Hamza/musadaq-saas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-05-05 01:48:24

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-05 01:48:24 +03:00
parent cfbd9c0009
commit 50538bc5b9
1 changed files with 173 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

166
app/modules_app/invoices/upload.php
View File

@@ -3,79 +3,90 @@
* Invoice Upload Endpoint (Multi-Tenant & Role-Aware) * Invoice Upload Endpoint (Multi-Tenant & Role-Aware)
*/ */
// تفعيل إظهار الأخطاء برمجياً لهذه الصفحة فقط لضمان عدم وجود فشل صامت
ini_set('display_errors', 0); // اجعلها 1 مؤقتاً إذا استمرت المشكلة لمعرفة الخطأ من السيرفر
error_reporting(E_ALL);
use App\Core\Database; use App\Core\Database;
use App\Middleware\AuthMiddleware; use App\Middleware\AuthMiddleware;
use App\Core\AI; use App\Core\AI;
use App\Core\Encryption; use App\Core\Encryption;
use App\Middleware\QuotaMiddleware; use App\Middleware\QuotaMiddleware;
// 1. Auth Check try {
$decoded = AuthMiddleware::check(); // 1. Auth Check
$tenantId = $decoded['tenant_id']; $decoded = AuthMiddleware::check();
$userId = $decoded['user_id']; $tenantId = $decoded['tenant_id'];
$userId = $decoded['user_id'];
// --- QUOTA CHECK --- // --- QUOTA CHECK ---
QuotaMiddleware::checkInvoiceQuota($tenantId); QuotaMiddleware::checkInvoiceQuota($tenantId);
// ------------------- // -------------------
$db = Database::getInstance(); $db = Database::getInstance();
$allowedRoles = ['admin', 'accountant', 'employee']; $allowedRoles = ['admin', 'accountant', 'employee'];
if (!in_array($decoded['role'], $allowedRoles)) { if (!in_array($decoded['role'], $allowedRoles)) {
json_error('غير مصرح لك برفع الفواتير', 403); json_error('غير مصرح لك برفع الفواتير', 403);
} exit;
}
// 2. Validate Request // 2. Validate Request
$data = input(); // استخدام $_POST للتعامل الآمن مع multipart/form-data
$companyId = $data['company_id'] ?? null; $companyId = $_POST['company_id'] ?? null;
if (!$companyId && function_exists('input')) {
$data = input();
$companyId = $data['company_id'] ?? null;
}
if (!$companyId || !isset($_FILES['invoice'])) { if (!$companyId || !isset($_FILES['invoice']) || $_FILES['invoice']['error'] !== UPLOAD_ERR_OK) {
json_error('رقم الشركة وملف الفاتورة مطلوبان', 422); $uploadError = $_FILES['invoice']['error'] ?? 'No File';
} json_error('رقم الشركة وملف الفاتورة مطلوبان، أو حدث خطأ أثناء الرفع (كود الخطأ: ' . $uploadError . ')', 422);
exit;
}
// 3. Permission Check // 3. Permission Check
// Everyone (except Super Admin) must belong to the same tenant as the company $stmt = $db->prepare("SELECT id FROM companies WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL");
$stmt = $db->prepare("SELECT id FROM companies WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL"); $stmt->execute([$companyId, $tenantId]);
$stmt->execute([$companyId, $tenantId]);
if (!$stmt->fetch()) { if (!$stmt->fetch()) {
json_error('الوصول مرفوض لهذه الشركة أو رقم الشركة غير صحيح', 403); json_error('الوصول مرفوض لهذه الشركة أو رقم الشركة غير صحيح', 403);
} exit;
}
// 4. Handle File Upload (Step-by-step for permission safety) // 4. Handle File Upload
$tenantDir = STORAGE_PATH . '/invoices/' . $tenantId; $tenantDir = STORAGE_PATH . '/invoices/' . $tenantId;
$companyDir = $tenantDir . '/' . $companyId; $companyDir = $tenantDir . '/' . $companyId;
$dateFolder = date('Y-m-d'); $dateFolder = date('Y-m-d');
$uploadDir = $companyDir . '/' . $dateFolder . '/'; $uploadDir = $companyDir . '/' . $dateFolder . '/';
foreach ([$tenantDir, $companyDir, $uploadDir] as $dir) { foreach ([$tenantDir, $companyDir, $uploadDir] as $dir) {
if (!is_dir($dir)) { if (!is_dir($dir)) {
if (!mkdir($dir, 0777, true)) { if (!mkdir($dir, 0777, true)) {
error_log("UPLOAD ERROR: Failed to create directory: " . $dir);
json_error('فشل في إنشاء مجلد التخزين: ' . $dir, 500); json_error('فشل في إنشاء مجلد التخزين: ' . $dir, 500);
exit;
}
chmod($dir, 0777);
} }
chmod($dir, 0777); // Force permissions
} }
}
$extension = pathinfo($_FILES['invoice']['name'], PATHINFO_EXTENSION); $extension = pathinfo($_FILES['invoice']['name'], PATHINFO_EXTENSION);
$fileName = bin2hex(random_bytes(8)) . '_' . time() . '.' . $extension; $fileName = bin2hex(random_bytes(8)) . '_' . time() . '.' . $extension;
$targetFile = $uploadDir . $fileName; $targetFile = $uploadDir . $fileName;
if (!move_uploaded_file($_FILES['invoice']['tmp_name'], $targetFile)) {
json_error('فشل في نقل الملف المرفوع إلى مسار التخزين', 500);
exit;
}
if (move_uploaded_file($_FILES['invoice']['tmp_name'], $targetFile)) {
// 5. Run AI Extraction // 5. Run AI Extraction
$mimeType = $_FILES['invoice']['type']; $mimeType = $_FILES['invoice']['type'];
$fileContent = file_get_contents($targetFile); $fileContent = file_get_contents($targetFile);
if (!$fileContent) {
error_log("UPLOAD ERROR: Failed to read file content: " . $targetFile);
json_error('فشل في قراءة الملف المرفوع', 500);
}
$base64Data = base64_encode($fileContent); $base64Data = base64_encode($fileContent);
$extracted = AI::extractInvoiceData($base64Data, $mimeType); $extracted = AI::extractInvoiceData($base64Data, $mimeType);
if (!$extracted) { if (!$extracted) {
// Still save basic record if AI fails, ensuring all NOT NULL and new columns are met
$invoiceId = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex(random_bytes(16)), 4)); $invoiceId = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex(random_bytes(16)), 4));
$stmt = $db->prepare(" $stmt = $db->prepare("
INSERT INTO invoices ( INSERT INTO invoices (
@@ -86,19 +97,18 @@ if (move_uploaded_file($_FILES['invoice']['tmp_name'], $targetFile)) {
"); ");
$stmt->execute([$invoiceId, $tenantId, $companyId, $userId, $targetFile]); $stmt->execute([$invoiceId, $tenantId, $companyId, $userId, $targetFile]);
json_success(['id' => $invoiceId], 'تم رفع الفاتورة ولكن فشل استخراج البيانات تلقائياً'); json_success(['id' => $invoiceId], 'تم رفع الفاتورة ولكن فشل استخراج البيانات تلقائياً');
exit; // إيقاف التنفيذ إلزامي هنا لمنع الانهيار
} }
// 6. Save Extracted Data with Encryption // 6. Save Extracted Data
try {
$db->beginTransaction(); $db->beginTransaction();
// 5.5 Duplicate Prevention Check
$supplierTin = $extracted['supplier']['tin'] ?? ''; $supplierTin = $extracted['supplier']['tin'] ?? '';
$invoiceNum = $extracted['invoice_number'] ?? ''; $invoiceNum = $extracted['invoice_number'] ?? '';
$invoiceDate = $extracted['invoice_date'] ?? ''; $invoiceDate = $extracted['invoice_date'] ?? '';
$invoiceHash = null; $invoiceHash = null;
if ($supplierTin && $invoiceNum && $invoiceDate) { if (!empty($supplierTin) && !empty($invoiceNum) && !empty($invoiceDate)) {
$rawHashString = $companyId . '_' . $supplierTin . '_' . $invoiceNum . '_' . $invoiceDate; $rawHashString = $companyId . '_' . $supplierTin . '_' . $invoiceNum . '_' . $invoiceDate;
$invoiceHash = hash('sha256', strtolower($rawHashString)); $invoiceHash = hash('sha256', strtolower($rawHashString));
@@ -107,11 +117,19 @@ if (move_uploaded_file($_FILES['invoice']['tmp_name'], $targetFile)) {
if ($checkStmt->fetch()) { if ($checkStmt->fetch()) {
$db->rollBack(); $db->rollBack();
json_error('هذه الفاتورة تم رفعها مسبقاً لهذه الشركة (رقم الفاتورة مكرر لنفس المورد والتاريخ).', 409); json_error('هذه الفاتورة تم رفعها مسبقاً لهذه الشركة (رقم الفاتورة مكرر لنفس المورد والتاريخ).', 409);
exit;
} }
} }
$invoiceId = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex(random_bytes(16)), 4)); $invoiceId = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex(random_bytes(16)), 4));
// معالجة القيم الفارغة لمنع انهيار قاعدة البيانات (Strict Mode)
$validDate = (!empty($invoiceDate) && strtotime($invoiceDate)) ? $invoiceDate : null;
$subtotal = is_numeric($extracted['subtotal'] ?? null) ? $extracted['subtotal'] : 0;
$tax = is_numeric($extracted['tax_amount'] ?? null) ? $extracted['tax_amount'] : 0;
$disc = is_numeric($extracted['discount_total'] ?? null) ? $extracted['discount_total'] : 0;
$total = is_numeric($extracted['grand_total'] ?? null) ? $extracted['grand_total'] : 0;
$stmt = $db->prepare(" $stmt = $db->prepare("
INSERT INTO invoices ( INSERT INTO invoices (
id, tenant_id, company_id, uploaded_by, original_file_path, status, id, tenant_id, company_id, uploaded_by, original_file_path, status,
@@ -136,42 +154,42 @@ if (move_uploaded_file($_FILES['invoice']['tmp_name'], $targetFile)) {
'company_id' => $companyId, 'company_id' => $companyId,
'uploaded_by' => $userId, 'uploaded_by' => $userId,
'path' => $targetFile, 'path' => $targetFile,
'num' => $extracted['invoice_number'] ?? null, 'num' => !empty($invoiceNum) ? $invoiceNum : null,
'date' => $extracted['invoice_date'] ?? null, 'date' => $validDate,
'type' => $extracted['invoice_type'] ?? 'cash', 'type' => !empty($extracted['invoice_type']) ? $extracted['invoice_type'] : 'cash',
'cat' => $extracted['invoice_category'] ?? 'simplified', 'cat' => !empty($extracted['invoice_category']) ? $extracted['invoice_category'] : 'simplified',
's_tin' => Encryption::encrypt($extracted['supplier']['tin'] ?? ''), 's_tin' => Encryption::encrypt($supplierTin),
's_name' => Encryption::encrypt($extracted['supplier']['name'] ?? ''), 's_name' => Encryption::encrypt($extracted['supplier']['name'] ?? ''),
's_addr' => Encryption::encrypt($extracted['supplier']['address'] ?? ''), 's_addr' => Encryption::encrypt($extracted['supplier']['address'] ?? ''),
'b_tin' => Encryption::encrypt($extracted['buyer']['tin'] ?? ''), 'b_tin' => Encryption::encrypt($extracted['buyer']['tin'] ?? ''),
'b_name' => Encryption::encrypt($extracted['buyer']['name'] ?? ''), 'b_name' => Encryption::encrypt($extracted['buyer']['name'] ?? ''),
'b_nid' => Encryption::encrypt($extracted['buyer']['national_id'] ?? ''), 'b_nid' => Encryption::encrypt($extracted['buyer']['national_id'] ?? ''),
'sub' => $extracted['subtotal'] ?? 0, 'sub' => $subtotal,
'tax' => $extracted['tax_amount'] ?? 0, 'tax' => $tax,
'disc' => $extracted['discount_total'] ?? 0, 'disc' => $disc,
'total' => $extracted['grand_total'] ?? 0, 'total' => $total,
'cur' => $extracted['currency_code'] ?? 'JOD', 'cur' => !empty($extracted['currency_code']) ? $extracted['currency_code'] : 'JOD',
'hash' => $invoiceHash, 'hash' => $invoiceHash,
'warnings' => isset($extracted['validation_warnings']) && !empty($extracted['validation_warnings']) ? json_encode($extracted['validation_warnings']) : null 'warnings' => !empty($extracted['validation_warnings']) ? json_encode($extracted['validation_warnings']) : null
]); ]);
// Save Line Items // Save Line Items
if (!empty($extracted['lines'])) { if (!empty($extracted['lines']) && is_array($extracted['lines'])) {
$lineStmt = $db->prepare(" $lineStmt = $db->prepare("
INSERT INTO invoice_lines (id, invoice_id, line_number, description, quantity, unit_price, tax_rate, line_total) INSERT INTO invoice_lines (id, invoice_id, line_number, description, quantity, unit_price, tax_rate, line_total)
VALUES (?, ?, ?, ?, ?, ?, ?, ?) VALUES (?, ?, ?, ?, ?, ?, ?, ?)
"); ");
foreach ($extracted['lines'] as $item) { foreach ($extracted['lines'] as $index => $item) {
$lineId = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex(random_bytes(16)), 4)); $lineId = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex(random_bytes(16)), 4));
$lineStmt->execute([ $lineStmt->execute([
$lineId, $lineId,
$invoiceId, $invoiceId,
$item['line_number'] ?? 1, $item['line_number'] ?? ($index + 1),
$item['description'] ?? 'N/A', $item['description'] ?? 'بدون وصف',
$item['quantity'] ?? 1, is_numeric($item['quantity'] ?? null) ? $item['quantity'] : 1,
$item['unit_price'] ?? 0, is_numeric($item['unit_price'] ?? null) ? $item['unit_price'] : 0,
$item['tax_rate'] ?? 0.16, is_numeric($item['tax_rate'] ?? null) ? $item['tax_rate'] : 0.16,
$item['line_total'] ?? 0 is_numeric($item['line_total'] ?? null) ? $item['line_total'] : 0
]); ]);
} }
} }
@@ -183,14 +201,20 @@ if (move_uploaded_file($_FILES['invoice']['tmp_name'], $targetFile)) {
// ----------------------- // -----------------------
json_success(['id' => $invoiceId], 'تم رفع الفاتورة واستخراج البيانات بنجاح'); json_success(['id' => $invoiceId], 'تم رفع الفاتورة واستخراج البيانات بنجاح');
exit;
} catch (\Exception $e) { } catch (\PDOException $e) {
if (isset($db) && $db->inTransaction()) {
$db->rollBack(); $db->rollBack();
error_log("DB Error during invoice save: " . $e->getMessage());
json_error('حدث خطأ أثناء حفظ بيانات الفاتورة', 500);
} }
} else { error_log("Database Error: " . $e->getMessage());
$uploadError = $_FILES['invoice']['error'] ?? 'Unknown'; json_error('حدث خطأ في قاعدة البيانات: ' . $e->getMessage(), 500);
error_log("UPLOAD ERROR: move_uploaded_file failed. Error Code: $uploadError. Target: $targetFile. Tmp: " . ($_FILES['invoice']['tmp_name'] ?? 'N/A')); exit;
json_error('Failed to save uploaded file. PHP Error Code: ' . $uploadError, 500); } catch (\Throwable $e) {
if (isset($db) && $db->inTransaction()) {
$db->rollBack();
}
error_log("Critical Error: " . $e->getMessage() . " on line " . $e->getLine());
json_error('خطأ برمجي حرج: ' . $e->getMessage() . ' في السطر ' . $e->getLine(), 500);
exit;
} }