Mirrors/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-09-20 08:21:34 +02:00
Code Issues Releases Activity

Additional checks to prevent users from inadvertantly migrating over their production data

Browse Source
This commit is contained in:
David Bomba 2024-01-14 15:17:15 +11:00
parent 40086db271
commit 0ba333898e
2 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
app/Http/Controllers/HostedMigrationController.php
View File

@ -19,6 +19,35 @@ use Illuminate\Http\Request;
class HostedMigrationController extends Controller
{
public function checkStatus(Request $request)
{
if ($request->header('X-API-HOSTED-SECRET') != config('ninja.ninja_hosted_secret')) {
return;
}
MultiDB::findAndSetDbByCompanyKey($request->company_key);
$c = Company::where('company_key', $request->company_key)->first();
if(!$c || $c->is_disabled)
return response()->json(['message' => 'ok'], 200);
if(\App\Models\Invoice::query()->where('company_id', $c->id)->where('created_at', '>', now()->subMonths(2))->first())
return response()->json(['message' => 'New data exists, are you sure? Please log in here https://app.invoicing.co and delete the company if you really need to migrate again.'], 400);
if(\App\Models\Client::query()->where('company_id', $c->id)->where('created_at', '>', now()->subMonths(2))->first())
return response()->json(['message' => 'New data exists, are you sure? Please log in here https://app.invoicing.co and delete the company if you really need to migrate again.'], 400);
if(\App\Models\Quote::query()->where('company_id', $c->id)->where('created_at', '>', now()->subMonths(2)))
return response()->json(['message' => 'New data exists, are you sure? Please log in here https://app.invoicing.co and delete the company if you really need to migrate again.'], 400);
if(\App\Models\RecurringInvoice::query()->where('company_id', $c->id)->where('created_at', '>', now()->subMonths(2)))
return response()->json(['message' => 'New data exists, are you sure? Please log in here https://app.invoicing.co and delete the company if you really need to migrate again.'], 400);
return response()->json(['message' => 'ok'], 200);
}
public function getAccount(Request $request)
{
if ($request->header('X-API-HOSTED-SECRET') != config('ninja.ninja_hosted_secret')) {

1
routes/api.php
View File

@ -422,6 +422,7 @@ Route::get('token_hash_router', [OneTimeTokenController::class, 'router'])->midd
Route::get('webcron', [WebCronController::class, 'index'])->middleware('throttle:100,1');
Route::post('api/v1/get_migration_account', [HostedMigrationController::class, 'getAccount'])->middleware('guest')->middleware('throttle:100,1');
Route::post('api/v1/confirm_forwarding', [HostedMigrationController::class, 'confirmForwarding'])->middleware('guest')->middleware('throttle:100,1');
Route::post('api/v1/check_status', [HostedMigrationController::class, 'checkStatus'])->middleware('guest')->middleware('throttle:100,1');
Route::post('api/v1/process_webhook', [AppleController::class, 'process_webhook'])->middleware('throttle:1000,1');
Route::post('api/v1/confirm_purchase', [AppleController::class, 'confirm_purchase'])->middleware('throttle:1000,1');