Update: 2026-05-04 02:24:10

2026-05-04 02:24:10 +03:00
parent 3e9d380e6d
commit e704ba127c
3 changed files with 27 additions and 11 deletions
--- a/app/modules_app/invoices/file.php
+++ b/app/modules_app/invoices/file.php
@@ -6,7 +6,22 @@
 use App\Core\Database;
 use App\Middleware\AuthMiddleware;

-$decoded = AuthMiddleware::check();
+// Extract token from header OR query string
+$headers = getallheaders();
+$authHeader = $headers['Authorization'] ?? $headers['authorization'] ?? '';
+$token = '';
+
+if (preg_match('/Bearer\s(\S+)/', $authHeader, $matches)) {
+    $token = $matches[1];
+} elseif (isset($_GET['token'])) {
+    $token = $_GET['token'];
+}
+
+if (!$token) die('Forbidden: No token provided');
+
+$decoded = \App\Core\JWT::decode($token);
+if (!$decoded) die('Forbidden: Invalid token');
+
 $db = Database::getInstance();

 $id = input('id');