Hamza/musadaq-saas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-05-05 01:44:06

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-05 01:44:06 +03:00
parent dcbf8bd04f
commit cfbd9c0009
2 changed files with 374 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
app/modules_app/invoices/upload.php
View File

@@ -5,6 +5,9 @@
use App\Core\Database;
use App\Middleware\AuthMiddleware;
use App\Core\AI;
use App\Core\Encryption;
use App\Middleware\QuotaMiddleware;
// 1. Auth Check
$decoded = AuthMiddleware::check();
@@ -12,33 +15,31 @@ $tenantId = $decoded['tenant_id'];
$userId = $decoded['user_id'];
// --- QUOTA CHECK ---
\App\Middleware\QuotaMiddleware::checkInvoiceQuota($tenantId);
QuotaMiddleware::checkInvoiceQuota($tenantId);
// -------------------
$db = Database::getInstance();
$allowedRoles = ['admin', 'accountant', 'employee'];
if (!in_array($decoded['role'], $allowedRoles)) {
json_error('Unauthorized to upload invoices', 403);
json_error('غير مصرح لك برفع الفواتير', 403);
}
// 2. Validate Request
$data = input();
$companyId = $data['company_id'] ?? null;
if (!$companyId || !isset($_FILES['invoice'])) {
json_error('Company ID and invoice file are required', 422);
json_error('رقم الشركة وملف الفاتورة مطلوبان', 422);
}
// 3. Permission Check
$tenantId = $decoded['tenant_id'];
$userId = $decoded['user_id'];
// Everyone (except Super Admin) must belong to the same tenant as the company
$stmt = $db->prepare("SELECT id FROM companies WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL");
$stmt->execute([$companyId, $tenantId]);
if (!$stmt->fetch()) {
json_error('Access denied to this company or invalid company ID', 403);
json_error('الوصول مرفوض لهذه الشركة أو رقم الشركة غير صحيح', 403);
}
// 4. Handle File Upload (Step-by-step for permission safety)
@@ -70,23 +71,30 @@ if (move_uploaded_file($_FILES['invoice']['tmp_name'], $targetFile)) {
json_error('فشل في قراءة الملف المرفوع', 500);
}
$base64Data = base64_encode($fileContent);
$extracted = \App\Core\AI::extractInvoiceData($base64Data, $mimeType);
$extracted = AI::extractInvoiceData($base64Data, $mimeType);
if (!$extracted) {
// Still save basic record if AI fails
$stmt = $db->prepare("INSERT INTO invoices (tenant_id, company_id, uploaded_by, original_file_path, status, created_at) VALUES (?, ?, ?, ?, 'uploaded', NOW())");
$stmt->execute([$tenantId, $companyId, $userId, $targetFile]);
json_success(['id' => $db->lastInsertId()], 'تم رفع الفاتورة ولكن فشل استخراج البيانات تلقائياً');
// Still save basic record if AI fails, ensuring all NOT NULL and new columns are met
$invoiceId = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex(random_bytes(16)), 4));
$stmt = $db->prepare("
INSERT INTO invoices (
id, tenant_id, company_id, uploaded_by, original_file_path, status, created_at
) VALUES (
?, ?, ?, ?, ?, 'uploaded', NOW()
)
");
$stmt->execute([$invoiceId, $tenantId, $companyId, $userId, $targetFile]);
json_success(['id' => $invoiceId], 'تم رفع الفاتورة ولكن فشل استخراج البيانات تلقائياً');
}
// 6. Save Extracted Data with Encryption
try {
$db->beginTransaction();
// 5.5 Duplicate Prevention Check (Now inside transaction for safety)
// 5.5 Duplicate Prevention Check
$supplierTin = $extracted['supplier']['tin'] ?? '';
$invoiceNum = $extracted['invoice_number'] ?? '';
$invoiceNum = $extracted['invoice_number'] ?? '';
$invoiceDate = $extracted['invoice_date'] ?? '';
$invoiceHash = null;
@@ -102,10 +110,6 @@ if (move_uploaded_file($_FILES['invoice']['tmp_name'], $targetFile)) {
}
}
$invoiceId = bin2hex(random_bytes(16)); // Generate UUID
// Let's use a standard UUID format if possible, but MySQL CHAR(36) accepts anything.
// Actually, let's just use the DB's UUID() function but FETCH it back or generate it here.
// I'll use a better UUID generator logic.
$invoiceId = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex(random_bytes(16)), 4));
$stmt = $db->prepare("
@@ -127,38 +131,40 @@ if (move_uploaded_file($_FILES['invoice']['tmp_name'], $targetFile)) {
");
$stmt->execute([
'id' => $invoiceId,
'tenant_id' => $tenantId,
'id' => $invoiceId,
'tenant_id' => $tenantId,
'company_id' => $companyId,
'uploaded_by'=> $userId,
'path' => $targetFile,
'num' => $extracted['invoice_number'] ?? null,
'date' => $extracted['invoice_date'] ?? null,
'type' => $extracted['invoice_type'] ?? 'cash',
'cat' => $extracted['invoice_category'] ?? 'simplified',
's_tin' => \App\Core\Encryption::encrypt($extracted['supplier']['tin'] ?? ''),
's_name' => \App\Core\Encryption::encrypt($extracted['supplier']['name'] ?? ''),
's_addr' => \App\Core\Encryption::encrypt($extracted['supplier']['address'] ?? ''),
'b_tin' => \App\Core\Encryption::encrypt($extracted['buyer']['tin'] ?? ''),
'b_name' => \App\Core\Encryption::encrypt($extracted['buyer']['name'] ?? ''),
'b_nid' => \App\Core\Encryption::encrypt($extracted['buyer']['national_id'] ?? ''),
'sub' => $extracted['subtotal'] ?? 0,
'tax' => $extracted['tax_amount'] ?? 0,
'disc' => $extracted['discount_total'] ?? 0,
'total' => $extracted['grand_total'] ?? 0,
'cur' => $extracted['currency_code'] ?? 'JOD',
'hash' => $invoiceHash,
'warnings' => isset($extracted['validation_warnings']) && !empty($extracted['validation_warnings']) ? json_encode($extracted['validation_warnings']) : null
'uploaded_by' => $userId,
'path' => $targetFile,
'num' => $extracted['invoice_number'] ?? null,
'date' => $extracted['invoice_date'] ?? null,
'type' => $extracted['invoice_type'] ?? 'cash',
'cat' => $extracted['invoice_category'] ?? 'simplified',
's_tin' => Encryption::encrypt($extracted['supplier']['tin'] ?? ''),
's_name' => Encryption::encrypt($extracted['supplier']['name'] ?? ''),
's_addr' => Encryption::encrypt($extracted['supplier']['address'] ?? ''),
'b_tin' => Encryption::encrypt($extracted['buyer']['tin'] ?? ''),
'b_name' => Encryption::encrypt($extracted['buyer']['name'] ?? ''),
'b_nid' => Encryption::encrypt($extracted['buyer']['national_id'] ?? ''),
'sub' => $extracted['subtotal'] ?? 0,
'tax' => $extracted['tax_amount'] ?? 0,
'disc' => $extracted['discount_total'] ?? 0,
'total' => $extracted['grand_total'] ?? 0,
'cur' => $extracted['currency_code'] ?? 'JOD',
'hash' => $invoiceHash,
'warnings' => isset($extracted['validation_warnings']) && !empty($extracted['validation_warnings']) ? json_encode($extracted['validation_warnings']) : null
]);
// Save Line Items
if (!empty($extracted['lines'])) {
$lineStmt = $db->prepare("
INSERT INTO invoice_lines (invoice_id, line_number, description, quantity, unit_price, tax_rate, line_total)
VALUES (?, ?, ?, ?, ?, ?, ?)
INSERT INTO invoice_lines (id, invoice_id, line_number, description, quantity, unit_price, tax_rate, line_total)
VALUES (?, ?, ?, ?, ?, ?, ?, ?)
");
foreach ($extracted['lines'] as $item) {
$lineId = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex(random_bytes(16)), 4));
$lineStmt->execute([
$lineId,
$invoiceId,
$item['line_number'] ?? 1,
$item['description'] ?? 'N/A',
@@ -171,11 +177,11 @@ if (move_uploaded_file($_FILES['invoice']['tmp_name'], $targetFile)) {
}
$db->commit();
// --- INCREMENT QUOTA ---
\App\Middleware\QuotaMiddleware::incrementInvoiceUsage($tenantId);
QuotaMiddleware::incrementInvoiceUsage($tenantId);
// -----------------------
json_success(['id' => $invoiceId], 'تم رفع الفاتورة واستخراج البيانات بنجاح');
} catch (\Exception $e) {
@@ -187,4 +193,4 @@ if (move_uploaded_file($_FILES['invoice']['tmp_name'], $targetFile)) {
$uploadError = $_FILES['invoice']['error'] ?? 'Unknown';
error_log("UPLOAD ERROR: move_uploaded_file failed. Error Code: $uploadError. Target: $targetFile. Tmp: " . ($_FILES['invoice']['tmp_name'] ?? 'N/A'));
json_error('Failed to save uploaded file. PHP Error Code: ' . $uploadError, 500);
}
}