108 lines
3.5 KiB
PHP
108 lines
3.5 KiB
PHP
<?php
|
|
/**
|
|
* Create Payment Request (Admin/Accountant)
|
|
* POST /api/v1/payments/create
|
|
*
|
|
* Creates a payment request for subscription upgrade.
|
|
* Returns CliQ alias and reference number for transfer.
|
|
*/
|
|
|
|
declare(strict_types=1);
|
|
|
|
use App\Core\Database;
|
|
use App\Core\Validator;
|
|
use App\Core\Security;
|
|
use App\Middleware\AuthMiddleware;
|
|
|
|
$decoded = AuthMiddleware::check();
|
|
|
|
// Only admin, accountant or super_admin can create payment requests
|
|
if (!in_array($decoded['role'], ['admin', 'accountant', 'super_admin'])) {
|
|
json_error('غير مصرح لك بإنشاء طلب دفع.', 403);
|
|
}
|
|
|
|
$data = Security::sanitize(input());
|
|
|
|
$errors = Validator::validate($data, [
|
|
'plan_id' => 'required',
|
|
]);
|
|
if ($errors) {
|
|
json_error('معرف الباقة مطلوب.', 422);
|
|
}
|
|
|
|
$db = Database::getInstance();
|
|
$tenantId = $decoded['tenant_id'];
|
|
$userId = $decoded['user_id'];
|
|
$planId = $data['plan_id'];
|
|
|
|
try {
|
|
// 1. Get plan details
|
|
$stmt = $db->prepare("SELECT * FROM subscription_plans WHERE id = ? AND is_active = 1");
|
|
$stmt->execute([$planId]);
|
|
$plan = $stmt->fetch();
|
|
|
|
if (!$plan) {
|
|
json_error('الباقة المختارة غير صالحة أو غير نشطة.', 422);
|
|
}
|
|
|
|
// 2. Check for existing pending payment for this tenant
|
|
$stmt = $db->prepare("SELECT id FROM payment_requests WHERE tenant_id = ? AND status = 'pending' LIMIT 1");
|
|
$stmt->execute([$tenantId]);
|
|
$existing = $stmt->fetch();
|
|
|
|
if ($existing) {
|
|
json_error('لديك طلب دفع قائم بالفعل. يرجى إتمامه أو إلغاؤه أولاً.', 409);
|
|
}
|
|
|
|
// 3. Generate unique reference number (MSQ-XXXXXX)
|
|
$referenceNumber = 'MSQ-' . strtoupper(substr(md5(uniqid((string)mt_rand(), true)), 0, 8));
|
|
|
|
// 4. Get CliQ alias from config
|
|
$cliqAlias = env('CLIQ_ALIAS', 'musadaq-pay');
|
|
|
|
// 5. Get payer name
|
|
$stmt = $db->prepare("SELECT name, phone FROM users WHERE id = ?");
|
|
$stmt->execute([$userId]);
|
|
$user = $stmt->fetch();
|
|
|
|
// 6. Create payment request
|
|
$paymentId = Database::generateUuid();
|
|
$stmt = $db->prepare("
|
|
INSERT INTO payment_requests (id, tenant_id, user_id, plan_id, amount_jod, internal_reference, cliq_alias, payer_name, status, created_at)
|
|
VALUES (?, ?, ?, ?, ?, ?, ?, ?, 'pending', NOW())
|
|
");
|
|
$stmt->execute([
|
|
$paymentId,
|
|
$tenantId,
|
|
$userId,
|
|
$planId,
|
|
$plan['price_jod'],
|
|
$referenceNumber,
|
|
$cliqAlias,
|
|
$user['name'] ?? ''
|
|
]);
|
|
|
|
// 7. Log
|
|
$logStmt = $db->prepare("INSERT INTO audit_logs (tenant_id, user_id, action, entity_type, entity_id, new_data) VALUES (?, ?, 'payment.created', 'payment', ?, ?)");
|
|
$logStmt->execute([
|
|
$tenantId,
|
|
$userId,
|
|
$paymentId,
|
|
json_encode(['plan_id' => $planId, 'amount' => $plan['price_jod'], 'ref' => $referenceNumber])
|
|
]);
|
|
|
|
json_success([
|
|
'payment_id' => $paymentId,
|
|
'reference_number' => $referenceNumber,
|
|
'cliq_alias' => $cliqAlias,
|
|
'amount_jod' => (float)$plan['price_jod'],
|
|
'plan_name' => $plan['name_ar'] ?? $plan['name_en'],
|
|
'payer_name' => $user['name'] ?? '',
|
|
'instructions' => "قم بالتحويل عبر CliQ إلى الاسم المستعار: {$cliqAlias} بمبلغ {$plan['price_jod']} دينار أردني.",
|
|
], 'تم إنشاء طلب الدفع بنجاح');
|
|
|
|
} catch (\Throwable $e) {
|
|
error_log("Payment Create Error: " . $e->getMessage());
|
|
json_error('حدث خطأ أثناء إنشاء طلب الدفع.', 500);
|
|
}
|