🚀 مُصادَق: تحديث برمجي جديد 2026-05-03 15:11
This commit is contained in:
Hamza-Ayed
@@ -1,7 +1,5 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Services;
|
||||
|
||||
use App\Core\Database;
|
||||
@@ -10,30 +8,33 @@ final class AuditService
|
||||
{
|
||||
public static function log(
|
||||
string $action,
|
||||
?string $tenantId = null,
|
||||
?string $userId = null,
|
||||
?string $entityType = null,
|
||||
?string $entityId = null,
|
||||
?array $oldData = null,
|
||||
?array $newData = null,
|
||||
?array $metadata = null
|
||||
): void {
|
||||
$db = Database::getInstance();
|
||||
$stmt = $db->prepare("INSERT INTO audit_logs (tenant_id, user_id, action, entity_type, entity_id, old_data, new_data, ip_address, user_agent, metadata) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
|
||||
|
||||
// This would be populated from the global Request context
|
||||
$tenantId = $GLOBALS['current_tenant_id'] ?? null;
|
||||
$userId = $GLOBALS['current_user_id'] ?? null;
|
||||
|
||||
$stmt->execute([
|
||||
$tenantId,
|
||||
$userId,
|
||||
$action,
|
||||
$entityType,
|
||||
$entityId,
|
||||
$oldData ? json_encode($oldData) : null,
|
||||
$newData ? json_encode($newData) : null,
|
||||
$_SERVER['REMOTE_ADDR'] ?? null,
|
||||
$_SERVER['HTTP_USER_AGENT'] ?? null,
|
||||
$metadata ? json_encode($metadata) : null
|
||||
]);
|
||||
try {
|
||||
$db = Database::getInstance();
|
||||
$stmt = $db->prepare("INSERT INTO audit_logs
|
||||
(tenant_id, user_id, action, entity_type, entity_id, old_data, new_data, ip_address, user_agent, metadata, created_at)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW())");
|
||||
$stmt->execute([
|
||||
$tenantId,
|
||||
$userId,
|
||||
$action,
|
||||
$entityType,
|
||||
$entityId,
|
||||
$oldData ? json_encode($oldData, JSON_UNESCAPED_UNICODE) : null,
|
||||
$newData ? json_encode($newData, JSON_UNESCAPED_UNICODE) : null,
|
||||
$_SERVER['REMOTE_ADDR'] ?? null,
|
||||
$_SERVER['HTTP_USER_AGENT'] ?? null,
|
||||
$metadata ? json_encode($metadata, JSON_UNESCAPED_UNICODE) : null,
|
||||
]);
|
||||
} catch (\Throwable $e) {
|
||||
error_log('[Audit] Failed: ' . $e->getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,112 +1,201 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Services\JoFotara;
|
||||
|
||||
/**
|
||||
* UBLGeneratorService
|
||||
*
|
||||
* Generates UBL 2.1 compliant XML for the Jordanian Income and Sales Tax Department (ISTD).
|
||||
* Based on the JoFotara Technical Specifications.
|
||||
*/
|
||||
use DOMDocument;
|
||||
use DOMElement;
|
||||
|
||||
final class UBLGeneratorService
|
||||
{
|
||||
public function generate(array $invoice, array $lines, array $company): string
|
||||
{
|
||||
$xml = new \SimpleXMLElement('<?xml version="1.0" encoding="UTF-8"?><Invoice xmlns="urn:oasis:names:specification:ubl:schema:xsd:Invoice-2" xmlns:cac="urn:oasis:names:specification:ubl:schema:xsd:CommonAggregateComponents-2" xmlns:cbc="urn:oasis:names:specification:ubl:schema:xsd:CommonBasicComponents-2"></Invoice>');
|
||||
$dom = new DOMDocument('1.0', 'UTF-8');
|
||||
$dom->formatOutput = true;
|
||||
|
||||
$root = $dom->createElementNS('urn:oasis:names:specification:ubl:schema:xsd:Invoice-2', 'Invoice');
|
||||
$root->setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:cac', 'urn:oasis:names:specification:ubl:schema:xsd:CommonAggregateComponents-2');
|
||||
$root->setAttributeNS('http://www.w3.org/2000/xmlns/', 'xmlns:cbc', 'urn:oasis:names:specification:ubl:schema:xsd:CommonBasicComponents-2');
|
||||
$dom->appendChild($root);
|
||||
|
||||
// 1. Basic Information
|
||||
$xml->addChild('cbc:UBLVersionID', '2.1');
|
||||
$xml->addChild('cbc:CustomizationID', 'TRADACO-2.1');
|
||||
$xml->addChild('cbc:ProfileID', 'reporting:1.0');
|
||||
$xml->addChild('cbc:ID', $invoice['invoice_number']);
|
||||
$xml->addChild('cbc:IssueDate', $invoice['invoice_date']);
|
||||
$xml->addChild('cbc:InvoiceTypeCode', $invoice['ubl_type_code'] ?? '388')->addAttribute('name', $invoice['invoice_category'] ?? '01');
|
||||
$xml->addChild('cbc:DocumentCurrencyCode', 'JOD');
|
||||
$xml->addChild('cbc:TaxCurrencyCode', 'JOD');
|
||||
|
||||
// 2. AccountingSupplierParty (The Seller/Company)
|
||||
$supplier = $xml->addChild('cac:AccountingSupplierParty');
|
||||
$sParty = $supplier->addChild('cac:Party');
|
||||
$sParty->addChild('cac:PartyIdentification')->addChild('cbc:ID', $company['tax_identification_number'])->addAttribute('schemeID', 'TN');
|
||||
$sName = $sParty->addChild('cac:PartyName');
|
||||
$sName->addChild('cbc:Name', $company['name']);
|
||||
$root->appendChild($dom->createElement('cbc:UBLVersionID', '2.1'));
|
||||
$root->appendChild($dom->createElement('cbc:CustomizationID', 'TRADACO-2.1'));
|
||||
$root->appendChild($dom->createElement('cbc:ProfileID', 'reporting:1.0'));
|
||||
$root->appendChild($dom->createElement('cbc:ID', $invoice['invoice_number']));
|
||||
$root->appendChild($dom->createElement('cbc:IssueDate', $invoice['invoice_date']));
|
||||
|
||||
$sAddr = $sParty->addChild('cac:PostalAddress');
|
||||
$sAddr->addChild('cbc:CityName', $company['city'] ?? 'Amman');
|
||||
$sAddr->addChild('cac:Country')->addChild('cbc:IdentificationCode', 'JO');
|
||||
|
||||
$sTaxScheme = $sParty->addChild('cac:PartyTaxScheme');
|
||||
$sTaxScheme->addChild('cbc:RegistrationName', $company['name']);
|
||||
$sTaxScheme->addChild('cbc:CompanyID', $company['tax_identification_number']);
|
||||
$sTaxScheme->addChild('cac:TaxScheme')->addChild('cbc:ID', 'VAT');
|
||||
|
||||
$sLegalEntity = $sParty->addChild('cac:PartyLegalEntity');
|
||||
$sLegalEntity->addChild('cbc:RegistrationName', $company['name']);
|
||||
$sLegalEntity->addChild('cbc:CompanyID', $company['tax_identification_number']);
|
||||
|
||||
// 3. AccountingCustomerParty (The Buyer)
|
||||
$customer = $xml->addChild('cac:AccountingCustomerParty');
|
||||
$cParty = $customer->addChild('cac:Party');
|
||||
$typeCode = $dom->createElement('cbc:InvoiceTypeCode', $invoice['ubl_type_code'] ?? '388');
|
||||
$typeCode->setAttribute('name', $invoice['invoice_category'] ?? '01');
|
||||
$root->appendChild($typeCode);
|
||||
|
||||
if (!empty($invoice['buyer_tin'])) {
|
||||
$cParty->addChild('cac:PartyIdentification')->addChild('cbc:ID', $invoice['buyer_tin'])->addAttribute('schemeID', 'TN');
|
||||
} elseif (!empty($invoice['buyer_national_id'])) {
|
||||
$cParty->addChild('cac:PartyIdentification')->addChild('cbc:ID', $invoice['buyer_national_id'])->addAttribute('schemeID', 'NID');
|
||||
$root->appendChild($dom->createElement('cbc:DocumentCurrencyCode', 'JOD'));
|
||||
$root->appendChild($dom->createElement('cbc:TaxCurrencyCode', 'JOD'));
|
||||
|
||||
// 2. AccountingSupplierParty
|
||||
$supplierParty = $dom->createElement('cac:AccountingSupplierParty');
|
||||
$party = $dom->createElement('cac:Party');
|
||||
|
||||
$partyId = $dom->createElement('cac:PartyIdentification');
|
||||
$id = $dom->createElement('cbc:ID', $company['tax_identification_number']);
|
||||
$id->setAttribute('schemeID', 'TN');
|
||||
$partyId->appendChild($id);
|
||||
$party->appendChild($partyId);
|
||||
|
||||
$partyName = $dom->createElement('cac:PartyName');
|
||||
$partyName->appendChild($dom->createElement('cbc:Name', $company['name']));
|
||||
$party->appendChild($partyName);
|
||||
|
||||
$postalAddr = $dom->createElement('cac:PostalAddress');
|
||||
$postalAddr->appendChild($dom->createElement('cbc:CityName', $company['city'] ?? 'Amman'));
|
||||
$country = $dom->createElement('cac:Country');
|
||||
$country->appendChild($dom->createElement('cbc:IdentificationCode', 'JO'));
|
||||
$postalAddr->appendChild($country);
|
||||
$party->appendChild($postalAddr);
|
||||
|
||||
$taxScheme = $dom->createElement('cac:PartyTaxScheme');
|
||||
$taxScheme->appendChild($dom->createElement('cbc:RegistrationName', $company['name']));
|
||||
$taxScheme->appendChild($dom->createElement('cbc:CompanyID', $company['tax_identification_number']));
|
||||
$ts = $dom->createElement('cac:TaxScheme');
|
||||
$ts->appendChild($dom->createElement('cbc:ID', 'VAT'));
|
||||
$taxScheme->appendChild($ts);
|
||||
$party->appendChild($taxScheme);
|
||||
|
||||
$legalEntity = $dom->createElement('cac:PartyLegalEntity');
|
||||
$legalEntity->appendChild($dom->createElement('cbc:RegistrationName', $company['name']));
|
||||
$legalEntity->appendChild($dom->createElement('cbc:CompanyID', $company['tax_identification_number']));
|
||||
$party->appendChild($legalEntity);
|
||||
|
||||
$supplierParty->appendChild($party);
|
||||
$root->appendChild($supplierParty);
|
||||
|
||||
// 3. AccountingCustomerParty
|
||||
$customerParty = $dom->createElement('cac:AccountingCustomerParty');
|
||||
$cparty = $dom->createElement('cac:Party');
|
||||
|
||||
if (!empty($invoice['buyer_tin']) || !empty($invoice['buyer_national_id'])) {
|
||||
$cpartyId = $dom->createElement('cac:PartyIdentification');
|
||||
$cid = $dom->createElement('cbc:ID', $invoice['buyer_tin'] ?: $invoice['buyer_national_id']);
|
||||
$cid->setAttribute('schemeID', $invoice['buyer_tin'] ? 'TN' : 'NID');
|
||||
$cpartyId->appendChild($cid);
|
||||
$cparty->appendChild($cpartyId);
|
||||
}
|
||||
|
||||
$cName = $cParty->addChild('cac:PartyName');
|
||||
$cName->addChild('cbc:Name', $invoice['buyer_name'] ?? 'General Customer');
|
||||
|
||||
$cTaxScheme = $cParty->addChild('cac:PartyTaxScheme');
|
||||
$cTaxScheme->addChild('cac:TaxScheme')->addChild('cbc:ID', 'VAT');
|
||||
$cpartyName = $dom->createElement('cac:PartyName');
|
||||
$cpartyName->appendChild($dom->createElement('cbc:Name', $invoice['buyer_name'] ?? 'General Customer'));
|
||||
$cparty->appendChild($cpartyName);
|
||||
|
||||
$ctaxScheme = $dom->createElement('cac:PartyTaxScheme');
|
||||
$cts = $dom->createElement('cac:TaxScheme');
|
||||
$cts->appendChild($dom->createElement('cbc:ID', 'VAT'));
|
||||
$ctaxScheme->appendChild($cts);
|
||||
$cparty->appendChild($ctaxScheme);
|
||||
|
||||
$customerParty->appendChild($cparty);
|
||||
$root->appendChild($customerParty);
|
||||
|
||||
// 4. PaymentMeans
|
||||
$payment = $xml->addChild('cac:PaymentMeans');
|
||||
$payment->addChild('cbc:PaymentMeansCode', $invoice['payment_method_code'] ?? '10');
|
||||
$paymentMeans = $dom->createElement('cac:PaymentMeans');
|
||||
$paymentMeans->appendChild($dom->createElement('cbc:PaymentMeansCode', $invoice['payment_method_code'] ?? '013'));
|
||||
$root->appendChild($paymentMeans);
|
||||
|
||||
// 5. TaxTotal
|
||||
$taxTotal = $xml->addChild('cac:TaxTotal');
|
||||
$taxTotal->addChild('cbc:TaxAmount', number_format((float)$invoice['tax_amount'], 3, '.', ''))->addAttribute('currencyID', 'JOD');
|
||||
$taxTotal = $dom->createElement('cac:TaxTotal');
|
||||
$taxAmt = $dom->createElement('cbc:TaxAmount', number_format((float)$invoice['tax_amount'], 3, '.', ''));
|
||||
$taxAmt->setAttribute('currencyID', 'JOD');
|
||||
$taxTotal->appendChild($taxAmt);
|
||||
|
||||
$taxSubtotal = $taxTotal->addChild('cac:TaxSubtotal');
|
||||
$taxSubtotal->addChild('cbc:TaxableAmount', number_format((float)$invoice['subtotal'], 3, '.', ''))->addAttribute('currencyID', 'JOD');
|
||||
$taxSubtotal->addChild('cbc:TaxAmount', number_format((float)$invoice['tax_amount'], 3, '.', ''))->addAttribute('currencyID', 'JOD');
|
||||
$taxCategory = $taxSubtotal->addChild('cac:TaxCategory');
|
||||
$taxCategory->addChild('cbc:ID', 'S');
|
||||
$taxCategory->addChild('cbc:Percent', '16.00'); // Default Jordan VAT
|
||||
$taxCategory->addChild('cac:TaxScheme')->addChild('cbc:ID', 'VAT');
|
||||
|
||||
// 6. LegalMonetaryTotal
|
||||
$legalMonetaryTotal = $xml->addChild('cac:LegalMonetaryTotal');
|
||||
$legalMonetaryTotal->addChild('cbc:LineExtensionAmount', number_format((float)$invoice['subtotal'], 3, '.', ''))->addAttribute('currencyID', 'JOD');
|
||||
$legalMonetaryTotal->addChild('cbc:TaxExclusiveAmount', number_format((float)$invoice['subtotal'], 3, '.', ''))->addAttribute('currencyID', 'JOD');
|
||||
$legalMonetaryTotal->addChild('cbc:TaxInclusiveAmount', number_format((float)$invoice['grand_total'], 3, '.', ''))->addAttribute('currencyID', 'JOD');
|
||||
$legalMonetaryTotal->addChild('cbc:AllowanceTotalAmount', number_format((float)($invoice['discount_total'] ?? 0), 3, '.', ''))->addAttribute('currencyID', 'JOD');
|
||||
$legalMonetaryTotal->addChild('cbc:PayableAmount', number_format((float)$invoice['grand_total'], 3, '.', ''))->addAttribute('currencyID', 'JOD');
|
||||
|
||||
// 7. Invoice Lines
|
||||
// Group lines by tax rate
|
||||
$taxGroups = [];
|
||||
foreach ($lines as $line) {
|
||||
$invoiceLine = $xml->addChild('cac:InvoiceLine');
|
||||
$invoiceLine->addChild('cbc:ID', (string)$line['line_number']);
|
||||
$invoiceLine->addChild('cbc:InvoicedQuantity', number_format((float)$line['quantity'], 3, '.', ''))->addAttribute('unitCode', 'PCE');
|
||||
$invoiceLine->addChild('cbc:LineExtensionAmount', number_format((float)$line['line_total'], 3, '.', ''))->addAttribute('currencyID', 'JOD');
|
||||
|
||||
$item = $invoiceLine->addChild('cac:Item');
|
||||
$item->addChild('cbc:Description', $line['description']);
|
||||
$itemTaxCategory = $item->addChild('cac:TaxCategory');
|
||||
$itemTaxCategory->addChild('cbc:ID', 'S');
|
||||
$itemTaxCategory->addChild('cbc:Percent', '16.00');
|
||||
$itemTaxCategory->addChild('cac:TaxScheme')->addChild('cbc:ID', 'VAT');
|
||||
|
||||
$price = $invoiceLine->addChild('cac:Price');
|
||||
$price->addChild('cbc:PriceAmount', number_format((float)$line['unit_price'], 3, '.', ''))->addAttribute('currencyID', 'JOD');
|
||||
$rate = number_format((float)$line['tax_rate'], 2, '.', '');
|
||||
if (!isset($taxGroups[$rate])) {
|
||||
$taxGroups[$rate] = ['taxable' => 0, 'tax' => 0];
|
||||
}
|
||||
$taxGroups[$rate]['taxable'] += ($line['quantity'] * $line['unit_price']) - $line['discount'];
|
||||
$taxGroups[$rate]['tax'] += $line['tax_amount'];
|
||||
}
|
||||
|
||||
foreach ($taxGroups as $rate => $data) {
|
||||
$taxSubtotal = $dom->createElement('cac:TaxSubtotal');
|
||||
|
||||
$subtaxable = $dom->createElement('cbc:TaxableAmount', number_format($data['taxable'], 3, '.', ''));
|
||||
$subtaxable->setAttribute('currencyID', 'JOD');
|
||||
$taxSubtotal->appendChild($subtaxable);
|
||||
|
||||
$subtaxamt = $dom->createElement('cbc:TaxAmount', number_format($data['tax'], 3, '.', ''));
|
||||
$subtaxamt->setAttribute('currencyID', 'JOD');
|
||||
$taxSubtotal->appendChild($subtaxamt);
|
||||
|
||||
$taxCategory = $dom->createElement('cac:TaxCategory');
|
||||
$taxCategory->appendChild($dom->createElement('cbc:ID', 'S'));
|
||||
$taxCategory->appendChild($dom->createElement('cbc:Percent', number_format((float)$rate * 100, 2, '.', '')));
|
||||
$tcs = $dom->createElement('cac:TaxScheme');
|
||||
$tcs->appendChild($dom->createElement('cbc:ID', 'VAT'));
|
||||
$taxCategory->appendChild($tcs);
|
||||
$taxSubtotal->appendChild($taxCategory);
|
||||
|
||||
$taxTotal->appendChild($taxSubtotal);
|
||||
}
|
||||
$root->appendChild($taxTotal);
|
||||
|
||||
// 6. LegalMonetaryTotal
|
||||
$lmt = $dom->createElement('cac:LegalMonetaryTotal');
|
||||
|
||||
$fields = [
|
||||
'LineExtensionAmount' => $invoice['subtotal'] - $invoice['discount_total'],
|
||||
'TaxExclusiveAmount' => $invoice['subtotal'] - $invoice['discount_total'],
|
||||
'TaxInclusiveAmount' => $invoice['grand_total'],
|
||||
'AllowanceTotalAmount' => $invoice['discount_total'],
|
||||
'PayableAmount' => $invoice['grand_total']
|
||||
];
|
||||
|
||||
foreach ($fields as $field => $value) {
|
||||
$f = $dom->createElement('cbc:' . $field, number_format((float)$value, 3, '.', ''));
|
||||
$f->setAttribute('currencyID', 'JOD');
|
||||
$lmt->appendChild($f);
|
||||
}
|
||||
$root->appendChild($lmt);
|
||||
|
||||
// 7. InvoiceLine
|
||||
foreach ($lines as $line) {
|
||||
$invLine = $dom->createElement('cac:InvoiceLine');
|
||||
$invLine->appendChild($dom->createElement('cbc:ID', (string)$line['line_number']));
|
||||
|
||||
$qty = $dom->createElement('cbc:InvoicedQuantity', number_format((float)$line['quantity'], 3, '.', ''));
|
||||
$qty->setAttribute('unitCode', 'PCE');
|
||||
$invLine->appendChild($qty);
|
||||
|
||||
$lineExt = $dom->createElement('cbc:LineExtensionAmount', number_format($line['line_total'], 3, '.', ''));
|
||||
$lineExt->setAttribute('currencyID', 'JOD');
|
||||
$invLine->appendChild($lineExt);
|
||||
|
||||
// Line Tax
|
||||
$lineTax = $dom->createElement('cac:TaxTotal');
|
||||
$ltaxAmt = $dom->createElement('cbc:TaxAmount', number_format((float)$line['tax_amount'], 3, '.', ''));
|
||||
$ltaxAmt->setAttribute('currencyID', 'JOD');
|
||||
$lineTax->appendChild($ltaxAmt);
|
||||
$invLine->appendChild($lineTax);
|
||||
|
||||
$item = $dom->createElement('cac:Item');
|
||||
$item->appendChild($dom->createElement('cbc:Description', $line['description']));
|
||||
$itc = $dom->createElement('cac:TaxCategory');
|
||||
$itc->appendChild($dom->createElement('cbc:ID', 'S'));
|
||||
$itc->appendChild($dom->createElement('cbc:Percent', number_format((float)$line['tax_rate'] * 100, 2, '.', '')));
|
||||
$its = $dom->createElement('cac:TaxScheme');
|
||||
$its->appendChild($dom->createElement('cbc:ID', 'VAT'));
|
||||
$itc->appendChild($its);
|
||||
$item->appendChild($itc);
|
||||
$invLine->appendChild($item);
|
||||
|
||||
$price = $dom->createElement('cac:Price');
|
||||
$pamt = $dom->createElement('cbc:PriceAmount', number_format((float)$line['unit_price'], 3, '.', ''));
|
||||
$pamt->setAttribute('currencyID', 'JOD');
|
||||
$price->appendChild($pamt);
|
||||
$invLine->appendChild($price);
|
||||
|
||||
$root->appendChild($invLine);
|
||||
}
|
||||
|
||||
// Return formatted XML
|
||||
$dom = dom_import_simplexml($xml)->ownerDocument;
|
||||
$dom->formatOutput = true;
|
||||
return $dom->saveXML();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,10 +1,8 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Services\Security;
|
||||
|
||||
use Exception;
|
||||
use RuntimeException;
|
||||
|
||||
final class EncryptionService
|
||||
{
|
||||
@@ -13,50 +11,36 @@ final class EncryptionService
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
// Load encryption key from secrets config
|
||||
$secrets = require __DIR__ . '/../../../config/secrets.php';
|
||||
$this->key = $secrets['encryption_key'] ?? '';
|
||||
// Load from config/secrets.php — NEVER from .env directly
|
||||
$secrets = require dirname(__DIR__, 3) . '/config/secrets.php';
|
||||
$key = $secrets['encryption_key'] ?? '';
|
||||
|
||||
// Ensure key is hexadecimal and convert to binary (32 bytes)
|
||||
if (strlen($this->key) === 64) {
|
||||
$this->key = hex2bin($this->key);
|
||||
}
|
||||
|
||||
if (strlen($this->key) !== 32) {
|
||||
throw new Exception("Security Error: Invalid ENCRYPTION_KEY length. Must be 32 bytes.");
|
||||
if (strlen($key) !== 32) {
|
||||
throw new RuntimeException(
|
||||
'ENCRYPTION_KEY_B64 not set or invalid. ' .
|
||||
'Generate: php -r "echo base64_encode(random_bytes(32));"'
|
||||
);
|
||||
}
|
||||
$this->key = $key;
|
||||
}
|
||||
|
||||
public function encrypt(string $plaintext): string
|
||||
{
|
||||
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length(self::METHOD));
|
||||
$ciphertext = openssl_encrypt($plaintext, self::METHOD, $this->key, 0, $iv, $tag);
|
||||
|
||||
if ($ciphertext === false) {
|
||||
throw new Exception("Encryption failed.");
|
||||
}
|
||||
|
||||
$iv = random_bytes(12); // 12 bytes for GCM
|
||||
$tag = '';
|
||||
$ciphertext = openssl_encrypt($plaintext, self::METHOD, $this->key, OPENSSL_RAW_DATA, $iv, $tag, '', 16);
|
||||
if ($ciphertext === false) throw new RuntimeException('Encryption failed');
|
||||
return base64_encode($iv) . ':' . base64_encode($ciphertext) . ':' . base64_encode($tag);
|
||||
}
|
||||
|
||||
public function decrypt(string $encryptedData): string
|
||||
public function decrypt(string $data): string
|
||||
{
|
||||
$parts = explode(':', $encryptedData);
|
||||
if (count($parts) !== 3) {
|
||||
throw new Exception("Invalid encrypted data format.");
|
||||
}
|
||||
|
||||
[$ivBase64, $ciphertextBase64, $tagBase64] = $parts;
|
||||
$iv = base64_decode($ivBase64);
|
||||
$ciphertext = base64_decode($ciphertextBase64);
|
||||
$tag = base64_decode($tagBase64);
|
||||
|
||||
$plaintext = openssl_decrypt($ciphertext, self::METHOD, $this->key, 0, $iv, $tag);
|
||||
|
||||
if ($plaintext === false) {
|
||||
throw new Exception("Decryption failed.");
|
||||
}
|
||||
|
||||
[$iv64, $ct64, $tag64] = explode(':', $data);
|
||||
$plaintext = openssl_decrypt(
|
||||
base64_decode($ct64), self::METHOD, $this->key,
|
||||
OPENSSL_RAW_DATA, base64_decode($iv64), base64_decode($tag64)
|
||||
);
|
||||
if ($plaintext === false) throw new RuntimeException('Decryption failed');
|
||||
return $plaintext;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11,35 +11,29 @@ final class HmacService
|
||||
/**
|
||||
* Verify HMAC signature for external API requests (Flutter)
|
||||
*/
|
||||
public function verify(
|
||||
string $secret,
|
||||
string $method,
|
||||
string $path,
|
||||
string $timestamp,
|
||||
string $nonce,
|
||||
string $body,
|
||||
string $providedSignature
|
||||
): bool {
|
||||
// 1. Check timestamp (within 5 minutes)
|
||||
if (abs(time() - (int)$timestamp) > 300) {
|
||||
return false;
|
||||
public function verify(string $secret, string $method, string $path,
|
||||
string $timestamp, string $nonce, string $body, string $signature): bool
|
||||
{
|
||||
// 1. Timestamp window (±5 minutes)
|
||||
if (abs(time() - (int)$timestamp) > 300) return false;
|
||||
|
||||
// 2. Nonce replay protection
|
||||
try {
|
||||
$redis = \App\Core\Redis::getInstance();
|
||||
$nonceKey = 'hmac_nonce:' . $nonce;
|
||||
if ($redis->exists($nonceKey)) return false; // Replay attack
|
||||
$redis->setex($nonceKey, 600, '1'); // TTL 10 minutes
|
||||
} catch (\Throwable $e) {
|
||||
// Redis unavailable — log but don't fail (degrade gracefully)
|
||||
error_log('[HMAC] Redis unavailable for nonce check: ' . $e->getMessage());
|
||||
}
|
||||
|
||||
// 2. Replay protection using Nonce in Redis
|
||||
// Note: Redis::getInstance() would be used here
|
||||
// If nonce exists, reject
|
||||
|
||||
// 3. Calculate Signature
|
||||
// 3. Build & compare signature
|
||||
$bodyHash = hash('sha256', $body);
|
||||
$stringToSign = strtoupper($method) . "\n" .
|
||||
$path . "\n" .
|
||||
$timestamp . "\n" .
|
||||
$nonce . "\n" .
|
||||
$bodyHash;
|
||||
$stringToSign = strtoupper($method) . "\n" . $path . "\n" . $timestamp . "\n" . $nonce . "\n" . $bodyHash;
|
||||
$calculated = hash_hmac('sha256', $stringToSign, $secret);
|
||||
|
||||
$calculatedSignature = hash_hmac('sha256', $stringToSign, $secret);
|
||||
|
||||
return hash_equals($calculatedSignature, $providedSignature);
|
||||
return hash_equals($calculated, $signature);
|
||||
}
|
||||
|
||||
public function sign(string $secret, string $method, string $path, string $timestamp, string $nonce, string $body): string
|
||||
|
||||
@@ -50,11 +50,18 @@ final class TaxValidationService
|
||||
$errors[] = ['code' => 'RULE_006', 'message_ar' => 'يجب تزويد الرقم الضريبي أو الوطني للمشتري للفواتير التي تتجاوز 10,000 دينار'];
|
||||
}
|
||||
|
||||
// Rule 007: Discount integrity
|
||||
$expectedSubtotal = $invoice['subtotal'] - $invoice['discount_total'];
|
||||
// This is a simplified check for Rule 007
|
||||
if ($expectedSubtotal < 0) {
|
||||
$errors[] = ['code' => 'RULE_007', 'message_ar' => 'إجمالي الخصم لا يمكن أن يتجاوز المجموع الفرعي'];
|
||||
// Rule 007: Discount integrity — subtotal - discount = Σ(line totals before tax)
|
||||
$lineSumBeforeTax = array_sum(array_map(
|
||||
fn($l) => round(($l['quantity'] * $l['unit_price']) - ($l['discount'] ?? 0), 3),
|
||||
$lines
|
||||
));
|
||||
$expected = round($invoice['subtotal'] - $invoice['discount_total'], 3);
|
||||
if (abs($expected - $lineSumBeforeTax) > 0.01) {
|
||||
$errors[] = [
|
||||
'code' => 'RULE_007',
|
||||
'message_ar' => "خطأ في حساب الخصومات: المتوقع {$expected} JOD، المحسوب {$lineSumBeforeTax} JOD",
|
||||
'message_en' => "Discount integrity error"
|
||||
];
|
||||
}
|
||||
|
||||
return [
|
||||
|
||||
Reference in New Issue
Block a user