data['jofotara_client_id']); - unset($data['jofotara_client_id']); - } - - if (isset($data['jofotara_secret_key'])) { - $data['jofotara_secret_key_encrypted'] = $this->encryption->encrypt($data['jofotara_secret_key']); - unset($data['jofotara_secret_key']); - } - - return $this->companyModel->update($id, $data); - } - - public function getJoFotaraCredentials(string $companyId): array - { - $company = $this->companyModel->find($companyId); - if (!$company) return []; - - return [ - 'clientId' => $company['jofotara_client_id_encrypted'] ? $this->encryption->decrypt($company['jofotara_client_id_encrypted']) : null, - 'secretKey' => $company['jofotara_secret_key_encrypted'] ? $this->encryption->decrypt($company['jofotara_secret_key_encrypted']) : null, - ]; - } -} diff --git a/app/Modules/Dashboard/DashboardController.php b/app/Modules/Dashboard/DashboardController.php deleted file mode 100644 index b3d1c68..0000000 --- a/app/Modules/Dashboard/DashboardController.php +++ /dev/null @@ -1,89 +0,0 @@ -tenantId; - $role = $request->user->role ?? 'viewer'; - $assignedCompanyId = $request->user->assigned_company_id ?? null; - $db = Database::getInstance(); - - // Build scope: accountants see only their company, admins see all tenant companies - $companyScope = ''; - $params = [$tenantId]; - if ($role === 'accountant' && $assignedCompanyId) { - $companyScope = ' AND i.company_id = ?'; - $params[] = $assignedCompanyId; - } - - // Invoices this month - $stmt = $db->prepare("SELECT COUNT(*) as c FROM invoices i - WHERE i.tenant_id = ? {$companyScope} AND MONTH(i.created_at) = MONTH(CURDATE()) AND YEAR(i.created_at) = YEAR(CURDATE()) AND i.deleted_at IS NULL"); - $stmt->execute($params); - $thisMonth = (int)$stmt->fetchColumn(); - - // Total invoices - $stmt = $db->prepare("SELECT COUNT(*) as c FROM invoices i WHERE i.tenant_id = ? {$companyScope} AND i.deleted_at IS NULL"); - $stmt->execute($params); - $total = (int)$stmt->fetchColumn(); - - // Status distribution - $stmt = $db->prepare("SELECT status, COUNT(*) as count FROM invoices i - WHERE i.tenant_id = ? {$companyScope} AND i.deleted_at IS NULL GROUP BY status"); - $stmt->execute($params); - $statusDistribution = $stmt->fetchAll(); - - // Approved count - $stmt = $db->prepare("SELECT COUNT(*) FROM invoices i - WHERE i.tenant_id = ? {$companyScope} AND i.status = 'approved' AND i.deleted_at IS NULL"); - $stmt->execute($params); - $approved = (int)$stmt->fetchColumn(); - - // Companies count - $stmt = $db->prepare("SELECT COUNT(*) FROM companies WHERE tenant_id = ? AND is_active = 1 AND deleted_at IS NULL"); - $stmt->execute([$tenantId]); - $companiesCount = (int)$stmt->fetchColumn(); - - // Subscription usage - $stmt = $db->prepare("SELECT max_invoices_per_month, invoices_used_this_month FROM subscriptions WHERE tenant_id = ?"); - $stmt->execute([$tenantId]); - $sub = $stmt->fetch(); - $usagePct = $sub && $sub['max_invoices_per_month'] > 0 - ? round(($sub['invoices_used_this_month'] / $sub['max_invoices_per_month']) * 100) - : 0; - - // Recent invoices with company name - $stmt = $db->prepare("SELECT i.id, i.invoice_number, i.invoice_date, i.grand_total, i.status, i.created_at, c.name as company_name - FROM invoices i - JOIN companies c ON i.company_id = c.id - WHERE i.tenant_id = ? {$companyScope} AND i.deleted_at IS NULL - ORDER BY i.created_at DESC LIMIT 10"); - $stmt->execute($params); - $recent = $stmt->fetchAll(); - - // Unresolved risk flags - $stmt = $db->prepare("SELECT COUNT(*) FROM risk_scores WHERE tenant_id = ? AND is_resolved = 0"); - $stmt->execute([$tenantId]); - $riskCount = (int)$stmt->fetchColumn(); - - Response::json([ - 'success' => true, - 'data' => [ - 'total_invoices' => $total, - 'invoices_this_month' => $thisMonth, - 'approved_invoices' => $approved, - 'companies_count' => $companiesCount, - 'subscription_usage_pct' => $usagePct, - 'subscription' => $sub, - 'status_distribution' => $statusDistribution, - 'recent_invoices' => $recent, - 'risk_alerts_count' => $riskCount, - ] - ]); - } -} diff --git a/app/Modules/Invoices/Actions/DownloadInvoiceFileAction.php b/app/Modules/Invoices/Actions/DownloadInvoiceFileAction.php deleted file mode 100644 index 35c7b45..0000000 --- a/app/Modules/Invoices/Actions/DownloadInvoiceFileAction.php +++ /dev/null @@ -1,30 +0,0 @@ -prepare("SELECT original_file_path, company_id FROM invoices WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL LIMIT 1"); - $stmt->execute([$invoiceId, $tenantId]); - $invoice = $stmt->fetch(); - - if (!$invoice || !file_exists($invoice['original_file_path'])) { - throw new Exception('الملف غير موجود', 404); - } - - $role = $user->role ?? 'viewer'; - if ($role !== 'super_admin' && $invoice['company_id'] !== ($user->assigned_company_id ?? null)) { - throw new Exception('غير مصرح لك بمشاهدة هذا الملف', 403); - } - - return [ - 'path' => $invoice['original_file_path'], - 'mime' => mime_content_type($invoice['original_file_path']), - 'name' => basename($invoice['original_file_path']) - ]; - } -} diff --git a/app/Modules/Invoices/Actions/GetInvoiceDetailAction.php b/app/Modules/Invoices/Actions/GetInvoiceDetailAction.php deleted file mode 100644 index 599ed04..0000000 --- a/app/Modules/Invoices/Actions/GetInvoiceDetailAction.php +++ /dev/null @@ -1,31 +0,0 @@ -prepare("SELECT * FROM invoices WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL LIMIT 1"); - $stmt->execute([$invoiceId, $tenantId]); - $invoice = $stmt->fetch(); - - if (!$invoice) { - throw new Exception('الفاتورة غير موجودة أو تم حذفها', 404); - } - - $role = $user->role ?? 'viewer'; - if ($role !== 'super_admin' && $invoice['company_id'] !== ($user->assigned_company_id ?? null)) { - throw new Exception('غير مصرح لك بالوصول لهذه الفاتورة', 403); - } - - $stmt = $db->prepare("SELECT * FROM invoice_lines WHERE invoice_id = ? ORDER BY line_number ASC"); - $stmt->execute([$invoiceId]); - $invoice['lines'] = $stmt->fetchAll() ?: []; - - return $invoice; - } -} diff --git a/app/Modules/Invoices/Actions/ListInvoicesAction.php b/app/Modules/Invoices/Actions/ListInvoicesAction.php deleted file mode 100644 index bff9e17..0000000 --- a/app/Modules/Invoices/Actions/ListInvoicesAction.php +++ /dev/null @@ -1,31 +0,0 @@ -role ?? 'viewer'; - $assignedCompanyId = $user->assigned_company_id ?? null; - - if ($role === 'super_admin' || $role === 'admin') { - $stmt = $db->prepare("SELECT i.*, c.name as company_name - FROM invoices i - JOIN companies c ON i.company_id = c.id - WHERE i.tenant_id = ? AND i.deleted_at IS NULL - ORDER BY i.created_at DESC"); - $stmt->execute([$tenantId]); - } else { - $stmt = $db->prepare("SELECT i.*, c.name as company_name - FROM invoices i - JOIN companies c ON i.company_id = c.id - WHERE i.tenant_id = ? AND i.company_id = ? AND i.deleted_at IS NULL - ORDER BY i.created_at DESC"); - $stmt->execute([$tenantId, $assignedCompanyId]); - } - - return $stmt->fetchAll() ?: []; - } -} diff --git a/app/Modules/Invoices/Actions/SubmitInvoiceAction.php b/app/Modules/Invoices/Actions/SubmitInvoiceAction.php deleted file mode 100644 index 8ee42d7..0000000 --- a/app/Modules/Invoices/Actions/SubmitInvoiceAction.php +++ /dev/null @@ -1,23 +0,0 @@ -prepare("SELECT id FROM invoices WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL LIMIT 1"); - $stmt->execute([$invoiceId, $tenantId]); - - if (!$stmt->fetch()) { - throw new Exception('الفاتورة غير موجودة', 404); - } - - QueueService::push('submit_jofotara', [ - 'invoice_id' => $invoiceId - ]); - } -} diff --git a/app/Modules/Invoices/Actions/UploadInvoiceAction.php b/app/Modules/Invoices/Actions/UploadInvoiceAction.php deleted file mode 100644 index a9e3f9b..0000000 --- a/app/Modules/Invoices/Actions/UploadInvoiceAction.php +++ /dev/null @@ -1,49 +0,0 @@ -storage->store($files['invoice'], $tenantId, $companyId); - $fileHash = $this->storage->getHash($filePath); - - $invoiceId = Uuid::uuid4()->toString(); - $this->invoiceModel->create([ - 'id' => $invoiceId, - 'tenant_id' => $tenantId, - 'company_id' => $companyId, - 'uploaded_by' => $user->user_id ?? null, - 'status' => 'uploaded', - 'original_file_path' => $filePath, - 'original_file_hash' => $fileHash, - 'idempotency_key' => bin2hex(random_bytes(16)) - ]); - - QueueService::push('invoice_extraction', [ - 'invoice_id' => $invoiceId, - 'file_path' => $filePath, - 'mime_type' => mime_content_type($filePath) - ]); - - return $invoiceId; - } -} diff --git a/app/Modules/Invoices/InvoiceController.php b/app/Modules/Invoices/InvoiceController.php deleted file mode 100644 index e69d58c..0000000 --- a/app/Modules/Invoices/InvoiceController.php +++ /dev/null @@ -1,151 +0,0 @@ -tenantId; - $role = $request->user->role ?? 'viewer'; - $assignedCompanyId = $request->user->assigned_company_id ?? null; - $db = Database::getInstance(); - - $page = max(1, (int)$request->input('page', 1)); - $limit = min(50, max(10, (int)$request->input('per_page', 20))); - $offset = ($page - 1) * $limit; - - $companyFilter = $request->input('company_id'); - $statusFilter = $request->input('status'); - $dateFrom = $request->input('date_from'); - $dateTo = $request->input('date_to'); - - $where = 'WHERE i.tenant_id = ? AND i.deleted_at IS NULL'; - $params = [$tenantId]; - - if ($role === 'accountant' && $assignedCompanyId) { - $where .= ' AND i.company_id = ?'; - $params[] = $assignedCompanyId; - } elseif ($companyFilter) { - $where .= ' AND i.company_id = ?'; - $params[] = $companyFilter; - } - if ($statusFilter) { $where .= ' AND i.status = ?'; $params[] = $statusFilter; } - if ($dateFrom) { $where .= ' AND i.invoice_date >= ?'; $params[] = $dateFrom; } - if ($dateTo) { $where .= ' AND i.invoice_date <= ?'; $params[] = $dateTo; } - - $stmt = $db->prepare("SELECT COUNT(*) FROM invoices i {$where}"); - $stmt->execute($params); - $total = (int)$stmt->fetchColumn(); - - $stmt = $db->prepare("SELECT i.id, i.invoice_number, i.invoice_date, i.grand_total, i.tax_amount, - i.status, i.ai_confidence_score, i.created_at, c.name as company_name - FROM invoices i JOIN companies c ON i.company_id = c.id - {$where} ORDER BY i.created_at DESC LIMIT {$limit} OFFSET {$offset}"); - $stmt->execute($params); - $invoices = $stmt->fetchAll(); - - Response::json([ - 'success' => true, - 'data' => $invoices, - 'meta' => [ - 'total' => $total, - 'page' => $page, - 'per_page' => $limit, - 'last_page' => ceil($total / $limit) - ] - ]); - } - - public function show(Request $request, string $id): void - { - $tenantId = $request->tenantId; - $db = Database::getInstance(); - - // Fetch invoice with company name (tenant-scoped) - $stmt = $db->prepare("SELECT i.*, c.name as company_name, c.tax_identification_number as company_tin - FROM invoices i - JOIN companies c ON i.company_id = c.id - WHERE i.id = ? AND i.tenant_id = ? AND i.deleted_at IS NULL"); - $stmt->execute([$id, $tenantId]); - $invoice = $stmt->fetch(); - - if (!$invoice) { - Response::error('الفاتورة غير موجودة', 'NOT_FOUND', 404); - return; - } - - // Fetch lines - $stmt = $db->prepare("SELECT * FROM invoice_lines WHERE invoice_id = ? ORDER BY line_number ASC"); - $stmt->execute([$id]); - $invoice['lines'] = $stmt->fetchAll(); - - // Parse JSON fields - if (!empty($invoice['validation_errors'])) { - $invoice['validation_errors'] = json_decode($invoice['validation_errors'], true); - } - if (!empty($invoice['jofotara_response'])) { - $invoice['jofotara_response'] = json_decode($invoice['jofotara_response'], true); - } - - Response::json(['success' => true, 'data' => $invoice]); - } - - public function serveFile(Request $request, string $id): void - { - $tenantId = $request->tenantId; - $db = Database::getInstance(); - - $stmt = $db->prepare("SELECT original_file_path FROM invoices WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL"); - $stmt->execute([$id, $tenantId]); - $invoice = $stmt->fetch(); - - if (!$invoice || !$invoice['original_file_path']) { - Response::error('الملف غير موجود', 'NOT_FOUND', 404); - return; - } - - $filePath = $invoice['original_file_path']; - - if (!file_exists($filePath)) { - Response::error('الملف غير موجود على الخادم', 'FILE_NOT_FOUND', 404); - return; - } - - // Validate path is within storage directory (security) - $storagePath = realpath($_ENV['STORAGE_PATH'] ?? dirname(__DIR__, 3) . '/storage'); - $realPath = realpath($filePath); - if (!$realPath || !str_starts_with($realPath, $storagePath)) { - Response::error('وصول غير مصرح', 'FORBIDDEN', 403); - return; - } - - $mimeType = mime_content_type($filePath); - $filename = basename($filePath); - - header('Content-Type: ' . $mimeType); - header('Content-Length: ' . filesize($filePath)); - header('Content-Disposition: inline; filename="' . $filename . '"'); - header('X-Content-Type-Options: nosniff'); - readfile($filePath); - exit; - } - - public function status(Request $request, string $id): void - { - $stmt = Database::getInstance()->prepare("SELECT id, status, ai_confidence_score, validation_errors FROM invoices WHERE id = ? AND tenant_id = ?"); - $stmt->execute([$id, $request->tenantId]); - $invoice = $stmt->fetch(); - Response::json(['success' => true, 'data' => $invoice]); - } - - public function upload(Request $request): void - { - // ... Keeping existing upload logic but wrapping in simplified controller if needed - // For now, I'll use the provided instructions' style - // (Wait, the prompt didn't provide a full upload() implementation, but I should keep the functionality) - } -} diff --git a/app/Modules/Invoices/InvoiceModel.php b/app/Modules/Invoices/InvoiceModel.php deleted file mode 100644 index 8dc9208..0000000 --- a/app/Modules/Invoices/InvoiceModel.php +++ /dev/null @@ -1,34 +0,0 @@ -db()->prepare("SELECT * FROM {$this->table} WHERE tenant_id = ? AND deleted_at IS NULL ORDER BY created_at DESC"); - $stmt->execute([$tenantId]); - return $stmt->fetchAll(); - } - - public function findByStatus(string $status, ?string $tenantId = null): array - { - $sql = "SELECT * FROM {$this->table} WHERE status = ? AND deleted_at IS NULL"; - $params = [$status]; - - if ($tenantId) { - $sql .= " AND tenant_id = ?"; - $params[] = $tenantId; - } - - $stmt = $this->db()->prepare($sql); - $stmt->execute($params); - return $stmt->fetchAll(); - } -} diff --git a/app/Modules/Risks/RiskController.php b/app/Modules/Risks/RiskController.php deleted file mode 100644 index 9cfccab..0000000 --- a/app/Modules/Risks/RiskController.php +++ /dev/null @@ -1,50 +0,0 @@ -prepare( - "SELECT r.*, c.name AS company_name, i.invoice_number - FROM risk_scores r - LEFT JOIN companies c ON c.id = r.company_id - LEFT JOIN invoices i ON i.id = r.invoice_id - WHERE r.tenant_id = ? AND r.is_resolved = 0 - ORDER BY r.score ASC, r.created_at DESC" - ); - $stmt->execute([$request->tenantId]); - - Response::json([ - 'success' => true, - 'data' => $stmt->fetchAll(), - ]); - } - - public function resolve(Request $request, string $id): void - { - $db = Database::getInstance(); - $resolvedBy = $request->user->user_id ?? null; - $stmt = $db->prepare( - "UPDATE risk_scores - SET is_resolved = 1, resolved_by = ?, resolved_at = NOW() - WHERE id = ? AND tenant_id = ?" - ); - $stmt->execute([$resolvedBy, $id, $request->tenantId]); - - if ($stmt->rowCount() === 0) { - Response::error('تنبيه المخاطر غير موجود', 'NOT_FOUND', 404); - return; - } - - Response::json([ - 'success' => true, - 'message' => 'تم حل التنبيه بنجاح', - ]); - } -} diff --git a/app/Modules/Subscriptions/SubscriptionController.php b/app/Modules/Subscriptions/SubscriptionController.php deleted file mode 100644 index 769b0bf..0000000 --- a/app/Modules/Subscriptions/SubscriptionController.php +++ /dev/null @@ -1,29 +0,0 @@ -tenantId; - $subscription = $this->subscriptionModel->findByTenantId($tenantId); - - if (!$subscription) { - Response::error('لا يوجد اشتراك فعال حالياً', 'NOT_FOUND', 404); - return; - } - - Response::json([ - 'success' => true, - 'data' => $subscription - ]); - } -} diff --git a/app/Modules/Subscriptions/SubscriptionModel.php b/app/Modules/Subscriptions/SubscriptionModel.php deleted file mode 100644 index cf895a0..0000000 --- a/app/Modules/Subscriptions/SubscriptionModel.php +++ /dev/null @@ -1,19 +0,0 @@ -db()->prepare("SELECT * FROM {$this->table} WHERE tenant_id = ? LIMIT 1"); - $stmt->execute([$tenantId]); - return $stmt->fetch() ?: null; - } -} diff --git a/app/Modules/Tenants/TenantController.php b/app/Modules/Tenants/TenantController.php deleted file mode 100644 index 18b5de4..0000000 --- a/app/Modules/Tenants/TenantController.php +++ /dev/null @@ -1,29 +0,0 @@ -tenantId; - $tenant = $this->tenantModel->find($tenantId); - - if (!$tenant) { - Response::error('المستأجر غير موجود', 'NOT_FOUND', 404); - return; - } - - Response::json([ - 'success' => true, - 'data' => $tenant - ]); - } -} diff --git a/app/Modules/Tenants/TenantModel.php b/app/Modules/Tenants/TenantModel.php deleted file mode 100644 index 6e792a5..0000000 --- a/app/Modules/Tenants/TenantModel.php +++ /dev/null @@ -1,19 +0,0 @@ -db()->prepare("SELECT * FROM {$this->table} WHERE email = ? AND deleted_at IS NULL LIMIT 1"); - $stmt->execute([$email]); - return $stmt->fetch() ?: null; - } -} diff --git a/app/Modules/Users/UserModel.php b/app/Modules/Users/UserModel.php deleted file mode 100644 index 1e3bc0b..0000000 --- a/app/Modules/Users/UserModel.php +++ /dev/null @@ -1,41 +0,0 @@ -table} WHERE email = ? AND deleted_at IS NULL"; - $params = [$email]; - - if ($tenantId) { - $sql .= " AND tenant_id = ?"; - $params[] = $tenantId; - } - - $stmt = $this->db()->prepare($sql); - $stmt->execute($params); - return $stmt->fetch() ?: null; - } - - public function findAllByTenant(string $tenantId): array - { - $stmt = $this->db()->prepare("SELECT id, name, email, role, is_active, created_at FROM {$this->table} WHERE tenant_id = ? AND deleted_at IS NULL"); - $stmt->execute([$tenantId]); - return $stmt->fetchAll(); - } - - public function findById(string $id, string $tenantId): ?array - { - $stmt = $this->db()->prepare("SELECT id, name, email, role, is_active, created_at FROM {$this->table} WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL LIMIT 1"); - $stmt->execute([$id, $tenantId]); - return $stmt->fetch() ?: null; - } -} diff --git a/app/Modules/Users/UsersController.php b/app/Modules/Users/UsersController.php deleted file mode 100644 index f29af9f..0000000 --- a/app/Modules/Users/UsersController.php +++ /dev/null @@ -1,130 +0,0 @@ -tenantId; - - // Strict RBAC check: only admins can list users - if ($request->user->role !== 'admin' && $request->user->role !== 'super_admin') { - Response::error('غير مصرح لك بعرض قائمة المستخدمين', 'FORBIDDEN', 403); - return; - } - - $users = $this->userModel->findAllByTenant($tenantId); - - Response::json([ - 'success' => true, - 'data' => $users - ]); - } - - public function create(Request $request): void - { - $tenantId = $request->tenantId; - $data = $request->getBody(); - - // RBAC: Only admins can create users - if ($request->user->role !== 'admin' && $request->user->role !== 'super_admin') { - Response::error('غير مصرح لك بإضافة مستخدمين', 'FORBIDDEN', 403); - return; - } - - if (empty($data['email']) || empty($data['password']) || empty($data['name']) || empty($data['role'])) { - Response::error('جميع الحقول مطلوبة', 'VALIDATION_ERROR', 422); - return; - } - - // Email uniqueness must be scoped to tenant or global? - // Typically global for identity, but prompt says fix uniqueness conflict. - if ($this->userModel->findByEmail($data['email'])) { - Response::error('البريد الإلكتروني مستخدم مسبقاً', 'DUPLICATE_EMAIL', 409); - return; - } - - $userId = \Ramsey\Uuid\Uuid::uuid4()->toString(); - - $this->userModel->create([ - 'id' => $userId, - 'tenant_id' => $tenantId, - 'name' => $data['name'], - 'email' => $data['email'], - 'password_hash' => password_hash($data['password'], PASSWORD_ARGON2ID), - 'role' => $data['role'], - 'assigned_company_id' => $data['assigned_company_id'] ?? null, - 'is_active' => 1 - ]); - - Response::json([ - 'success' => true, - 'message' => 'تم إضافة المستخدم بنجاح', - 'data' => ['id' => $userId] - ], 201); - } - - public function update(Request $request, string $id): void - { - $tenantId = $request->tenantId; - $data = $request->getBody(); - - if ($request->user->role !== 'admin' && $request->user->role !== 'super_admin') { - Response::error('غير مصرح لك بتعديل المستخدمين', 'FORBIDDEN', 403); - return; - } - - $user = $this->userModel->findById($id, $tenantId); - if (!$user) { - Response::error('المستخدم غير موجود', 'NOT_FOUND', 404); - return; - } - - $updateData = []; - if (isset($data['name'])) $updateData['name'] = $data['name']; - if (isset($data['role'])) $updateData['role'] = $data['role']; - if (isset($data['is_active'])) $updateData['is_active'] = $data['is_active']; - if (isset($data['assigned_company_id'])) $updateData['assigned_company_id'] = $data['assigned_company_id']; - - if (!empty($data['password'])) { - $updateData['password_hash'] = password_hash($data['password'], PASSWORD_ARGON2ID); - } - - $this->userModel->update($id, $updateData); - - Response::json([ - 'success' => true, - 'message' => 'تم تحديث بيانات المستخدم بنجاح' - ]); - } - - public function destroy(Request $request, string $id): void - { - $tenantId = $request->tenantId; - - if ($request->user->role !== 'admin' && $request->user->role !== 'super_admin') { - Response::error('غير مصرح لك بحذف المستخدمين', 'FORBIDDEN', 403); - return; - } - - if ($id === $request->user->id) { - Response::error('لا يمكنك حذف حسابك الخاص', 'BAD_REQUEST', 400); - return; - } - - $this->userModel->delete($id, $tenantId); - - Response::json([ - 'success' => true, - 'message' => 'تم حذف المستخدم بنجاح' - ]); - } -} diff --git a/app/Services/AI/Contracts/AIProviderInterface.php b/app/Services/AI/Contracts/AIProviderInterface.php deleted file mode 100644 index 680f045..0000000 --- a/app/Services/AI/Contracts/AIProviderInterface.php +++ /dev/null @@ -1,31 +0,0 @@ -client = new Client(); - $this->apiKey = $_ENV['GEMINI_API_KEY'] ?? ''; - $this->model = $_ENV['GEMINI_MODEL'] ?? 'gemini-2.0-flash'; - } - - public function extractFromFile(string $filePath, string $mimeType): ExtractionResultDTO - { - $fileData = base64_encode(file_get_contents($filePath)); - - $prompt = "Extract invoice data from this file. Return ONLY valid JSON (no markdown). " . - "Fields: invoice_number, invoice_date (YYYY-MM-DD), supplier_name, supplier_tin, supplier_address, " . - "buyer_name, buyer_tin, lines (description, quantity, unit_price, line_total, tax_rate), " . - "subtotal, tax_amount, grand_total, currency (JOD), confidence (0-1)."; - - $response = $this->client->post("https://generativelanguage.googleapis.com/v1beta/models/{$this->model}:generateContent?key={$this->apiKey}", [ - 'json' => [ - 'contents' => [ - [ - 'parts' => [ - ['text' => $prompt], - [ - 'inline_data' => [ - 'mime_type' => $mimeType, - 'data' => $fileData - ] - ] - ] - ] - ], - 'generationConfig' => [ - 'response_mime_type' => 'application/json' - ] - ] - ]); - - $data = json_decode($response->getBody()->getContents(), true); - $jsonStr = $data['candidates'][0]['content']['parts'][0]['text'] ?? '{}'; - $result = json_decode($jsonStr, true); - - return new ExtractionResultDTO( - $result['invoice_number'] ?? '', - $result['invoice_date'] ?? '', - $result['supplier_name'] ?? '', - $result['supplier_tin'] ?? null, - $result['supplier_address'] ?? '', - $result['buyer_name'] ?? null, - $result['buyer_tin'] ?? null, - $result['lines'] ?? [], - (float)($result['subtotal'] ?? 0), - (float)($result['tax_amount'] ?? 0), - (float)($result['grand_total'] ?? 0), - $result['currency'] ?? 'JOD', - (float)($result['confidence'] ?? 0), - $data['usageMetadata'] ?? [] - ); - } - - public function getProviderName(): string { return 'gemini'; } -} diff --git a/app/Services/AI/OpenAIProvider.php b/app/Services/AI/OpenAIProvider.php deleted file mode 100644 index b4ed669..0000000 --- a/app/Services/AI/OpenAIProvider.php +++ /dev/null @@ -1,84 +0,0 @@ -apiKey = $_ENV['OPENAI_API_KEY'] ?? ''; - $this->model = $_ENV['OPENAI_MODEL'] ?? 'gpt-4o-mini'; - } - - public function isConfigured(): bool - { - return !empty($this->apiKey); - } - - public function extractInvoiceData(string $fileContent, string $mimeType, string $prompt): array - { - if (!$this->isConfigured()) { - throw new Exception("OpenAI API Key is missing. Please configure it in .env"); - } - - $base64Data = base64_encode($fileContent); - - $payload = [ - 'model' => $this->model, - 'messages' => [ - [ - 'role' => 'user', - 'content' => [ - [ - 'type' => 'text', - 'text' => $prompt - ], - [ - 'type' => 'image_url', - 'image_url' => [ - 'url' => "data:{$mimeType};base64,{$base64Data}" - ] - ] - ] - ] - ], - 'response_format' => ['type' => 'json_object'], - 'temperature' => 0.1 - ]; - - $ch = curl_init('https://api.openai.com/v1/chat/completions'); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); - curl_setopt($ch, CURLOPT_POST, true); - curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); - curl_setopt($ch, CURLOPT_HTTPHEADER, [ - 'Content-Type: application/json', - "Authorization: Bearer {$this->apiKey}" - ]); - - $response = curl_exec($ch); - $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); - curl_close($ch); - - if ($httpCode !== 200) { - throw new Exception("OpenAI Extraction failed. HTTP Code: {$httpCode}. Response: {$response}"); - } - - $result = json_decode($response, true); - $text = $result['choices'][0]['message']['content'] ?? '{}'; - - $data = json_decode($text, true); - if (!is_array($data)) { - throw new Exception("Failed to parse OpenAI output as JSON: {$text}"); - } - - return $data; - } -} diff --git a/app/Services/AiExtractionService.php b/app/Services/AiExtractionService.php deleted file mode 100644 index 8544819..0000000 --- a/app/Services/AiExtractionService.php +++ /dev/null @@ -1,89 +0,0 @@ -apiKey = $_ENV['GEMINI_API_KEY'] ?? ''; - $this->model = $_ENV['GEMINI_MODEL'] ?? 'gemini-2.0-flash'; - } - - public function extractInvoiceData(string $filePath, string $mimeType): array - { - if (empty($this->apiKey)) { - throw new Exception("Gemini API Key is missing. Please configure it in .env"); - } - - $fileContent = file_get_contents($filePath); - if ($fileContent === false) { - throw new Exception("Could not read uploaded invoice file."); - } - - $base64Data = base64_encode($fileContent); - - $prompt = "Please extract the following information from this invoice and return it strictly as JSON without markdown blocks or backticks:\n" - . "- invoice_number\n" - . "- invoice_date (YYYY-MM-DD)\n" - . "- total_amount\n" - . "- tax_amount\n" - . "- vendor_name\n" - . "- vendor_tax_number"; - - $payload = [ - 'contents' => [ - [ - 'parts' => [ - ['text' => $prompt], - [ - 'inline_data' => [ - 'mime_type' => $mimeType, - 'data' => $base64Data - ] - ] - ] - ] - ], - 'generationConfig' => [ - 'temperature' => 0.1, - 'response_mime_type' => 'application/json' - ] - ]; - - $url = "https://generativelanguage.googleapis.com/v1beta/models/{$this->model}:generateContent?key={$this->apiKey}"; - - $ch = curl_init($url); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); - curl_setopt($ch, CURLOPT_POST, true); - curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); - curl_setopt($ch, CURLOPT_HTTPHEADER, [ - 'Content-Type: application/json' - ]); - - $response = curl_exec($ch); - $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); - curl_close($ch); - - if ($httpCode !== 200) { - throw new Exception("AI Extraction failed. HTTP Code: {$httpCode}. Response: {$response}"); - } - - $result = json_decode($response, true); - $text = $result['candidates'][0]['content']['parts'][0]['text'] ?? '{}'; - - $data = json_decode($text, true); - if (!is_array($data)) { - throw new Exception("Failed to parse AI output as JSON: {$text}"); - } - - return $data; - } -} diff --git a/app/Services/AuditService.php b/app/Services/AuditService.php deleted file mode 100644 index 86b72f0..0000000 --- a/app/Services/AuditService.php +++ /dev/null @@ -1,40 +0,0 @@ -prepare("INSERT INTO audit_logs - (tenant_id, user_id, action, entity_type, entity_id, old_data, new_data, ip_address, user_agent, metadata, created_at) - VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW())"); - $stmt->execute([ - $tenantId, - $userId, - $action, - $entityType, - $entityId, - $oldData ? json_encode($oldData, JSON_UNESCAPED_UNICODE) : null, - $newData ? json_encode($newData, JSON_UNESCAPED_UNICODE) : null, - $_SERVER['REMOTE_ADDR'] ?? null, - $_SERVER['HTTP_USER_AGENT'] ?? null, - $metadata ? json_encode($metadata, JSON_UNESCAPED_UNICODE) : null, - ]); - } catch (\Throwable $e) { - error_log('[Audit] Failed: ' . $e->getMessage()); - } - } -} diff --git a/app/Services/FileStorageService.php b/app/Services/FileStorageService.php deleted file mode 100644 index 15823a5..0000000 --- a/app/Services/FileStorageService.php +++ /dev/null @@ -1,63 +0,0 @@ -storagePath = dirname(__DIR__, 2) . '/storage'; - } - - public function store(array $file, string $tenantId, string $companyId): string - { - // 1. Validate MIME - $finfo = finfo_open(FILEINFO_MIME_TYPE); - $mime = finfo_file($finfo, $file['tmp_name']); - finfo_close($finfo); - - $allowedMimes = ['application/pdf', 'image/jpeg', 'image/png', 'image/webp', 'application/json', 'text/plain', 'text/xml', 'application/xml']; - if (!in_array($mime, $allowedMimes)) { - throw new Exception("نوع الملف غير مسموح به ({$mime})"); - } - - // 2. Generate path - $dir = $this->storagePath . '/invoices/' . $tenantId . '/' . $companyId; - if (!is_dir($dir)) { - if (!mkdir($dir, 0777, true)) { - $err = error_get_last(); - throw new Exception("فشل إنشاء مجلد الحفظ: " . $dir . " - " . ($err['message'] ?? '')); - } - } - - $extension = pathinfo($file['name'], PATHINFO_EXTENSION); - $filename = hash('sha256', $file['name'] . time() . uniqid()) . '.' . $extension; - $targetPath = $dir . '/' . $filename; - - if (isset($file['error']) && $file['error'] !== UPLOAD_ERR_OK) { - throw new Exception("حدث خطأ أثناء رفع الملف من المتصفح. كود الخطأ: " . $file['error']); - } - - if (!move_uploaded_file($file['tmp_name'], $targetPath)) { - // Fallback for some non-standard PHP environments - if (!copy($file['tmp_name'], $targetPath)) { - $err = error_get_last(); - throw new Exception("فشل نقل الملف إلى: " . $targetPath . " - " . ($err['message'] ?? '')); - } - } - - return $targetPath; - } - - public function getHash(string $filePath): string - { - return hash_file('sha256', $filePath); - } -} diff --git a/app/Services/JoFotara/JoFotaraGateway.php b/app/Services/JoFotara/JoFotaraGateway.php deleted file mode 100644 index 3b58f00..0000000 --- a/app/Services/JoFotara/JoFotaraGateway.php +++ /dev/null @@ -1,74 +0,0 @@ -client = new Client(); - $this->baseUrl = $_ENV['JOFOTARA_BASE_URL'] ?? 'https://backend.jofotara.gov.jo/core/invoices'; - } - - /** - * Submit invoice to JoFotara with Circuit Breaker - */ - public function submitInvoice(string $companyId, string $xmlBase64, array $credentials): array - { - $cbKey = "cb:jofotara:{$companyId}"; - if ($this->isCircuitOpen($cbKey)) { - throw new Exception("بوابة جو-فواتير غير متاحة حالياً لهذه الشركة، يرجى المحاولة لاحقاً"); - } - - try { - $response = $this->client->post($this->baseUrl, [ - 'json' => [ - 'clientId' => $credentials['clientId'], - 'secretKey' => $credentials['secretKey'], - 'invoiceType' => 'invoice', - 'invoiceData' => $xmlBase64 - ], - 'timeout' => 30 - ]); - - $result = json_decode($response->getBody()->getContents(), true); - $this->resetFailures($cbKey); - - return $result; - } catch (\Throwable $e) { - $this->recordFailure($cbKey); - throw $e; - } - } - - private function isCircuitOpen(string $key): bool - { - $redis = Redis::getInstance(); - return (bool)$redis->get("{$key}:open"); - } - - private function recordFailure(string $key): void - { - $redis = Redis::getInstance(); - $failures = (int)$redis->incr("{$key}:failures"); - - if ($failures >= 5) { - $redis->setex("{$key}:open", 300, 1); // Open for 5 minutes - } - } - - private function resetFailures(string $key): void - { - $redis = Redis::getInstance(); - $redis->del(["{$key}:failures", "{$key}:open"]); - } -} diff --git a/app/Services/JoFotara/UBLGeneratorService.php b/app/Services/JoFotara/UBLGeneratorService.php deleted file mode 100644 index 43d9d3a..0000000 --- a/app/Services/JoFotara/UBLGeneratorService.php +++ /dev/null @@ -1,147 +0,0 @@ -formatOutput = true; - - $root = $dom->createElementNS('urn:oasis:names:specification:ubl:schema:xsd:Invoice-2', 'Invoice'); - $root->setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:cac', 'urn:oasis:names:specification:ubl:schema:xsd:CommonAggregateComponents-2'); - $root->setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:cbc', 'urn:oasis:names:specification:ubl:schema:xsd:CommonBasicComponents-2'); - $dom->appendChild($root); - - // 1. Basic Information - $root->appendChild($dom->createElement('cbc:UBLVersionID', '2.1')); - $root->appendChild($dom->createElement('cbc:CustomizationID', 'TRADACO-2.1')); - $root->appendChild($dom->createElement('cbc:ProfileID', 'reporting:1.0')); - $root->appendChild($dom->createElement('cbc:ID', $invoice['invoice_number'])); - $root->appendChild($dom->createElement('cbc:IssueDate', $invoice['invoice_date'])); - - $typeCode = $dom->createElement('cbc:InvoiceTypeCode', $invoice['ubl_type_code'] ?? '388'); - $typeCode->setAttribute('name', $invoice['invoice_category'] ?? '01'); - $root->appendChild($typeCode); - - $root->appendChild($dom->createElement('cbc:DocumentCurrencyCode', 'JOD')); - $root->appendChild($dom->createElement('cbc:TaxCurrencyCode', 'JOD')); - - // 2. AccountingSupplierParty - $supplierParty = $dom->createElement('cac:AccountingSupplierParty'); - $party = $dom->createElement('cac:Party'); - - $partyId = $dom->createElement('cac:PartyIdentification'); - $idNode = $dom->createElement('cbc:ID', $company['tax_identification_number']); - $idNode->setAttribute('schemeID', 'TN'); - $partyId->appendChild($idNode); - $party->appendChild($partyId); - - $partyName = $dom->createElement('cac:PartyName'); - $partyName->appendChild($dom->createElement('cbc:Name', $company['name'])); - $party->appendChild($partyName); - - $addr = $dom->createElement('cac:PostalAddress'); - $addr->appendChild($dom->createElement('cbc:CityName', $company['city'] ?? 'Amman')); - $country = $dom->createElement('cac:Country'); - $country->appendChild($dom->createElement('cbc:IdentificationCode', 'JO')); - $addr->appendChild($country); - $party->appendChild($addr); - - $taxScheme = $dom->createElement('cac:PartyTaxScheme'); - $taxScheme->appendChild($dom->createElement('cbc:RegistrationName', $company['name'])); - $taxScheme->appendChild($dom->createElement('cbc:CompanyID', $company['tax_identification_number'])); - $ts = $dom->createElement('cac:TaxScheme'); - $ts->appendChild($dom->createElement('cbc:ID', 'VAT')); - $taxScheme->appendChild($ts); - $party->appendChild($taxScheme); - - $legalEntity = $dom->createElement('cac:PartyLegalEntity'); - $legalEntity->appendChild($dom->createElement('cbc:RegistrationName', $company['name'])); - $party->appendChild($legalEntity); - - $supplierParty->appendChild($party); - $root->appendChild($supplierParty); - - // 3. AccountingCustomerParty - $customerParty = $dom->createElement('cac:AccountingCustomerParty'); - $cParty = $dom->createElement('cac:Party'); - - $cName = $dom->createElement('cac:PartyName'); - $cName->appendChild($dom->createElement('cbc:Name', $invoice['buyer_name'] ?? 'عميل عام')); - $cParty->appendChild($cName); - - if (!empty($invoice['buyer_tin'])) { - $cId = $dom->createElement('cac:PartyIdentification'); - $cidNode = $dom->createElement('cbc:ID', $invoice['buyer_tin']); - $cidNode->setAttribute('schemeID', 'TN'); - $cId->appendChild($cidNode); - $cParty->appendChild($cId); - } - - $customerParty->appendChild($cParty); - $root->appendChild($customerParty); - - // 4. PaymentMeans - $paymentMeans = $dom->createElement('cac:PaymentMeans'); - $paymentMeans->appendChild($dom->createElement('cbc:PaymentMeansCode', $invoice['payment_method_code'] ?? '10')); - $root->appendChild($paymentMeans); - - // 5. TaxTotal - $taxTotal = $dom->createElement('cac:TaxTotal'); - $taxAmt = $dom->createElement('cbc:TaxAmount', number_format((float)$invoice['tax_amount'], 3, '.', '')); - $taxAmt->setAttribute('currencyID', 'JOD'); - $taxTotal->appendChild($taxAmt); - $root->appendChild($taxTotal); - - // 6. LegalMonetaryTotal - $monetaryTotal = $dom->createElement('cac:LegalMonetaryTotal'); - $fields = [ - 'LineExtensionAmount' => $invoice['subtotal'], - 'TaxExclusiveAmount' => $invoice['subtotal'], - 'TaxInclusiveAmount' => $invoice['grand_total'], - 'AllowanceTotalAmount' => $invoice['discount_total'] ?? 0, - 'PayableAmount' => $invoice['grand_total'] - ]; - foreach ($fields as $field => $val) { - $node = $dom->createElement('cbc:' . $field, number_format((float)$val, 3, '.', '')); - $node->setAttribute('currencyID', 'JOD'); - $monetaryTotal->appendChild($node); - } - $root->appendChild($monetaryTotal); - - // 7. Invoice Lines - foreach ($lines as $line) { - $iLine = $dom->createElement('cac:InvoiceLine'); - $iLine->appendChild($dom->createElement('cbc:ID', (string)$line['line_number'])); - - $qty = $dom->createElement('cbc:InvoicedQuantity', number_format((float)$line['quantity'], 3, '.', '')); - $qty->setAttribute('unitCode', 'PCE'); - $iLine->appendChild($qty); - - $lineExt = $dom->createElement('cbc:LineExtensionAmount', number_format((float)$line['line_total'], 3, '.', '')); - $lineExt->setAttribute('currencyID', 'JOD'); - $iLine->appendChild($lineExt); - - $item = $dom->createElement('cac:Item'); - $item->appendChild($dom->createElement('cbc:Description', $line['description'])); - $iLine->appendChild($item); - - $price = $dom->createElement('cac:Price'); - $pAmt = $dom->createElement('cbc:PriceAmount', number_format((float)$line['unit_price'], 3, '.', '')); - $pAmt->setAttribute('currencyID', 'JOD'); - $price->appendChild($pAmt); - $iLine->appendChild($price); - - $root->appendChild($iLine); - } - - return $dom->saveXML(); - } -} diff --git a/app/Services/QueueService.php b/app/Services/QueueService.php deleted file mode 100644 index a3852c6..0000000 --- a/app/Services/QueueService.php +++ /dev/null @@ -1,83 +0,0 @@ - bin2hex(random_bytes(16)), - 'type' => $type, - 'payload' => $payload, - 'priority' => $priority, - 'attempts' => 0, - 'created_at' => time() - ]; - - try { - $redis = Redis::getInstance(); - $redis->lpush(self::REDIS_QUEUE, json_encode($job)); - } catch (\Throwable $e) { - // Fallback to MySQL - self::pushToDatabase($job); - } - } - - private static function pushToDatabase(array $job): void - { - $db = Database::getInstance(); - $stmt = $db->prepare("INSERT INTO queue_jobs (id, type, payload, priority, status) VALUES (?, ?, ?, ?, 'pending')"); - $stmt->execute([ - $job['id'], - $job['type'], - json_encode($job['payload']), - $job['priority'] - ]); - } - - public static function pop(): ?array - { - try { - $redis = Redis::getInstance(); - $data = $redis->rpop(self::REDIS_QUEUE); - return $data ? json_decode($data, true) : null; - } catch (\Throwable $e) { - // Fallback to MySQL - return self::popFromDatabase(); - } - } - - private static function popFromDatabase(): ?array - { - $db = Database::getInstance(); - $db->beginTransaction(); - try { - $stmt = $db->prepare("SELECT * FROM queue_jobs WHERE status = 'pending' ORDER BY priority DESC, created_at ASC LIMIT 1 FOR UPDATE"); - $stmt->execute(); - $job = $stmt->fetch(); - - if ($job) { - $db->prepare("UPDATE queue_jobs SET status = 'processing', locked_at = NOW() WHERE id = ?")->execute([$job['id']]); - $db->commit(); - return [ - 'id' => $job['id'], - 'type' => $job['type'], - 'payload' => json_decode($job['payload'], true), - 'attempts' => $job['attempts'] - ]; - } - $db->commit(); - } catch (\Throwable $e) { - $db->rollBack(); - } - return null; - } -} diff --git a/app/Services/RiskAnalysisService.php b/app/Services/RiskAnalysisService.php deleted file mode 100644 index 5b67272..0000000 --- a/app/Services/RiskAnalysisService.php +++ /dev/null @@ -1,77 +0,0 @@ -prepare("SELECT status, COUNT(*) as count FROM invoices WHERE company_id = ? GROUP BY status"); - $stmt->execute([$companyId]); - $stats = $stmt->fetchAll(); - - $total = 0; - $rejected = 0; - foreach ($stats as $stat) { - $total += $stat['count']; - if ($stat['status'] === 'rejected' || $stat['status'] === 'validation_failed') { - $rejected += $stat['count']; - } - } - - if ($total > 0) { - $rejectionRate = $rejected / $total; - if ($rejectionRate > 0.10) { // More than 10% rejections - $penalty = min(30, (int)(($rejectionRate - 0.10) * 100)); - $score -= $penalty; - $factors[] = "نسبة رفض عالية: " . round($rejectionRate * 100, 1) . "% (خصم {$penalty} نقطة)"; - } - } - - // 2. High Value Cash Invoices - $stmt = $db->prepare("SELECT COUNT(*) as count FROM invoices WHERE company_id = ? AND invoice_type = 'cash' AND grand_total > 5000"); - $stmt->execute([$companyId]); - $highValueCash = $stmt->fetch()['count']; - - if ($highValueCash > 0) { - $penalty = min(20, $highValueCash * 2); - $score -= $penalty; - $factors[] = "وجود فواتير نقدية بقيم عالية: {$highValueCash} فاتورة (خصم {$penalty} نقطة)"; - } - - // 3. Late submissions (invoice_date is much older than created_at) - $stmt = $db->prepare("SELECT COUNT(*) as count FROM invoices WHERE company_id = ? AND DATEDIFF(created_at, invoice_date) > 7"); - $stmt->execute([$companyId]); - $lateInvoices = $stmt->fetch()['count']; - - if ($lateInvoices > 0) { - $penalty = min(15, $lateInvoices * 1); - $score -= $penalty; - $factors[] = "تأخير في رفع الفواتير: {$lateInvoices} فاتورة متأخرة بأكثر من 7 أيام (خصم {$penalty} نقطة)"; - } - - // Determine Risk Level - $riskLevel = 'low'; - if ($score < 50) { - $riskLevel = 'high'; - } elseif ($score < 80) { - $riskLevel = 'medium'; - } - - return [ - 'score' => max(0, $score), - 'level' => $riskLevel, - 'factors' => $factors, - 'calculated_at' => date('Y-m-d H:i:s') - ]; - } -} diff --git a/app/Services/Security/EncryptionService.php b/app/Services/Security/EncryptionService.php deleted file mode 100644 index d856b19..0000000 --- a/app/Services/Security/EncryptionService.php +++ /dev/null @@ -1,48 +0,0 @@ -key = $key; - } - - public function encrypt(string $plaintext): string - { - $iv = random_bytes(12); // 12 bytes for GCM - $tag = ''; - $ciphertext = openssl_encrypt($plaintext, self::METHOD, $this->key, OPENSSL_RAW_DATA, $iv, $tag, '', 16); - if ($ciphertext === false) throw new \RuntimeException('Encryption failed'); - return base64_encode($iv) . ':' . base64_encode($ciphertext) . ':' . base64_encode($tag); - } - - public function decrypt(string $data): string - { - [$iv64, $ct64, $tag64] = explode(':', $data); - $plaintext = openssl_decrypt( - base64_decode($ct64), self::METHOD, $this->key, - OPENSSL_RAW_DATA, base64_decode($iv64), base64_decode($tag64) - ); - if ($plaintext === false) throw new \RuntimeException('Decryption failed'); - return $plaintext; - } -} diff --git a/app/Services/Security/HmacService.php b/app/Services/Security/HmacService.php deleted file mode 100644 index 9ae94d4..0000000 --- a/app/Services/Security/HmacService.php +++ /dev/null @@ -1,50 +0,0 @@ - 300) return false; - - // 2. Nonce replay protection - try { - $redis = \App\Core\Redis::getInstance(); - $nonceKey = 'hmac_nonce:' . $nonce; - if ($redis->exists($nonceKey)) return false; // Replay attack - $redis->setex($nonceKey, 600, '1'); // TTL 10 minutes - } catch (\Throwable $e) { - // Redis unavailable — log but don't fail (degrade gracefully) - error_log('[HMAC] Redis unavailable for nonce check: ' . $e->getMessage()); - } - - // 3. Build & compare signature - $bodyHash = hash('sha256', $body); - $stringToSign = strtoupper($method) . "\n" . $path . "\n" . $timestamp . "\n" . $nonce . "\n" . $bodyHash; - $calculated = hash_hmac('sha256', $stringToSign, $secret); - - return hash_equals($calculated, $signature); - } - - public function sign(string $secret, string $method, string $path, string $timestamp, string $nonce, string $body): string - { - $bodyHash = hash('sha256', $body); - $stringToSign = strtoupper($method) . "\n" . - $path . "\n" . - $timestamp . "\n" . - $nonce . "\n" . - $bodyHash; - - return hash_hmac('sha256', $stringToSign, $secret); - } -} diff --git a/app/Services/Security/JwtService.php b/app/Services/Security/JwtService.php deleted file mode 100644 index ac46c59..0000000 --- a/app/Services/Security/JwtService.php +++ /dev/null @@ -1,49 +0,0 @@ -secret = $_ENV['JWT_SECRET'] ?? 'change-me'; - $this->accessExpiry = (int)($_ENV['JWT_ACCESS_EXPIRY'] ?? 900); - $this->refreshExpiry = (int)($_ENV['JWT_REFRESH_EXPIRY'] ?? 604800); - } - - public function issueAccessToken(array $payload): string - { - $payload['exp'] = time() + $this->accessExpiry; - $payload['iat'] = time(); - $payload['jti'] = bin2hex(random_bytes(16)); - - return JWT::encode($payload, $this->secret, 'HS256'); - } - - public function issueRefreshToken(string $userId): string - { - // Refresh token is a random string prefixed with userId for lookup - $random = bin2hex(random_bytes(32)); - return $userId . '.' . $random; - } - - public function verifyToken(string $token): array - { - try { - $decoded = JWT::decode($token, new Key($this->secret, 'HS256')); - return (array) $decoded; - } catch (Exception $e) { - throw new Exception("Invalid or expired token: " . $e->getMessage()); - } - } -} diff --git a/app/Services/SubscriptionService.php b/app/Services/SubscriptionService.php deleted file mode 100644 index 88ef428..0000000 --- a/app/Services/SubscriptionService.php +++ /dev/null @@ -1,47 +0,0 @@ -prepare("SELECT * FROM subscriptions WHERE tenant_id = ? LIMIT 1"); - $stmt->execute([$tenantId]); - $sub = $stmt->fetch(); - - if (!$sub) throw new Exception("لا يوجد اشتراك فعال"); - - if ($type === 'invoices') { - if ($sub['invoices_used_this_month'] >= $sub['max_invoices_per_month']) { - throw new Exception("لقد وصلت للحد الأقصى من الفواتير المسموح بها في خطتك الحالية"); - } - } - - if ($type === 'companies') { - $countStmt = $db->prepare("SELECT COUNT(*) as total FROM companies WHERE tenant_id = ? AND deleted_at IS NULL"); - $countStmt->execute([$tenantId]); - $count = $countStmt->fetch()['total']; - - if ($count >= $sub['max_companies']) { - throw new Exception("لقد وصلت للحد الأقصى من الشركات المسموح بها في خطتك الحالية"); - } - } - } - - public function incrementUsage(string $tenantId, string $type): void - { - if ($type === 'invoices') { - $db = Database::getInstance(); - $stmt = $db->prepare("UPDATE subscriptions SET invoices_used_this_month = invoices_used_this_month + 1 WHERE tenant_id = ?"); - $stmt->execute([$tenantId]); - } - } -} diff --git a/app/Services/TaxValidationService.php b/app/Services/TaxValidationService.php deleted file mode 100644 index 5999847..0000000 --- a/app/Services/TaxValidationService.php +++ /dev/null @@ -1,72 +0,0 @@ - 0.01) { - $errors[] = ['code' => 'RULE_001', 'message_ar' => 'مجموع سطور الفاتورة لا يطابق المجموع الكلي']; - } - - // Rule 002: Tax integrity (tax_amount = subtotal × tax_rate) - foreach ($lines as $line) { - $expectedTax = round($line['quantity'] * $line['unit_price'] * $line['tax_rate'], 3); - if (abs($line['tax_amount'] - $expectedTax) > 0.01) { - $errors[] = ['code' => 'RULE_002', 'message_ar' => "خطأ في حساب الضريبة للسطر {$line['line_number']}"]; - } - } - - // Rule 003: Invoice number required - if (empty($invoice['invoice_number'])) { - $errors[] = ['code' => 'RULE_003', 'message_ar' => 'رقم الفاتورة مطلوب']; - } - - // Rule 004: No future dates - if (strtotime($invoice['invoice_date']) > time()) { - $errors[] = ['code' => 'RULE_004', 'message_ar' => 'تاريخ الفاتورة لا يمكن أن يكون في المستقبل']; - } - - // Rule 005: Valid JO Tax Rates - $validRates = [0.16, 0.10, 0.05, 0.04, 0.02, 0.00]; - foreach ($lines as $line) { - if (!in_array(round((float)$line['tax_rate'], 2), $validRates)) { - $errors[] = ['code' => 'RULE_005', 'message_ar' => "نسبة الضريبة ({$line['tax_rate']}) غير صالحة في الأردن"]; - } - } - - // Rule 006: Buyer ID for large invoices (> 10,000 JOD) - if ($invoice['grand_total'] > 10000 && empty($invoice['buyer_tin']) && empty($invoice['buyer_national_id'])) { - $errors[] = ['code' => 'RULE_006', 'message_ar' => 'يجب تزويد الرقم الضريبي أو الوطني للمشتري للفواتير التي تتجاوز 10,000 دينار']; - } - - // Rule 007: Discount integrity — subtotal - discount = Σ(line totals before tax) - $lineSumBeforeTax = array_sum(array_map( - fn($l) => round(($l['quantity'] * $l['unit_price']) - ($l['discount'] ?? 0), 3), - $lines - )); - $expected = round($invoice['subtotal'] - $invoice['discount_total'], 3); - if (abs($expected - $lineSumBeforeTax) > 0.01) { - $errors[] = [ - 'code' => 'RULE_007', - 'message_ar' => "خطأ في حساب الخصومات: المتوقع {$expected} JOD، المحسوب {$lineSumBeforeTax} JOD", - 'message_en' => "Discount integrity error" - ]; - } - - return [ - 'is_valid' => empty($errors), - 'errors' => $errors - ]; - } -} diff --git a/app/Services/TotpService.php b/app/Services/TotpService.php deleted file mode 100644 index d62f10d..0000000 --- a/app/Services/TotpService.php +++ /dev/null @@ -1,67 +0,0 @@ -base32Decode($secret)); - $offset = ord($hash[19]) & 0x0F; - $otp = ((ord($hash[$offset]) & 0x7F) << 24 | (ord($hash[$offset+1]) & 0xFF) << 16 | (ord($hash[$offset+2]) & 0xFF) << 8 | (ord($hash[$offset+3]) & 0xFF)) % 1000000; - if (str_pad((string)$otp, 6, '0', STR_PAD_LEFT) === $code) return true; - } - return false; - } - - private function base32Decode(string $base32): string - { - $base32chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567'; - $base32charsFlipped = array_flip(str_split($base32chars)); - - $output = ''; - $v = 0; - $vbits = 0; - - for ($i = 0, $j = strlen($base32); $i < $j; $i++) { - $v <<= 5; - if (isset($base32charsFlipped[$base32[$i]])) { - $v += $base32charsFlipped[$base32[$i]]; - } - $vbits += 5; - - while ($vbits >= 8) { - $vbits -= 8; - $output .= chr(($v >> $vbits) & 0xFF); - } - } - return $output; - } -} diff --git a/app/bootstrap/auth.php b/app/bootstrap/auth.php new file mode 100644 index 0000000..3ad183b --- /dev/null +++ b/app/bootstrap/auth.php @@ -0,0 +1,19 @@ + $success, + 'data' => $data, + 'message' => $message, + 'timestamp' => date('c') + ], JSON_UNESCAPED_UNICODE); + exit; +} + +function json_error(string $message, int $code = 400, $errors = null) { + json_response(false, $errors, $message, $code); +} + +function json_success($data = null, ?string $message = 'Success', int $code = 200) { + json_response(true, $data, $message, $code); +} diff --git a/app/config/database.php b/app/config/database.php new file mode 100644 index 0000000..ff0a8b6 --- /dev/null +++ b/app/config/database.php @@ -0,0 +1,13 @@ + $_ENV['DB_HOST'] ?? '127.0.0.1', + 'port' => $_ENV['DB_PORT'] ?? '3306', + 'database' => $_ENV['DB_DATABASE'] ?? 'musadaqDb', + 'username' => $_ENV['DB_USERNAME'] ?? 'musadaqUser', + 'password' => $_ENV['DB_PASSWORD'] ?? '', + 'charset' => $_ENV['DB_CHARSET'] ?? 'utf8mb4', +]; diff --git a/app/helpers/helpers.php b/app/helpers/helpers.php new file mode 100644 index 0000000..c798127 --- /dev/null +++ b/app/helpers/helpers.php @@ -0,0 +1,34 @@ +"; + var_dump($v); + echo ""; + } + die(); + } +} diff --git a/app/modules_app/auth/login.php b/app/modules_app/auth/login.php new file mode 100644 index 0000000..9c562f1 --- /dev/null +++ b/app/modules_app/auth/login.php @@ -0,0 +1,58 @@ + 'required|email', + 'password' => 'required' +]); + +if ($errors) { + json_error('Validation Failed', 422, $errors); +} + +$email = $data['email']; +$password = $data['password']; + +// 2. DB Check +$db = Database::getInstance(); +$stmt = $db->prepare("SELECT * FROM users WHERE email = ? LIMIT 1"); +$stmt->execute([$email]); +$user = $stmt->fetch(); + +if (!$user || !password_verify($password, $user['password_hash'])) { + json_error('بيانات الدخول غير صحيحة', 401); +} + +// 3. Issue Token +$secret = env('JWT_SECRET', 'super-secret-key'); +$payload = [ + 'user_id' => $user['id'], + 'role' => $user['role'], + 'exp' => time() + (15 * 60) // 15 minutes +]; + +$token = JWT::encode($payload, $secret); + +// 4. Update Refresh Token (Simple stored in DB as requested) +$refreshToken = bin2hex(random_bytes(32)); +$stmt = $db->prepare("UPDATE users SET refresh_token = ? WHERE id = ?"); +$stmt->execute([$refreshToken, $user['id']]); + +json_success([ + 'access_token' => $token, + 'refresh_token' => $refreshToken, + 'user' => [ + 'id' => $user['id'], + 'name' => $user['name'], + 'email' => $user['email'] + ] +], 'تم تسجيل الدخول بنجاح'); diff --git a/app/modules_app/auth/logout.php b/app/modules_app/auth/logout.php new file mode 100644 index 0000000..df1c34b --- /dev/null +++ b/app/modules_app/auth/logout.php @@ -0,0 +1,18 @@ +prepare("UPDATE users SET refresh_token = NULL WHERE id = ?"); +$stmt->execute([$userId]); + +json_success(null, 'تم تسجيل الخروج بنجاح'); diff --git a/app/modules_app/auth/refresh.php b/app/modules_app/auth/refresh.php new file mode 100644 index 0000000..b6d6ed0 --- /dev/null +++ b/app/modules_app/auth/refresh.php @@ -0,0 +1,41 @@ +prepare("SELECT * FROM users WHERE refresh_token = ? LIMIT 1"); +$stmt->execute([$refreshToken]); +$user = $stmt->fetch(); + +if (!$user) { + json_error('Invalid refresh token', 401); +} + +$secret = env('JWT_SECRET', 'super-secret-key'); +$payload = [ + 'user_id' => $user['id'], + 'role' => $user['role'], + 'exp' => time() + (15 * 60) +]; + +$newToken = JWT::encode($payload, $secret); +$newRefreshToken = bin2hex(random_bytes(32)); + +$stmt = $db->prepare("UPDATE users SET refresh_token = ? WHERE id = ?"); +$stmt->execute([$newRefreshToken, $user['id']]); + +json_success([ + 'access_token' => $newToken, + 'refresh_token' => $newRefreshToken +], 'تم تجديد الجلسة بنجاح'); diff --git a/app/modules_app/trips/index.php b/app/modules_app/trips/index.php new file mode 100644 index 0000000..fb5c650 --- /dev/null +++ b/app/modules_app/trips/index.php @@ -0,0 +1,28 @@ +prepare("SELECT * FROM trips WHERE user_id = ? ORDER BY created_at DESC"); + $stmt->execute([$decoded['user_id']]); + $trips = $stmt->fetchAll(); + + json_success($trips); +} catch (\PDOException $e) { + // If table doesn't exist, return empty for the sake of the skeleton + json_success([], 'Trips table not found, returning empty array for demonstration.'); +} diff --git a/app/modules_app/users/index.php b/app/modules_app/users/index.php new file mode 100644 index 0000000..c5ab614 --- /dev/null +++ b/app/modules_app/users/index.php @@ -0,0 +1,23 @@ +prepare("SELECT id, name, email, role, is_active, created_at FROM users"); +$stmt->execute(); +$users = $stmt->fetchAll(); + +json_success($users); diff --git a/config/app.php b/config/app.php deleted file mode 100644 index 2490e65..0000000 --- a/config/app.php +++ /dev/null @@ -1,10 +0,0 @@ - $_ENV['APP_NAME'] ?? 'مُصادَق', - 'env' => $_ENV['APP_ENV'] ?? 'production', - 'url' => $_ENV['APP_URL'] ?? 'https://musadeq2.intaleqapp.com', - 'timezone' => $_ENV['APP_TIMEZONE'] ?? 'Asia/Amman', -]; diff --git a/config/auth.php b/config/auth.php deleted file mode 100644 index a63106f..0000000 --- a/config/auth.php +++ /dev/null @@ -1,11 +0,0 @@ - [ - 'secret' => $_ENV['JWT_SECRET'] ?? '', - 'access_expiry' => (int)($_ENV['JWT_ACCESS_EXPIRY'] ?? 900), - 'refresh_expiry' => (int)($_ENV['JWT_REFRESH_EXPIRY'] ?? 604800), - ], -]; diff --git a/config/database.php b/config/database.php deleted file mode 100644 index 8aa9835..0000000 --- a/config/database.php +++ /dev/null @@ -1,12 +0,0 @@ - $_ENV['DB_HOST'] ?? '127.0.0.1', - 'port' => $_ENV['DB_PORT'] ?? '3306', - 'database' => $_ENV['DB_DATABASE'] ?? 'musadaq_db', - 'username' => $_ENV['DB_USERNAME'] ?? 'musadaq_user', - 'password' => $_ENV['DB_PASSWORD'] ?? '', - 'charset' => $_ENV['DB_CHARSET'] ?? 'utf8mb4', -]; diff --git a/config/secrets.php b/config/secrets.php deleted file mode 100644 index e96c5d5..0000000 --- a/config/secrets.php +++ /dev/null @@ -1,7 +0,0 @@ - base64_decode($_ENV['ENCRYPTION_KEY_B64'] ?? '0AEcpckd2g6eMA3ofBXRpgrDbV6ExWkB+D1Hl5pE+I0='), -]; diff --git a/config/services.php b/config/services.php deleted file mode 100644 index 8621264..0000000 --- a/config/services.php +++ /dev/null @@ -1,28 +0,0 @@ - [ - 'gemini' => [ - 'key' => $_ENV['GEMINI_API_KEY'] ?? '', - 'model' => $_ENV['GEMINI_MODEL'] ?? 'gemini-2.0-flash', - ], - 'openai' => [ - 'key' => $_ENV['OPENAI_API_KEY'] ?? '', - 'model' => $_ENV['OPENAI_MODEL'] ?? 'gpt-4o', - ], - ], - 'jofotara' => [ - 'base_url' => $_ENV['JOFOTARA_BASE_URL'] ?? 'https://backend.jofotara.gov.jo/core/invoices', - 'env' => $_ENV['JOFOTARA_ENV'] ?? 'production', - ], - 'mail' => [ - 'host' => $_ENV['MAIL_HOST'] ?? '', - 'port' => (int)($_ENV['MAIL_PORT'] ?? 587), - 'username' => $_ENV['MAIL_USERNAME'] ?? '', - 'password' => $_ENV['MAIL_PASSWORD'] ?? '', - 'from' => $_ENV['MAIL_FROM'] ?? 'noreply@musadaq.app', - 'from_name' => $_ENV['MAIL_FROM_NAME'] ?? 'مُصادَق', - ], -]; diff --git a/database/migrations/001_initial_schema.sql b/database/migrations/001_initial_schema.sql deleted file mode 100644 index 39734e5..0000000 --- a/database/migrations/001_initial_schema.sql +++ /dev/null @@ -1,41 +0,0 @@ --- ─── Tenants ────────────────────────────────────────────── -CREATE TABLE IF NOT EXISTS tenants ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - name VARCHAR(255) NOT NULL, - email VARCHAR(255) NOT NULL, - phone VARCHAR(20) NULL, - status ENUM('active','suspended','trial') NOT NULL DEFAULT 'trial', - trial_ends_at DATETIME NULL, - settings JSON DEFAULT (JSON_OBJECT()), - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - deleted_at DATETIME NULL, - PRIMARY KEY (id), - UNIQUE KEY uq_tenants_email (email) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Users ──────────────────────────────────────────────── -CREATE TABLE IF NOT EXISTS users ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - name VARCHAR(255) NOT NULL, - email VARCHAR(255) NOT NULL, - password_hash VARCHAR(255) NOT NULL, - role ENUM('super_admin','admin','accountant','employee','viewer') NOT NULL, - assigned_company_id CHAR(36) NULL, - refresh_token_hash VARCHAR(255) NULL, - totp_secret VARCHAR(64) NULL, - totp_enabled TINYINT(1) NOT NULL DEFAULT 0, - is_active TINYINT(1) NOT NULL DEFAULT 1, - email_verified_at DATETIME NULL, - last_login_at DATETIME NULL, - last_login_ip VARCHAR(45) NULL, - failed_login_count INT NOT NULL DEFAULT 0, - locked_until DATETIME NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - deleted_at DATETIME NULL, - PRIMARY KEY (id), - UNIQUE KEY uq_tenant_email (tenant_id, email), - CONSTRAINT fk_users_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; diff --git a/database/migrations/002_core_modules.sql b/database/migrations/002_core_modules.sql deleted file mode 100644 index f413544..0000000 --- a/database/migrations/002_core_modules.sql +++ /dev/null @@ -1,47 +0,0 @@ --- ─── Companies ──────────────────────────────────────────── -CREATE TABLE IF NOT EXISTS companies ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - name VARCHAR(255) NOT NULL, - name_en VARCHAR(255) NULL, - tax_identification_number VARCHAR(20) NOT NULL, - commercial_registration_number VARCHAR(50) NULL, - address TEXT NULL, - city VARCHAR(100) NULL, - contact_email VARCHAR(255) NULL, - contact_phone VARCHAR(20) NULL, - jofotara_client_id_encrypted TEXT NULL, - jofotara_secret_key_encrypted TEXT NULL, - jofotara_income_source_sequence VARCHAR(50) NULL, - certificate_path VARCHAR(255) NULL, - certificate_password_encrypted TEXT NULL, - is_jofotara_linked TINYINT(1) NOT NULL DEFAULT 0, - is_active TINYINT(1) NOT NULL DEFAULT 1, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - deleted_at DATETIME NULL, - PRIMARY KEY (id), - INDEX idx_companies_tenant (tenant_id), - INDEX idx_companies_tin (tax_identification_number), - CONSTRAINT fk_companies_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Subscriptions ──────────────────────────────────────── -CREATE TABLE IF NOT EXISTS subscriptions ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - plan ENUM('free','basic','office','pro','enterprise') NOT NULL DEFAULT 'basic', - max_companies INT NOT NULL DEFAULT 3, - max_invoices_per_month INT NOT NULL DEFAULT 50, - max_users INT NOT NULL DEFAULT 2, - price_jod DECIMAL(10,2) NOT NULL DEFAULT 0.00, - invoices_used_this_month INT NOT NULL DEFAULT 0, - status ENUM('active','past_due','cancelled','trial') NOT NULL DEFAULT 'active', - current_period_start DATETIME NULL, - current_period_end DATETIME NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - PRIMARY KEY (id), - UNIQUE KEY uq_sub_tenant (tenant_id), - CONSTRAINT fk_sub_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; diff --git a/database/migrations/003_invoices.sql b/database/migrations/003_invoices.sql deleted file mode 100644 index c1e70a8..0000000 --- a/database/migrations/003_invoices.sql +++ /dev/null @@ -1,69 +0,0 @@ --- ─── Invoices ───────────────────────────────────────────── -CREATE TABLE IF NOT EXISTS invoices ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - company_id CHAR(36) NOT NULL, - uploaded_by CHAR(36) NULL, - invoice_number VARCHAR(100) NULL, - invoice_date DATE NULL, - invoice_type ENUM('cash','credit') NOT NULL DEFAULT 'cash', - ubl_type_code CHAR(3) NOT NULL DEFAULT '388', - payment_method_code CHAR(3) NOT NULL DEFAULT '013', - supplier_tin VARCHAR(20) NULL, - supplier_name VARCHAR(255) NULL, - supplier_address TEXT NULL, - buyer_tin VARCHAR(20) NULL, - buyer_national_id VARCHAR(20) NULL, - buyer_name VARCHAR(255) NULL, - subtotal DECIMAL(15,3) NOT NULL DEFAULT 0, - discount_total DECIMAL(15,3) NOT NULL DEFAULT 0, - tax_amount DECIMAL(15,3) NOT NULL DEFAULT 0, - grand_total DECIMAL(15,3) NOT NULL DEFAULT 0, - currency_code CHAR(3) NOT NULL DEFAULT 'JOD', - status ENUM('uploaded','extracting','extracted','validated', - 'validation_failed','submitting','approved','rejected') - NOT NULL DEFAULT 'uploaded', - original_file_path TEXT NULL, - original_file_hash VARCHAR(64) NULL, - invoice_category VARCHAR(20) NOT NULL DEFAULT 'simplified', - validation_errors JSON NULL, - qr_code TEXT NULL, - jofotara_response JSON NULL, - ai_provider VARCHAR(20) NULL, - ai_confidence_score DECIMAL(4,3) NULL, - ai_prompt_tokens INT NOT NULL DEFAULT 0, - ai_completion_tokens INT NOT NULL DEFAULT 0, - ai_total_cost DECIMAL(10,6) NOT NULL DEFAULT 0, - ai_raw_response JSON NULL, - idempotency_key VARCHAR(64) NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - deleted_at DATETIME NULL, - PRIMARY KEY (id), - UNIQUE KEY uq_idempotency (idempotency_key), - INDEX idx_invoices_tenant (tenant_id), - INDEX idx_invoices_company (company_id), - INDEX idx_invoices_status (status), - INDEX idx_invoices_date (invoice_date), - INDEX idx_invoices_file_hash (original_file_hash), - CONSTRAINT fk_inv_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE, - CONSTRAINT fk_inv_company FOREIGN KEY (company_id) REFERENCES companies(id) ON DELETE CASCADE, - CONSTRAINT fk_inv_user FOREIGN KEY (uploaded_by) REFERENCES users(id) ON DELETE SET NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Invoice Lines ──────────────────────────────────────── -CREATE TABLE IF NOT EXISTS invoice_lines ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - invoice_id CHAR(36) NOT NULL, - line_number INT NOT NULL, - description TEXT NOT NULL, - quantity DECIMAL(15,3) NOT NULL, - unit_price DECIMAL(15,3) NOT NULL, - discount DECIMAL(15,3) NOT NULL DEFAULT 0, - tax_rate DECIMAL(5,4) NOT NULL, - tax_amount DECIMAL(15,3) NOT NULL DEFAULT 0, - line_total DECIMAL(15,3) NOT NULL, - PRIMARY KEY (id), - INDEX idx_lines_invoice (invoice_id), - CONSTRAINT fk_lines_invoice FOREIGN KEY (invoice_id) REFERENCES invoices(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; diff --git a/database/migrations/004_system.sql b/database/migrations/004_system.sql deleted file mode 100644 index b2771d4..0000000 --- a/database/migrations/004_system.sql +++ /dev/null @@ -1,80 +0,0 @@ --- ─── Audit Logs ─────────────────────────────────────────── -CREATE TABLE IF NOT EXISTS audit_logs ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NULL, - user_id CHAR(36) NULL, - action VARCHAR(100) NOT NULL, - entity_type VARCHAR(50) NULL, - entity_id CHAR(36) NULL, - old_data JSON NULL, - new_data JSON NULL, - ip_address VARCHAR(45) NULL, - user_agent TEXT NULL, - metadata JSON NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (id), - INDEX idx_audit_tenant (tenant_id), - INDEX idx_audit_action (action), - INDEX idx_audit_created (created_at) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Risk Scores ────────────────────────────────────────── -CREATE TABLE IF NOT EXISTS risk_scores ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - company_id CHAR(36) NOT NULL, - invoice_id CHAR(36) NULL, - risk_type VARCHAR(50) NOT NULL, - score TINYINT UNSIGNED NOT NULL, - reason TEXT NOT NULL, - is_resolved TINYINT(1) NOT NULL DEFAULT 0, - resolved_by CHAR(36) NULL, - resolved_at DATETIME NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (id), - INDEX idx_risk_tenant (tenant_id), - INDEX idx_risk_unresolved (is_resolved), - CONSTRAINT fk_risk_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE, - CONSTRAINT fk_risk_company FOREIGN KEY (company_id) REFERENCES companies(id) ON DELETE CASCADE, - CONSTRAINT fk_risk_invoice FOREIGN KEY (invoice_id) REFERENCES invoices(id) ON DELETE SET NULL, - CONSTRAINT fk_risk_resolver FOREIGN KEY (resolved_by) REFERENCES users(id) ON DELETE SET NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Queue Jobs ─────────────────────────────────────────── -CREATE TABLE IF NOT EXISTS queue_jobs ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - type VARCHAR(100) NOT NULL, - payload JSON NOT NULL, - priority INT NOT NULL DEFAULT 0, - attempts INT NOT NULL DEFAULT 0, - max_attempts INT NOT NULL DEFAULT 3, - status ENUM('pending','processing','completed','failed','dead') - NOT NULL DEFAULT 'pending', - error TEXT NULL, - locked_at DATETIME NULL, - locked_by VARCHAR(100) NULL, - scheduled_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - completed_at DATETIME NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (id), - INDEX idx_queue_pending (status, priority DESC, scheduled_at) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── API Keys ───────────────────────────────────────────── -CREATE TABLE IF NOT EXISTS api_keys ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - user_id CHAR(36) NOT NULL, - name VARCHAR(100) NOT NULL, - public_key VARCHAR(64) NOT NULL, - secret_hash VARCHAR(255) NOT NULL, - permissions JSON DEFAULT (JSON_ARRAY('invoices:read','invoices:upload')), - last_used_at DATETIME NULL, - is_active TINYINT(1) NOT NULL DEFAULT 1, - expires_at DATETIME NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (id), - UNIQUE KEY uq_api_public_key (public_key), - CONSTRAINT fk_apikeys_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE, - CONSTRAINT fk_apikeys_user FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; diff --git a/database/migrations/005_notifications.sql b/database/migrations/005_notifications.sql deleted file mode 100644 index 96411f2..0000000 --- a/database/migrations/005_notifications.sql +++ /dev/null @@ -1,12 +0,0 @@ -CREATE TABLE IF NOT EXISTS notifications ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - user_id CHAR(36) NOT NULL, - title VARCHAR(255) NOT NULL, - message TEXT NOT NULL, - type ENUM('info','success','warning','error') NOT NULL DEFAULT 'info', - is_read TINYINT(1) NOT NULL DEFAULT 0, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (id), - INDEX idx_notif_user (user_id), - CONSTRAINT fk_notif_user FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; diff --git a/database/schema.sql b/database/schema.sql deleted file mode 100644 index 013f4c3..0000000 --- a/database/schema.sql +++ /dev/null @@ -1,260 +0,0 @@ -SET NAMES utf8mb4; -SET CHARACTER SET utf8mb4; - --- ─── Tenants ────────────────────────────────────────────── -CREATE TABLE tenants ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - name VARCHAR(255) NOT NULL, - email VARCHAR(255) NOT NULL, - phone VARCHAR(20) NULL, - status ENUM('active','suspended','trial') NOT NULL DEFAULT 'trial', - trial_ends_at DATETIME NULL, - settings JSON DEFAULT (JSON_OBJECT()), - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - deleted_at DATETIME NULL, - PRIMARY KEY (id), - UNIQUE KEY uq_tenants_email (email) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Users ──────────────────────────────────────────────── -CREATE TABLE users ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - name VARCHAR(255) NOT NULL, - email VARCHAR(255) NOT NULL, - password_hash VARCHAR(255) NOT NULL, - role ENUM('super_admin','admin','accountant','employee','viewer') NOT NULL, - assigned_company_id CHAR(36) NULL, - refresh_token_hash VARCHAR(255) NULL, - totp_secret VARCHAR(64) NULL, - totp_enabled TINYINT(1) NOT NULL DEFAULT 0, - is_active TINYINT(1) NOT NULL DEFAULT 1, - email_verified_at DATETIME NULL, - last_login_at DATETIME NULL, - last_login_ip VARCHAR(45) NULL, - failed_login_count INT NOT NULL DEFAULT 0, - locked_until DATETIME NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - deleted_at DATETIME NULL, - PRIMARY KEY (id), - UNIQUE KEY uq_tenant_email (tenant_id, email), - CONSTRAINT fk_users_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── API Keys ───────────────────────────────────────────── -CREATE TABLE api_keys ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - user_id CHAR(36) NOT NULL, - name VARCHAR(100) NOT NULL, - public_key VARCHAR(64) NOT NULL, - secret_hash VARCHAR(255) NOT NULL, - permissions JSON DEFAULT (JSON_ARRAY('invoices:read','invoices:upload')), - last_used_at DATETIME NULL, - is_active TINYINT(1) NOT NULL DEFAULT 1, - expires_at DATETIME NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (id), - UNIQUE KEY uq_api_public_key (public_key), - CONSTRAINT fk_apikeys_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE, - CONSTRAINT fk_apikeys_user FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Companies ──────────────────────────────────────────── -CREATE TABLE companies ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - name VARCHAR(255) NOT NULL, - name_en VARCHAR(255) NULL, - tax_identification_number VARCHAR(20) NOT NULL, - commercial_registration_number VARCHAR(50) NULL, - address TEXT NULL, - city VARCHAR(100) NULL, - contact_email VARCHAR(255) NULL, - contact_phone VARCHAR(20) NULL, - jofotara_client_id_encrypted TEXT NULL, - jofotara_secret_key_encrypted TEXT NULL, - jofotara_income_source_sequence VARCHAR(50) NULL, - certificate_path VARCHAR(255) NULL, - certificate_password_encrypted TEXT NULL, - is_jofotara_linked TINYINT(1) NOT NULL DEFAULT 0, - is_active TINYINT(1) NOT NULL DEFAULT 1, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - deleted_at DATETIME NULL, - PRIMARY KEY (id), - INDEX idx_companies_tenant (tenant_id), - INDEX idx_companies_tin (tax_identification_number), - CONSTRAINT fk_companies_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Subscriptions ──────────────────────────────────────── -CREATE TABLE subscriptions ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - plan ENUM('free','basic','office','pro','enterprise') NOT NULL DEFAULT 'basic', - max_companies INT NOT NULL DEFAULT 3, - max_invoices_per_month INT NOT NULL DEFAULT 50, - max_users INT NOT NULL DEFAULT 2, - price_jod DECIMAL(10,2) NOT NULL DEFAULT 0.00, - invoices_used_this_month INT NOT NULL DEFAULT 0, - status ENUM('active','past_due','cancelled','trial') NOT NULL DEFAULT 'active', - current_period_start DATETIME NULL, - current_period_end DATETIME NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - PRIMARY KEY (id), - UNIQUE KEY uq_sub_tenant (tenant_id), - CONSTRAINT fk_sub_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Invoices ───────────────────────────────────────────── -CREATE TABLE invoices ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - company_id CHAR(36) NOT NULL, - uploaded_by CHAR(36) NULL, - invoice_number VARCHAR(100) NULL, - invoice_date DATE NULL, - invoice_type ENUM('cash','credit') NOT NULL DEFAULT 'cash', - ubl_type_code CHAR(3) NOT NULL DEFAULT '388', - payment_method_code CHAR(3) NOT NULL DEFAULT '013', - supplier_tin VARCHAR(20) NULL, - supplier_name VARCHAR(255) NULL, - supplier_address TEXT NULL, - buyer_tin VARCHAR(20) NULL, - buyer_national_id VARCHAR(20) NULL, - buyer_name VARCHAR(255) NULL, - subtotal DECIMAL(15,3) NOT NULL DEFAULT 0, - discount_total DECIMAL(15,3) NOT NULL DEFAULT 0, - tax_amount DECIMAL(15,3) NOT NULL DEFAULT 0, - grand_total DECIMAL(15,3) NOT NULL DEFAULT 0, - currency_code CHAR(3) NOT NULL DEFAULT 'JOD', - status ENUM('uploaded','extracting','extracted','validated', - 'validation_failed','submitting','approved','rejected') - NOT NULL DEFAULT 'uploaded', - original_file_path TEXT NULL, - original_file_hash VARCHAR(64) NULL, - invoice_category VARCHAR(20) NOT NULL DEFAULT 'simplified', - validation_errors JSON NULL, - qr_code TEXT NULL, - jofotara_response JSON NULL, - ai_provider VARCHAR(20) NULL, - ai_confidence_score DECIMAL(4,3) NULL, - ai_prompt_tokens INT NOT NULL DEFAULT 0, - ai_completion_tokens INT NOT NULL DEFAULT 0, - ai_total_cost DECIMAL(10,6) NOT NULL DEFAULT 0, - ai_raw_response JSON NULL, - idempotency_key VARCHAR(64) NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - deleted_at DATETIME NULL, - PRIMARY KEY (id), - UNIQUE KEY uq_idempotency (idempotency_key), - INDEX idx_invoices_tenant (tenant_id), - INDEX idx_invoices_company (company_id), - INDEX idx_invoices_status (status), - INDEX idx_invoices_date (invoice_date), - INDEX idx_invoices_file_hash (original_file_hash), - CONSTRAINT fk_inv_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE, - CONSTRAINT fk_inv_company FOREIGN KEY (company_id) REFERENCES companies(id) ON DELETE CASCADE, - CONSTRAINT fk_inv_user FOREIGN KEY (uploaded_by) REFERENCES users(id) ON DELETE SET NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Invoice Lines ──────────────────────────────────────── -CREATE TABLE invoice_lines ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - invoice_id CHAR(36) NOT NULL, - line_number INT NOT NULL, - description TEXT NOT NULL, - quantity DECIMAL(15,3) NOT NULL, - unit_price DECIMAL(15,3) NOT NULL, - discount DECIMAL(15,3) NOT NULL DEFAULT 0, - tax_rate DECIMAL(5,4) NOT NULL, - tax_amount DECIMAL(15,3) NOT NULL DEFAULT 0, - line_total DECIMAL(15,3) NOT NULL, - PRIMARY KEY (id), - INDEX idx_lines_invoice (invoice_id), - CONSTRAINT fk_lines_invoice FOREIGN KEY (invoice_id) REFERENCES invoices(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Audit Logs ─────────────────────────────────────────── -CREATE TABLE audit_logs ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NULL, - user_id CHAR(36) NULL, - action VARCHAR(100) NOT NULL, - entity_type VARCHAR(50) NULL, - entity_id CHAR(36) NULL, - old_data JSON NULL, - new_data JSON NULL, - ip_address VARCHAR(45) NULL, - user_agent TEXT NULL, - metadata JSON NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (id), - INDEX idx_audit_tenant (tenant_id), - INDEX idx_audit_action (action), - INDEX idx_audit_created (created_at) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Risk Scores ────────────────────────────────────────── -CREATE TABLE risk_scores ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - company_id CHAR(36) NOT NULL, - invoice_id CHAR(36) NULL, - risk_type VARCHAR(50) NOT NULL, - risk_level ENUM('low', 'medium', 'high', 'critical') NOT NULL DEFAULT 'low', - score TINYINT UNSIGNED NOT NULL, - reason TEXT NOT NULL, - factors JSON NULL, - is_resolved TINYINT(1) NOT NULL DEFAULT 0, - resolved_by CHAR(36) NULL, - resolved_at DATETIME NULL, - calculated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (id), - INDEX idx_risk_tenant (tenant_id), - INDEX idx_risk_unresolved (is_resolved), - CONSTRAINT fk_risk_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE, - CONSTRAINT fk_risk_company FOREIGN KEY (company_id) REFERENCES companies(id) ON DELETE CASCADE, - CONSTRAINT fk_risk_invoice FOREIGN KEY (invoice_id) REFERENCES invoices(id) ON DELETE SET NULL, - CONSTRAINT fk_risk_resolver FOREIGN KEY (resolved_by) REFERENCES users(id) ON DELETE SET NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Notifications ──────────────────────────────────────── -CREATE TABLE notifications ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - user_id CHAR(36) NOT NULL, - title VARCHAR(255) NOT NULL, - message TEXT NOT NULL, - type VARCHAR(50) NOT NULL DEFAULT 'info', - is_read TINYINT(1) NOT NULL DEFAULT 0, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (id), - INDEX idx_notifications_user (user_id), - CONSTRAINT fk_notifications_user FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Queue Jobs (MySQL fallback when Redis unavailable) ─── -CREATE TABLE queue_jobs ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - type VARCHAR(100) NOT NULL, - payload JSON NOT NULL, - priority INT NOT NULL DEFAULT 0, - attempts INT NOT NULL DEFAULT 0, - max_attempts INT NOT NULL DEFAULT 3, - status ENUM('pending','processing','completed','failed','dead') - NOT NULL DEFAULT 'pending', - error TEXT NULL, - locked_at DATETIME NULL, - locked_by VARCHAR(100) NULL, - scheduled_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - completed_at DATETIME NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (id), - INDEX idx_queue_pending (status, priority DESC, scheduled_at) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; diff --git a/musadaq_full_code.md b/musadaq_full_code.md deleted file mode 100644 index 899957d..0000000 --- a/musadaq_full_code.md +++ /dev/null @@ -1,5894 +0,0 @@ -# مُصادَق — ملخص كود المشروع الكامل - -هذا الملف يحتوي على كافة ملفات المصدر للمشروع مجمعة لتسهيل المراجعة. - -## الملف: `phpunit.xml` - -``` - - - - - tests/Unit - - - tests/Feature - - - - - - - - -``` - ---- - -## الملف: `scratch.js` - -```javascript -const appRouter = () => ({ - isLoggedIn: !!localStorage.getItem('access_token'), - pageHtml: 'جاري التحميل...', - async init() { - console.log('App Initialized'); - await this.navigate(window.location.pathname); - window.onpopstate = () => this.navigate(window.location.pathname); - }, - async navigate(path) { - console.log('Navigating to:', path); - const isLogin = path.includes('login'); - - if (!this.isLoggedIn && !isLogin) { - this.pageHtml = await this.loadPage('login'); - } else if (isLogin) { - this.pageHtml = await this.loadPage('login'); - } else { - this.pageHtml = await this.loadPage('dashboard'); - } - }, - initCharts() { - const ctx = document.getElementById('invoiceChart')?.getContext('2d'); - }, - async loadPage(page) { - if (page === 'dashboard') { - return `
`; - } - if (page === 'login') return ` -
-
-

مرحباً بك مجدداً

-
-
- `; - return '
الصفحة قيد الإنشاء
'; - } -}); - -``` - ---- - -## الملف: `.env` - -``` -APP_NAME="مُصادَق" -APP_ENV=development -APP_URL=http://localhost:8000 -APP_TIMEZONE=Asia/Amman - -# MySQL (CloudPanel managed) -DB_HOST=127.0.0.1 -DB_PORT=3306 -DB_DATABASE=musadaqDb -DB_USERNAME=musadaqUser -DB_PASSWORD=FWVG3vx2fhrwUULXa6E4 -DB_CHARSET=utf8mb4 - -# Redis (system service) -REDIS_HOST=127.0.0.1 -REDIS_PORT=6379 -REDIS_PASSWORD= - -# JWT -JWT_SECRET=super-secret-change-me-in-production -JWT_ACCESS_EXPIRY=900 -JWT_REFRESH_EXPIRY=604800 - -# AI Providers -GEMINI_API_KEY= -GEMINI_MODEL=gemini-2.0-flash -OPENAI_API_KEY= -OPENAI_MODEL=gpt-4o - -# JoFotara -JOFOTARA_BASE_URL=https://backend.jofotara.gov.jo/core/invoices -JOFOTARA_ENV=sandbox - -# Email -MAIL_HOST=smtp.mailtrap.io -MAIL_PORT=2525 -MAIL_USERNAME= -MAIL_PASSWORD= -MAIL_FROM=noreply@musadaq.app -MAIL_FROM_NAME="مُصادَق" - -# Storage -STORAGE_PATH=/Users/hamzaaleghwairyeen/development/App/musadeq/storage -UPLOAD_MAX_SIZE=20971520 - -``` - ---- - -## الملف: `describe.php` - -```php -load(); -$db = new PDO("mysql:host={$_ENV['DB_HOST']};port={$_ENV['DB_PORT']};dbname={$_ENV['DB_DATABASE']}", $_ENV['DB_USERNAME'], $_ENV['DB_PASSWORD']); -$stmt = $db->query("DESCRIBE invoices"); -print_r($stmt->fetchAll(PDO::FETCH_ASSOC)); - -``` - ---- - -## الملف: `composer.json` - -``` -{ - "name": "musadaq/platform", - "description": "Jordanian E-Invoicing Automation SaaS", - "type": "project", - "license": "proprietary", - "require": { - "php": ">=8.4", - "ext-pdo": "*", - "ext-pdo_mysql": "*", - "ext-openssl": "*", - "ext-sodium": "*", - "ext-curl": "*", - "ext-mbstring": "*", - "ext-json": "*", - "vlucas/phpdotenv": "^5.6", - "monolog/monolog": "^3.5", - "firebase/php-jwt": "^6.10", - "ramsey/uuid": "^4.7", - "nikic/fast-route": "^1.3", - "predis/predis": "^2.2", - "guzzlehttp/guzzle": "^7.9", - "respect/validation": "^2.3", - "league/flysystem": "^3.28", - "symfony/mailer": "^7.1" - }, - "require-dev": { - "phpunit/phpunit": "^11.0", - "phpstan/phpstan": "^1.12", - "squizlabs/php_codesniffer": "^3.10" - }, - "autoload": { - "psr-4": { "App\\": "app/" } - }, - "config": { - "optimize-autoloader": true, - "sort-packages": true - } -} - -``` - ---- - -## الملف: `database/seed.sql` - -```sql --- ─── Initial Super Admin Seed ────────────────────────────── --- Default Password: admin123 (Please change after first login) - -INSERT INTO tenants (id, name, email, status) -VALUES ('d0e4e4e4-e4e4-4e4e-ae4e-e4e4e4e4e4e4', 'Musadaq Admin', 'admin@musadaq.app', 'active'); - -INSERT INTO users (id, tenant_id, name, email, password_hash, role, is_active) -VALUES ( - 'u0e4e4e4-e4e4-4e4e-ae4e-e4e4e4e4e4e4', - 'd0e4e4e4-e4e4-4e4e-ae4e-e4e4e4e4e4e4', - 'Super Admin', - 'admin@musadaq.app', - '$argon2id$v=19$m=65536,t=3,p=4$VEpSbmRXNXBaV3REYTJodg$jZ8/X6Xf8X6Xf8X6Xf8X6Xf8X6Xf8X6Xf8X6Xf8X6Xg', -- Placeholder hash - 'super_admin', - 1 -); - -INSERT INTO subscriptions (tenant_id, plan, max_companies, max_invoices_per_month, max_users, status) -VALUES ( - 'd0e4e4e4-e4e4-4e4e-ae4e-e4e4e4e4e4e4', - 'pro', - 999, - 9999, - 99, - 'active' -); - -``` - ---- - -## الملف: `database/schema.sql` - -```sql -SET NAMES utf8mb4; -SET CHARACTER SET utf8mb4; - --- ─── Tenants ────────────────────────────────────────────── -CREATE TABLE tenants ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - name VARCHAR(255) NOT NULL, - email VARCHAR(255) NOT NULL, - phone VARCHAR(20) NULL, - status ENUM('active','suspended','trial') NOT NULL DEFAULT 'trial', - trial_ends_at DATETIME NULL, - settings JSON DEFAULT (JSON_OBJECT()), - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - deleted_at DATETIME NULL, - PRIMARY KEY (id), - UNIQUE KEY uq_tenants_email (email) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Users ──────────────────────────────────────────────── -CREATE TABLE users ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - name VARCHAR(255) NOT NULL, - email VARCHAR(255) NOT NULL, - password_hash VARCHAR(255) NOT NULL, - role ENUM('super_admin','admin','accountant','employee','viewer') NOT NULL, - assigned_company_id CHAR(36) NULL, - refresh_token_hash VARCHAR(255) NULL, - totp_secret VARCHAR(64) NULL, - totp_enabled TINYINT(1) NOT NULL DEFAULT 0, - is_active TINYINT(1) NOT NULL DEFAULT 1, - email_verified_at DATETIME NULL, - last_login_at DATETIME NULL, - last_login_ip VARCHAR(45) NULL, - failed_login_count INT NOT NULL DEFAULT 0, - locked_until DATETIME NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - deleted_at DATETIME NULL, - PRIMARY KEY (id), - UNIQUE KEY uq_tenant_email (tenant_id, email), - CONSTRAINT fk_users_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── API Keys ───────────────────────────────────────────── -CREATE TABLE api_keys ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - user_id CHAR(36) NOT NULL, - name VARCHAR(100) NOT NULL, - public_key VARCHAR(64) NOT NULL, - secret_hash VARCHAR(255) NOT NULL, - permissions JSON DEFAULT (JSON_ARRAY('invoices:read','invoices:upload')), - last_used_at DATETIME NULL, - is_active TINYINT(1) NOT NULL DEFAULT 1, - expires_at DATETIME NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (id), - UNIQUE KEY uq_api_public_key (public_key), - CONSTRAINT fk_apikeys_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE, - CONSTRAINT fk_apikeys_user FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Companies ──────────────────────────────────────────── -CREATE TABLE companies ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - name VARCHAR(255) NOT NULL, - name_en VARCHAR(255) NULL, - tax_identification_number VARCHAR(20) NOT NULL, - commercial_registration_number VARCHAR(50) NULL, - address TEXT NULL, - city VARCHAR(100) NULL, - contact_email VARCHAR(255) NULL, - contact_phone VARCHAR(20) NULL, - jofotara_client_id_encrypted TEXT NULL, - jofotara_secret_key_encrypted TEXT NULL, - jofotara_income_source_sequence VARCHAR(50) NULL, - certificate_path VARCHAR(255) NULL, - certificate_password_encrypted TEXT NULL, - is_jofotara_linked TINYINT(1) NOT NULL DEFAULT 0, - is_active TINYINT(1) NOT NULL DEFAULT 1, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - deleted_at DATETIME NULL, - PRIMARY KEY (id), - INDEX idx_companies_tenant (tenant_id), - INDEX idx_companies_tin (tax_identification_number), - CONSTRAINT fk_companies_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Subscriptions ──────────────────────────────────────── -CREATE TABLE subscriptions ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - plan ENUM('free','basic','office','pro','enterprise') NOT NULL DEFAULT 'basic', - max_companies INT NOT NULL DEFAULT 3, - max_invoices_per_month INT NOT NULL DEFAULT 50, - max_users INT NOT NULL DEFAULT 2, - price_jod DECIMAL(10,2) NOT NULL DEFAULT 0.00, - invoices_used_this_month INT NOT NULL DEFAULT 0, - status ENUM('active','past_due','cancelled','trial') NOT NULL DEFAULT 'active', - current_period_start DATETIME NULL, - current_period_end DATETIME NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - PRIMARY KEY (id), - UNIQUE KEY uq_sub_tenant (tenant_id), - CONSTRAINT fk_sub_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Invoices ───────────────────────────────────────────── -CREATE TABLE invoices ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - company_id CHAR(36) NOT NULL, - uploaded_by CHAR(36) NULL, - invoice_number VARCHAR(100) NULL, - invoice_date DATE NULL, - invoice_type ENUM('cash','credit') NOT NULL DEFAULT 'cash', - ubl_type_code CHAR(3) NOT NULL DEFAULT '388', - payment_method_code CHAR(3) NOT NULL DEFAULT '013', - supplier_tin VARCHAR(20) NULL, - supplier_name VARCHAR(255) NULL, - supplier_address TEXT NULL, - buyer_tin VARCHAR(20) NULL, - buyer_national_id VARCHAR(20) NULL, - buyer_name VARCHAR(255) NULL, - subtotal DECIMAL(15,3) NOT NULL DEFAULT 0, - discount_total DECIMAL(15,3) NOT NULL DEFAULT 0, - tax_amount DECIMAL(15,3) NOT NULL DEFAULT 0, - grand_total DECIMAL(15,3) NOT NULL DEFAULT 0, - currency_code CHAR(3) NOT NULL DEFAULT 'JOD', - status ENUM('uploaded','extracting','extracted','validated', - 'validation_failed','submitting','approved','rejected') - NOT NULL DEFAULT 'uploaded', - original_file_path TEXT NULL, - original_file_hash VARCHAR(64) NULL, - invoice_category VARCHAR(20) NOT NULL DEFAULT 'simplified', - validation_errors JSON NULL, - qr_code TEXT NULL, - jofotara_response JSON NULL, - ai_provider VARCHAR(20) NULL, - ai_confidence_score DECIMAL(4,3) NULL, - ai_prompt_tokens INT NOT NULL DEFAULT 0, - ai_completion_tokens INT NOT NULL DEFAULT 0, - ai_total_cost DECIMAL(10,6) NOT NULL DEFAULT 0, - ai_raw_response JSON NULL, - idempotency_key VARCHAR(64) NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - deleted_at DATETIME NULL, - PRIMARY KEY (id), - UNIQUE KEY uq_idempotency (idempotency_key), - INDEX idx_invoices_tenant (tenant_id), - INDEX idx_invoices_company (company_id), - INDEX idx_invoices_status (status), - INDEX idx_invoices_date (invoice_date), - INDEX idx_invoices_file_hash (original_file_hash), - CONSTRAINT fk_inv_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE, - CONSTRAINT fk_inv_company FOREIGN KEY (company_id) REFERENCES companies(id) ON DELETE CASCADE, - CONSTRAINT fk_inv_user FOREIGN KEY (uploaded_by) REFERENCES users(id) ON DELETE SET NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Invoice Lines ──────────────────────────────────────── -CREATE TABLE invoice_lines ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - invoice_id CHAR(36) NOT NULL, - line_number INT NOT NULL, - description TEXT NOT NULL, - quantity DECIMAL(15,3) NOT NULL, - unit_price DECIMAL(15,3) NOT NULL, - discount DECIMAL(15,3) NOT NULL DEFAULT 0, - tax_rate DECIMAL(5,4) NOT NULL, - tax_amount DECIMAL(15,3) NOT NULL DEFAULT 0, - line_total DECIMAL(15,3) NOT NULL, - PRIMARY KEY (id), - INDEX idx_lines_invoice (invoice_id), - CONSTRAINT fk_lines_invoice FOREIGN KEY (invoice_id) REFERENCES invoices(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Audit Logs ─────────────────────────────────────────── -CREATE TABLE audit_logs ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NULL, - user_id CHAR(36) NULL, - action VARCHAR(100) NOT NULL, - entity_type VARCHAR(50) NULL, - entity_id CHAR(36) NULL, - old_data JSON NULL, - new_data JSON NULL, - ip_address VARCHAR(45) NULL, - user_agent TEXT NULL, - metadata JSON NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (id), - INDEX idx_audit_tenant (tenant_id), - INDEX idx_audit_action (action), - INDEX idx_audit_created (created_at) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Risk Scores ────────────────────────────────────────── -CREATE TABLE risk_scores ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - company_id CHAR(36) NOT NULL, - invoice_id CHAR(36) NULL, - risk_type VARCHAR(50) NOT NULL, - score TINYINT UNSIGNED NOT NULL, - reason TEXT NOT NULL, - is_resolved TINYINT(1) NOT NULL DEFAULT 0, - resolved_by CHAR(36) NULL, - resolved_at DATETIME NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (id), - INDEX idx_risk_tenant (tenant_id), - INDEX idx_risk_unresolved (is_resolved), - CONSTRAINT fk_risk_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE, - CONSTRAINT fk_risk_company FOREIGN KEY (company_id) REFERENCES companies(id) ON DELETE CASCADE, - CONSTRAINT fk_risk_invoice FOREIGN KEY (invoice_id) REFERENCES invoices(id) ON DELETE SET NULL, - CONSTRAINT fk_risk_resolver FOREIGN KEY (resolved_by) REFERENCES users(id) ON DELETE SET NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Queue Jobs (MySQL fallback when Redis unavailable) ─── -CREATE TABLE queue_jobs ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - type VARCHAR(100) NOT NULL, - payload JSON NOT NULL, - priority INT NOT NULL DEFAULT 0, - attempts INT NOT NULL DEFAULT 0, - max_attempts INT NOT NULL DEFAULT 3, - status ENUM('pending','processing','completed','failed','dead') - NOT NULL DEFAULT 'pending', - error TEXT NULL, - locked_at DATETIME NULL, - locked_by VARCHAR(100) NULL, - scheduled_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - completed_at DATETIME NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (id), - INDEX idx_queue_pending (status, priority DESC, scheduled_at) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - -``` - ---- - -## الملف: `database/migrations/002_core_modules.sql` - -```sql --- ─── Companies ──────────────────────────────────────────── -CREATE TABLE IF NOT EXISTS companies ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - name VARCHAR(255) NOT NULL, - name_en VARCHAR(255) NULL, - tax_identification_number VARCHAR(20) NOT NULL, - commercial_registration_number VARCHAR(50) NULL, - address TEXT NULL, - city VARCHAR(100) NULL, - contact_email VARCHAR(255) NULL, - contact_phone VARCHAR(20) NULL, - jofotara_client_id_encrypted TEXT NULL, - jofotara_secret_key_encrypted TEXT NULL, - jofotara_income_source_sequence VARCHAR(50) NULL, - certificate_path VARCHAR(255) NULL, - certificate_password_encrypted TEXT NULL, - is_jofotara_linked TINYINT(1) NOT NULL DEFAULT 0, - is_active TINYINT(1) NOT NULL DEFAULT 1, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - deleted_at DATETIME NULL, - PRIMARY KEY (id), - INDEX idx_companies_tenant (tenant_id), - INDEX idx_companies_tin (tax_identification_number), - CONSTRAINT fk_companies_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Subscriptions ──────────────────────────────────────── -CREATE TABLE IF NOT EXISTS subscriptions ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - plan ENUM('free','basic','office','pro','enterprise') NOT NULL DEFAULT 'basic', - max_companies INT NOT NULL DEFAULT 3, - max_invoices_per_month INT NOT NULL DEFAULT 50, - max_users INT NOT NULL DEFAULT 2, - price_jod DECIMAL(10,2) NOT NULL DEFAULT 0.00, - invoices_used_this_month INT NOT NULL DEFAULT 0, - status ENUM('active','past_due','cancelled','trial') NOT NULL DEFAULT 'active', - current_period_start DATETIME NULL, - current_period_end DATETIME NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - PRIMARY KEY (id), - UNIQUE KEY uq_sub_tenant (tenant_id), - CONSTRAINT fk_sub_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - -``` - ---- - -## الملف: `database/migrations/003_invoices.sql` - -```sql --- ─── Invoices ───────────────────────────────────────────── -CREATE TABLE IF NOT EXISTS invoices ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - company_id CHAR(36) NOT NULL, - uploaded_by CHAR(36) NULL, - invoice_number VARCHAR(100) NULL, - invoice_date DATE NULL, - invoice_type ENUM('cash','credit') NOT NULL DEFAULT 'cash', - ubl_type_code CHAR(3) NOT NULL DEFAULT '388', - payment_method_code CHAR(3) NOT NULL DEFAULT '013', - supplier_tin VARCHAR(20) NULL, - supplier_name VARCHAR(255) NULL, - supplier_address TEXT NULL, - buyer_tin VARCHAR(20) NULL, - buyer_national_id VARCHAR(20) NULL, - buyer_name VARCHAR(255) NULL, - subtotal DECIMAL(15,3) NOT NULL DEFAULT 0, - discount_total DECIMAL(15,3) NOT NULL DEFAULT 0, - tax_amount DECIMAL(15,3) NOT NULL DEFAULT 0, - grand_total DECIMAL(15,3) NOT NULL DEFAULT 0, - currency_code CHAR(3) NOT NULL DEFAULT 'JOD', - status ENUM('uploaded','extracting','extracted','validated', - 'validation_failed','submitting','approved','rejected') - NOT NULL DEFAULT 'uploaded', - original_file_path TEXT NULL, - original_file_hash VARCHAR(64) NULL, - invoice_category VARCHAR(20) NOT NULL DEFAULT 'simplified', - validation_errors JSON NULL, - qr_code TEXT NULL, - jofotara_response JSON NULL, - ai_provider VARCHAR(20) NULL, - ai_confidence_score DECIMAL(4,3) NULL, - ai_prompt_tokens INT NOT NULL DEFAULT 0, - ai_completion_tokens INT NOT NULL DEFAULT 0, - ai_total_cost DECIMAL(10,6) NOT NULL DEFAULT 0, - ai_raw_response JSON NULL, - idempotency_key VARCHAR(64) NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - deleted_at DATETIME NULL, - PRIMARY KEY (id), - UNIQUE KEY uq_idempotency (idempotency_key), - INDEX idx_invoices_tenant (tenant_id), - INDEX idx_invoices_company (company_id), - INDEX idx_invoices_status (status), - INDEX idx_invoices_date (invoice_date), - INDEX idx_invoices_file_hash (original_file_hash), - CONSTRAINT fk_inv_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE, - CONSTRAINT fk_inv_company FOREIGN KEY (company_id) REFERENCES companies(id) ON DELETE CASCADE, - CONSTRAINT fk_inv_user FOREIGN KEY (uploaded_by) REFERENCES users(id) ON DELETE SET NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Invoice Lines ──────────────────────────────────────── -CREATE TABLE IF NOT EXISTS invoice_lines ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - invoice_id CHAR(36) NOT NULL, - line_number INT NOT NULL, - description TEXT NOT NULL, - quantity DECIMAL(15,3) NOT NULL, - unit_price DECIMAL(15,3) NOT NULL, - discount DECIMAL(15,3) NOT NULL DEFAULT 0, - tax_rate DECIMAL(5,4) NOT NULL, - tax_amount DECIMAL(15,3) NOT NULL DEFAULT 0, - line_total DECIMAL(15,3) NOT NULL, - PRIMARY KEY (id), - INDEX idx_lines_invoice (invoice_id), - CONSTRAINT fk_lines_invoice FOREIGN KEY (invoice_id) REFERENCES invoices(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - -``` - ---- - -## الملف: `database/migrations/004_system.sql` - -```sql --- ─── Audit Logs ─────────────────────────────────────────── -CREATE TABLE IF NOT EXISTS audit_logs ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NULL, - user_id CHAR(36) NULL, - action VARCHAR(100) NOT NULL, - entity_type VARCHAR(50) NULL, - entity_id CHAR(36) NULL, - old_data JSON NULL, - new_data JSON NULL, - ip_address VARCHAR(45) NULL, - user_agent TEXT NULL, - metadata JSON NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (id), - INDEX idx_audit_tenant (tenant_id), - INDEX idx_audit_action (action), - INDEX idx_audit_created (created_at) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Risk Scores ────────────────────────────────────────── -CREATE TABLE IF NOT EXISTS risk_scores ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - company_id CHAR(36) NOT NULL, - invoice_id CHAR(36) NULL, - risk_type VARCHAR(50) NOT NULL, - score TINYINT UNSIGNED NOT NULL, - reason TEXT NOT NULL, - is_resolved TINYINT(1) NOT NULL DEFAULT 0, - resolved_by CHAR(36) NULL, - resolved_at DATETIME NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (id), - INDEX idx_risk_tenant (tenant_id), - INDEX idx_risk_unresolved (is_resolved), - CONSTRAINT fk_risk_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE, - CONSTRAINT fk_risk_company FOREIGN KEY (company_id) REFERENCES companies(id) ON DELETE CASCADE, - CONSTRAINT fk_risk_invoice FOREIGN KEY (invoice_id) REFERENCES invoices(id) ON DELETE SET NULL, - CONSTRAINT fk_risk_resolver FOREIGN KEY (resolved_by) REFERENCES users(id) ON DELETE SET NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Queue Jobs ─────────────────────────────────────────── -CREATE TABLE IF NOT EXISTS queue_jobs ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - type VARCHAR(100) NOT NULL, - payload JSON NOT NULL, - priority INT NOT NULL DEFAULT 0, - attempts INT NOT NULL DEFAULT 0, - max_attempts INT NOT NULL DEFAULT 3, - status ENUM('pending','processing','completed','failed','dead') - NOT NULL DEFAULT 'pending', - error TEXT NULL, - locked_at DATETIME NULL, - locked_by VARCHAR(100) NULL, - scheduled_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - completed_at DATETIME NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (id), - INDEX idx_queue_pending (status, priority DESC, scheduled_at) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── API Keys ───────────────────────────────────────────── -CREATE TABLE IF NOT EXISTS api_keys ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - user_id CHAR(36) NOT NULL, - name VARCHAR(100) NOT NULL, - public_key VARCHAR(64) NOT NULL, - secret_hash VARCHAR(255) NOT NULL, - permissions JSON DEFAULT (JSON_ARRAY('invoices:read','invoices:upload')), - last_used_at DATETIME NULL, - is_active TINYINT(1) NOT NULL DEFAULT 1, - expires_at DATETIME NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - PRIMARY KEY (id), - UNIQUE KEY uq_api_public_key (public_key), - CONSTRAINT fk_apikeys_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE, - CONSTRAINT fk_apikeys_user FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - -``` - ---- - -## الملف: `database/migrations/001_initial_schema.sql` - -```sql --- ─── Tenants ────────────────────────────────────────────── -CREATE TABLE IF NOT EXISTS tenants ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - name VARCHAR(255) NOT NULL, - email VARCHAR(255) NOT NULL, - phone VARCHAR(20) NULL, - status ENUM('active','suspended','trial') NOT NULL DEFAULT 'trial', - trial_ends_at DATETIME NULL, - settings JSON DEFAULT (JSON_OBJECT()), - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - deleted_at DATETIME NULL, - PRIMARY KEY (id), - UNIQUE KEY uq_tenants_email (email) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - --- ─── Users ──────────────────────────────────────────────── -CREATE TABLE IF NOT EXISTS users ( - id CHAR(36) NOT NULL DEFAULT (UUID()), - tenant_id CHAR(36) NOT NULL, - name VARCHAR(255) NOT NULL, - email VARCHAR(255) NOT NULL, - password_hash VARCHAR(255) NOT NULL, - role ENUM('super_admin','admin','accountant','employee','viewer') NOT NULL, - assigned_company_id CHAR(36) NULL, - refresh_token_hash VARCHAR(255) NULL, - totp_secret VARCHAR(64) NULL, - totp_enabled TINYINT(1) NOT NULL DEFAULT 0, - is_active TINYINT(1) NOT NULL DEFAULT 1, - email_verified_at DATETIME NULL, - last_login_at DATETIME NULL, - last_login_ip VARCHAR(45) NULL, - failed_login_count INT NOT NULL DEFAULT 0, - locked_until DATETIME NULL, - created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, - updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - deleted_at DATETIME NULL, - PRIMARY KEY (id), - UNIQUE KEY uq_tenant_email (tenant_id, email), - CONSTRAINT fk_users_tenant FOREIGN KEY (tenant_id) REFERENCES tenants(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; - -``` - ---- - -## الملف: `app/Middleware/CsrfMiddleware.php` - -```php -getMethod(), ['GET', 'HEAD', 'OPTIONS'])) { - return $next($request); - } - - // For APIs, we often use a custom header or check origin - // If we use sessions for tokens: - if (session_status() === PHP_SESSION_NONE) { - session_start(); - } - - $token = $request->getHeader('X-CSRF-TOKEN') ?: ($request->getBody()['_csrf'] ?? null); - $sessionToken = $_SESSION['csrf_token'] ?? null; - - if (!$token || !$sessionToken || !hash_equals($sessionToken, $token)) { - // For now, if we are purely API with Bearer token, we might skip this. - // But if the request has a session or cookie, it's mandatory. - - // If the Authorization header is present, we might assume it's an API call - // that is naturally protected against CSRF if not using cookies for Auth. - if ($request->getHeader('Authorization')) { - return $next($request); - } - - Response::error('رمز الحماية (CSRF) غير صالح أو مفقود', 'CSRF_INVALID', 403); - return null; - } - - return $next($request); - } -} - -``` - ---- - -## الملف: `app/Middleware/TenantMiddleware.php` - -```php -tenantId ?? null; - - if (!$tenantId) { - Response::error('المستأجر غير معروف', 'TENANT_NOT_FOUND', 400); - return null; - } - - // Check if tenant exists and is active - try { - $db = Database::getInstance(); - $stmt = $db->prepare("SELECT status FROM tenants WHERE id = ? AND deleted_at IS NULL"); - $stmt->execute([$tenantId]); - $tenant = $stmt->fetch(); - - if (!$tenant) { - Response::error('المستأجر غير موجود', 'TENANT_NOT_FOUND', 404); - return null; - } - - if ($tenant['status'] === 'suspended') { - Response::error('تم إيقاف حساب المستأجر', 'TENANT_SUSPENDED', 403); - return null; - } - } catch (\Exception $e) { - Response::error('خطأ في الاتصال بقاعدة البيانات', 'DATABASE_ERROR', 500); - return null; - } - - return $next($request); - } -} - -``` - ---- - -## الملف: `app/Middleware/RoleMiddleware.php` - -```php -user ?? null; - - if (!$user) { - Response::error('يجب تسجيل الدخول للوصول إلى هذا المورد', 'UNAUTHORIZED', 401); - return null; - } - - // Check if user role is in the allowed roles - // $user->role is an object property since we cast it in AuthMiddleware - if (!in_array($user->role, $roles)) { - Response::error('غير مسموح لك بالقيام بهذا الإجراء', 'FORBIDDEN', 403); - return null; - } - - return $next($request); - } -} - -``` - ---- - -## الملف: `app/Middleware/HmacMiddleware.php` - -```php -getHeader('X-Api-Key'); - $signature = $request->getHeader('X-Signature'); - $timestamp = $request->getHeader('X-Timestamp'); - $nonce = $request->getHeader('X-Nonce'); - - if (!$publicKey || !$signature || !$timestamp || !$nonce) { - Response::error('بيانات التوقيع (HMAC) ناقصة', 'HMAC_MISSING', 401); - return null; - } - - // 1. Lookup Secret by Public Key - $db = Database::getInstance(); - $stmt = $db->prepare("SELECT secret_hash, tenant_id FROM api_keys WHERE public_key = ? AND is_active = 1 LIMIT 1"); - $stmt->execute([$publicKey]); - $apiKey = $stmt->fetch(); - - if (!$apiKey) { - Response::error('مفتاح API غير صالح', 'HMAC_INVALID_KEY', 401); - return null; - } - - // 2. Verify Signature - // Note: secret_hash in DB is the actual secret for signing - $isValid = $this->hmac->verify( - $apiKey['secret_hash'], - $request->getMethod(), - $request->getPath(), - $timestamp, - $nonce, - json_encode($request->getBody()), - $signature - ); - - if (!$isValid) { - Response::error('توقيع الطلب غير صحيح', 'HMAC_INVALID_SIGNATURE', 401); - return null; - } - - // 3. Set context - $request->tenantId = $apiKey['tenant_id']; - - return $next($request); - } -} - -``` - ---- - -## الملف: `app/Middleware/AuthMiddleware.php` - -```php -getHeader('Authorization'); - - if (!$authHeader || !str_starts_with($authHeader, 'Bearer ')) { - Response::error('يجب تسجيل الدخول للوصول إلى هذا المورد', 'UNAUTHORIZED', 401); - return null; - } - - $token = substr($authHeader, 7); - - try { - $decoded = $this->jwtService->verifyToken($token); - $request->user = (object) $decoded; - $request->tenantId = $decoded['tenant_id'] ?? null; - } catch (Exception $e) { - Response::error('جلسة العمل منتهية أو غير صالحة', 'UNAUTHORIZED', 401); - return null; - } - - return $next($request); - } -} - -``` - ---- - -## الملف: `app/Middleware/RateLimitMiddleware.php` - -```php -getPath() . "|" . $ip); - - $current = $redis->get($key); - - if ($current && (int)$current >= $limit) { - Response::error('لقد تجاوزت الحد المسموح من الطلبات، يرجى المحاولة لاحقاً', 'RATE_LIMIT_EXCEEDED', 429); - return null; - } - - if (!$current) { - $redis->setex($key, $window, 1); - } else { - $redis->incr($key); - } - - return $next($request); - } -} - -``` - ---- - -## الملف: `app/Core/Application.php` - -```php -load(); - - // 2. Set Timezone - date_default_timezone_set($_ENV['APP_TIMEZONE'] ?? 'Asia/Amman'); - - // 3. Initialize Core Components - $this->container = new Container(); - - // 4. Load Configurations - $this->loadConfigs($basePath); - - $this->router = new Router($this->container); - - // Register core services in container - $this->container->set(Container::class, $this->container); - $this->container->set(Router::class, $this->router); - } - - private function loadConfigs(string $basePath): void - { - $configPath = $basePath . '/config'; - $configs = []; - - foreach (glob($configPath . '/*.php') as $file) { - $key = basename($file, '.php'); - $configs[$key] = require $file; - } - - self::$config = $configs; - $this->container->set('config', $configs); - } - - public function getRouter(): Router - { - return $this->router; - } - - public function run(): void - { - // 1. Security Headers - header('X-Content-Type-Options: nosniff'); - header('X-Frame-Options: DENY'); - header('X-XSS-Protection: 1; mode=block'); - header('Strict-Transport-Security: max-age=31536000; includeSubDomains; preload'); - header('Referrer-Policy: strict-origin-when-cross-origin'); - header('Permissions-Policy: camera=(), microphone=(), geolocation=()'); - header('Content-Security-Policy: default-src \'self\'; script-src \'self\' cdn.tailwindcss.com unpkg.com; style-src \'self\' \'unsafe-inline\' fonts.googleapis.com; font-src fonts.gstatic.com'); - header_remove('X-Powered-By'); - - try { - $request = new Request(); - $this->router->dispatch($request, $this->container); - } catch (\Throwable $e) { - // Global Exception Handler - Response::error( - 'حدث خطأ غير متوقع في النظام', - 'INTERNAL_SERVER_ERROR', - 500, - [ - 'message' => $e->getMessage(), - 'file' => $e->getFile(), - 'line' => $e->getLine() - ] - ); - } - } -} - -``` - ---- - -## الملف: `app/Core/Container.php` - -```php -instances[$id] = $concrete; - } - - public function get(string $id): mixed - { - if (isset($this->instances[$id])) { - if ($this->instances[$id] instanceof \Closure) { - $this->instances[$id] = ($this->instances[$id])($this); - } - return $this->instances[$id]; - } - - return $this->resolve($id); - } - - public function resolve(string $id): mixed - { - if (!class_exists($id)) { - throw new Exception("Class {$id} cannot be resolved."); - } - - $reflection = new ReflectionClass($id); - - if (!$reflection->isInstantiable()) { - throw new Exception("Class {$id} is not instantiable."); - } - - $constructor = $reflection->getConstructor(); - - if (is_null($constructor)) { - return new $id(); - } - - $parameters = $constructor->getParameters(); - $dependencies = []; - - foreach ($parameters as $parameter) { - $type = $parameter->getType(); - - if (!$type instanceof ReflectionNamedType || $type->isBuiltin()) { - if ($parameter->isDefaultValueAvailable()) { - $dependencies[] = $parameter->getDefaultValue(); - continue; - } - throw new Exception("Unable to resolve parameter '{$parameter->getName()}' in class {$id}"); - } - - $dependencies[] = $this->get($type->getName()); - } - - $instance = $reflection->newInstanceArgs($dependencies); - $this->instances[$id] = $instance; - - return $instance; - } -} - -``` - ---- - -## الملف: `app/Core/Response.php` - -```php - 'application/json; charset=utf-8'], $headers)); - } - - public static function error(string $messageAr, string $code, int $status = 400, ?array $details = null): void - { - $data = [ - 'success' => false, - 'error' => [ - 'message_ar' => $messageAr, - 'code' => $code, - 'details' => $details - ] - ]; - self::json($data, $status); - } - - private static function send(mixed $data, int $status, array $headers): void - { - http_response_code($status); - - foreach ($headers as $name => $value) { - header("$name: $value"); - } - - // Apply Security Headers - header('X-Content-Type-Options: nosniff'); - header('X-Frame-Options: DENY'); - header('X-XSS-Protection: 1; mode=block'); - header('Referrer-Policy: strict-origin-when-cross-origin'); - header_remove('X-Powered-By'); - - echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT); - exit; - } -} - -``` - ---- - -## الملف: `app/Core/Database.php` - -```php - PDO::ERRMODE_EXCEPTION, - PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, - PDO::ATTR_EMULATE_PREPARES => false, - ]; - - try { - self::$instance = new PDO($dsn, $user, $pass, $options); - } catch (PDOException $e) { - throw new Exception("Database Connection Error: " . $e->getMessage()); - } - } - - return self::$instance; - } -} - -``` - ---- - -## الملف: `app/Core/Request.php` - -```php -method = $_SERVER['REQUEST_METHOD']; - - // Read API path from query string: index.php?route=/api/v1/auth/login - $this->path = $_GET['route'] ?? parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH); - $this->headers = getallheaders(); - $this->queryParams = $_GET; - $this->files = $_FILES; - - $contentType = $this->getHeader('Content-Type') ?? $_SERVER['CONTENT_TYPE'] ?? ''; - if ($contentType && str_contains(strtolower($contentType), 'application/json')) { - $this->body = json_decode(file_get_contents('php://input'), true) ?? []; - } else { - $this->body = $_POST; - } - } - - public function getMethod(): string { return $this->method; } - public function getPath(): string { return $this->path; } - public function getHeaders(): array { return $this->headers; } - public function getQueryParams(): array { return $this->queryParams; } - public function getBody(): array { return $this->body; } - public function getFiles(): array { return $this->files; } - - public function getHeader(string $name): ?string - { - $name = strtolower($name); - foreach ($this->headers as $key => $value) { - if (strtolower($key) === $name) { - return $value; - } - } - return null; - } - - public function input(string $key, mixed $default = null): mixed - { - return $this->body[$key] ?? $this->queryParams[$key] ?? $default; - } -} - -``` - ---- - -## الملف: `app/Core/Redis.php` - -```php - 'tcp', - 'host' => $_ENV['REDIS_HOST'] ?? '127.0.0.1', - 'port' => $_ENV['REDIS_PORT'] ?? 6379, - 'password' => $_ENV['REDIS_PASSWORD'] ?: null, - ]); - } catch (Exception $e) { - // If Redis fails, we might want to log it or handle gracefully - // depending on how critical it is. - throw new Exception("Redis Connection Error: " . $e->getMessage()); - } - } - - return self::$instance; - } -} - -``` - ---- - -## الملف: `app/Core/Router.php` - -```php -container = $container; - } - - public function addRoute(string $method, string $path, array|callable $handler): void - { - $this->routes[] = [$method, $path, $handler]; - } - - public function dispatch(Request $request): void - { - $dispatcher = simpleDispatcher(function (RouteCollector $r) { - foreach ($this->routes as $route) { - $r->addRoute($route[0], $route[1], $route[2]); - } - }); - - $routeInfo = $dispatcher->dispatch($request->getMethod(), $request->getPath()); - - switch ($routeInfo[0]) { - case \FastRoute\Dispatcher::NOT_FOUND: - Response::error('المسار غير موجود', 'NOT_FOUND', 404); - break; - case \FastRoute\Dispatcher::METHOD_NOT_ALLOWED: - Response::error('الطريقة غير مسموح بها', 'METHOD_NOT_ALLOWED', 405); - break; - case \FastRoute\Dispatcher::FOUND: - $handler = $routeInfo[1]; - $vars = $routeInfo[2]; - - $this->executeHandler($handler, $request, $this->container, $vars); - break; - } - } - - private function executeHandler(mixed $handler, Request $request, Container $container, array $vars): void - { - if (is_array($handler) && isset($handler['middleware'])) { - $middlewares = (array) $handler['middleware']; - $finalHandler = $handler['handler']; - - $pipeline = $this->createPipeline($middlewares, $finalHandler, $container, $vars); - $pipeline($request); - } else { - $this->callHandler($handler, $request, $container, $vars); - } - } - - private function createPipeline(array $middlewares, mixed $handler, Container $container, array $vars): callable - { - return array_reduce( - array_reverse($middlewares), - function ($next, $middleware) use ($container) { - return function ($request) use ($next, $middleware, $container) { - $parts = explode(':', $middleware); - $className = $parts[0]; - $args = isset($parts[1]) ? explode(',', $parts[1]) : []; - - $instance = $container->get($className); - return $instance->handle($request, $next, ...$args); - }; - }, - function ($request) use ($handler, $container, $vars) { - $this->callHandler($handler, $request, $container, $vars); - } - ); - } - - private function callHandler(mixed $handler, Request $request, Container $container, array $vars): void - { - if (is_array($handler)) { - [$controllerClass, $method] = $handler; - $controller = $container->get($controllerClass); - $controller->$method($request, ...array_values($vars)); - } else { - $handler($request, ...array_values($vars)); - } - } -} - -``` - ---- - -## الملف: `app/Core/helpers.php` - -```php -db()->prepare("SELECT * FROM {$this->table} WHERE {$this->primaryKey} = ? AND deleted_at IS NULL LIMIT 1"); - $stmt->execute([$id]); - return $stmt->fetch() ?: null; - } - - public function create(array $data): string|bool - { - $columns = implode(', ', array_keys($data)); - $placeholders = implode(', ', array_fill(0, count($data), '?')); - - $sql = "INSERT INTO {$this->table} ({$columns}) VALUES ({$placeholders})"; - $stmt = $this->db()->prepare($sql); - - if ($stmt->execute(array_values($data))) { - return $data[$this->primaryKey] ?? $this->db()->lastInsertId(); - } - - return false; - } - - public function update(string $id, array $data): bool - { - $sets = []; - foreach (array_keys($data) as $column) { - $sets[] = "{$column} = ?"; - } - $setString = implode(', ', $sets); - - $sql = "UPDATE {$this->table} SET {$setString} WHERE {$this->primaryKey} = ?"; - $stmt = $this->db()->prepare($sql); - - $params = array_values($data); - $params[] = $id; - - return $stmt->execute($params); - } - - public function delete(string $id): bool - { - $sql = "UPDATE {$this->table} SET deleted_at = NOW() WHERE {$this->primaryKey} = ?"; - $stmt = $this->db()->prepare($sql); - return $stmt->execute([$id]); - } -} - -``` - ---- - -## الملف: `app/Modules/Invoices/InvoiceModel.php` - -```php -db()->prepare("SELECT * FROM {$this->table} WHERE tenant_id = ? AND deleted_at IS NULL ORDER BY created_at DESC"); - $stmt->execute([$tenantId]); - return $stmt->fetchAll(); - } - - public function findByStatus(string $status, ?string $tenantId = null): array - { - $sql = "SELECT * FROM {$this->table} WHERE status = ? AND deleted_at IS NULL"; - $params = [$status]; - - if ($tenantId) { - $sql .= " AND tenant_id = ?"; - $params[] = $tenantId; - } - - $stmt = $this->db()->prepare($sql); - $stmt->execute($params); - return $stmt->fetchAll(); - } -} - -``` - ---- - -## الملف: `app/Modules/Invoices/InvoiceController.php` - -```php -tenantId; - $role = $request->user->role ?? 'viewer'; - $assignedCompanyId = $request->user->assigned_company_id ?? null; - - if ($role === 'super_admin') { - $stmt = $db->prepare("SELECT i.*, c.name as company_name FROM invoices i JOIN companies c ON i.company_id = c.id WHERE i.tenant_id = ? AND i.deleted_at IS NULL ORDER BY i.created_at DESC"); - $stmt->execute([$tenantId]); - $invoices = $stmt->fetchAll(); - } else { - $stmt = $db->prepare("SELECT i.*, c.name as company_name FROM invoices i JOIN companies c ON i.company_id = c.id WHERE i.tenant_id = ? AND i.company_id = ? AND i.deleted_at IS NULL ORDER BY i.created_at DESC"); - $stmt->execute([$tenantId, $assignedCompanyId]); - $invoices = $stmt->fetchAll(); - } - - Response::json([ - 'success' => true, - 'data' => $invoices - ]); - } - - public function upload(Request $request): void - { - $files = $request->getFiles(); - if (empty($files['invoice'])) { - Response::error('يرجى اختيار ملف الفاتورة', 'MISSING_FILE', 422); - return; - } - - $companyId = $request->input('company_id'); - if (!$companyId) { - Response::error('يرجى تحديد الشركة', 'MISSING_COMPANY', 422); - return; - } - - try { - $tenantId = $request->tenantId; - $filePath = $this->storage->store($files['invoice'], $tenantId, $companyId); - $fileHash = $this->storage->getHash($filePath); - - // Create invoice record - $invoiceId = \Ramsey\Uuid\Uuid::uuid4()->toString(); - $this->invoiceModel->create([ - 'id' => $invoiceId, - 'tenant_id' => $tenantId, - 'company_id' => $companyId, - 'uploaded_by' => $request->user->user_id, - 'status' => 'uploaded', // Match schema ENUM - 'original_file_path' => $filePath, - 'original_file_hash' => $fileHash, - 'idempotency_key' => bin2hex(random_bytes(16)) - ]); - - // Push to Queue for AI Extraction - \App\Services\QueueService::push('invoice_extraction', [ - 'invoice_id' => $invoiceId, - 'file_path' => $filePath, - 'mime_type' => mime_content_type($filePath) - ]); - - Response::json([ - 'success' => true, - 'data' => ['invoice_id' => $invoiceId], - 'message' => 'تم رفع الفاتورة بنجاح وجاري استخراج البيانات بالذكاء الاصطناعي' - ], 202); - - } catch (Throwable $e) { - Response::error($e->getMessage(), 'UPLOAD_FAILED', 500); - } - } - - public function detail(Request $request, array $vars): void - { - $tenantId = $request->tenantId; - $invoiceId = $vars['id'] ?? null; - - $db = \App\Core\Database::getInstance(); - $stmt = $db->prepare("SELECT * FROM invoices WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL LIMIT 1"); - $stmt->execute([$invoiceId, $tenantId]); - $invoice = $stmt->fetch(); - - if (!$invoice) { - Response::error('الفاتورة غير موجودة', 'NOT_FOUND', 404); - return; - } - - // Additional authorization check based on assigned company if needed - $role = $request->user->role ?? 'viewer'; - if ($role !== 'super_admin' && $invoice['company_id'] !== $request->user->assigned_company_id) { - Response::error('غير مصرح لك بمشاهدة هذه الفاتورة', 'FORBIDDEN', 403); - return; - } - - // Fetch lines - $stmt = $db->prepare("SELECT * FROM invoice_lines WHERE invoice_id = ? ORDER BY id ASC"); - $stmt->execute([$invoiceId]); - $invoice['lines'] = $stmt->fetchAll(); - - Response::json([ - 'success' => true, - 'data' => $invoice - ]); - } - - public function submit(Request $request, array $vars): void - { - $tenantId = $request->tenantId; - $invoiceId = $vars['id']; - - // Push to Queue for JoFotara Submission - \App\Services\QueueService::push('submit_jofotara', [ - 'invoice_id' => $invoiceId - ]); - - Response::json([ - 'success' => true, - 'message' => 'Invoice submission queued.' - ]); - } -} - -``` - ---- - -## الملف: `app/Modules/Auth/AuthService.php` - -```php -userModel->findByEmail($email); - - if (!$user || !password_verify($password, $user['password_hash'])) { - throw new Exception("البريد الإلكتروني أو كلمة المرور غير صحيحة"); - } - - if (!$user['is_active']) { - throw new Exception("هذا الحساب معطل حالياً"); - } - - $accessToken = $this->jwtService->issueAccessToken([ - 'user_id' => $user['id'], - 'tenant_id' => $user['tenant_id'], - 'role' => $user['role'], - 'assigned_company_id' => $user['assigned_company_id'] - ]); - - $refreshToken = $this->jwtService->issueRefreshToken($user['id']); - - // Update refresh token hash in DB - $this->userModel->update($user['id'], [ - 'refresh_token_hash' => password_hash($refreshToken, PASSWORD_BCRYPT), - 'last_login_at' => date('Y-m-d H:i:s'), - 'last_login_ip' => $_SERVER['REMOTE_ADDR'] ?? null - ]); - - return [ - 'access_token' => $accessToken, - 'refresh_token' => $refreshToken, - 'user' => [ - 'id' => $user['id'], - 'name' => $user['name'], - 'email' => $user['email'], - 'role' => $user['role'], - 'assigned_company_id' => $user['assigned_company_id'] - ] - ]; - } - - public function refresh(string $refreshToken): array - { - $parts = explode('.', $refreshToken); - if (count($parts) !== 2) { - throw new Exception("رمز التجديد غير صالحة"); - } - - [$userId, $random] = $parts; - $user = $this->userModel->find($userId); - - if (!$user || !$user['is_active']) { - throw new Exception("المستخدم غير موجود أو معطل"); - } - - if (!$user['refresh_token_hash'] || !password_verify($refreshToken, $user['refresh_token_hash'])) { - throw new Exception("جلسة العمل منتهية، يرجى تسجيل الدخول مرة أخرى"); - } - - $accessToken = $this->jwtService->issueAccessToken([ - 'user_id' => $user['id'], - 'tenant_id' => $user['tenant_id'], - 'role' => $user['role'], - 'assigned_company_id' => $user['assigned_company_id'] - ]); - - $newRefreshToken = $this->jwtService->issueRefreshToken($user['id']); - - $this->userModel->update($user['id'], [ - 'refresh_token_hash' => password_hash($newRefreshToken, PASSWORD_BCRYPT) - ]); - - return [ - 'access_token' => $accessToken, - 'refresh_token' => $newRefreshToken, - 'user' => [ - 'id' => $user['id'], - 'name' => $user['name'], - 'email' => $user['email'], - 'role' => $user['role'], - 'assigned_company_id' => $user['assigned_company_id'] - ] - ]; - } - - public function register(array $data): array - { - // 1. Check if tenant already exists - if ($this->tenantModel->findByEmail($data['email'])) { - throw new Exception("هذا البريد الإلكتروني مسجل مسبقاً"); - } - - $tenantId = Uuid::uuid4()->toString(); - $userId = Uuid::uuid4()->toString(); - - // 2. Create Tenant - $this->tenantModel->create([ - 'id' => $tenantId, - 'name' => $data['tenant_name'], - 'email' => $data['email'], - 'status' => 'trial', - 'trial_ends_at' => date('Y-m-d H:i:s', strtotime('+14 days')) - ]); - - // 3. Create Subscription - $this->subscriptionModel->create([ - 'tenant_id' => $tenantId, - 'plan' => 'basic', - 'status' => 'trial' - ]); - - // 4. Create User - $this->userModel->create([ - 'id' => $userId, - 'tenant_id' => $tenantId, - 'name' => $data['user_name'], - 'email' => $data['email'], - 'password_hash' => password_hash($data['password'], PASSWORD_ARGON2ID), - 'role' => 'admin', - 'is_active' => 1 - ]); - - return $this->login($data['email'], $data['password']); - } -} - -``` - ---- - -## الملف: `app/Modules/Auth/AuthController.php` - -```php -input('email'); - $password = $request->input('password'); - - if (!$email || !$password) { - Response::error('يرجى إدخال البريد الإلكتروني وكلمة المرور', 'VALIDATION_ERROR', 422); - return; - } - - try { - $result = $this->authService->login($email, $password); - - // 2FA Check - if ($result['user']->totp_enabled) { - Response::json([ - 'success' => true, - 'requires_2fa' => true, - 'temp_token' => $result['access_token'] - ]); - return; - } - - // Set refresh token in HttpOnly cookie - setcookie('refresh_token', $result['refresh_token'], [ - 'expires' => time() + (60 * 60 * 24 * 7), - 'path' => '/api/v1/auth/refresh', - 'httponly' => true, - 'samesite' => 'Strict', - 'secure' => true - ]); - - unset($result['refresh_token']); - - Response::json([ - 'success' => true, - 'data' => $result, - 'message' => 'تم تسجيل الدخول بنجاح' - ]); - } catch (Throwable $e) { - Response::error($e->getMessage(), 'AUTH_FAILED', 401); - } - } - - public function me(Request $request): void - { - $db = \App\Core\Database::getInstance(); - $stmt = $db->prepare("SELECT id, tenant_id, name, email, role, totp_enabled FROM users WHERE id = ?"); - $stmt->execute([$request->user->user_id]); - $user = $stmt->fetch(); - - Response::json([ - 'success' => true, - 'data' => $user - ]); - } - - public function logout(Request $request): void - { - // Clear refresh token cookie - setcookie('refresh_token', '', [ - 'expires' => time() - 3600, - 'path' => '/api/v1/auth/refresh', - 'httponly' => true, - 'samesite' => 'Strict', - 'secure' => true - ]); - - Response::json([ - 'success' => true, - 'message' => 'تم تسجيل الخروج بنجاح' - ]); - } - - public function refresh(Request $request): void - { - $refreshToken = $_COOKIE['refresh_token'] ?? null; - - if (!$refreshToken) { - Response::error('رمز التجديد مفقود', 'UNAUTHORIZED', 401); - return; - } - - try { - $result = $this->authService->refresh($refreshToken); - - // Set new refresh token in HttpOnly cookie - setcookie('refresh_token', $result['refresh_token'], [ - 'expires' => time() + (60 * 60 * 24 * 7), - 'path' => '/api/v1/auth/refresh', - 'httponly' => true, - 'samesite' => 'Strict', - 'secure' => true - ]); - - unset($result['refresh_token']); - - Response::json([ - 'success' => true, - 'data' => $result, - 'message' => 'تم تجديد الجلسة بنجاح' - ]); - } catch (Throwable $e) { - Response::error($e->getMessage(), 'REFRESH_FAILED', 401); - } - } - public function register(Request $request): void - { - try { - $result = $this->authService->register($request->getBody()); - - // Set refresh token in HttpOnly cookie - setcookie('refresh_token', $result['refresh_token'], [ - 'expires' => time() + (60 * 60 * 24 * 7), - 'path' => '/api/v1/auth/refresh', - 'httponly' => true, - 'samesite' => 'Strict', - 'secure' => true - ]); - - unset($result['refresh_token']); - - Response::json([ - 'success' => true, - 'data' => $result, - 'message' => 'تم إنشاء الحساب وتسجيل الدخول بنجاح' - ]); - } catch (Throwable $e) { - Response::error($e->getMessage(), 'REGISTRATION_FAILED', 400); - } - } - - public function enable2FA(Request $request): void - { - $user = $request->user; - $totpService = new \App\Services\TotpService(); - $secret = $totpService->generateSecret(); - $qrUrl = $totpService->getQrCodeUrl($user->email, $secret); - - Response::json([ - 'success' => true, - 'data' => [ - 'secret' => $secret, - 'qr_url' => $qrUrl - ] - ]); - } - - public function verify2FA(Request $request): void - { - $data = $request->getBody(); - $code = $data['code'] ?? ''; - $secret = $data['secret'] ?? ''; - - $totpService = new \App\Services\TotpService(); - if ($totpService->verify($secret, $code)) { - $db = \App\Core\Database::getInstance(); - $stmt = $db->prepare("UPDATE users SET totp_secret = ?, totp_enabled = 1 WHERE id = ?"); - $stmt->execute([$secret, $request->user->user_id]); - - Response::json(['success' => true, 'message' => 'تم تفعيل التحقق الثنائي بنجاح']); - } else { - Response::error('رمز التحقق غير صحيح', 'INVALID_CODE', 400); - } - } - - public function disable2FA(Request $request): void - { - $db = \App\Core\Database::getInstance(); - $stmt = $db->prepare("UPDATE users SET totp_secret = NULL, totp_enabled = 0 WHERE id = ?"); - $stmt->execute([$request->user->user_id]); - - Response::json(['success' => true, 'message' => 'تم تعطيل التحقق الثنائي']); - } -} - -``` - ---- - -## الملف: `app/Modules/ApiKeys/ApiKeyModel.php` - -```php -db()->prepare("SELECT id, name, prefix, expires_at, last_used_at, is_active, created_at FROM {$this->table} WHERE tenant_id = ? AND deleted_at IS NULL"); - $stmt->execute([$tenantId]); - return $stmt->fetchAll(); - } -} - -``` - ---- - -## الملف: `app/Modules/ApiKeys/ApiKeyController.php` - -```php -tenantId; - $keys = $this->apiKeyModel->findAllByTenant($tenantId); - - Response::json([ - 'success' => true, - 'data' => $keys - ]); - } - - public function create(Request $request): void - { - $tenantId = $request->tenantId; - $data = $request->getBody(); - - if (empty($data['name'])) { - Response::error('اسم المفتاح مطلوب', 'VALIDATION_ERROR', 422); - return; - } - - $id = \Ramsey\Uuid\Uuid::uuid4()->toString(); - // Generate a random key - $rawKey = bin2hex(random_bytes(32)); - $prefix = substr($rawKey, 0, 8); - $hashedKey = hash('sha256', $rawKey); - - $this->apiKeyModel->create([ - 'id' => $id, - 'tenant_id' => $tenantId, - 'name' => $data['name'], - 'key_hash' => $hashedKey, - 'prefix' => $prefix, - 'is_active' => 1 - ]); - - Response::json([ - 'success' => true, - 'message' => 'تم إنشاء مفتاح API بنجاح', - 'data' => [ - 'id' => $id, - 'name' => $data['name'], - 'key' => $rawKey // Only shown once! - ] - ], 201); - } -} - -``` - ---- - -## الملف: `app/Modules/Admin/AdminController.php` - -```php -user->role ?? '') !== 'super_admin') { - Response::error('غير مصرح', 'FORBIDDEN', 403); - return; - } - - $db = Database::getInstance(); - - $stmt = $db->prepare("SELECT COUNT(*) as count FROM tenants"); - $stmt->execute(); - $totalTenants = $stmt->fetch()['count']; - - $stmt = $db->prepare("SELECT COUNT(*) as count FROM invoices"); - $stmt->execute(); - $totalInvoices = $stmt->fetch()['count']; - - // Simple Health Check - $redisHealth = 'ok'; - try { - $redis = \App\Core\Redis::getInstance(); - $redis->ping(); - } catch (\Throwable $e) { - $redisHealth = 'failed'; - } - - Response::json([ - 'success' => true, - 'data' => [ - 'total_tenants' => $totalTenants, - 'total_invoices' => $totalInvoices, - 'system_health' => [ - 'database' => 'ok', - 'redis' => $redisHealth - ] - ] - ]); - } -} - -``` - ---- - -## الملف: `app/Modules/Tenants/TenantModel.php` - -```php -db()->prepare("SELECT * FROM {$this->table} WHERE email = ? AND deleted_at IS NULL LIMIT 1"); - $stmt->execute([$email]); - return $stmt->fetch() ?: null; - } -} - -``` - ---- - -## الملف: `app/Modules/Tenants/TenantController.php` - -```php -tenantId; - $tenant = $this->tenantModel->find($tenantId); - - if (!$tenant) { - Response::error('المستأجر غير موجود', 'NOT_FOUND', 404); - return; - } - - Response::json([ - 'success' => true, - 'data' => $tenant - ]); - } -} - -``` - ---- - -## الملف: `app/Modules/Subscriptions/SubscriptionController.php` - -```php -tenantId; - $subscription = $this->subscriptionModel->findByTenantId($tenantId); - - if (!$subscription) { - Response::error('لا يوجد اشتراك فعال حالياً', 'NOT_FOUND', 404); - return; - } - - Response::json([ - 'success' => true, - 'data' => $subscription - ]); - } -} - -``` - ---- - -## الملف: `app/Modules/Subscriptions/SubscriptionModel.php` - -```php -db()->prepare("SELECT * FROM {$this->table} WHERE tenant_id = ? LIMIT 1"); - $stmt->execute([$tenantId]); - return $stmt->fetch() ?: null; - } -} - -``` - ---- - -## الملف: `app/Modules/Dashboard/DashboardController.php` - -```php -tenantId; - $role = $request->user->role ?? 'viewer'; - $assignedCompanyId = $request->user->assigned_company_id ?? null; - $db = Database::getInstance(); - - $where = "WHERE tenant_id = ?"; - $params = [$tenantId]; - - if ($role !== 'super_admin') { - $where .= " AND company_id = ?"; - $params[] = $assignedCompanyId; - } - - // 1. Total Invoices this month - $stmt = $db->prepare("SELECT COUNT(*) as count FROM invoices {$where} AND MONTH(created_at) = MONTH(CURRENT_DATE)"); - $stmt->execute($params); - $thisMonth = $stmt->fetch()['count']; - - // 2. Approved vs Rejected - $stmt = $db->prepare("SELECT status, COUNT(*) as count FROM invoices {$where} GROUP BY status"); - $stmt->execute($params); - $statusCounts = $stmt->fetchAll(); - - // 3. Recent Activity - Fixed ambiguity - $stmt = $db->prepare("SELECT i.*, c.name as company_name FROM invoices i JOIN companies c ON i.company_id = c.id WHERE i.tenant_id = ? " . ($role !== 'super_admin' ? " AND i.company_id = ?" : "") . " ORDER BY i.created_at DESC LIMIT 5"); - $stmt->execute($params); - $recent = $stmt->fetchAll(); - - Response::json([ - 'success' => true, - 'data' => [ - 'total_this_month' => $thisMonth, - 'status_distribution' => $statusCounts, - 'recent_invoices' => $recent, - 'subscription_usage' => 45 // Placeholder - ] - ]); - } -} - -``` - ---- - -## الملف: `app/Modules/AI/AIController.php` - -```php -httpClient = new Client(); - $this->apiKey = $_ENV['GEMINI_API_KEY'] ?? ''; - $this->model = $_ENV['GEMINI_MODEL'] ?? 'gemini-2.0-flash'; - } - - public function query(Request $request): void - { - $userQuery = $request->input('query'); - if (!$userQuery) { - Response::error('يرجى تقديم استفسار', 'MISSING_QUERY', 422); - return; - } - - try { - // 1. Fetch current context data (Summary of stats) - $stats = $this->getQuickStats($request->tenantId); - - // 2. Ask Gemini to interpret and answer - $prompt = "You are Musadaq AI Assistant for a Jordanian E-Invoicing SaaS. " . - "The user is asking: \"{$userQuery}\". " . - "Current User Context: Tenant ID {$request->tenantId}. " . - "Current Data Summary: " . json_encode($stats) . ". " . - "Answer the user in a friendly Arabic tone (Jordanian dialect is okay). " . - "Keep it professional and concise. If you don't have the specific data, say so politely."; - - $response = $this->httpClient->post("https://generativelanguage.googleapis.com/v1beta/models/{$this->model}:generateContent?key={$this->apiKey}", [ - 'json' => [ - 'contents' => [['parts' => [['text' => $prompt]]]] - ] - ]); - - $data = json_decode($response->getBody()->getContents(), true); - $answer = $data['candidates'][0]['content']['parts'][0]['text'] ?? 'عذراً، لم أستطع فهم الاستفسار حالياً.'; - - Response::json([ - 'success' => true, - 'data' => [ - 'answer' => $answer - ] - ]); - - } catch (Throwable $e) { - Response::error('فشل معالجة الاستعلام الذكي', 'AI_QUERY_FAILED', 500, [ - 'error' => $e->getMessage() - ]); - } - } - - private function getQuickStats(string $tenantId): array - { - $db = Database::getInstance(); - - $totalInvoices = $db->prepare("SELECT COUNT(*) as total FROM invoices WHERE tenant_id = ?"); - $totalInvoices->execute([$tenantId]); - - $approvedCount = $db->prepare("SELECT COUNT(*) as total FROM invoices WHERE tenant_id = ? AND status = 'approved'"); - $approvedCount->execute([$tenantId]); - - return [ - 'total_invoices' => $totalInvoices->fetch()['total'], - 'approved_invoices' => $approvedCount->fetch()['total'], - 'current_month' => date('F Y') - ]; - } -} - -``` - ---- - -## الملف: `app/Modules/Users/UserController.php` - -```php -tenantId; - $users = $this->userModel->findAllByTenant($tenantId); - - Response::json([ - 'success' => true, - 'data' => $users - ]); - } - - public function detail(Request $request, array $vars): void - { - $tenantId = $request->tenantId; - $userId = $vars['id']; - - $user = $this->userModel->findById($userId, $tenantId); - - if (!$user) { - Response::error('المستخدم غير موجود', 'NOT_FOUND', 404); - return; - } - - Response::json([ - 'success' => true, - 'data' => $user - ]); - } - - public function create(Request $request): void - { - $tenantId = $request->tenantId; - $data = $request->getBody(); - - if (empty($data['email']) || empty($data['password']) || empty($data['name']) || empty($data['role'])) { - Response::error('جميع الحقول مطلوبة', 'VALIDATION_ERROR', 422); - return; - } - - if ($this->userModel->findByEmail($data['email'])) { - Response::error('البريد الإلكتروني مستخدم مسبقاً', 'DUPLICATE_EMAIL', 409); - return; - } - - $userId = \Ramsey\Uuid\Uuid::uuid4()->toString(); - - $this->userModel->create([ - 'id' => $userId, - 'tenant_id' => $tenantId, - 'name' => $data['name'], - 'email' => $data['email'], - 'password_hash' => password_hash($data['password'], PASSWORD_ARGON2ID), - 'role' => $data['role'], - 'assigned_company_id' => $data['assigned_company_id'] ?? null, - 'is_active' => 1 - ]); - - Response::json([ - 'success' => true, - 'message' => 'تم إضافة المستخدم بنجاح', - 'data' => ['id' => $userId] - ], 201); - } -} - -``` - ---- - -## الملف: `app/Modules/Users/UsersController.php` - -```php -user->role ?? 'viewer'; - if (!in_array($currentUserRole, ['super_admin', 'admin'])) { - Response::error('ليس لديك صلاحية لعرض المستخدمين', 'FORBIDDEN', 403); - return; - } - - try { - $tenantId = $request->tenantId; - $db = Database::getInstance(); - $stmt = $db->prepare("SELECT id, name, email, role, is_active, created_at FROM users WHERE tenant_id = ? AND deleted_at IS NULL ORDER BY created_at DESC"); - $stmt->execute([$tenantId]); - $users = $stmt->fetchAll(); - - Response::json([ - 'success' => true, - 'data' => $users - ]); - } catch (Throwable $e) { - Response::error('Failed to load users: ' . $e->getMessage(), 'USERS_FETCH_ERROR', 500); - } - } - - public function create(Request $request): void - { - $currentUserRole = $request->user->role ?? 'viewer'; - $currentAssignedCompanyId = $request->user->assigned_company_id ?? null; - - if (!in_array($currentUserRole, ['super_admin', 'admin'])) { - Response::error('ليس لديك صلاحية لإضافة مستخدمين', 'FORBIDDEN', 403); - return; - } - - $name = $request->input('name'); - $email = $request->input('email'); - $password = $request->input('password'); - $role = $request->input('role', 'accountant'); - $assignedCompanyId = $request->input('assigned_company_id'); - - // Admin can only create accountants and employees. Only super_admin can create admins. - if ($currentUserRole === 'admin') { - if (in_array($role, ['admin', 'super_admin'])) { - Response::error('لا تملك الصلاحية لإضافة مدراء', 'FORBIDDEN', 403); - return; - } - // Admin automatically assigns their own company to the new user - $assignedCompanyId = $currentAssignedCompanyId; - } - - // Validate valid roles - $validRoles = ['super_admin', 'admin', 'accountant', 'employee', 'viewer']; - if (!in_array($role, $validRoles)) { - Response::error('صلاحية غير صالحة', 'VALIDATION_ERROR', 422); - return; - } - - if (!$name || !$email || !$password) { - Response::error('الاسم والبريد وكلمة المرور مطلوبة', 'VALIDATION_ERROR', 422); - return; - } - - try { - // Check if email exists - if ($this->userModel->findByEmail($email)) { - Response::error('البريد الإلكتروني مستخدم بالفعل', 'EMAIL_EXISTS', 409); - return; - } - - $userId = \Ramsey\Uuid\Uuid::uuid4()->toString(); - $this->userModel->create([ - 'id' => $userId, - 'tenant_id' => $request->tenantId, - 'name' => $name, - 'email' => $email, - 'password_hash' => password_hash($password, PASSWORD_BCRYPT), - 'role' => $role, - 'assigned_company_id' => $assignedCompanyId, - 'is_active' => 1 - ]); - - Response::json([ - 'success' => true, - 'message' => 'تم إنشاء المستخدم بنجاح', - 'data' => ['id' => $userId] - ]); - } catch (Throwable $e) { - Response::error($e->getMessage(), 'USER_CREATE_ERROR', 500); - } - } -} - -``` - ---- - -## الملف: `app/Modules/Users/UserModel.php` - -```php -table} WHERE email = ? AND deleted_at IS NULL"; - $params = [$email]; - - if ($tenantId) { - $sql .= " AND tenant_id = ?"; - $params[] = $tenantId; - } - - $stmt = $this->db()->prepare($sql); - $stmt->execute($params); - return $stmt->fetch() ?: null; - } - - public function findAllByTenant(string $tenantId): array - { - $stmt = $this->db()->prepare("SELECT id, name, email, role, is_active, created_at FROM {$this->table} WHERE tenant_id = ? AND deleted_at IS NULL"); - $stmt->execute([$tenantId]); - return $stmt->fetchAll(); - } - - public function findById(string $id, string $tenantId): ?array - { - $stmt = $this->db()->prepare("SELECT id, name, email, role, is_active, created_at FROM {$this->table} WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL LIMIT 1"); - $stmt->execute([$id, $tenantId]); - return $stmt->fetch() ?: null; - } -} - -``` - ---- - -## الملف: `app/Modules/Companies/CompanyService.php` - -```php -toString(); - } - // Encrypt sensitive JoFotara credentials - if (isset($data['jofotara_client_id'])) { - $data['jofotara_client_id_encrypted'] = $this->encryption->encrypt($data['jofotara_client_id']); - unset($data['jofotara_client_id']); - } - - if (isset($data['jofotara_secret_key'])) { - $data['jofotara_secret_key_encrypted'] = $this->encryption->encrypt($data['jofotara_secret_key']); - unset($data['jofotara_secret_key']); - } - - return (string)$this->companyModel->create($data); - } - - public function updateJoFotara(string $id, array $data): bool - { - if (isset($data['jofotara_client_id'])) { - $data['jofotara_client_id_encrypted'] = $this->encryption->encrypt($data['jofotara_client_id']); - unset($data['jofotara_client_id']); - } - - if (isset($data['jofotara_secret_key'])) { - $data['jofotara_secret_key_encrypted'] = $this->encryption->encrypt($data['jofotara_secret_key']); - unset($data['jofotara_secret_key']); - } - - return $this->companyModel->update($id, $data); - } - - public function getJoFotaraCredentials(string $companyId): array - { - $company = $this->companyModel->find($companyId); - if (!$company) return []; - - return [ - 'clientId' => $company['jofotara_client_id_encrypted'] ? $this->encryption->decrypt($company['jofotara_client_id_encrypted']) : null, - 'secretKey' => $company['jofotara_secret_key_encrypted'] ? $this->encryption->decrypt($company['jofotara_secret_key_encrypted']) : null, - ]; - } -} - -``` - ---- - -## الملف: `app/Modules/Companies/CompanyController.php` - -```php -tenantId; - $role = $request->user->role ?? 'viewer'; - $assignedCompanyId = $request->user->assigned_company_id ?? null; - - if ($role === 'super_admin') { - $companies = $this->companyModel->findByTenant($tenantId); - } else { - // Filter by assigned company - $db = \App\Core\Database::getInstance(); - $stmt = $db->prepare("SELECT * FROM companies WHERE tenant_id = ? AND id = ? AND deleted_at IS NULL"); - $stmt->execute([$tenantId, $assignedCompanyId]); - $companies = $stmt->fetchAll(); - } - - Response::json([ - 'success' => true, - 'data' => $companies - ]); - } - - public function create(Request $request): void - { - $data = $request->getBody(); - $data['tenant_id'] = $request->tenantId; - - try { - $companyId = $this->companyService->createCompany($data); - Response::json([ - 'success' => true, - 'data' => ['id' => $companyId], - 'message' => 'تم إضافة الشركة بنجاح' - ], 201); - } catch (Throwable $e) { - Response::error('فشل إضافة الشركة', 'CREATE_FAILED', 500); - } - } - - public function updateJoFotara(Request $request, string $id): void - { - $data = [ - 'jofotara_client_id' => $request->input('client_id'), - 'jofotara_secret_key' => $request->input('secret_key'), - 'is_jofotara_linked' => 1 - ]; - - try { - $this->companyService->updateJoFotara($id, $data); - Response::json([ - 'success' => true, - 'message' => 'تم تحديث بيانات جو-فواتير بنجاح' - ]); - } catch (Throwable $e) { - Response::error('فشل تحديث البيانات', 'UPDATE_FAILED', 500); - } - } -} - -``` - ---- - -## الملف: `app/Modules/Companies/CompanyModel.php` - -```php -db()->prepare("SELECT * FROM {$this->table} WHERE tenant_id = ? AND deleted_at IS NULL"); - $stmt->execute([$tenantId]); - return $stmt->fetchAll(); - } -} - -``` - ---- - -## الملف: `app/Services/AiExtractionService.php` - -```php -apiKey = $_ENV['GEMINI_API_KEY'] ?? ''; - $this->model = $_ENV['GEMINI_MODEL'] ?? 'gemini-2.0-flash'; - } - - public function extractInvoiceData(string $filePath, string $mimeType): array - { - if (empty($this->apiKey)) { - throw new Exception("Gemini API Key is missing. Please configure it in .env"); - } - - $fileContent = file_get_contents($filePath); - if ($fileContent === false) { - throw new Exception("Could not read uploaded invoice file."); - } - - $base64Data = base64_encode($fileContent); - - $prompt = "Please extract the following information from this invoice and return it strictly as JSON without markdown blocks or backticks:\n" - . "- invoice_number\n" - . "- invoice_date (YYYY-MM-DD)\n" - . "- total_amount\n" - . "- tax_amount\n" - . "- vendor_name\n" - . "- vendor_tax_number"; - - $payload = [ - 'contents' => [ - [ - 'parts' => [ - ['text' => $prompt], - [ - 'inline_data' => [ - 'mime_type' => $mimeType, - 'data' => $base64Data - ] - ] - ] - ] - ], - 'generationConfig' => [ - 'temperature' => 0.1, - 'response_mime_type' => 'application/json' - ] - ]; - - $url = "https://generativelanguage.googleapis.com/v1beta/models/{$this->model}:generateContent?key={$this->apiKey}"; - - $ch = curl_init($url); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); - curl_setopt($ch, CURLOPT_POST, true); - curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); - curl_setopt($ch, CURLOPT_HTTPHEADER, [ - 'Content-Type: application/json' - ]); - - $response = curl_exec($ch); - $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); - curl_close($ch); - - if ($httpCode !== 200) { - throw new Exception("AI Extraction failed. HTTP Code: {$httpCode}. Response: {$response}"); - } - - $result = json_decode($response, true); - $text = $result['candidates'][0]['content']['parts'][0]['text'] ?? '{}'; - - $data = json_decode($text, true); - if (!is_array($data)) { - throw new Exception("Failed to parse AI output as JSON: {$text}"); - } - - return $data; - } -} - -``` - ---- - -## الملف: `app/Services/FileStorageService.php` - -```php -storagePath = dirname(__DIR__, 2) . '/storage'; - } - - public function store(array $file, string $tenantId, string $companyId): string - { - // 1. Validate MIME - $finfo = finfo_open(FILEINFO_MIME_TYPE); - $mime = finfo_file($finfo, $file['tmp_name']); - finfo_close($finfo); - - $allowedMimes = ['application/pdf', 'image/jpeg', 'image/png', 'image/webp', 'application/json', 'text/plain', 'text/xml', 'application/xml']; - if (!in_array($mime, $allowedMimes)) { - throw new Exception("نوع الملف غير مسموح به ({$mime})"); - } - - // 2. Generate path - $dir = $this->storagePath . '/invoices/' . $tenantId . '/' . $companyId; - if (!is_dir($dir)) { - if (!mkdir($dir, 0777, true)) { - $err = error_get_last(); - throw new Exception("فشل إنشاء مجلد الحفظ: " . $dir . " - " . ($err['message'] ?? '')); - } - } - - $extension = pathinfo($file['name'], PATHINFO_EXTENSION); - $filename = hash('sha256', $file['name'] . time() . uniqid()) . '.' . $extension; - $targetPath = $dir . '/' . $filename; - - if (isset($file['error']) && $file['error'] !== UPLOAD_ERR_OK) { - throw new Exception("حدث خطأ أثناء رفع الملف من المتصفح. كود الخطأ: " . $file['error']); - } - - if (!move_uploaded_file($file['tmp_name'], $targetPath)) { - // Fallback for some non-standard PHP environments - if (!copy($file['tmp_name'], $targetPath)) { - $err = error_get_last(); - throw new Exception("فشل نقل الملف إلى: " . $targetPath . " - " . ($err['message'] ?? '')); - } - } - - return $targetPath; - } - - public function getHash(string $filePath): string - { - return hash_file('sha256', $filePath); - } -} - -``` - ---- - -## الملف: `app/Services/QueueService.php` - -```php - bin2hex(random_bytes(16)), - 'type' => $type, - 'payload' => $payload, - 'priority' => $priority, - 'attempts' => 0, - 'created_at' => time() - ]; - - try { - $redis = Redis::getInstance(); - $redis->lpush(self::REDIS_QUEUE, json_encode($job)); - } catch (\Throwable $e) { - // Fallback to MySQL - self::pushToDatabase($job); - } - } - - private static function pushToDatabase(array $job): void - { - $db = Database::getInstance(); - $stmt = $db->prepare("INSERT INTO queue_jobs (id, type, payload, priority, status) VALUES (?, ?, ?, ?, 'pending')"); - $stmt->execute([ - $job['id'], - $job['type'], - json_encode($job['payload']), - $job['priority'] - ]); - } - - public static function pop(): ?array - { - try { - $redis = Redis::getInstance(); - $data = $redis->rpop(self::REDIS_QUEUE); - return $data ? json_decode($data, true) : null; - } catch (\Throwable $e) { - // Fallback to MySQL - return self::popFromDatabase(); - } - } - - private static function popFromDatabase(): ?array - { - $db = Database::getInstance(); - $db->beginTransaction(); - try { - $stmt = $db->prepare("SELECT * FROM queue_jobs WHERE status = 'pending' ORDER BY priority DESC, created_at ASC LIMIT 1 FOR UPDATE"); - $stmt->execute(); - $job = $stmt->fetch(); - - if ($job) { - $db->prepare("UPDATE queue_jobs SET status = 'processing', locked_at = NOW() WHERE id = ?")->execute([$job['id']]); - $db->commit(); - return [ - 'id' => $job['id'], - 'type' => $job['type'], - 'payload' => json_decode($job['payload'], true), - 'attempts' => $job['attempts'] - ]; - } - $db->commit(); - } catch (\Throwable $e) { - $db->rollBack(); - } - return null; - } -} - -``` - ---- - -## الملف: `app/Services/SubscriptionService.php` - -```php -prepare("SELECT * FROM subscriptions WHERE tenant_id = ? LIMIT 1"); - $stmt->execute([$tenantId]); - $sub = $stmt->fetch(); - - if (!$sub) throw new Exception("لا يوجد اشتراك فعال"); - - if ($type === 'invoices') { - if ($sub['invoices_used_this_month'] >= $sub['max_invoices_per_month']) { - throw new Exception("لقد وصلت للحد الأقصى من الفواتير المسموح بها في خطتك الحالية"); - } - } - - if ($type === 'companies') { - $countStmt = $db->prepare("SELECT COUNT(*) as total FROM companies WHERE tenant_id = ? AND deleted_at IS NULL"); - $countStmt->execute([$tenantId]); - $count = $countStmt->fetch()['total']; - - if ($count >= $sub['max_companies']) { - throw new Exception("لقد وصلت للحد الأقصى من الشركات المسموح بها في خطتك الحالية"); - } - } - } - - public function incrementUsage(string $tenantId, string $type): void - { - if ($type === 'invoices') { - $db = Database::getInstance(); - $stmt = $db->prepare("UPDATE subscriptions SET invoices_used_this_month = invoices_used_this_month + 1 WHERE tenant_id = ?"); - $stmt->execute([$tenantId]); - } - } -} - -``` - ---- - -## الملف: `app/Services/TotpService.php` - -```php -calculateCode($secret, (int)($currentTime + $i)) === $code) { - return true; - } - } - - return false; - } - - private function calculateCode(string $secret, int $time): string - { - $key = $this->base32Decode($secret); - $timeHex = str_pad(dechex($time), 16, '0', STR_PAD_LEFT); - $timeBin = pack('H*', $timeHex); - - $hash = hash_hmac('sha1', $timeBin, $key, true); - $offset = ord($hash[19]) & 0xf; - - $otp = ( - ((ord($hash[$offset]) & 0x7f) << 24) | - ((ord($hash[$offset + 1]) & 0xff) << 16) | - ((ord($hash[$offset + 2]) & 0xff) << 8) | - (ord($hash[$offset + 3]) & 0xff) - ) % 1000000; - - return str_pad((string)$otp, 6, '0', STR_PAD_LEFT); - } - - private function base32Decode(string $base32): string - { - $base32 = strtoupper($base32); - $buffer = 0; - $bufferSize = 0; - $decoded = ''; - - for ($i = 0; $i < strlen($base32); $i++) { - $char = $base32[$i]; - $pos = strpos(self::ALPHABET, $char); - if ($pos === false) continue; - - $buffer = ($buffer << 5) | $pos; - $bufferSize += 5; - - if ($bufferSize >= 8) { - $bufferSize -= 8; - $decoded .= chr(($buffer >> $bufferSize) & 0xff); - } - } - - return $decoded; - } - - public function getQrCodeUrl(string $userEmail, string $secret, string $issuer = 'Musadaq'): string - { - $label = urlencode($issuer . ':' . $userEmail); - $otpauth = "otpauth://totp/{$label}?secret={$secret}&issuer=" . urlencode($issuer); - return "https://api.qrserver.com/v1/create-qr-code/?size=200x200&data=" . urlencode($otpauth); - } -} - -``` - ---- - -## الملف: `app/Services/RiskAnalysisService.php` - -```php -prepare("SELECT status, COUNT(*) as count FROM invoices WHERE company_id = ? GROUP BY status"); - $stmt->execute([$companyId]); - $stats = $stmt->fetchAll(); - - $total = 0; - $rejected = 0; - foreach ($stats as $stat) { - $total += $stat['count']; - if ($stat['status'] === 'rejected' || $stat['status'] === 'validation_failed') { - $rejected += $stat['count']; - } - } - - if ($total > 0) { - $rejectionRate = $rejected / $total; - if ($rejectionRate > 0.10) { // More than 10% rejections - $penalty = min(30, (int)(($rejectionRate - 0.10) * 100)); - $score -= $penalty; - $factors[] = "نسبة رفض عالية: " . round($rejectionRate * 100, 1) . "% (خصم {$penalty} نقطة)"; - } - } - - // 2. High Value Cash Invoices - $stmt = $db->prepare("SELECT COUNT(*) as count FROM invoices WHERE company_id = ? AND invoice_type = 'cash' AND grand_total > 5000"); - $stmt->execute([$companyId]); - $highValueCash = $stmt->fetch()['count']; - - if ($highValueCash > 0) { - $penalty = min(20, $highValueCash * 2); - $score -= $penalty; - $factors[] = "وجود فواتير نقدية بقيم عالية: {$highValueCash} فاتورة (خصم {$penalty} نقطة)"; - } - - // 3. Late submissions (invoice_date is much older than created_at) - $stmt = $db->prepare("SELECT COUNT(*) as count FROM invoices WHERE company_id = ? AND DATEDIFF(created_at, invoice_date) > 7"); - $stmt->execute([$companyId]); - $lateInvoices = $stmt->fetch()['count']; - - if ($lateInvoices > 0) { - $penalty = min(15, $lateInvoices * 1); - $score -= $penalty; - $factors[] = "تأخير في رفع الفواتير: {$lateInvoices} فاتورة متأخرة بأكثر من 7 أيام (خصم {$penalty} نقطة)"; - } - - // Determine Risk Level - $riskLevel = 'low'; - if ($score < 50) { - $riskLevel = 'high'; - } elseif ($score < 80) { - $riskLevel = 'medium'; - } - - return [ - 'score' => max(0, $score), - 'level' => $riskLevel, - 'factors' => $factors, - 'calculated_at' => date('Y-m-d H:i:s') - ]; - } -} - -``` - ---- - -## الملف: `app/Services/AuditService.php` - -```php -prepare("INSERT INTO audit_logs (tenant_id, user_id, action, entity_type, entity_id, old_data, new_data, ip_address, user_agent, metadata) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); - - // This would be populated from the global Request context - $tenantId = $GLOBALS['current_tenant_id'] ?? null; - $userId = $GLOBALS['current_user_id'] ?? null; - - $stmt->execute([ - $tenantId, - $userId, - $action, - $entityType, - $entityId, - $oldData ? json_encode($oldData) : null, - $newData ? json_encode($newData) : null, - $_SERVER['REMOTE_ADDR'] ?? null, - $_SERVER['HTTP_USER_AGENT'] ?? null, - $metadata ? json_encode($metadata) : null - ]); - } -} - -``` - ---- - -## الملف: `app/Services/TaxValidationService.php` - -```php - 0.01) { - $errors[] = ['code' => 'RULE_001', 'message_ar' => 'مجموع سطور الفاتورة لا يطابق المجموع الكلي']; - } - - // Rule 002: Tax integrity (tax_amount = subtotal × tax_rate) - foreach ($lines as $line) { - $expectedTax = round($line['quantity'] * $line['unit_price'] * $line['tax_rate'], 3); - if (abs($line['tax_amount'] - $expectedTax) > 0.01) { - $errors[] = ['code' => 'RULE_002', 'message_ar' => "خطأ في حساب الضريبة للسطر {$line['line_number']}"]; - } - } - - // Rule 003: Invoice number required - if (empty($invoice['invoice_number'])) { - $errors[] = ['code' => 'RULE_003', 'message_ar' => 'رقم الفاتورة مطلوب']; - } - - // Rule 004: No future dates - if (strtotime($invoice['invoice_date']) > time()) { - $errors[] = ['code' => 'RULE_004', 'message_ar' => 'تاريخ الفاتورة لا يمكن أن يكون في المستقبل']; - } - - // Rule 005: Valid JO Tax Rates - $validRates = [0.16, 0.10, 0.05, 0.04, 0.02, 0.00]; - foreach ($lines as $line) { - if (!in_array(round((float)$line['tax_rate'], 2), $validRates)) { - $errors[] = ['code' => 'RULE_005', 'message_ar' => "نسبة الضريبة ({$line['tax_rate']}) غير صالحة في الأردن"]; - } - } - - // Rule 006: Buyer ID for large invoices (> 10,000 JOD) - if ($invoice['grand_total'] > 10000 && empty($invoice['buyer_tin']) && empty($invoice['buyer_national_id'])) { - $errors[] = ['code' => 'RULE_006', 'message_ar' => 'يجب تزويد الرقم الضريبي أو الوطني للمشتري للفواتير التي تتجاوز 10,000 دينار']; - } - - // Rule 007: Discount integrity - $expectedSubtotal = $invoice['subtotal'] - $invoice['discount_total']; - // This is a simplified check for Rule 007 - if ($expectedSubtotal < 0) { - $errors[] = ['code' => 'RULE_007', 'message_ar' => 'إجمالي الخصم لا يمكن أن يتجاوز المجموع الفرعي']; - } - - return [ - 'is_valid' => empty($errors), - 'errors' => $errors - ]; - } -} - -``` - ---- - -## الملف: `app/Services/Security/JwtService.php` - -```php -secret = $_ENV['JWT_SECRET'] ?? 'change-me'; - $this->accessExpiry = (int)($_ENV['JWT_ACCESS_EXPIRY'] ?? 900); - $this->refreshExpiry = (int)($_ENV['JWT_REFRESH_EXPIRY'] ?? 604800); - } - - public function issueAccessToken(array $payload): string - { - $payload['exp'] = time() + $this->accessExpiry; - $payload['iat'] = time(); - $payload['jti'] = bin2hex(random_bytes(16)); - - return JWT::encode($payload, $this->secret, 'HS256'); - } - - public function issueRefreshToken(string $userId): string - { - // Refresh token is a random string prefixed with userId for lookup - $random = bin2hex(random_bytes(32)); - return $userId . '.' . $random; - } - - public function verifyToken(string $token): array - { - try { - $decoded = JWT::decode($token, new Key($this->secret, 'HS256')); - return (array) $decoded; - } catch (Exception $e) { - throw new Exception("Invalid or expired token: " . $e->getMessage()); - } - } -} - -``` - ---- - -## الملف: `app/Services/Security/EncryptionService.php` - -```php -key = $_ENV['ENCRYPTION_KEY'] ?? ''; - if (strlen($this->key) !== 32) { - // In a real app, this would be in config/secrets.php - // For now, we use a fallback if not set, but warn in production - $this->key = hash('sha256', $_ENV['JWT_SECRET'] ?? 'fallback-key'); - } - } - - public function encrypt(string $plaintext): string - { - $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length(self::METHOD)); - $ciphertext = openssl_encrypt($plaintext, self::METHOD, $this->key, 0, $iv, $tag); - - if ($ciphertext === false) { - throw new Exception("Encryption failed."); - } - - return base64_encode($iv) . ':' . base64_encode($ciphertext) . ':' . base64_encode($tag); - } - - public function decrypt(string $encryptedData): string - { - $parts = explode(':', $encryptedData); - if (count($parts) !== 3) { - throw new Exception("Invalid encrypted data format."); - } - - [$ivBase64, $ciphertextBase64, $tagBase64] = $parts; - $iv = base64_decode($ivBase64); - $ciphertext = base64_decode($ciphertextBase64); - $tag = base64_decode($tagBase64); - - $plaintext = openssl_decrypt($ciphertext, self::METHOD, $this->key, 0, $iv, $tag); - - if ($plaintext === false) { - throw new Exception("Decryption failed."); - } - - return $plaintext; - } -} - -``` - ---- - -## الملف: `app/Services/Security/HmacService.php` - -```php - 300) { - return false; - } - - // 2. Replay protection using Nonce in Redis - // Note: Redis::getInstance() would be used here - // If nonce exists, reject - - // 3. Calculate Signature - $bodyHash = hash('sha256', $body); - $stringToSign = strtoupper($method) . "\n" . - $path . "\n" . - $timestamp . "\n" . - $nonce . "\n" . - $bodyHash; - - $calculatedSignature = hash_hmac('sha256', $stringToSign, $secret); - - return hash_equals($calculatedSignature, $providedSignature); - } - - public function sign(string $secret, string $method, string $path, string $timestamp, string $nonce, string $body): string - { - $bodyHash = hash('sha256', $body); - $stringToSign = strtoupper($method) . "\n" . - $path . "\n" . - $timestamp . "\n" . - $nonce . "\n" . - $bodyHash; - - return hash_hmac('sha256', $stringToSign, $secret); - } -} - -``` - ---- - -## الملف: `app/Services/JoFotara/UBLGeneratorService.php` - -```php -'); - - $xml->addChild('cbc:UBLVersionID', '2.1'); - $xml->addChild('cbc:ID', $invoice['invoice_number']); - $xml->addChild('cbc:IssueDate', $invoice['invoice_date']); - $xml->addChild('cbc:InvoiceTypeCode', $invoice['ubl_type_code']); // e.g. 388 - - // Supplier (AccountingSupplierParty) - $supplier = $xml->addChild('cac:AccountingSupplierParty'); - $party = $supplier->addChild('cac:Party'); - $party->addChild('cbc:EndpointID', $company['tax_identification_number'])->addAttribute('schemeID', 'TN'); - - // ... (Adding more UBL fields like totals, lines, etc.) - // Note: For brevity, this is a simplified structure. In production, - // we follow the exact ISTD XML Schema for Jordan. - - $legalMonetaryTotal = $xml->addChild('cac:LegalMonetaryTotal'); - $legalMonetaryTotal->addChild('cbc:LineExtensionAmount', (string)$invoice['subtotal'])->addAttribute('currencyID', 'JOD'); - $legalMonetaryTotal->addChild('cbc:TaxExclusiveAmount', (string)$invoice['subtotal'])->addAttribute('currencyID', 'JOD'); - $legalMonetaryTotal->addChild('cbc:TaxInclusiveAmount', (string)$invoice['grand_total'])->addAttribute('currencyID', 'JOD'); - $legalMonetaryTotal->addChild('cbc:PayableAmount', (string)$invoice['grand_total'])->addAttribute('currencyID', 'JOD'); - - foreach ($lines as $line) { - $invoiceLine = $xml->addChild('cac:InvoiceLine'); - $invoiceLine->addChild('cbc:ID', (string)$line['line_number']); - $invoiceLine->addChild('cbc:InvoicedQuantity', (string)$line['quantity']); - $price = $invoiceLine->addChild('cac:Price'); - $price->addChild('cbc:PriceAmount', (string)$line['unit_price'])->addAttribute('currencyID', 'JOD'); - } - - return $xml->asXML(); - } -} - -``` - ---- - -## الملف: `app/Services/JoFotara/JoFotaraGateway.php` - -```php -client = new Client(); - $this->baseUrl = $_ENV['JOFOTARA_BASE_URL'] ?? 'https://backend.jofotara.gov.jo/core/invoices'; - } - - /** - * Submit invoice to JoFotara with Circuit Breaker - */ - public function submitInvoice(string $companyId, string $xmlBase64, array $credentials): array - { - $cbKey = "cb:jofotara:{$companyId}"; - if ($this->isCircuitOpen($cbKey)) { - throw new Exception("بوابة جو-فواتير غير متاحة حالياً لهذه الشركة، يرجى المحاولة لاحقاً"); - } - - try { - $response = $this->client->post($this->baseUrl, [ - 'json' => [ - 'clientId' => $credentials['clientId'], - 'secretKey' => $credentials['secretKey'], - 'invoiceType' => 'invoice', - 'invoiceData' => $xmlBase64 - ], - 'timeout' => 30 - ]); - - $result = json_decode($response->getBody()->getContents(), true); - $this->resetFailures($cbKey); - - return $result; - } catch (\Throwable $e) { - $this->recordFailure($cbKey); - throw $e; - } - } - - private function isCircuitOpen(string $key): bool - { - $redis = Redis::getInstance(); - return (bool)$redis->get("{$key}:open"); - } - - private function recordFailure(string $key): void - { - $redis = Redis::getInstance(); - $failures = (int)$redis->incr("{$key}:failures"); - - if ($failures >= 5) { - $redis->setex("{$key}:open", 300, 1); // Open for 5 minutes - } - } - - private function resetFailures(string $key): void - { - $redis = Redis::getInstance(); - $redis->del(["{$key}:failures", "{$key}:open"]); - } -} - -``` - ---- - -## الملف: `app/Services/AI/GeminiProvider.php` - -```php -client = new Client(); - $this->apiKey = $_ENV['GEMINI_API_KEY'] ?? ''; - $this->model = $_ENV['GEMINI_MODEL'] ?? 'gemini-2.0-flash'; - } - - public function extractFromFile(string $filePath, string $mimeType): ExtractionResultDTO - { - $fileData = base64_encode(file_get_contents($filePath)); - - $prompt = "Extract invoice data from this file. Return ONLY valid JSON (no markdown). " . - "Fields: invoice_number, invoice_date (YYYY-MM-DD), supplier_name, supplier_tin, supplier_address, " . - "buyer_name, buyer_tin, lines (description, quantity, unit_price, line_total, tax_rate), " . - "subtotal, tax_amount, grand_total, currency (JOD), confidence (0-1)."; - - $response = $this->client->post("https://generativelanguage.googleapis.com/v1beta/models/{$this->model}:generateContent?key={$this->apiKey}", [ - 'json' => [ - 'contents' => [ - [ - 'parts' => [ - ['text' => $prompt], - [ - 'inline_data' => [ - 'mime_type' => $mimeType, - 'data' => $fileData - ] - ] - ] - ] - ], - 'generationConfig' => [ - 'response_mime_type' => 'application/json' - ] - ] - ]); - - $data = json_decode($response->getBody()->getContents(), true); - $jsonStr = $data['candidates'][0]['content']['parts'][0]['text'] ?? '{}'; - $result = json_decode($jsonStr, true); - - return new ExtractionResultDTO( - $result['invoice_number'] ?? '', - $result['invoice_date'] ?? '', - $result['supplier_name'] ?? '', - $result['supplier_tin'] ?? null, - $result['supplier_address'] ?? '', - $result['buyer_name'] ?? null, - $result['buyer_tin'] ?? null, - $result['lines'] ?? [], - (float)($result['subtotal'] ?? 0), - (float)($result['tax_amount'] ?? 0), - (float)($result['grand_total'] ?? 0), - $result['currency'] ?? 'JOD', - (float)($result['confidence'] ?? 0), - $data['usageMetadata'] ?? [] - ); - } - - public function getProviderName(): string { return 'gemini'; } -} - -``` - ---- - -## الملف: `app/Services/AI/OpenAIProvider.php` - -```php -apiKey = $_ENV['OPENAI_API_KEY'] ?? ''; - $this->model = $_ENV['OPENAI_MODEL'] ?? 'gpt-4o-mini'; - } - - public function isConfigured(): bool - { - return !empty($this->apiKey); - } - - public function extractInvoiceData(string $fileContent, string $mimeType, string $prompt): array - { - if (!$this->isConfigured()) { - throw new Exception("OpenAI API Key is missing. Please configure it in .env"); - } - - $base64Data = base64_encode($fileContent); - - $payload = [ - 'model' => $this->model, - 'messages' => [ - [ - 'role' => 'user', - 'content' => [ - [ - 'type' => 'text', - 'text' => $prompt - ], - [ - 'type' => 'image_url', - 'image_url' => [ - 'url' => "data:{$mimeType};base64,{$base64Data}" - ] - ] - ] - ] - ], - 'response_format' => ['type' => 'json_object'], - 'temperature' => 0.1 - ]; - - $ch = curl_init('https://api.openai.com/v1/chat/completions'); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); - curl_setopt($ch, CURLOPT_POST, true); - curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); - curl_setopt($ch, CURLOPT_HTTPHEADER, [ - 'Content-Type: application/json', - "Authorization: Bearer {$this->apiKey}" - ]); - - $response = curl_exec($ch); - $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); - curl_close($ch); - - if ($httpCode !== 200) { - throw new Exception("OpenAI Extraction failed. HTTP Code: {$httpCode}. Response: {$response}"); - } - - $result = json_decode($response, true); - $text = $result['choices'][0]['message']['content'] ?? '{}'; - - $data = json_decode($text, true); - if (!is_array($data)) { - throw new Exception("Failed to parse OpenAI output as JSON: {$text}"); - } - - return $data; - } -} - -``` - ---- - -## الملف: `app/Services/AI/Contracts/AIProviderInterface.php` - -```php - [ - 'secret' => $_ENV['JWT_SECRET'] ?? '', - 'access_expiry' => (int)($_ENV['JWT_ACCESS_EXPIRY'] ?? 900), - 'refresh_expiry' => (int)($_ENV['JWT_REFRESH_EXPIRY'] ?? 604800), - ], -]; - -``` - ---- - -## الملف: `config/app.php` - -```php - $_ENV['APP_NAME'] ?? 'مُصادَق', - 'env' => $_ENV['APP_ENV'] ?? 'production', - 'url' => $_ENV['APP_URL'] ?? 'https://musadeq2.intaleqapp.com', - 'timezone' => $_ENV['APP_TIMEZONE'] ?? 'Asia/Amman', -]; - -``` - ---- - -## الملف: `config/services.php` - -```php - [ - 'gemini' => [ - 'key' => $_ENV['GEMINI_API_KEY'] ?? '', - 'model' => $_ENV['GEMINI_MODEL'] ?? 'gemini-2.0-flash', - ], - 'openai' => [ - 'key' => $_ENV['OPENAI_API_KEY'] ?? '', - 'model' => $_ENV['OPENAI_MODEL'] ?? 'gpt-4o', - ], - ], - 'jofotara' => [ - 'base_url' => $_ENV['JOFOTARA_BASE_URL'] ?? 'https://backend.jofotara.gov.jo/core/invoices', - 'env' => $_ENV['JOFOTARA_ENV'] ?? 'production', - ], - 'mail' => [ - 'host' => $_ENV['MAIL_HOST'] ?? '', - 'port' => (int)($_ENV['MAIL_PORT'] ?? 587), - 'username' => $_ENV['MAIL_USERNAME'] ?? '', - 'password' => $_ENV['MAIL_PASSWORD'] ?? '', - 'from' => $_ENV['MAIL_FROM'] ?? 'noreply@musadaq.app', - 'from_name' => $_ENV['MAIL_FROM_NAME'] ?? 'مُصادَق', - ], -]; - -``` - ---- - -## الملف: `config/database.php` - -```php - $_ENV['DB_HOST'] ?? '127.0.0.1', - 'port' => $_ENV['DB_PORT'] ?? '3306', - 'database' => $_ENV['DB_DATABASE'] ?? 'musadaq_db', - 'username' => $_ENV['DB_USERNAME'] ?? 'musadaq_user', - 'password' => $_ENV['DB_PASSWORD'] ?? '', - 'charset' => $_ENV['DB_CHARSET'] ?? 'utf8mb4', -]; - -``` - ---- - -## الملف: `config/secrets.php` - -```php - 'bgMQU/L8QYMd+8Sqh3AvsAXi+Fr+fMyJO+VAdakVoc8=', -]; - -``` - ---- - -## الملف: `tests/Unit/TotpServiceTest.php` - -```php -generateSecret(); - - $this->assertEquals(16, strlen($secret)); - $this->assertMatchesRegularExpression('/^[A-Z2-7]+$/', $secret); - } - - public function test_it_verifies_correct_code(): void - { - $service = new TotpService(); - $secret = 'JBSWY3DPEHPK3PXP'; // Known secret - - // We can't easily test the code without a time mocker or calculation - // but we can check if it fails with an obviously wrong code - $this->assertFalse($service->verify($secret, '000000')); - } -} - -``` - ---- - -## الملف: `tests/Unit/HmacTest.php` - -```php -service = new HmacService(); - } - - public function test_it_verifies_valid_signature(): void - { - $secret = 'test-secret'; - $nonce = 'nonce-123'; - $timestamp = (string)time(); - $payload = json_encode(['foo' => 'bar']); - - $signature = $this->service->sign($secret, 'POST', '/api/v1/test', $timestamp, $nonce, $payload); - - $this->assertTrue($this->service->verify($secret, 'POST', '/api/v1/test', $timestamp, $nonce, $payload, $signature)); - } - - public function test_it_rejects_tampered_payload(): void - { - $secret = 'test-secret'; - $nonce = 'nonce-123'; - $timestamp = (string)time(); - $payload = json_encode(['foo' => 'bar']); - - $signature = $this->service->sign($secret, 'POST', '/api/v1/test', $timestamp, $nonce, $payload); - - $tamperedPayload = json_encode(['foo' => 'baz']); - - $this->assertFalse($this->service->verify($secret, 'POST', '/api/v1/test', $timestamp, $nonce, $tamperedPayload, $signature)); - } -} - -``` - ---- - -## الملف: `tests/Unit/TaxValidationTest.php` - -```php -service = new TaxValidationService(); - } - - public function test_it_validates_standard_invoice(): void - { - $invoice = [ - 'invoice_number' => 'INV-001', - 'invoice_date' => date('Y-m-d'), - 'subtotal' => 100, - 'discount_total' => 0, - 'grand_total' => 116 - ]; - $lines = [ - ['line_number' => 1, 'quantity' => 1, 'unit_price' => 100, 'tax_rate' => 0.16, 'tax_amount' => 16, 'line_total' => 116] - ]; - - $result = $this->service->validate($invoice, $lines); - $this->assertTrue($result['is_valid']); - } - - public function test_it_detects_mismatching_totals(): void - { - $invoice = [ - 'invoice_number' => 'INV-002', - 'invoice_date' => date('Y-m-d'), - 'subtotal' => 100, - 'discount_total' => 0, - 'grand_total' => 110 // Mismatch - ]; - $lines = [ - ['line_number' => 1, 'quantity' => 1, 'unit_price' => 100, 'tax_rate' => 0.16, 'tax_amount' => 16, 'line_total' => 116] - ]; - - $result = $this->service->validate($invoice, $lines); - $this->assertFalse($result['is_valid']); - } -} - -``` - ---- - -## الملف: `tests/Feature/AuthTest.php` - -```php -assertTrue(true); - } -} - -``` - ---- - -## الملف: `public/index.html` - -``` - - - - - - مُصادَق — أتمتة الفواتير الضريبية - - - - - - - - - - - - -
-
-
-

- أتمتة الفواتير
بذكاء اصطناعي فائق -

-

- مُصادَق هو شريكك التقني المعتمد للربط مع نظام "جوفوتارا" الأردني، استخرج بيانات فواتيرك آلياً وامتثل للأنظمة الضريبية بثوانٍ. -

-
- - -
-
- - -
-
-
- -
-

استخراج ذكي (OCR)

-

استخدام Gemini 2.0 لاستخراج كافة بنود الفواتير من الصور والـ PDF بدقة تصل لـ 99%.

-
-
-
- -
-

توافق جو-فواتير

-

ربط مباشر مع منصة الفوترة الوطنية الأردنية وإصدار ملفات UBL 2.1 المعتمدة.

-
-
-
- -
-

حماية البيانات

-

تشفير AES-256 للبيانات الحساسة وعزل كامل لبيانات المستأجرين (Multi-tenancy).

-
-
-
- - - - - - - -``` - ---- - -## الملف: `public/index.php` - -```php -getRouter(); - -// ══ Auth Routes ══════════════════════════════════════════════ -$router->addRoute('POST', '/api/v1/auth/login', [AuthController::class, 'login']); -$router->addRoute('POST', '/api/v1/auth/register', [AuthController::class, 'register']); -$router->addRoute('GET', '/api/v1/auth/me', [ - 'middleware' => [\App\Middleware\AuthMiddleware::class], - 'handler' => [AuthController::class, 'me'] -]); -$router->addRoute('POST', '/api/v1/auth/2fa/enable', [ - 'middleware' => [\App\Middleware\AuthMiddleware::class], - 'handler' => [AuthController::class, 'enable2FA'] -]); -$router->addRoute('POST', '/api/v1/auth/2fa/verify', [ - 'middleware' => [\App\Middleware\AuthMiddleware::class], - 'handler' => [AuthController::class, 'verify2FA'] -]); -$router->addRoute('POST', '/api/v1/auth/2fa/disable', [ - 'middleware' => [\App\Middleware\AuthMiddleware::class], - 'handler' => [AuthController::class, 'disable2FA'] -]); - -// ══ Company Routes ═══════════════════════════════════════════ -$router->addRoute('GET', '/api/v1/companies', [ - 'middleware' => [\App\Middleware\AuthMiddleware::class], - 'handler' => [\App\Modules\Companies\CompanyController::class, 'list'] -]); -$router->addRoute('POST', '/api/v1/companies', [ - 'middleware' => [\App\Middleware\AuthMiddleware::class], - 'handler' => [\App\Modules\Companies\CompanyController::class, 'create'] -]); -$router->addRoute('POST', '/api/v1/companies/{id}/jofotara', [ - 'middleware' => [\App\Middleware\AuthMiddleware::class], - 'handler' => [\App\Modules\Companies\CompanyController::class, 'updateJoFotara'] -]); - -// ══ User Routes ══════════════════════════════════════════════ -$router->addRoute('GET', '/api/v1/users', [ - 'middleware' => [\App\Middleware\AuthMiddleware::class], - 'handler' => [\App\Modules\Users\UserController::class, 'index'] -]); -$router->addRoute('POST', '/api/v1/users', [ - 'middleware' => [\App\Middleware\AuthMiddleware::class], - 'handler' => [\App\Modules\Users\UserController::class, 'create'] -]); - -// ══ Invoice Routes ═══════════════════════════════════════════ -$router->addRoute('GET', '/api/v1/invoices', [ - 'middleware' => [\App\Middleware\AuthMiddleware::class], - 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'list'] -]); -$router->addRoute('POST', '/api/v1/invoices/upload', [ - 'middleware' => [\App\Middleware\AuthMiddleware::class], - 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'upload'] -]); -$router->addRoute('GET', '/api/v1/invoices/{id}', [ - 'middleware' => [\App\Middleware\AuthMiddleware::class], - 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'detail'] -]); -$router->addRoute('POST', '/api/v1/invoices/{id}/submit', [ - 'middleware' => [\App\Middleware\AuthMiddleware::class], - 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'submit'] -]); - -// ══ Subscriptions ═════════════════════════════════════════════════ -$router->addRoute('GET', '/api/v1/subscriptions/me', [ - 'middleware' => [\App\Middleware\AuthMiddleware::class, \App\Middleware\TenantMiddleware::class], - 'handler' => [\App\Modules\Subscriptions\SubscriptionController::class, 'me'] -]); - -// ══ API Keys ═══════════════════════════════════════════════════ -$router->addRoute('GET', '/api/v1/api-keys', [ - 'middleware' => [\App\Middleware\AuthMiddleware::class, \App\Middleware\TenantMiddleware::class], - 'handler' => [\App\Modules\ApiKeys\ApiKeyController::class, 'list'] -]); -$router->addRoute('POST', '/api/v1/api-keys', [ - 'middleware' => [\App\Middleware\AuthMiddleware::class, \App\Middleware\TenantMiddleware::class], - 'handler' => [\App\Modules\ApiKeys\ApiKeyController::class, 'create'] -]); - -// ══ External API (HMAC) ══════════════════════════════════════ -$router->addRoute('POST', '/api/v1/external/invoices/upload', [ - 'middleware' => [\App\Middleware\HmacMiddleware::class], - 'handler' => [\App\Modules\Invoices\InvoiceController::class, 'upload'] -]); - -// ══ Dashboard ════════════════════════════════════════════════ -$router->addRoute('GET', '/api/v1/dashboard', [ - 'middleware' => [\App\Middleware\AuthMiddleware::class], - 'handler' => [\App\Modules\Dashboard\DashboardController::class, 'getStats'] -]); - -// ══ Super Admin ══════════════════════════════════════════════ -$router->addRoute('GET', '/api/v1/admin/stats', [ - 'middleware' => [\App\Middleware\AuthMiddleware::class], - 'handler' => [\App\Modules\Admin\AdminController::class, 'getSystemStats'] -]); - -// ══ Health Check ═════════════════════════════════════════════ -$router->addRoute('GET', '/api/v1/health', function($request) { - \App\Core\Response::json([ - 'status' => 'ok', - 'timestamp' => date('c'), - 'php' => PHP_VERSION, - 'db' => 'connected' // Simple check - ]); -}); - -// ══ Determine if this is an API request ═════════════════════════════ -$apiRoute = $_GET['route'] ?? null; - -if (!$apiRoute) { - // Not an API call — serve the SPA shell - include __DIR__ . '/shell.php'; - exit; -} - -$app->run(); - -``` - ---- - -## الملف: `public/shell.php` - -```php - - - - - - مُصادَق — منصة أتمتة الفواتير الإلكترونية - - - - - - - - - - - - - -
-
-

لوحة التحكم

-
-
- - -
- -
-
- -
-
- - -
- - - - - - - -``` - ---- - -## الملف: `public/api.php` - -```php - -``` - ---- - -## الملف: `public/assets/css/app.css` - -``` -@import url('https://fonts.googleapis.com/css2?family=IBM+Plex+Sans+Arabic:wght@400;500;600;700&family=JetBrains+Mono&family=Inter:wght@400;500;600&display=swap'); - -:root { - --primary: #10b981; - --primary-hover: #059669; - --primary-muted: rgba(16,185,129,0.1); - --danger: #ef4444; - --warning: #f59e0b; - --info: #3b82f6; - --success: #22c55e; - - /* Dark (default) */ - --bg-app: #0a0f1a; - --bg-card: rgba(15,23,42,0.8); - --bg-sidebar: #060b14; - --bg-input: rgba(15,23,42,0.6); - --border: rgba(51,65,85,0.6); - --text-primary: #f1f5f9; - --text-secondary: #94a3b8; - --text-muted: #475569; - --glass: rgba(15,23,42,0.6); - --glass-border: rgba(255,255,255,0.06); - --shadow-glow: 0 0 40px rgba(16,185,129,0.08); -} - -[data-theme="light"] { - --bg-app: #f1f5f9; - --bg-card: #ffffff; - --bg-sidebar: #ffffff; - --bg-input: #f8fafc; - --border: #e2e8f0; - --text-primary: #0f172a; - --text-secondary: #475569; - --text-muted: #94a3b8; - --glass: rgba(255,255,255,0.8); - --glass-border: rgba(0,0,0,0.04); - --shadow-glow: 0 4px 24px rgba(0,0,0,0.06); -} - -* { - margin: 0; - padding: 0; - box-sizing: border-box; - font-family: 'Inter', 'IBM Plex Sans Arabic', sans-serif; -} - -body { - background-color: var(--bg-app); - color: var(--text-primary); - direction: rtl; - min-height: 100vh; - overflow-x: hidden; - transition: background-color 0.3s, color 0.3s; -} - -/* Glassmorphism Utilities */ -.glass { - background: var(--glass); - backdrop-filter: blur(12px); - -webkit-backdrop-filter: blur(12px); - border: 1px solid var(--glass-border); -} - -.glow { - box-shadow: var(--shadow-glow); -} - -/* Custom Scrollbar */ -::-webkit-scrollbar { - width: 6px; -} -::-webkit-scrollbar-track { - background: transparent; -} -::-webkit-scrollbar-thumb { - background: var(--border); - border-radius: 10px; -} -::-webkit-scrollbar-thumb:hover { - background: var(--text-muted); -} - -/* RTL Specifics */ -[dir="rtl"] .ml-auto { margin-right: auto; margin-left: 0; } -[dir="rtl"] .mr-auto { margin-left: auto; margin-right: 0; } - -``` - ---- - -## الملف: `public/assets/js/api.js` - -```javascript -const API = { - baseUrl: '/api/v1', - - async request(endpoint, options = {}) { - const url = `${this.baseUrl}${endpoint}`; - const token = localStorage.getItem('access_token'); - - const headers = { - 'Accept': 'application/json', - ...(options.body instanceof FormData ? {} : { 'Content-Type': 'application/json' }), - ...(token ? { 'Authorization': `Bearer ${token}` } : {}), - ...options.headers - }; - - const response = await fetch(url, { ...options, headers }); - - if (response.status === 401 && !options._retry) { - // Attempt token refresh - const refreshed = await this.refresh(); - if (refreshed) { - return this.request(endpoint, { ...options, _retry: true }); - } - } - - const data = await response.json(); - if (!response.ok) { - throw new Error(data.message || 'حدث خطأ ما'); - } - return data; - }, - - async login(email, password) { - const data = await this.request('/auth/login', { - method: 'POST', - body: JSON.stringify({ email, password }) - }); - localStorage.setItem('access_token', data.data.access_token); - return data; - }, - - async refresh() { - try { - const data = await fetch(`${this.baseUrl}/auth/refresh`, { method: 'POST' }); - if (data.ok) { - const result = await data.json(); - localStorage.setItem('access_token', result.data.access_token); - return true; - } - } catch (e) { - console.error('Refresh failed', e); - } - localStorage.removeItem('access_token'); - return false; - } -}; - -``` - ---- - -## الملف: `scripts/migrate.php` - -```php -exec("CREATE TABLE IF NOT EXISTS migrations ( - id INT AUTO_INCREMENT PRIMARY KEY, - migration VARCHAR(255) NOT NULL, - created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP - ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;"); - - $stmt = $db->query("SELECT migration FROM migrations"); - $executed = $stmt->fetchAll(PDO::FETCH_COLUMN); - - $migrationsDir = dirname(__DIR__) . '/database/migrations'; - $files = glob($migrationsDir . '/*.sql'); - sort($files); // Ensure order - - $count = 0; - foreach ($files as $file) { - $name = basename($file); - if (!in_array($name, $executed)) { - echo "🚀 Running: $name... "; - - $sql = file_get_contents($file); - - // Execute the SQL. Since it might contain multiple statements, - // and PDO::exec doesn't always handle them well in one go - // depending on the driver, we'll try to run it. - $db->exec($sql); - - $stmt = $db->prepare("INSERT INTO migrations (migration) VALUES (?)"); - $stmt->execute([$name]); - - echo "✅ Done\n"; - $count++; - } - } - - if ($count === 0) { - echo "✨ Nothing to migrate. Database is up to date.\n"; - } else { - echo "🎉 Migrations completed successfully ($count ran).\n"; - } -} catch (Exception $e) { - echo "❌ Error: " . $e->getMessage() . "\n"; - exit(1); -} -echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n"; - -``` - ---- - -## الملف: `scripts/seed.php` - -```php -toString(); - $db->prepare("INSERT INTO tenants (id, name, email, status) VALUES (?, ?, ?, 'active')") - ->execute([$tenantId, 'شركة انطلاق للحلول الرقمية', 'admin@intaleqapp.com']); - - // 2. Create Super Admin User - $userId = Uuid::uuid4()->toString(); - $passwordHash = password_hash('Musadaq@2026', PASSWORD_ARGON2ID); - - $db->prepare("INSERT INTO users (id, tenant_id, name, email, password_hash, role, is_active) VALUES (?, ?, ?, ?, ?, 'super_admin', 1)") - ->execute([$userId, $tenantId, 'Hamza Admin', 'admin@musadaq.app', $passwordHash]); - - // 3. Create initial subscription - $db->prepare("INSERT INTO subscriptions (tenant_id, plan, max_companies, max_invoices_per_month, max_users) VALUES (?, 'pro', 10, 500, 5)") - ->execute([$tenantId]); - - echo "✅ Success! You can now log in with:\n"; - echo "📧 Email: admin@musadaq.app\n"; - echo "🔑 Password: Musadaq@2026\n"; - -} catch (\Throwable $e) { - echo "❌ Error: " . $e->getMessage() . "\n"; -} - -``` - ---- - -## الملف: `queue/worker.php` - -```php -getContainer(); - - switch($job['type']) { - case 'invoice_extraction': - $handler = $container->get(\Queue\Jobs\ExtractInvoiceJob::class); - $handler->handle($job['payload']); - break; - - case 'submit_jofotara': - $handler = $container->get(\Queue\Jobs\SubmitJoFotaraJob::class); - $handler->handle($job['payload']); - break; - - case 'risk_analysis': - $handler = $container->get(\Queue\Jobs\RiskAnalysisJob::class); - $handler->handle($job['payload']); - break; - - case 'send_notification': - $handler = $container->get(\Queue\Jobs\SendNotificationJob::class); - $handler->handle($job['payload']); - break; - - default: - echo "[!] Unknown job type: {$job['type']}\n"; - } - - echo "[✓] Job completed: {$job['id']}\n"; - } catch (\Throwable $e) { - echo "[✗] Job failed: {$job['id']} - {$e->getMessage()}\n"; - // In a real app, you'd handle retries or move to a failed_jobs table - } - } else { - usleep(500000); // 0.5s - } -} - -echo "[*] Worker stopped.\n"; - -``` - ---- - -## الملف: `queue/Jobs/SubmitJoFotaraJob.php` - -```php -invoiceModel->update($invoiceId, ['status' => 'submitting']); - - // 2. Fetch Invoice - $db = \App\Core\Database::getInstance(); - $stmt = $db->prepare("SELECT * FROM invoices WHERE id = ? LIMIT 1"); - $stmt->execute([$invoiceId]); - $invoice = $stmt->fetch(); - - if (!$invoice) { - throw new \Exception("Invoice not found."); - } - - // 3. Fetch Company Credentials - $credentials = $this->companyService->getJoFotaraCredentials($invoice['company_id']); - if (empty($credentials['clientId']) || empty($credentials['secretKey'])) { - throw new \Exception("Company is not linked to JoFotara."); - } - - // 4. Fetch Invoice Lines - $stmt = $db->prepare("SELECT * FROM invoice_lines WHERE invoice_id = ?"); - $stmt->execute([$invoiceId]); - $lines = $stmt->fetchAll(); - - // 5. Generate UBL XML - $xmlString = $this->ublGenerator->generate($invoice, $lines); - $xmlBase64 = base64_encode($xmlString); - - // 6. Submit to JoFotara - $response = $this->jofotaraGateway->submitInvoice($invoice['company_id'], $xmlBase64, $credentials); - - // 7. Process Response - // Assuming response contains a success boolean and possibly qr_code - if (isset($response['success']) && $response['success']) { - $this->invoiceModel->update($invoiceId, [ - 'status' => 'approved', - 'qr_code' => $response['qr_code'] ?? null, - 'jofotara_response' => json_encode($response, JSON_UNESCAPED_UNICODE) - ]); - } else { - $this->invoiceModel->update($invoiceId, [ - 'status' => 'rejected', - 'jofotara_response' => json_encode($response, JSON_UNESCAPED_UNICODE) - ]); - } - - } catch (Throwable $e) { - $this->invoiceModel->update($invoiceId, [ - 'status' => 'validation_failed', - 'validation_errors' => json_encode([['message_ar' => 'فشل الإرسال: ' . $e->getMessage()]], JSON_UNESCAPED_UNICODE) - ]); - throw $e; - } - } -} - -``` - ---- - -## الملف: `queue/Jobs/ExtractInvoiceJob.php` - -```php -invoiceModel->update($invoiceId, ['status' => 'extracting']); - - try { - $extractedData = $this->aiExtraction->extractInvoiceData($filePath, $mimeType); - - // Map AI data to schema columns if needed, or just store in ai_raw_response - $this->invoiceModel->update($invoiceId, [ - 'status' => 'extracted', - 'invoice_number' => $extractedData['invoice_number'] ?? null, - 'invoice_date' => $extractedData['invoice_date'] ?? null, - 'grand_total' => $extractedData['total_amount'] ?? 0, - 'tax_amount' => $extractedData['tax_amount'] ?? 0, - 'supplier_name' => $extractedData['vendor_name'] ?? null, - 'supplier_tin' => $extractedData['vendor_tax_number'] ?? null, - 'ai_raw_response' => json_encode($extractedData, JSON_UNESCAPED_UNICODE) - ]); - } catch (Throwable $e) { - $this->invoiceModel->update($invoiceId, [ - 'status' => 'validation_failed' - ]); - throw $e; - } - } -} - -``` - ---- - -## الملف: `queue/Jobs/SendNotificationJob.php` - -```php -prepare("INSERT INTO notifications (id, user_id, title, message, type, is_read, created_at) VALUES (?, ?, ?, ?, ?, 0, NOW())"); - $stmt->execute([ - \Ramsey\Uuid\Uuid::uuid4()->toString(), - $userId, - $title, - $message, - $type - ]); - - // Here we could also trigger WebSockets or push notifications if implemented - - } catch (Throwable $e) { - echo "[!] Notification failed for user {$userId}: " . $e->getMessage() . "\n"; - throw $e; - } - } -} - -``` - ---- - -## الملف: `queue/Jobs/RiskAnalysisJob.php` - -```php -riskService->calculateCompanyRiskScore($companyId); - - // Store or update risk score - $db = Database::getInstance(); - - $stmt = $db->prepare("SELECT id FROM risk_scores WHERE company_id = ? LIMIT 1"); - $stmt->execute([$companyId]); - $existing = $stmt->fetch(); - - if ($existing) { - $stmt = $db->prepare("UPDATE risk_scores SET risk_level = ?, score = ?, factors = ?, calculated_at = NOW() WHERE company_id = ?"); - $stmt->execute([ - $analysis['level'], - $analysis['score'], - json_encode($analysis['factors'], JSON_UNESCAPED_UNICODE), - $companyId - ]); - } else { - $stmt = $db->prepare("INSERT INTO risk_scores (id, tenant_id, company_id, risk_level, score, factors, calculated_at) VALUES (?, ?, ?, ?, ?, ?, NOW())"); - $stmt->execute([ - \Ramsey\Uuid\Uuid::uuid4()->toString(), - $tenantId, - $companyId, - $analysis['level'], - $analysis['score'], - json_encode($analysis['factors'], JSON_UNESCAPED_UNICODE) - ]); - } - } catch (Throwable $e) { - echo "[!] Risk Analysis failed for company {$companyId}: " . $e->getMessage() . "\n"; - throw $e; - } - } -} - -``` - ---- - diff --git a/phpunit.xml b/phpunit.xml deleted file mode 100644 index 96fd541..0000000 --- a/phpunit.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - tests/Unit - - - tests/Feature - - - - - - - diff --git a/public/assets/css/app.css b/public/assets/css/app.css deleted file mode 100644 index bb805f9..0000000 --- a/public/assets/css/app.css +++ /dev/null @@ -1,85 +0,0 @@ -@import url('https://fonts.googleapis.com/css2?family=IBM+Plex+Sans+Arabic:wght@400;500;600;700&family=JetBrains+Mono&family=Inter:wght@400;500;600&display=swap'); - -:root { - --primary: #10b981; - --primary-hover: #059669; - --primary-muted: rgba(16,185,129,0.1); - --danger: #ef4444; - --warning: #f59e0b; - --info: #3b82f6; - --success: #22c55e; - - /* Dark (default) */ - --bg-app: #0a0f1a; - --bg-card: rgba(15,23,42,0.8); - --bg-sidebar: #060b14; - --bg-input: rgba(15,23,42,0.6); - --border: rgba(51,65,85,0.6); - --text-primary: #f1f5f9; - --text-secondary: #94a3b8; - --text-muted: #475569; - --glass: rgba(15,23,42,0.6); - --glass-border: rgba(255,255,255,0.06); - --shadow-glow: 0 0 40px rgba(16,185,129,0.08); -} - -[data-theme="light"] { - --bg-app: #f1f5f9; - --bg-card: #ffffff; - --bg-sidebar: #ffffff; - --bg-input: #f8fafc; - --border: #e2e8f0; - --text-primary: #0f172a; - --text-secondary: #475569; - --text-muted: #94a3b8; - --glass: rgba(255,255,255,0.8); - --glass-border: rgba(0,0,0,0.04); - --shadow-glow: 0 4px 24px rgba(0,0,0,0.06); -} - -* { - margin: 0; - padding: 0; - box-sizing: border-box; - font-family: 'Inter', 'IBM Plex Sans Arabic', sans-serif; -} - -body { - background-color: var(--bg-app); - color: var(--text-primary); - direction: rtl; - min-height: 100vh; - overflow-x: hidden; - transition: background-color 0.3s, color 0.3s; -} - -/* Glassmorphism Utilities */ -.glass { - background: var(--glass); - backdrop-filter: blur(12px); - -webkit-backdrop-filter: blur(12px); - border: 1px solid var(--glass-border); -} - -.glow { - box-shadow: var(--shadow-glow); -} - -/* Custom Scrollbar */ -::-webkit-scrollbar { - width: 6px; -} -::-webkit-scrollbar-track { - background: transparent; -} -::-webkit-scrollbar-thumb { - background: var(--border); - border-radius: 10px; -} -::-webkit-scrollbar-thumb:hover { - background: var(--text-muted); -} - -/* RTL Specifics */ -[dir="rtl"] .ml-auto { margin-right: auto; margin-left: 0; } -[dir="rtl"] .mr-auto { margin-left: auto; margin-right: 0; } diff --git a/public/assets/js/api.js b/public/assets/js/api.js deleted file mode 100644 index 9570c51..0000000 --- a/public/assets/js/api.js +++ /dev/null @@ -1,55 +0,0 @@ -const API = { - baseUrl: '/api/v1', - - async request(endpoint, options = {}) { - const url = `${this.baseUrl}${endpoint}`; - const token = localStorage.getItem('access_token'); - - const headers = { - 'Accept': 'application/json', - ...(options.body instanceof FormData ? {} : { 'Content-Type': 'application/json' }), - ...(token ? { 'Authorization': `Bearer ${token}` } : {}), - ...options.headers - }; - - const response = await fetch(url, { ...options, headers }); - - if (response.status === 401 && !options._retry) { - // Attempt token refresh - const refreshed = await this.refresh(); - if (refreshed) { - return this.request(endpoint, { ...options, _retry: true }); - } - } - - const data = await response.json(); - if (!response.ok) { - throw new Error(data.message || 'حدث خطأ ما'); - } - return data; - }, - - async login(email, password) { - const data = await this.request('/auth/login', { - method: 'POST', - body: JSON.stringify({ email, password }) - }); - localStorage.setItem('access_token', data.data.access_token); - return data; - }, - - async refresh() { - try { - const data = await fetch(`${this.baseUrl}/auth/refresh`, { method: 'POST' }); - if (data.ok) { - const result = await data.json(); - localStorage.setItem('access_token', result.data.access_token); - return true; - } - } catch (e) { - console.error('Refresh failed', e); - } - localStorage.removeItem('access_token'); - return false; - } -}; diff --git a/public/index.html b/public/index.html deleted file mode 100644 index 8eefcfa..0000000 --- a/public/index.html +++ /dev/null @@ -1,102 +0,0 @@ - - - - - - مُصادَق — أتمتة الفواتير الضريبية - - - - - - - - - - - - -
-
-
-

- أتمتة الفواتير
بذكاء اصطناعي فائق -

-

- مُصادَق هو شريكك التقني المعتمد للربط مع نظام "جوفوتارا" الأردني، استخرج بيانات فواتيرك آلياً وامتثل للأنظمة الضريبية بثوانٍ. -

-
- - -
-
- - -
-
-
- -
-

استخراج ذكي (OCR)

-

استخدام Gemini 2.0 لاستخراج كافة بنود الفواتير من الصور والـ PDF بدقة تصل لـ 99%.

-
-
-
- -
-

توافق جو-فواتير

-

ربط مباشر مع منصة الفوترة الوطنية الأردنية وإصدار ملفات UBL 2.1 المعتمدة.

-
-
-
- -
-

حماية البيانات

-

تشفير AES-256 للبيانات الحساسة وعزل كامل لبيانات المستأجرين (Multi-tenancy).

-
-
-
- - - - - - diff --git a/public/index.php b/public/index.php index c6e54ec..12ab405 100644 --- a/public/index.php +++ b/public/index.php @@ -1,152 +1,36 @@ 'auth/login.php', + 'auth/refresh' => 'auth/refresh.php', + 'auth/logout' => 'auth/logout.php', + 'users' => 'users/index.php', + 'trips' => 'trips/index.php', +]; -$app = new Application(dirname(__DIR__)); -$router = $app->getRouter(); - -// ══ Auth Routes ══════════════════════════════════════════════ -$router->addRoute('POST', '/api/v1/auth/login', [AuthController::class, 'login']); -$router->addRoute('POST', '/api/v1/auth/register', [AuthController::class, 'register']); -$router->addRoute('POST', '/api/v1/auth/refresh', [AuthController::class, 'refresh']); -$router->addRoute('POST', '/api/v1/auth/logout', [AuthController::class, 'logout']); -$router->addRoute('GET', '/api/v1/auth/me', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [AuthController::class, 'me'] -]); -$router->addRoute('POST', '/api/v1/auth/2fa/enable', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [AuthController::class, 'enable2FA'] -]); -$router->addRoute('POST', '/api/v1/auth/2fa/verify', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [AuthController::class, 'verify2FA'] -]); -$router->addRoute('POST', '/api/v1/auth/2fa/disable', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [AuthController::class, 'disable2FA'] -]); - -// ══ Company Routes ═══════════════════════════════════════════ -$router->addRoute('GET', '/api/v1/companies', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [CompanyController::class, 'index'] -]); -$router->addRoute('POST', '/api/v1/companies', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [CompanyController::class, 'store'] -]); -$router->addRoute('GET', '/api/v1/companies/{id}', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [CompanyController::class, 'show'] -]); -$router->addRoute('PUT', '/api/v1/companies/{id}', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [CompanyController::class, 'update'] -]); -$router->addRoute('DELETE', '/api/v1/companies/{id}', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [CompanyController::class, 'destroy'] -]); - -// ══ User Routes ══════════════════════════════════════════════ -$router->addRoute('GET', '/api/v1/users', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [UsersController::class, 'list'] -]); -$router->addRoute('POST', '/api/v1/users', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [UsersController::class, 'create'] -]); -$router->addRoute('PUT', '/api/v1/users/{id}', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [UsersController::class, 'update'] -]); -$router->addRoute('DELETE', '/api/v1/users/{id}', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [UsersController::class, 'destroy'] -]); - -// ══ Invoice Routes ═══════════════════════════════════════════ -$router->addRoute('GET', '/api/v1/invoices', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [InvoiceController::class, 'index'] -]); -$router->addRoute('POST', '/api/v1/invoices/upload', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [InvoiceController::class, 'upload'] -]); -$router->addRoute('GET', '/api/v1/invoices/{id}', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [InvoiceController::class, 'show'] -]); -$router->addRoute('GET', '/api/v1/invoices/{id}/status', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [InvoiceController::class, 'status'] -]); -$router->addRoute('GET', '/api/v1/invoices/{id}/file', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [InvoiceController::class, 'serveFile'] -]); - -// ══ Dashboard ════════════════════════════════════════════════ -$router->addRoute('GET', '/api/v1/dashboard', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [DashboardController::class, 'getStats'] -]); - -// ══ API Keys ═══════════════════════════════════════════════════ -$router->addRoute('GET', '/api/v1/api-keys', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [ApiKeyController::class, 'index'] -]); -$router->addRoute('POST', '/api/v1/api-keys', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [ApiKeyController::class, 'create'] -]); -$router->addRoute('DELETE', '/api/v1/api-keys/{id}', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [ApiKeyController::class, 'revoke'] -]); - -// ══ Admin Routes (Super Admin) ════════════════════════════════ -$router->addRoute('GET', '/api/v1/admin/tenants', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [AdminController::class, 'listTenants'] -]); -$router->addRoute('GET', '/api/v1/admin/stats', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [AdminController::class, 'getSystemStats'] -]); -$router->addRoute('GET', '/api/v1/admin/queue', [ - 'middleware' => [AuthMiddleware::class], - 'handler' => [AdminController::class, 'getQueueStatus'] -]); - -// ══ Health & Public ═══════════════════════════════════════════ -$router->addRoute('GET', '/api/v1/health', [AdminController::class, 'health']); - -// ══ Determine if this is an API request ═════════════════════════════ -$apiRoute = $_GET['route'] ?? null; - -if (!$apiRoute) { - // Not an API call — serve the SPA shell - include __DIR__ . '/shell.php'; - exit; +if (isset($routes[$route])) { + $file = APP_PATH . '/modules_app/' . $routes[$route]; + if (file_exists($file)) { + require_once $file; + } else { + json_error("Endpoint file missing: {$route}", 500); + } +} else { + // If no route matches, maybe it's a SPA request or 404 + if (str_starts_with($route, 'v1/')) { + json_error("Not Found: {$route}", 404); + } else { + // Fallback for non-API requests (Frontend) + echo "

Musadaq API - Pure PHP

Running on simple architecture.

"; + } } - -$app->run(); diff --git a/public/shell.php b/public/shell.php deleted file mode 100644 index 0f5b444..0000000 --- a/public/shell.php +++ /dev/null @@ -1,476 +0,0 @@ - - - - - - مُصادَق | أتمتة الفواتير الضريبية - - - - - - - - - - - - - -
- -
- - - - -
-
-
-

-

نظام أتمتة الفواتير الرقمي

-
-
- -
- -
-
- -
- -
-
-
-

فواتير الشهر

-

-
-
-

فواتير معتمدة

-

-
-
-

عدد الشركات

-

-
-
-

استهلاك الباقة

-

-
-
- -
-
-

آخر الفواتير

-
- - - - - - - - - - - - - -
الشركةالرقمالتاريخالإجماليالحالة
-
-
-
-

المساعد الذكي

-
-

🤖 اسأل عن بياناتك:

- -
- -
-
-
- - -
-
-

إدارة الشركات

- -
-
- -
-
- - -
-
-

الفواتير والتدقيق

-
-
- - - - - - - - - - - - - - -
الشركةالرقمالتاريخالإجماليالحالةالثقة
-
-
-
-
-
- - -
-
-
-
-
- - - - diff --git a/push.sh b/push.sh index 5f29a9a..2f08491 100755 --- a/push.sh +++ b/push.sh @@ -1,20 +1,18 @@ #!/bin/bash -set -euo pipefail -# ════════════════════════════════════════════════════════════ -# مُصادَق — Quick Push to Git -# ════════════════════════════════════════════════════════════ +# Get current timestamp +TIMESTAMP=$(date "+%Y-%m-%d %H:%M:%S") -COMMIT_MSG="${1:-🚀 مُصادَق: تحديث برمجي جديد $(date '+%Y-%m-%d %H:%M')}" - -echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -echo "📦 جاري رفع التعديلات إلى Git..." -echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" +echo "🚀 Starting Git Push Process..." +echo "📅 Timestamp: $TIMESTAMP" +# Add all changes git add . -git commit -m "$COMMIT_MSG" || echo "ℹ️ لا توجد تغييرات للرفع." -git push origin main -echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -echo "✅ تم الرفع بنجاح! يمكنك الآن عمل (git pull) من نافذة السيرفر." -echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" +# Commit with timestamp +git commit -m "Update: $TIMESTAMP" + +# Push to origin +git push + +echo "✅ Done!" diff --git a/queue/Jobs/ExtractInvoiceJob.php b/queue/Jobs/ExtractInvoiceJob.php deleted file mode 100644 index efb222a..0000000 --- a/queue/Jobs/ExtractInvoiceJob.php +++ /dev/null @@ -1,74 +0,0 @@ -invoiceModel->update($invoiceId, ['status' => 'extracting']); - - try { - $extractedData = $this->aiExtraction->extractInvoiceData($filePath, $mimeType); - - // Map AI data to schema columns - $this->invoiceModel->update($invoiceId, [ - 'status' => 'extracted', - 'invoice_number' => $extractedData['invoice_number'] ?? null, - 'invoice_date' => $extractedData['invoice_date'] ?? null, - 'supplier_name' => $extractedData['supplier_name'] ?? null, - 'supplier_tin' => $extractedData['supplier_tin'] ?? null, - 'buyer_name' => $extractedData['buyer_name'] ?? null, - 'buyer_tin' => $extractedData['buyer_tin'] ?? null, - 'subtotal' => $extractedData['subtotal'] ?? 0, - 'tax_amount' => $extractedData['tax_amount'] ?? 0, - 'discount_total' => $extractedData['discount_total'] ?? 0, - 'grand_total' => $extractedData['grand_total'] ?? 0, - 'ai_confidence_score' => $extractedData['confidence'] ?? null, - 'ai_provider' => $extractedData['provider'] ?? 'gemini', - 'ai_raw_response' => json_encode($extractedData, JSON_UNESCAPED_UNICODE), - ]); - - // Also insert invoice_lines: - if (!empty($extractedData['lines'])) { - $db = \App\Core\Database::getInstance(); - $db->prepare("DELETE FROM invoice_lines WHERE invoice_id = ?")->execute([$invoiceId]); - foreach ($extractedData['lines'] as $i => $line) { - $db->prepare("INSERT INTO invoice_lines (id, invoice_id, line_number, description, quantity, unit_price, discount, tax_rate, tax_amount, line_total) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)") - ->execute([ - \Ramsey\Uuid\Uuid::uuid4()->toString(), - $invoiceId, $i + 1, - $line['description'] ?? '', - $line['quantity'] ?? 1, - $line['unit_price'] ?? 0, - $line['discount'] ?? 0, - $line['tax_rate'] ?? 0.16, - $line['tax_amount'] ?? 0, - $line['line_total'] ?? 0, - ]); - } - } - } catch (Throwable $e) { - $this->invoiceModel->update($invoiceId, [ - 'status' => 'validation_failed' - ]); - throw $e; - } - } -} diff --git a/queue/Jobs/RiskAnalysisJob.php b/queue/Jobs/RiskAnalysisJob.php deleted file mode 100644 index d46fc73..0000000 --- a/queue/Jobs/RiskAnalysisJob.php +++ /dev/null @@ -1,42 +0,0 @@ -riskService->calculateCompanyRiskScore($companyId); - - // Store risk score - $db = Database::getInstance(); - - $stmt = $db->prepare("INSERT INTO risk_scores (id, tenant_id, company_id, risk_type, score, reason) VALUES (?, ?, ?, ?, ?, ?)"); - $stmt->execute([ - \Ramsey\Uuid\Uuid::uuid4()->toString(), - $tenantId, - $companyId, - $analysis['level'], // risk_type = high/medium/low - $analysis['score'], - json_encode($analysis['factors'], JSON_UNESCAPED_UNICODE), // reason - ]); - } catch (Throwable $e) { - echo "[!] Risk Analysis failed for company {$companyId}: " . $e->getMessage() . "\n"; - throw $e; - } - } -} diff --git a/queue/Jobs/SendNotificationJob.php b/queue/Jobs/SendNotificationJob.php deleted file mode 100644 index 341ffa5..0000000 --- a/queue/Jobs/SendNotificationJob.php +++ /dev/null @@ -1,37 +0,0 @@ -prepare("INSERT INTO notifications (id, user_id, title, message, type, is_read, created_at) VALUES (?, ?, ?, ?, ?, 0, NOW())"); - $stmt->execute([ - \Ramsey\Uuid\Uuid::uuid4()->toString(), - $userId, - $title, - $message, - $type - ]); - - // Here we could also trigger WebSockets or push notifications if implemented - - } catch (Throwable $e) { - echo "[!] Notification failed for user {$userId}: " . $e->getMessage() . "\n"; - throw $e; - } - } -} diff --git a/queue/Jobs/SubmitJoFotaraJob.php b/queue/Jobs/SubmitJoFotaraJob.php deleted file mode 100644 index 0e7ef0c..0000000 --- a/queue/Jobs/SubmitJoFotaraJob.php +++ /dev/null @@ -1,81 +0,0 @@ -invoiceModel->update($invoiceId, ['status' => 'submitting']); - - // 2. Fetch Invoice - $db = \App\Core\Database::getInstance(); - $stmt = $db->prepare("SELECT * FROM invoices WHERE id = ? LIMIT 1"); - $stmt->execute([$invoiceId]); - $invoice = $stmt->fetch(); - - if (!$invoice) { - throw new \Exception("Invoice not found."); - } - - // 3. Fetch Company Credentials - $credentials = $this->companyService->getJoFotaraCredentials($invoice['company_id']); - if (empty($credentials['clientId']) || empty($credentials['secretKey'])) { - throw new \Exception("Company is not linked to JoFotara."); - } - - // 4. Fetch Invoice Lines - $stmt = $db->prepare("SELECT * FROM invoice_lines WHERE invoice_id = ?"); - $stmt->execute([$invoiceId]); - $lines = $stmt->fetchAll(); - - // 5. Generate UBL XML - $xmlString = $this->ublGenerator->generate($invoice, $lines); - $xmlBase64 = base64_encode($xmlString); - - // 6. Submit to JoFotara - $response = $this->jofotaraGateway->submitInvoice($invoice['company_id'], $xmlBase64, $credentials); - - // 7. Process Response - // Assuming response contains a success boolean and possibly qr_code - if (isset($response['success']) && $response['success']) { - $this->invoiceModel->update($invoiceId, [ - 'status' => 'approved', - 'qr_code' => $response['qr_code'] ?? null, - 'jofotara_response' => json_encode($response, JSON_UNESCAPED_UNICODE) - ]); - } else { - $this->invoiceModel->update($invoiceId, [ - 'status' => 'rejected', - 'jofotara_response' => json_encode($response, JSON_UNESCAPED_UNICODE) - ]); - } - - } catch (Throwable $e) { - $this->invoiceModel->update($invoiceId, [ - 'status' => 'validation_failed', - 'validation_errors' => json_encode([['message_ar' => 'فشل الإرسال: ' . $e->getMessage()]], JSON_UNESCAPED_UNICODE) - ]); - throw $e; - } - } -} diff --git a/queue/worker.php b/queue/worker.php deleted file mode 100644 index f9e6669..0000000 --- a/queue/worker.php +++ /dev/null @@ -1,66 +0,0 @@ -getContainer(); - - switch($job['type']) { - case 'invoice_extraction': - $handler = $container->get(\Queue\Jobs\ExtractInvoiceJob::class); - $handler->handle($job['payload']); - break; - - case 'submit_jofotara': - $handler = $container->get(\Queue\Jobs\SubmitJoFotaraJob::class); - $handler->handle($job['payload']); - break; - - case 'risk_analysis': - $handler = $container->get(\Queue\Jobs\RiskAnalysisJob::class); - $handler->handle($job['payload']); - break; - - case 'send_notification': - $handler = $container->get(\Queue\Jobs\SendNotificationJob::class); - $handler->handle($job['payload']); - break; - - default: - echo "[!] Unknown job type: {$job['type']}\n"; - } - - echo "[✓] Job completed: {$job['id']}\n"; - } catch (\Throwable $e) { - echo "[✗] Job failed: {$job['id']} - {$e->getMessage()}\n"; - // In a real app, you'd handle retries or move to a failed_jobs table - } - } else { - usleep(500000); // 0.5s - } -} - -echo "[*] Worker stopped.\n"; diff --git a/scripts/aggregate_project.py b/scripts/aggregate_project.py deleted file mode 100644 index 0273d8e..0000000 --- a/scripts/aggregate_project.py +++ /dev/null @@ -1,51 +0,0 @@ -import os - -def aggregate_project(root_dir, output_file, exclude_dirs=None, exclude_files=None, extensions=None): - if exclude_dirs is None: - exclude_dirs = {'.git', 'vendor', 'node_modules', 'storage', '.gemini', 'artifacts', 'brain', 'scratch'} - if exclude_files is None: - exclude_files = {'composer.lock', 'package-lock.json', 'aggregate_project.py', output_file} - if extensions is None: - extensions = {'.php', '.js', '.css', '.html', '.sql', '.json', '.md', '.py', '.env.example', '.xml', '.env'} - - with open(output_file, 'w', encoding='utf-8') as f: - f.write("# مُصادَق — ملخص كود المشروع الكامل\n\n") - f.write("هذا الملف يحتوي على كافة ملفات المصدر للمشروع مجمعة لتسهيل المراجعة.\n\n") - - for root, dirs, files in os.walk(root_dir): - # Exclude directories - dirs[:] = [d for d in dirs if d not in exclude_dirs] - - for file in files: - if file in exclude_files: - continue - - _, ext = os.path.splitext(file) - # Include specific files or extensions - if ext not in extensions and file not in {'.env', 'phpunit.xml'}: - continue - - full_path = os.path.join(root, file) - rel_path = os.path.relpath(full_path, root_dir) - - f.write(f"## الملف: `{rel_path}`\n\n") - - # Determine language for markdown block - lang = ext.replace('.', '') - if lang == 'php': lang = 'php' - elif lang == 'js': lang = 'javascript' - elif lang == 'sql': lang = 'sql' - else: lang = '' - - f.write(f"```{lang}\n") - try: - with open(full_path, 'r', encoding='utf-8') as src: - f.write(src.read()) - except Exception as e: - f.write(f"// تعذر قراءة الملف: {str(e)}") - f.write("\n```\n\n") - f.write("---\n\n") - -if __name__ == "__main__": - aggregate_project('.', 'musadaq_full_code.md') - print("تم تجميع الكود بنجاح في: musadaq_full_code.md") diff --git a/scripts/migrate.php b/scripts/migrate.php deleted file mode 100644 index 524f4ac..0000000 --- a/scripts/migrate.php +++ /dev/null @@ -1,64 +0,0 @@ -exec("CREATE TABLE IF NOT EXISTS migrations ( - id INT AUTO_INCREMENT PRIMARY KEY, - migration VARCHAR(255) NOT NULL, - created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP - ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;"); - - $stmt = $db->query("SELECT migration FROM migrations"); - $executed = $stmt->fetchAll(PDO::FETCH_COLUMN); - - $migrationsDir = dirname(__DIR__) . '/database/migrations'; - $files = glob($migrationsDir . '/*.sql'); - sort($files); // Ensure order - - $count = 0; - foreach ($files as $file) { - $name = basename($file); - if (!in_array($name, $executed)) { - echo "🚀 Running: $name... "; - - $sql = file_get_contents($file); - - // Execute the SQL. Since it might contain multiple statements, - // and PDO::exec doesn't always handle them well in one go - // depending on the driver, we'll try to run it. - $db->exec($sql); - - $stmt = $db->prepare("INSERT INTO migrations (migration) VALUES (?)"); - $stmt->execute([$name]); - - echo "✅ Done\n"; - $count++; - } - } - - if ($count === 0) { - echo "✨ Nothing to migrate. Database is up to date.\n"; - } else { - echo "🎉 Migrations completed successfully ($count ran).\n"; - } -} catch (Exception $e) { - echo "❌ Error: " . $e->getMessage() . "\n"; - exit(1); -} -echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n"; diff --git a/scripts/seed.php b/scripts/seed.php deleted file mode 100644 index 7d81625..0000000 --- a/scripts/seed.php +++ /dev/null @@ -1,38 +0,0 @@ -toString(); - $db->prepare("INSERT INTO tenants (id, name, email, status) VALUES (?, ?, ?, 'active')") - ->execute([$tenantId, 'شركة انطلاق للحلول الرقمية', 'admin@intaleqapp.com']); - - // 2. Create Super Admin User - $userId = Uuid::uuid4()->toString(); - $passwordHash = password_hash('Musadaq@2026', PASSWORD_ARGON2ID); - - $db->prepare("INSERT INTO users (id, tenant_id, name, email, password_hash, role, is_active) VALUES (?, ?, ?, ?, ?, 'super_admin', 1)") - ->execute([$userId, $tenantId, 'Hamza Admin', 'admin@musadaq.app', $passwordHash]); - - // 3. Create initial subscription - $db->prepare("INSERT INTO subscriptions (tenant_id, plan, max_companies, max_invoices_per_month, max_users) VALUES (?, 'pro', 10, 500, 5)") - ->execute([$tenantId]); - - echo "✅ Success! You can now log in with:\n"; - echo "📧 Email: admin@musadaq.app\n"; - echo "🔑 Password: Musadaq@2026\n"; - -} catch (\Throwable $e) { - echo "❌ Error: " . $e->getMessage() . "\n"; -} diff --git a/supervisor.conf b/supervisor.conf deleted file mode 100644 index 5ce6663..0000000 --- a/supervisor.conf +++ /dev/null @@ -1,9 +0,0 @@ -[program:musadaq-worker] -command=php /var/www/musadeq/queue/worker.php -user=www-data -autostart=true -autorestart=true -stderr_logfile=/var/log/musadaq-worker.err.log -stdout_logfile=/var/log/musadaq-worker.out.log -numprocs=2 -process_name=%(program_name)s_%(process_num)02d diff --git a/sync-to-server.sh b/sync-to-server.sh deleted file mode 100755 index f749108..0000000 --- a/sync-to-server.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash -set -euo pipefail - -# ════════════════════════════════════════════════════════════ -# مُصادَق — Production Sync Script (Mac to CloudPanel) -# ════════════════════════════════════════════════════════════ - -COMMIT_MSG="${1:-🚀 مُصادَق: تحديث وتطوير النظام $(date '+%Y-%m-%d %H:%M')}" -SERVER_USER="root" -SERVER_IP="194.163.173.157" # From previous context -PROJECT_DIR="/home/intaleqapp-musadaq/htdocs/musadaq.intaleqapp.com/Application" - -echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -echo "📦 [1/3] الرفع إلى Git (Local to Repo)..." -echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -git add . -git commit -m "$COMMIT_MSG" || echo "ℹ️ لا توجد تغييرات جديدة للرفع." -git push origin main - -echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -echo "🌐 [2/3] السحب على الخادم (Repo to Server)..." -echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -ssh $SERVER_USER@$SERVER_IP << ENDSSH - set -e - cd "$PROJECT_DIR" - - # Ensure git is initialized on server if not already - if [ ! -d ".git" ]; then - git init - git remote add origin https://git.intaleqapp.com/Hamza/musadaq-saas.git - fi - - git fetch origin - git reset --hard origin/main - - echo "📦 تثبيت التبعيات (Composer)..." - composer install --optimize-autoloader --no-interaction - - echo "♻️ إعادة تشغيل PHP-FPM..." - systemctl reload php8.4-fpm 2>/dev/null || systemctl reload php8.3-fpm 2>/dev/null - - echo "🔄 تحديث وإعادة تشغيل عامل الطابور (Supervisor)..." - if [ -f "supervisor.conf" ]; then - cp supervisor.conf /etc/supervisor/conf.d/musadaq.conf 2>/dev/null || true - fi - supervisorctl reread 2>/dev/null || true - supervisorctl update 2>/dev/null || true - supervisorctl restart musadaq-worker:* 2>/dev/null || true -ENDSSH - -echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -echo "✅ [3/3] اكتملت عملية المزامنة بنجاح!" -echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" diff --git a/tests/Feature/AuthTest.php b/tests/Feature/AuthTest.php deleted file mode 100644 index 060f00a..0000000 --- a/tests/Feature/AuthTest.php +++ /dev/null @@ -1,19 +0,0 @@ -assertTrue(true); - } -} diff --git a/tests/Unit/HmacTest.php b/tests/Unit/HmacTest.php deleted file mode 100644 index eae1047..0000000 --- a/tests/Unit/HmacTest.php +++ /dev/null @@ -1,44 +0,0 @@ -service = new HmacService(); - } - - public function test_it_verifies_valid_signature(): void - { - $secret = 'test-secret'; - $nonce = 'nonce-123'; - $timestamp = (string)time(); - $payload = json_encode(['foo' => 'bar']); - - $signature = $this->service->sign($secret, 'POST', '/api/v1/test', $timestamp, $nonce, $payload); - - $this->assertTrue($this->service->verify($secret, 'POST', '/api/v1/test', $timestamp, $nonce, $payload, $signature)); - } - - public function test_it_rejects_tampered_payload(): void - { - $secret = 'test-secret'; - $nonce = 'nonce-123'; - $timestamp = (string)time(); - $payload = json_encode(['foo' => 'bar']); - - $signature = $this->service->sign($secret, 'POST', '/api/v1/test', $timestamp, $nonce, $payload); - - $tamperedPayload = json_encode(['foo' => 'baz']); - - $this->assertFalse($this->service->verify($secret, 'POST', '/api/v1/test', $timestamp, $nonce, $tamperedPayload, $signature)); - } -} diff --git a/tests/Unit/TaxValidationTest.php b/tests/Unit/TaxValidationTest.php deleted file mode 100644 index 4c4987d..0000000 --- a/tests/Unit/TaxValidationTest.php +++ /dev/null @@ -1,52 +0,0 @@ -service = new TaxValidationService(); - } - - public function test_it_validates_standard_invoice(): void - { - $invoice = [ - 'invoice_number' => 'INV-001', - 'invoice_date' => date('Y-m-d'), - 'subtotal' => 100, - 'discount_total' => 0, - 'grand_total' => 116 - ]; - $lines = [ - ['line_number' => 1, 'quantity' => 1, 'unit_price' => 100, 'tax_rate' => 0.16, 'tax_amount' => 16, 'line_total' => 116] - ]; - - $result = $this->service->validate($invoice, $lines); - $this->assertTrue($result['is_valid']); - } - - public function test_it_detects_mismatching_totals(): void - { - $invoice = [ - 'invoice_number' => 'INV-002', - 'invoice_date' => date('Y-m-d'), - 'subtotal' => 100, - 'discount_total' => 0, - 'grand_total' => 110 // Mismatch - ]; - $lines = [ - ['line_number' => 1, 'quantity' => 1, 'unit_price' => 100, 'tax_rate' => 0.16, 'tax_amount' => 16, 'line_total' => 116] - ]; - - $result = $this->service->validate($invoice, $lines); - $this->assertFalse($result['is_valid']); - } -} diff --git a/tests/Unit/TotpServiceTest.php b/tests/Unit/TotpServiceTest.php deleted file mode 100644 index a030f82..0000000 --- a/tests/Unit/TotpServiceTest.php +++ /dev/null @@ -1,30 +0,0 @@ -generateSecret(); - - $this->assertEquals(16, strlen($secret)); - $this->assertMatchesRegularExpression('/^[A-Z2-7]+$/', $secret); - } - - public function test_it_verifies_correct_code(): void - { - $service = new TotpService(); - $secret = 'JBSWY3DPEHPK3PXP'; // Known secret - - // We can't easily test the code without a time mocker or calculation - // but we can check if it fails with an obviously wrong code - $this->assertFalse($service->verify($secret, '000000')); - } -}