added middleware with validation. refactored methods

2025-07-09 03:14:30 -04:00 · 2024-08-01 22:32:20 -04:00 · 2024-08-01 22:32:20 -04:00 · 014a3c1f5c
commit 014a3c1f5c
parent 404933625f
1 changed files with 94 additions and 7 deletions
--- a/app/Http/Controllers/ImportQuickbooksController.php
+++ b/app/Http/Controllers/ImportQuickbooksController.php
@ -2,13 +2,16 @@

 namespace App\Http\Controllers;

+use \Closure;
 use App\Utils\Ninja;
+use App\Models\Company;
 use Illuminate\Support\Str;
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
 use App\Utils\Traits\MakesHash;
 use Illuminate\Support\Facades\Cache;
 use App\Jobs\Import\QuickbooksIngest;
+use Illuminate\Support\Facades\Validator;
 use App\Services\Import\Quickbooks\Service as QuickbooksService;

 class ImportQuickbooksController extends BaseController
@ -23,21 +26,104 @@ class ImportQuickbooksController extends BaseController

    public function __construct(QuickbooksService $service) {
        parent::__construct();
-        
+
        $this->service = $service;
-    }
+        $this->middleware(
+            function (Request $request, Closure $next) {
+               
+                // Check for the required query parameters
+                if (!$request->has(['code', 'state', 'realmId'])) {
+                    return abort(400,'Unauthorized');
+                }
+
+                $rules = [
+                    'state' => [
+                        'required',
+                        'valid' => function ($attribute, $value, $fail) {
+                            if (!Cache::has($value)) {
+                                $fail('The state is invalid.');
+                            }
+                        },
+                    ]
+                ];
+                // Custom error messages
+                $messages = [
+                    'state.required' => 'The state is required.',
+                    'state.valid' => 'state token not valid'
+                ];
+                // Perform the validation
+                $validator = Validator::make($request->all(), $rules, $messages);
+                if ($validator->fails()) {
+                    // If validation fails, redirect back with errors and input
+                    return redirect('/')
+                        ->withErrors($validator)
+                        ->withInput();
+                }
+
+                $token = Cache::pull($request->state);
+                $request->merge(['company' => Cache::get($token) ]);
+
+                return $next($request);
+            }
+        )->only('onAuthorized');
+        $this->middleware(
+            function ( Request $request, Closure $next) {
+                $rules = [
+                    'token' => [
+                        'required',
+                        'valid' => function ($attribute, $value, $fail) {
+                            if (!Cache::has($value) || (!Company::where('company_key', (Cache::get($value))['company_key'])->exists() )) {
+                                $fail('The company is invalid.');
+                            }
+                        },
+                    ]
+                ];
+                // Custom error messages
+                $messages = [
+                    'token.required' => 'The token is required.',
+                    'token.valid' => 'Token note valid!'
+                ];
+                // Perform the validation
+                $validator = Validator::make(['token' => $request->token ], $rules, $messages);
+                if ($validator->fails()) {
+                    // If validation fails, redirect back with errors and input
+                    return redirect()->back()
+                        ->withErrors($validator)
+                        ->withInput();
+                }
+
+                //If validation passes, proceed to the next middleware/controller
+                return $next($request);
+            }
+        )->only('authorizeQuickbooks');
+    }  
+
+    public function onAuthorized(Request $request) {
+
+        $realmId = $request->query('realmId');
+        $tokens = $this->service->getOAuth()->accessToken($request->query('code'), $realmId);
+        $company = $request->input('company');
+        Cache::put($company['company_key'], $tokens['access_token'], $tokens['access_token_expires']);
+        // TODO: save refresh token and realmId in company DB
+
+        return response(200);
+    } 

    /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
-    public function authorize($ability, $arguments = []): bool
+    public function authorizeQuickbooks(Request $request)
    {
-        /** @var \App\Models\User $user */
-        $user = auth()->user();
+        $token = $request->token;
+        $auth = $this->service->getOAuth();
+        $authorizationUrl = $auth->getAuthorizationUrl();
+        $state = $auth->getState();

-        return $user->isAdmin() ; 
+        Cache::put($state, $token, 90);
+
+        return redirect()->to($authorizationUrl);
    }

    public function preimport(Request $request)
@ -52,7 +138,7 @@ class ImportQuickbooksController extends BaseController
        ];
        $this->getData($data);

-        return response()->json(['message' => 'Data cached for import'] + $data, 200);
+        return $data;
    }

    protected function getData($data) {
@ -96,6 +182,7 @@ class ImportQuickbooksController extends BaseController
     */
    public function import(Request $request)
    {
+        $this->preimport($request);
        /** @var \App\Models\User $user */
        $user = auth()->user();
        if (Ninja::isHosted()) {