Hamza/musadaq-saas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-05-04 01:33:55

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-04 01:33:55 +03:00
parent ad48142492
commit 90f2f6f6e3
6 changed files with 251 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
app/core/AI.php Normal file
View File

@@ -0,0 +1,103 @@
<?php
namespace App\Core;
/**
* Gemini AI Integration for Invoice Extraction
*/
class AI
{
private static string $baseUrl = "https://generativelanguage.googleapis.com/v1beta/models/gemini-flash-lite-latest:generateContent";
/**
* Extract Data from Invoice Image or PDF (Base64)
*/
public static function extractInvoiceData(string $base64Data, string $mimeType): ?array
{
$apiKey = env('GEMINI_API_KEY');
if (!$apiKey) {
error_log('AI Error: GEMINI_API_KEY is missing');
return null;
}
$prompt = "You are an expert in Jordanian E-Invoicing (UBL 2.1).
Extract all data from this invoice image/document into a JSON format.
Strict Rules:
1. Ensure numeric values are numbers, not strings.
2. Identify the Supplier TIN (Tax Identification Number) and Buyer TIN (if present).
3. Identify if the invoice is 'Cash' or 'Credit'.
4. Identify if it is 'Simplified' (B2C) or 'Standard' (B2B).
5. Extract line items precisely.
6. Return ONLY valid JSON, no markdown formatting.
Required JSON Structure:
{
\"invoice_number\": \"\",
\"invoice_date\": \"YYYY-MM-DD\",
\"invoice_type\": \"cash|credit\",
\"invoice_category\": \"simplified|standard\",
\"supplier_tin\": \"\",
\"supplier_name\": \"\",
\"supplier_address\": \"\",
\"buyer_tin\": \"\",
\"buyer_name\": \"\",
\"buyer_national_id\": \"\",
\"subtotal\": 0.000,
\"tax_amount\": 0.000,
\"discount_total\": 0.000,
\"grand_total\": 0.000,
\"currency\": \"JOD\",
\"items\": [
{
\"description\": \"\",
\"quantity\": 0,
\"unit_price\": 0.000,
\"tax_amount\": 0.000,
\"total\": 0.000
}
]
}";
$payload = [
"contents" => [
[
"parts" => [
["text" => $prompt],
[
"inline_data" => [
"mime_type" => $mimeType,
"data" => $base64Data
]
]
]
]
],
"generationConfig" => [
"response_mime_type" => "application/json"
]
];
$ch = curl_init(self::$baseUrl . "?key=" . $apiKey);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($httpCode !== 200) {
error_log("AI Error: Gemini API returned code $httpCode. Response: " . $response);
return null;
}
$result = json_decode($response, true);
$textResponse = $result['candidates'][0]['content']['parts'][0]['text'] ?? null;
if (!$textResponse) return null;
return json_decode($textResponse, true);
}
}

131
app/modules_app/invoices/upload.php
View File

@@ -15,58 +15,107 @@ if (!in_array($decoded['role'], $allowedRoles)) {
json_error('Unauthorized to upload invoices', 403); json_error('Unauthorized to upload invoices', 403);
} }
// 2. Validate Request // 3. Permission Check
$companyId = $_POST['company_id'] ?? null;
if (!$companyId || !isset($_FILES['invoice'])) {
json_error('Company ID and invoice file are required', 422);
}
// 3. Permission Check (Can this user upload to this company?)
$tenantId = $decoded['tenant_id']; $tenantId = $decoded['tenant_id'];
$userId = $decoded['user_id']; $userId = $decoded['user_id'];
if ($decoded['role'] === 'admin') { // Everyone (except Super Admin who shouldn't upload here) must belong to the tenant
$stmt = $db->prepare("SELECT id FROM companies WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL"); // And if they are NOT an admin, they must be assigned to this company
$stmt->execute([$companyId, $tenantId]); if ($decoded['role'] !== 'admin' && $decoded['role'] !== 'super_admin') {
} elseif ($decoded['role'] === 'accountant') { $stmt = $db->prepare("SELECT id FROM user_company_assignments WHERE user_id = ? AND company_id = ? AND is_active = 1");
$stmt = $db->prepare("
SELECT c.id FROM companies c
JOIN user_company_assignments uca ON c.id = uca.company_id
WHERE c.id = ? AND uca.user_id = ? AND uca.is_active = 1
");
$stmt->execute([$companyId, $userId]);
} else { // employee
// In our schema, employee is linked via users.company_id
$stmt = $db->prepare("SELECT id FROM users WHERE id = ? AND company_id = ?");
$stmt->execute([$userId, $companyId]); $stmt->execute([$userId, $companyId]);
if (!$stmt->fetch()) {
json_error('Access denied to this company', 403);
}
} }
if (!$stmt->fetch()) { // 4. Handle File Upload
json_error('Access denied to this company', 403); $dateFolder = date('Y-m-d');
} $uploadDir = STORAGE_PATH . '/invoices/' . $tenantId . '/' . $companyId . '/' . $dateFolder . '/';
if (!is_dir($uploadDir)) mkdir($uploadDir, 0775, true);
// 4. Handle File Upload (Mock logic for now, using storage/invoices) $extension = pathinfo($_FILES['invoice']['name'], PATHINFO_EXTENSION);
$uploadDir = __DIR__ . '/../../../storage/invoices/' . $tenantId . '/' . $companyId . '/'; $fileName = bin2hex(random_bytes(8)) . '_' . time() . '.' . $extension;
if (!is_dir($uploadDir)) mkdir($uploadDir, 0755, true);
$fileName = time() . '_' . basename($_FILES['invoice']['name']);
$targetFile = $uploadDir . $fileName; $targetFile = $uploadDir . $fileName;
if (move_uploaded_file($_FILES['invoice']['tmp_name'], $targetFile)) { if (move_uploaded_file($_FILES['invoice']['tmp_name'], $targetFile)) {
// 5. Save to DB
$stmt = $db->prepare(" // 5. Run AI Extraction
INSERT INTO invoices ( $mimeType = $_FILES['invoice']['type'];
tenant_id, company_id, status, uploaded_by, original_file_path, created_at $base64Data = base64_encode(file_get_contents($targetFile));
) VALUES (?, ?, 'uploaded', ?, ?, NOW())
"); $extracted = \App\Core\AI::extractInvoiceData($base64Data, $mimeType);
$stmt->execute([
$tenantId, if (!$extracted) {
$companyId, // Still save basic record if AI fails
$userId, $stmt = $db->prepare("INSERT INTO invoices (tenant_id, company_id, uploaded_by, original_file_path, status, created_at) VALUES (?, ?, ?, ?, 'uploaded', NOW())");
$targetFile $stmt->execute([$tenantId, $companyId, $userId, $targetFile]);
]); json_success(['id' => $db->lastInsertId()], 'تم رفع الفاتورة ولكن فشل استخراج البيانات تلقائياً');
}
json_success(['id' => $db->lastInsertId()], 'تم رفع الفاتورة بنجاح وبدأت عملية المعالجة'); // 6. Save Extracted Data with Encryption
try {
$db->beginTransaction();
$stmt = $db->prepare("
INSERT INTO invoices (
tenant_id, company_id, uploaded_by, original_file_path, status,
invoice_number, invoice_date, invoice_type, invoice_category,
supplier_tin, supplier_name, supplier_address,
buyer_tin, buyer_name, buyer_national_id,
subtotal, tax_amount, discount_total, grand_total, currency_code,
created_at
) VALUES (?, ?, ?, ?, 'extracted', ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW())
");
$stmt->execute([
$tenantId, $companyId, $userId, $targetFile,
$extracted['invoice_number'] ?? null,
$extracted['invoice_date'] ?? null,
$extracted['invoice_type'] ?? 'cash',
$extracted['invoice_category'] ?? 'simplified',
// Encrypt sensitive details
\App\Core\Encryption::encrypt($extracted['supplier_tin'] ?? ''),
\App\Core\Encryption::encrypt($extracted['supplier_name'] ?? ''),
\App\Core\Encryption::encrypt($extracted['supplier_address'] ?? ''),
\App\Core\Encryption::encrypt($extracted['buyer_tin'] ?? ''),
\App\Core\Encryption::encrypt($extracted['buyer_name'] ?? ''),
\App\Core\Encryption::encrypt($extracted['buyer_national_id'] ?? ''),
$extracted['subtotal'] ?? 0,
$extracted['tax_amount'] ?? 0,
$extracted['discount_total'] ?? 0,
$extracted['grand_total'] ?? 0,
$extracted['currency'] ?? 'JOD'
]);
$invoiceId = $db->lastInsertId();
// Save Line Items (No encryption for lines for now, usually not sensitive but can be)
if (!empty($extracted['items'])) {
$lineStmt = $db->prepare("
INSERT INTO invoice_lines (invoice_id, description, quantity, unit_price, tax_amount, total)
VALUES (?, ?, ?, ?, ?, ?)
");
foreach ($extracted['items'] as $item) {
$lineStmt->execute([
$invoiceId,
$item['description'] ?? 'N/A',
$item['quantity'] ?? 1,
$item['unit_price'] ?? 0,
$item['tax_amount'] ?? 0,
$item['total'] ?? 0
]);
}
}
$db->commit();
json_success(['id' => $invoiceId], 'تم رفع الفاتورة واستخراج البيانات بنجاح');
} catch (\Exception $e) {
$db->rollBack();
error_log("DB Error during invoice save: " . $e->getMessage());
json_error('حدث خطأ أثناء حفظ بيانات الفاتورة', 500);
}
} else { } else {
json_error('Failed to save uploaded file', 500); json_error('Failed to save uploaded file', 500);
} }

2
app/modules_app/users/create.php
View File

@@ -19,7 +19,7 @@ $data = input();
// 1. Role Authorization check (Prevent Role Escalation) // 1. Role Authorization check (Prevent Role Escalation)
$allowedRoles = match($decoded['role']) { $allowedRoles = match($decoded['role']) {
'super_admin' => ['super_admin', 'admin', 'accountant', 'employee', 'viewer'], 'super_admin' => ['super_admin', 'admin', 'accountant', 'employee', 'viewer'],
'admin' => ['accountant', 'employee', 'viewer'], 'admin' => ['accountant', 'employee', 'viewer'], // Cannot create other admins
default => [] default => []
}; };

55
app/modules_app/users/delete.php Normal file
View File

@@ -0,0 +1,55 @@
<?php
/**
* Delete User Endpoint (Soft Delete)
*/
use App\Core\Database;
use App\Middleware\AuthMiddleware;
// 1. Auth Check
$decoded = AuthMiddleware::check();
$db = Database::getInstance();
$currentUserId = $decoded['user_id'];
$currentUserRole = $decoded['role'];
$targetUserId = input('id');
if (!$targetUserId) {
json_error('User ID is required', 422);
}
// 2. Prevent self-deletion
if ($currentUserId === $targetUserId) {
json_error('لا يمكنك حذف حسابك الشخصي من هنا', 403);
}
// 3. Fetch target user to check permissions
$stmt = $db->prepare("SELECT * FROM users WHERE id = ?");
$stmt->execute([$targetUserId]);
$targetUser = $stmt->fetch();
if (!$targetUser) {
json_error('المستخدم غير موجود', 404);
}
// 4. Role-based Authorization
if ($currentUserRole === 'super_admin') {
// Super Admin can delete anyone except themselves
} elseif ($currentUserRole === 'admin') {
// Admin can only delete users in THEIR tenant
if ($targetUser['tenant_id'] !== $decoded['tenant_id']) {
json_error('ليس لديك صلاحية لحذف هذا المستخدم', 403);
}
// Admin cannot delete other admins (only super_admin can)
if ($targetUser['role'] === 'admin' || $targetUser['role'] === 'super_admin') {
json_error('لا يمكنك حذف مدير آخر. فقط السوبر أدمن يمكنه ذلك.', 403);
}
} else {
json_error('غير مصرح لك بحذف المستخدمين', 403);
}
// 5. Perform Soft Delete
$stmt = $db->prepare("UPDATE users SET deleted_at = NOW(), is_active = 0 WHERE id = ?");
$stmt->execute([$targetUserId]);
json_success(null, 'تم حذف المستخدم بنجاح');

1
public/index.php
View File

@@ -21,6 +21,7 @@ $routes = [
'v1/auth/logout' => ['POST', 'auth/logout.php'], 'v1/auth/logout' => ['POST', 'auth/logout.php'],
'v1/users' => ['GET', 'users/index.php'], 'v1/users' => ['GET', 'users/index.php'],
'v1/users/create' => ['POST', 'users/create.php'], 'v1/users/create' => ['POST', 'users/create.php'],
'v1/users/delete' => ['POST', 'users/delete.php'],
'v1/companies' => ['GET', 'companies/index.php'], 'v1/companies' => ['GET', 'companies/index.php'],
'v1/companies/create' => ['POST', 'companies/create.php'], 'v1/companies/create' => ['POST', 'companies/create.php'],
'v1/invoices/upload' => ['POST', 'invoices/upload.php'], 'v1/invoices/upload' => ['POST', 'invoices/upload.php'],

1
scripts/schema.sql
View File

@@ -107,6 +107,7 @@ CREATE TABLE invoices (
grand_total DECIMAL(15,3) DEFAULT 0, grand_total DECIMAL(15,3) DEFAULT 0,
currency_code CHAR(3) DEFAULT 'JOD', currency_code CHAR(3) DEFAULT 'JOD',
status ENUM('uploaded','extracting','extracted','validated','validation_failed','submitting','approved','rejected') DEFAULT 'uploaded', status ENUM('uploaded','extracting','extracted','validated','validation_failed','submitting','approved','rejected') DEFAULT 'uploaded',
uploaded_by CHAR(36) NULL,
original_file_path TEXT NULL, original_file_path TEXT NULL,
invoice_category VARCHAR(20) DEFAULT 'simplified', invoice_category VARCHAR(20) DEFAULT 'simplified',
validation_errors JSON NULL, validation_errors JSON NULL,