Mirrors/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-09 20:52:56 +01:00
Code Issues Releases Activity

Shop routes

Browse Source
This commit is contained in:
David Bomba 2020-07-28 21:19:51 +10:00
parent f28a604d84
commit d5b777206e
9 changed files with 290 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
app/Http/Controllers/Shop/InvoiceController.php Normal file
View File

@ -0,0 +1,83 @@
<?php
/**
* Invoice Ninja (https://invoiceninja.com)
*
* @link https://github.com/invoiceninja/invoiceninja source repository
*
* @copyright Copyright (c) 2020. Invoice Ninja LLC (https://invoiceninja.com)
*
* @license https://opensource.org/licenses/AAL
*/
namespace App\Http\Controllers\Shop;
use App\Factory\InvoiceFactory;
use App\Http\Controllers\BaseController;
use App\Http\Requests\Invoice\StoreInvoiceRequest;
use App\Models\Client;
use App\Models\CompanyToken;
use App\Models\Invoice;
use App\Models\InvoiceInvitation;
use App\Repositories\InvoiceRepository;
use App\Transformers\InvoiceTransformer;
use App\Utils\Traits\MakesHash;
use Illuminate\Http\Request;
class InvoiceController extends BaseController
{
use MakesHash;
protected $entity_type = Invoice::class;
protected $entity_transformer = InvoiceTransformer::class;
/**
* @var InvoiceRepository
*/
protected $invoice_repo;
/**
* InvoiceController constructor.
*
* @param \App\Repositories\InvoiceRepository $invoice_repo The invoice repo
*/
public function __construct(InvoiceRepository $invoice_repo)
{
parent::__construct();
$this->invoice_repo = $invoice_repo;
}
public function show(string $invitation_key)
{
$company_token = CompanyToken::with(['company'])->whereRaw("BINARY `token`= ?", [$request->header('X-API-TOKEN')])->first();
$invitation = InvoiceInvitation::with(['invoice'])
->where('company_id', $company_token->company->id)
->where('key',$invitation_key)
->firstOrFail();
return $this->itemResponse($invitation->invoice);
}
/**
* Display a listing of the resource.
*
* @return \Illuminate\Http\Response
*/
public function store(StoreInvoiceRequest $request)
{
$company_token = CompanyToken::with(['company'])->whereRaw("BINARY `token`= ?", [$request->header('X-API-TOKEN')])->first();
$client = Client::find($request->input('client_id'));
$invoice = $this->invoice_repo->save($request->all(), InvoiceFactory::create($company_token->company_id, $company_token->user_id));
event(new InvoiceWasCreated($invoice, $invoice->company, Ninja::eventVars()));
$invoice = $invoice->service()->triggeredActions($request)->save();
return $this->itemResponse($invoice);
}
}

53
app/Http/Controllers/Shop/ProductController.php Normal file
View File

@ -0,0 +1,53 @@
<?php
/**
* Invoice Ninja (https://invoiceninja.com)
*
* @link https://github.com/invoiceninja/invoiceninja source repository
*
* @copyright Copyright (c) 2020. Invoice Ninja LLC (https://invoiceninja.com)
*
* @license https://opensource.org/licenses/AAL
*/
namespace App\Http\Controllers\Shop;
use App\Http\Controllers\BaseController;
use App\Models\CompanyToken;
use App\Models\Product;
use App\Transformers\ProductTransformer;
use App\Utils\Traits\MakesHash;
use Illuminate\Http\Request;
class ProductController extends BaseController
{
use MakesHash;
protected $entity_type = Product::class;
protected $entity_transformer = ProductTransformer::class;
/**
* Display a listing of the resource.
*
* @return \Illuminate\Http\Response
*/
public function index()
{
$company_token = CompanyToken::with(['company'])->whereRaw("BINARY `token`= ?", [$request->header('X-API-TOKEN')])->first();
$products = Product::where('company_id', $company_token->company->id);
return $this->listResponse($products);
}
public function show(string $product_key)
{
$company_token = CompanyToken::with(['company'])->whereRaw("BINARY `token`= ?", [$request->header('X-API-TOKEN')])->first();
$product = Product::where('company_id', $company_token->company->id)
->where('product_key', $product_key)
->first();
return $this->itemResponse($product);
}
}

7
app/Http/Kernel.php
View File

@ -73,6 +73,11 @@ class Kernel extends HttpKernel
\App\Http\Middleware\StartupCheck::class,
\App\Http\Middleware\QueryLogging::class,
],
'shop' => [
'throttle:60,1',
'bindings',
'query_logging',
],
];
/**
@ -108,5 +113,7 @@ class Kernel extends HttpKernel
'api_db' => \App\Http\Middleware\SetDb::class,
'locale' => \App\Http\Middleware\Locale::class,
'contact.register' => \App\Http\Middleware\ContactRegister::class,
'shop_token_auth' => \App\Http\Middleware\ShopTokenAuth::class,
];
}

78
app/Http/Middleware/Shop/ShopTokenAuth.php Normal file
View File

@ -0,0 +1,78 @@
<?php
/**
* Invoice Ninja (https://invoiceninja.com)
*
* @link https://github.com/invoiceninja/invoiceninja source repository
*
* @copyright Copyright (c) 2020. Invoice Ninja LLC (https://invoiceninja.com)
*
* @license https://opensource.org/licenses/AAL
*/
namespace App\Http\Middleware\Shop;
use App\Events\User\UserLoggedIn;
use App\Models\CompanyToken;
use App\Models\User;
use App\Utils\Ninja;
use Closure;
class ShopTokenAuth
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($request->header('X-API-TOKEN') && ($company_token = CompanyToken::with(['user','company'])->whereRaw("BINARY `token`= ?", [$request->header('X-API-TOKEN')])->first())) {
/* Check if this is a restricted token*/
if(!$company_token->shop_restricted){
$error = [
'message' => 'Cannot use a unrestricted token on this route',
'errors' => []
];
return response()->json($error, 403);
}
$user = $company_token->user;
$error = [
'message' => 'User inactive',
'errors' => []
];
//user who once existed, but has been soft deleted
if (!$user) {
return response()->json($error, 403);
}
/*
|
| Necessary evil here: As we are authenticating on CompanyToken,
| we need to link the company to the user manually. This allows
| us to decouple a $user and their attached companies completely.
|
*/
$user->setCompany($company_token->company);
config(['ninja.company_id' => $company_token->company->id]);
app('queue')->createPayloadUsing(function () use ($company_token) {
return ['db' => $company_token->company->db];
});
}
return $next($request);
}
}

14
app/Http/Middleware/TokenAuth.php
View File

@ -29,6 +29,20 @@ class TokenAuth
public function handle($request, Closure $next)
{
if ($request->header('X-API-TOKEN') && ($company_token = CompanyToken::with(['user','company'])->whereRaw("BINARY `token`= ?", [$request->header('X-API-TOKEN')])->first())) {
if($company_token->shop_restricted){
$error = [
'message' => 'Cannot use a restricted token on this route',
'errors' => []
];
return response()->json($error, 403);
}
$user = $company_token->user;
$error = [

1
app/Models/CompanyUser.php
View File

@ -46,6 +46,7 @@ class CompanyUser extends Pivot
'is_owner',
'is_locked',
'slack_webhook_url',
'shop_restricted'
];
protected $touches = [];

10
app/Providers/RouteServiceProvider.php
View File

@ -57,6 +57,8 @@ class RouteServiceProvider extends ServiceProvider
$this->mapContactApiRoutes();
$this->mapClientApiRoutes();
$this->mapShopApiRoutes();
}
/**
@ -117,4 +119,12 @@ class RouteServiceProvider extends ServiceProvider
->namespace($this->namespace)
->group(base_path('routes/client.php'));
}
protected function mapShopApiRoutes()
{
Route::prefix('')
->middleware('shop')
->namespace($this->namespace)
->group(base_path('routes/shop.php'));
}
}

30
database/migrations/2020_07_28_104218_shop_token.php Normal file
View File

@ -0,0 +1,30 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
class ShopToken extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::table('company_user', function (Blueprint $table) {
$table->boolean('shop_restricted')->default(false);
});
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
//
}
}

14
routes/shop.php Normal file
View File

@ -0,0 +1,14 @@
<?php
use Illuminate\Support\Facades\Route;
Route::group(['middleware' => ['api_db','shop_token_auth','locale']], function () {
Route::get('products', 'Shop\ProductController@index');
Route::get('clients', 'Shop\ClientController@index');
Route::get('invoices', 'Shop\InvoiceController@index');
Route::get('client/{contact_key}', 'Shop\ClientController@show');
Route::get('invoice/{invitation_key}', 'Shop\InvoiceController@show');
Route::get('product/{product_key}', 'Shop\ProductController@show');
});