Hamza/musadaq-saas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-05-04 17:29:56

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-04 17:29:56 +03:00
parent 47652b4d95
commit 98c4b922be
12 changed files with 480 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
app/modules_app/companies/connect_jofotara.php Normal file
View File

@@ -0,0 +1,65 @@
<?php
/**
* Link Company to JoFotara API
*/
use App\Core\Database;
use App\Core\Encryption;
use App\Core\JoFotara;
use App\Middleware\AuthMiddleware;
// 1. Auth Check
$decoded = AuthMiddleware::check();
if (!in_array($decoded['role'], [ 'super_admin'])) {
json_error('Unauthorized to modify JoFotara settings', 403);
}
$db = Database::getInstance();
$data = json_decode(file_get_contents('php://input'), true);
$companyId = $data['id'] ?? null;
$clientId = $data['client_id'] ?? null;
$secretKey = $data['secret_key'] ?? null;
$sequence = $data['income_source_sequence'] ?? null;
if (!$companyId || !$clientId || !$secretKey) {
json_error('Company ID, Client ID, and Secret Key are required', 422);
}
$tenantId = $decoded['tenant_id'];
try {
// 2. Validate Company Ownership
$stmt = $db->prepare("SELECT id FROM companies WHERE id = ? AND tenant_id = ?");
$stmt->execute([$companyId, $tenantId]);
if (!$stmt->fetch()) json_error('Access denied', 403);
// 3. Test Connection (Optional but recommended)
$jofotara = new JoFotara();
// Here you would typically call a health check endpoint if JoFotara provides one,
// or just assume the credentials are correct for now.
// 4. Update Company with Encrypted Credentials
$stmtUpdate = $db->prepare("
UPDATE companies
SET
jofotara_client_id_encrypted = ?,
jofotara_secret_key_encrypted = ?,
jofotara_income_source_sequence = ?,
updated_at = NOW()
WHERE id = ?
");
$stmtUpdate->execute([
Encryption::encrypt($clientId),
Encryption::encrypt($secretKey),
$sequence,
$companyId
]);
json_success(null, 'تم ربط الشركة بنظام جوفوترة بنجاح');
} catch (\Exception $e) {
error_log("JoFotara Connection Error: " . $e->getMessage());
json_error('فشل في حفظ البيانات: ' . $e->getMessage(), 500);
}

67
app/modules_app/companies/stats.php Normal file
View File

@@ -0,0 +1,67 @@
<?php
/**
* Company Monthly Stats & JoFotara Status
*/
use App\Core\Database;
use App\Middleware\AuthMiddleware;
// 1. Auth Check
$decoded = AuthMiddleware::check();
$db = Database::getInstance();
$companyId = $_GET['id'] ?? null;
if (!$companyId) json_error('Company ID is required', 422);
$tenantId = $decoded['tenant_id'];
try {
// 2. Permission Check
$stmt = $db->prepare("SELECT id, name, tax_identification_number, is_active,
(jofotara_client_id_encrypted IS NOT NULL) as is_jofotara_connected,
jofotara_income_source_sequence
FROM companies WHERE id = ? AND tenant_id = ?");
$stmt->execute([$companyId, $tenantId]);
$company = $stmt->fetch();
if (!$company) json_error('Company not found', 404);
// 3. Monthly Invoice Stats
$stmtStats = $db->prepare("
SELECT
DATE_FORMAT(invoice_date, '%Y-%m') as month,
COUNT(*) as total_invoices,
SUM(CASE WHEN status='approved' THEN 1 ELSE 0 END) as approved_count,
SUM(grand_total) as total_amount
FROM invoices
WHERE company_id = ? AND deleted_at IS NULL
GROUP BY month
ORDER BY month DESC
LIMIT 12
");
$stmtStats->execute([$companyId]);
$monthly = $stmtStats->fetchAll();
// 4. Lifetime Totals
$stmtTotals = $db->prepare("
SELECT
COUNT(*) as total_invoices,
SUM(grand_total) as total_amount,
SUM(tax_amount) as total_tax,
SUM(CASE WHEN status='approved' THEN 1 ELSE 0 END) as approved_count
FROM invoices
WHERE company_id = ? AND deleted_at IS NULL
");
$stmtTotals->execute([$companyId]);
$totals = $stmtTotals->fetch();
json_success([
'company' => $company,
'monthly' => $monthly,
'totals' => $totals
]);
} catch (\Exception $e) {
error_log("Company Stats Error: " . $e->getMessage());
json_error('Server error', 500);
}

44
app/modules_app/invoices/download_xml.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
/**
* Official JoFotara XML Download
*/
use App\Core\Database;
use App\Middleware\AuthMiddleware;
// 1. Auth Check
$decoded = AuthMiddleware::check();
$db = Database::getInstance();
// 2. Validate Request
$id = $_GET['id'] ?? null;
if (!$id) json_error('Invoice ID is required', 422);
$tenantId = $decoded['tenant_id'];
try {
// 3. Fetch accepted submission for this invoice
$stmt = $db->prepare("
SELECT js.xml_payload, js.jofotara_uuid
FROM jofotara_submissions js
JOIN invoices i ON js.invoice_id = i.id
WHERE i.id = ? AND i.tenant_id = ? AND js.status = 'accepted'
ORDER BY js.created_at DESC LIMIT 1
");
$stmt->execute([$id, $tenantId]);
$row = $stmt->fetch();
if (!$row || empty($row['xml_payload'])) {
json_error('لا يوجد XML رسمي متاح لهذه الفاتورة', 404);
}
// 4. Send headers for download
header('Content-Type: application/xml; charset=utf-8');
header('Content-Disposition: attachment; filename="invoice_' . ($row['jofotara_uuid'] ?: $id) . '.xml"');
echo $row['xml_payload'];
exit;
} catch (\Exception $e) {
error_log("XML Download Error: " . $e->getMessage());
json_error('خطأ في تحميل الملف', 500);
}

59
app/modules_app/invoices/view.php
View File

@@ -1,6 +1,6 @@
<?php
/**
* View Invoice Details Endpoint (with Line Items)
* Invoice View Endpoint (Decrypted & JoFotara Aware)
*/
use App\Core\Database;
@@ -11,32 +11,24 @@ use App\Middleware\AuthMiddleware;
$decoded = AuthMiddleware::check();
$db = Database::getInstance();
$id = input('id');
if (!$id) {
json_error('Invoice ID is required', 422);
}
// 2. Validate Request
$id = $_GET['id'] ?? null;
if (!$id) json_error('Invoice ID is required', 422);
// 3. Permission Check (Multi-Tenant Isolation)
$tenantId = $decoded['tenant_id'];
try {
// 2. Fetch Invoice
$stmt = $db->prepare("
SELECT i.*, c.name as company_name
SELECT i.*, c.name as company_name
FROM invoices i
LEFT JOIN companies c ON i.company_id = c.id
WHERE i.id = ?
JOIN companies c ON i.company_id = c.id
WHERE i.id = ? AND i.tenant_id = ?
");
$stmt->execute([$id]);
$stmt->execute([$id, $tenantId]);
$invoice = $stmt->fetch();
if (!$invoice) {
json_error('Invoice not found', 404);
}
// 3. Authorization Check
if ($decoded['role'] !== 'super_admin') {
if ($invoice['tenant_id'] !== $decoded['tenant_id']) {
json_error('Unauthorized access to this invoice', 403);
}
}
if (!$invoice) json_error('Invoice not found or access denied', 404);
// 4. Fetch Line Items
$stmtLines = $db->prepare("SELECT * FROM invoice_lines WHERE invoice_id = ? ORDER BY line_number ASC");
@@ -57,13 +49,30 @@ try {
$invoice['company_name'] = $decrypt($invoice['company_name']);
}
// 6. Generate Public URL for File (Assuming storage is symlinked or served)
// For now, let's just return the relative path or a proxy route
// We'll add a proxy route later if needed.
$invoice['file_url'] = '/index.php?route=v1/invoices/file&id=' . $invoice['id'];
// 6. Fetch JoFotara Submission Data
$stmtSub = $db->prepare("
SELECT jofotara_uuid, submitted_at, qr_code_raw, status as submission_status, response_body
FROM jofotara_submissions
WHERE invoice_id = ? AND status = 'accepted'
ORDER BY created_at DESC LIMIT 1
");
$stmtSub->execute([$id]);
$submission = $stmtSub->fetch();
$invoice['jofotara'] = $submission ? [
'uuid' => $submission['jofotara_uuid'],
'submitted_at' => $submission['submitted_at'],
'qr_image_uri' => $submission['qr_code_raw'] ? 'data:image/png;base64,' . $submission['qr_code_raw'] : null,
'has_xml' => true
] : null;
// 7. Generate Public URL for File
$token = Encryption::encrypt($invoice['original_file_path']);
$invoice['file_url'] = '/index.php?route=v1/invoices/file&file_token=' . urlencode($token);
json_success($invoice);
} catch (\Exception $e) {
json_error('Error fetching invoice: ' . $e->getMessage(), 500);
error_log("Invoice View Error: " . $e->getMessage());
json_error('Server error during invoice retrieval', 500);
}