From f893a75e9b26a0f6f980636d059365d1dbde8809 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Tue, 3 Sep 2024 16:36:46 +1000
Subject: [PATCH] Validate e-invoice payload

---
 app/Http/Controllers/EInvoiceController.php   | 41 ++++++++
 .../Requests/Activity/StoreNoteRequest.php    |  1 +
 .../EInvoice/ValidateEInvoiceRequest.php      | 93 +++++++++++++++++++
 routes/api.php                                |  2 +
 .../Storecove/EInvoiceValidationTest.php      | 42 ++++++++-
 5 files changed, 175 insertions(+), 4 deletions(-)
 create mode 100644 app/Http/Controllers/EInvoiceController.php
 create mode 100644 app/Http/Requests/EInvoice/ValidateEInvoiceRequest.php

diff --git a/app/Http/Controllers/EInvoiceController.php b/app/Http/Controllers/EInvoiceController.php
new file mode 100644
index 0000000000..aee7d0836b
--- /dev/null
+++ b/app/Http/Controllers/EInvoiceController.php
@@ -0,0 +1,41 @@
+<?php
+/**
+ * Invoice Ninja (https://invoiceninja.com).
+ *
+ * @link https://github.com/invoiceninja/invoiceninja source repository
+ *
+ * @copyright Copyright (c) 2024. Invoice Ninja LLC (https://invoiceninja.com)
+ *
+ * @license https://www.elastic.co/licensing/elastic-license
+ */
+
+namespace App\Http\Controllers;
+
+use App\Exceptions\SystemError;
+use App\Http\Requests\EInvoice\ValidateEInvoiceRequest;
+use App\Services\EDocument\Standards\Validation\Peppol\EntityLevel;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Cache;
+use Illuminate\Support\Facades\Storage;
+
+class EInvoiceController extends BaseController
+{
+
+    public function validateEntity(ValidateEInvoiceRequest $request)
+    {
+        $el = new EntityLevel();
+
+        $data = [];
+
+        match($request->entity){
+            'invoices' => $data = $el->checkInvoice($request->getEntity()),
+            'clients' => $data = $el->checkClient($request->getEntity()),
+            'companies' => $data = $el->checkCompany($request->getEntity()),
+            default => $data['passes'] = false,
+        };
+
+        return response()->json($data, $data['passes'] ? 200 : 400);
+
+    }
+
+}
diff --git a/app/Http/Requests/Activity/StoreNoteRequest.php b/app/Http/Requests/Activity/StoreNoteRequest.php
index 250fcfceec..54c7c79180 100644
--- a/app/Http/Requests/Activity/StoreNoteRequest.php
+++ b/app/Http/Requests/Activity/StoreNoteRequest.php
@@ -17,6 +17,7 @@ use Illuminate\Validation\Rule;
 
 class StoreNoteRequest extends Request
 {
+
     /**
      * Determine if the user is authorized to make this request.
      *
diff --git a/app/Http/Requests/EInvoice/ValidateEInvoiceRequest.php b/app/Http/Requests/EInvoice/ValidateEInvoiceRequest.php
new file mode 100644
index 0000000000..fdf192250a
--- /dev/null
+++ b/app/Http/Requests/EInvoice/ValidateEInvoiceRequest.php
@@ -0,0 +1,93 @@
+<?php
+/**
+ * Invoice Ninja (https://invoiceninja.com).
+ *
+ * @link https://github.com/invoiceninja/invoiceninja source repository
+ *
+ * @copyright Copyright (c) 2024. Invoice Ninja LLC (https://invoiceninja.com)
+ *
+ * @license https://www.elastic.co/licensing/elastic-license
+ */
+
+namespace App\Http\Requests\EInvoice;
+
+use App\Utils\Ninja;
+use App\Models\Client;
+use App\Models\Company;
+use App\Models\Invoice;
+use App\Http\Requests\Request;
+use Illuminate\Validation\Rule;
+
+class ValidateEInvoiceRequest extends Request
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+    public function authorize(): bool
+    {
+
+        /** @var \App\Models\User $user */
+        $user = auth()->user();
+
+        $entity = $this->getEntity();
+
+        if($entity instanceof Company)
+            return $entity->id == $user->company()->id;
+
+        return $user->can('view', $entity);
+        
+    }
+
+    public function rules()
+    {
+        
+        /** @var \App\Models\User $user */
+        $user = auth()->user();
+
+        return [
+            'entity' => 'required|bail|in:invoices,clients,companies',
+            'entity_id' => ['required','bail', Rule::exists($this->entity, 'id')
+                                                                ->when($this->entity != 'companies', function ($q) use($user){
+                                                                    $q->where('company_id', $user->company()->id);
+                                                                })
+                                                            ],
+        ];
+    }
+
+    public function prepareForValidation()
+    {
+        $input = $this->all();
+
+            if (isset($input['entity_id']) && $input['entity_id'] != null) {
+                $input['entity_id'] = $this->decodePrimaryKey($input['entity_id']);
+            }
+
+
+        $this->replace($input);
+    }
+
+    public function getEntity()
+    {
+        if(!$this->entity) {
+            return false;
+        }
+        
+        
+        $class = Invoice::class;
+
+        match ($this->entity) {
+          'invoice' => $class = Invoice::class,
+          'client' => $class = Client::class,
+          'companies' => $class = Company::class,
+          default => $class = Invoice::class,
+        };
+
+        if($this->entity == 'companies')
+            return auth()->user()->company();
+
+        return $class::withTrashed()->find(is_string($this->entity_id) ? $this->decodePrimaryKey($this->entity_id) : $this->entity_id);
+
+    }
+}
diff --git a/routes/api.php b/routes/api.php
index 64052728f1..4dd8152d72 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -93,6 +93,7 @@ use App\Http\Controllers\BankTransactionRuleController;
 use App\Http\Controllers\InAppPurchase\AppleController;
 use App\Http\Controllers\Reports\QuoteReportController;
 use App\Http\Controllers\Auth\PasswordTimeoutController;
+use App\Http\Controllers\EInvoiceController;
 use App\Http\Controllers\PreviewPurchaseOrderController;
 use App\Http\Controllers\Reports\ClientReportController;
 use App\Http\Controllers\Reports\CreditReportController;
@@ -224,6 +225,7 @@ Route::group(['middleware' => ['throttle:api', 'api_db', 'token_auth', 'locale']
     Route::get('documents/{document}/download', [DocumentController::class, 'download'])->name('documents.download');
     Route::post('documents/bulk', [DocumentController::class, 'bulk'])->name('documents.bulk');
 
+    Route::post('einvoice/validateEntity', [EInvoiceController::class, 'validateEntity'])->name('einvoice.validateEntity');
     Route::post('emails', [EmailController::class, 'send'])->name('email.send')->middleware('user_verified');
     Route::post('emails/clientHistory/{client}', [EmailHistoryController::class, 'clientHistory'])->name('email.clientHistory');
     Route::post('emails/entityHistory', [EmailHistoryController::class, 'entityHistory'])->name('email.entityHistory');
diff --git a/tests/Integration/Einvoice/Storecove/EInvoiceValidationTest.php b/tests/Integration/Einvoice/Storecove/EInvoiceValidationTest.php
index b14d2ea319..a084957e38 100644
--- a/tests/Integration/Einvoice/Storecove/EInvoiceValidationTest.php
+++ b/tests/Integration/Einvoice/Storecove/EInvoiceValidationTest.php
@@ -41,6 +41,44 @@ class EInvoiceValidationTest extends TestCase
 
     }
 
+    public function testEinvoiceValidationEndpointInvoice()
+    {
+
+        $data =[
+            'entity' => 'invoices',
+            'entity_id' => $this->invoice->hashed_id,
+        ];
+
+        $response = $this->withHeaders([
+                'X-API-SECRET' => config('ninja.api_secret'),
+                'X-API-TOKEN' => $this->token,
+            ])->postJson('/api/v1/einvoice/validateEntity', $data);
+
+        $response->assertStatus(200);
+
+        $arr = $response->json();
+
+    }
+
+    public function testEinvoiceValidationEndpoint()
+    {
+
+        $data =[
+            'entity' => 'companies',
+            'entity_id' => $this->company->hashed_id,
+        ];
+
+        $response = $this->withHeaders([
+                'X-API-SECRET' => config('ninja.api_secret'),
+                'X-API-TOKEN' => $this->token,
+            ])->postJson('/api/v1/einvoice/validateEntity', $data);
+
+        $response->assertStatus(200);
+
+        $arr = $response->json();
+
+    }
+
     public function testInvalidCompanySettings()
     {
         
@@ -171,14 +209,10 @@ class EInvoiceValidationTest extends TestCase
         $el = new EntityLevel();
         $validation = $el->checkCompany($company);
 
-        nlog($validation);
-
         $this->assertFalse($validation['passes']);
 
     }
 
-
-
     public function testInvalidClientSettings()
     {