Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-05-24 02:14:21 -04:00
Code Issues Packages Projects Releases Wiki Activity

Refactor to user company_key instead of company_token

Browse Source
This commit is contained in:
David Bomba 2020-07-28 21:58:15 +10:00
parent a8a0c7695c
commit caad3661d5
11 changed files with 97 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Controllers/BaseController.php
View File

@ -270,7 +270,7 @@ class BaseController extends Controller
$query->with($includes);
if (!auth()->user()->hasPermission('view_'.lcfirst(class_basename($this->entity_type)))) {
if (auth()->user() && !auth()->user()->hasPermission('view_'.lcfirst(class_basename($this->entity_type)))) {
$query->where('user_id', '=', auth()->user()->id);
}

16
app/Http/Controllers/Shop/ClientController.php
View File

@ -50,10 +50,10 @@ class ClientController extends BaseController
public function show(string $contact_key)
{
$company_token = CompanyToken::with(['company'])->whereRaw("BINARY `token`= ?", [$request->header('X-API-TOKEN')])->first();
$company = Company::where('company_key', $request->header('X-API-COMPANY_KEY'))->first();
$contact = ClientContact::with('client')
->where('company_id', $company_token->company->id)
->where('company_id', $company->id)
->where('contact_key', $contact_key)
->firstOrFail();
@ -62,15 +62,19 @@ class ClientController extends BaseController
public function store(StoreClientRequest $request)
{
$company_token = CompanyToken::with(['company'])->whereRaw("BINARY `token`= ?", [$request->header('X-API-TOKEN')])->first();
$company = Company::where('company_key', $request->header('X-API-COMPANY_KEY'))->first();
$client = $this->client_repo->save($request->all(), ClientFactory::create($company_token->company_id, $company_token->user_id));
app('queue')->createPayloadUsing(function () use ($company) {
return ['db' => $company->db];
});
$client = $this->client_repo->save($request->all(), ClientFactory::create($company->id, $company->owner()->id));
$client->load('contacts', 'primary_contact');
$this->uploadLogo($request->file('company_logo'), $client->company, $client);
$this->uploadLogo($request->file('company_logo'), $company, $client);
event(new ClientWasCreated($client, $client->company, Ninja::eventVars()));
event(new ClientWasCreated($client, $company, Ninja::eventVars()));
return $this->itemResponse($client);
}

14
app/Http/Controllers/Shop/InvoiceController.php
View File

@ -52,10 +52,10 @@ class InvoiceController extends BaseController
public function show(string $invitation_key)
{
$company_token = CompanyToken::with(['company'])->whereRaw("BINARY `token`= ?", [$request->header('X-API-TOKEN')])->first();
$company = Company::where('company_key', $request->header('X-API-COMPANY_KEY'))->first();
$invitation = InvoiceInvitation::with(['invoice'])
->where('company_id', $company_token->company->id)
->where('company_id', $company->id)
->where('key',$invitation_key)
->firstOrFail();
@ -65,13 +65,17 @@ class InvoiceController extends BaseController
public function store(StoreInvoiceRequest $request)
{
$company_token = CompanyToken::with(['company'])->whereRaw("BINARY `token`= ?", [$request->header('X-API-TOKEN')])->first();
app('queue')->createPayloadUsing(function () use ($company) {
return ['db' => $company->db];
});
$company = Company::where('company_key', $request->header('X-API-COMPANY_KEY'))->first();
$client = Client::find($request->input('client_id'));
$invoice = $this->invoice_repo->save($request->all(), InvoiceFactory::create($company_token->company_id, $company_token->user_id));
$invoice = $this->invoice_repo->save($request->all(), InvoiceFactory::create($company_id, $company->owner()->id));
event(new InvoiceWasCreated($invoice, $invoice->company, Ninja::eventVars()));
event(new InvoiceWasCreated($invoice, $company, Ninja::eventVars()));
$invoice = $invoice->service()->triggeredActions($request)->save();

13
app/Http/Controllers/Shop/ProductController.php
View File

@ -12,6 +12,7 @@
namespace App\Http\Controllers\Shop;
use App\Http\Controllers\BaseController;
use App\Models\Company;
use App\Models\CompanyToken;
use App\Models\Product;
use App\Transformers\ProductTransformer;
@ -31,20 +32,20 @@ class ProductController extends BaseController
*
* @return \Illuminate\Http\Response
*/
public function index()
public function index(Request $request)
{
$company_token = CompanyToken::with(['company'])->whereRaw("BINARY `token`= ?", [$request->header('X-API-TOKEN')])->first();
$company = Company::where('company_key', $request->header('X-API-COMPANY_KEY'))->first();
$products = Product::where('company_id', $company_token->company->id);
$products = Product::where('company_id', $company->id);
return $this->listResponse($products);
}
public function show(string $product_key)
public function show(Request $request, string $product_key)
{
$company_token = CompanyToken::with(['company'])->whereRaw("BINARY `token`= ?", [$request->header('X-API-TOKEN')])->first();
$company = Company::where('company_key', $request->header('X-API-COMPANY_KEY'))->first();
$product = Product::where('company_id', $company_token->company->id)
$product = Product::where('company_id', $company->id)
->where('product_key', $product_key)
->first();

3
app/Http/Kernel.php
View File

@ -111,9 +111,10 @@ class Kernel extends HttpKernel
'url_db' => \App\Http\Middleware\UrlSetDb::class,
'web_db' => \App\Http\Middleware\SetWebDb::class,
'api_db' => \App\Http\Middleware\SetDb::class,
'company_key_db' => \App\Http\Middleware\SetDbByCompanyKey::class,
'locale' => \App\Http\Middleware\Locale::class,
'contact.register' => \App\Http\Middleware\ContactRegister::class,
'shop_token_auth' => \App\Http\Middleware\ShopTokenAuth::class,
'shop_token_auth' => \App\Http\Middleware\Shop\ShopTokenAuth::class,
];
}

48
app/Http/Middleware/SetDbByCompanyKey.php Normal file
View File

@ -0,0 +1,48 @@
<?php
/**
* Invoice Ninja (https://invoiceninja.com)
*
* @link https://github.com/invoiceninja/invoiceninja source repository
*
* @copyright Copyright (c) 2020. Invoice Ninja LLC (https://invoiceninja.com)
*
* @license https://opensource.org/licenses/AAL
*/
namespace App\Http\Middleware;
use App\Libraries\MultiDB;
use App\Models\CompanyToken;
use Closure;
class SetDbByCompanyKey
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$error = [
'message' => 'Invalid Token',
'errors' => []
];
if ($request->header('X-API-COMPANY_KEY') && config('ninja.db.multi_db_enabled')) {
if (! MultiDB::findAndSetDbByCompanyKey($request->header('X-API-COMPANY_KEY'))) {
return response()->json($error, 403);
}
} elseif (!config('ninja.db.multi_db_enabled')) {
return $next($request);
} else {
return response()->json($error, 403);
}
return $next($request);
}
}

78
app/Http/Middleware/Shop/ShopTokenAuth.php
View File

@ -1,78 +0,0 @@
<?php
/**
* Invoice Ninja (https://invoiceninja.com)
*
* @link https://github.com/invoiceninja/invoiceninja source repository
*
* @copyright Copyright (c) 2020. Invoice Ninja LLC (https://invoiceninja.com)
*
* @license https://opensource.org/licenses/AAL
*/
namespace App\Http\Middleware\Shop;
use App\Events\User\UserLoggedIn;
use App\Models\CompanyToken;
use App\Models\User;
use App\Utils\Ninja;
use Closure;
class ShopTokenAuth
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($request->header('X-API-TOKEN') && ($company_token = CompanyToken::with(['user','company'])->whereRaw("BINARY `token`= ?", [$request->header('X-API-TOKEN')])->first())) {
/* Check if this is a restricted token*/
if(!$company_token->shop_restricted){
$error = [
'message' => 'Cannot use a unrestricted token on this route',
'errors' => []
];
return response()->json($error, 403);
}
$user = $company_token->user;
$error = [
'message' => 'User inactive',
'errors' => []
];
//user who once existed, but has been soft deleted
if (!$user) {
return response()->json($error, 403);
}
/*
|
| Necessary evil here: As we are authenticating on CompanyToken,
| we need to link the company to the user manually. This allows
| us to decouple a $user and their attached companies completely.
|
*/
$user->setCompany($company_token->company);
config(['ninja.company_id' => $company_token->company->id]);
app('queue')->createPayloadUsing(function () use ($company_token) {
return ['db' => $company_token->company->db];
});
}
return $next($request);
}
}

13
app/Http/Middleware/TokenAuth.php
View File

@ -30,19 +30,6 @@ class TokenAuth
{
if ($request->header('X-API-TOKEN') && ($company_token = CompanyToken::with(['user','company'])->whereRaw("BINARY `token`= ?", [$request->header('X-API-TOKEN')])->first())) {
if($company_token->shop_restricted){
$error = [
'message' => 'Cannot use a restricted token on this route',
'errors' => []
];
return response()->json($error, 403);
}
$user = $company_token->user;
$error = [

11
app/Libraries/MultiDB.php
View File

@ -180,6 +180,17 @@ class MultiDB
return false;
}
public static function findAndSetDbByCompanyKey($company_key) :bool
{
foreach (self::$dbs as $db) {
if ($company = Company::on($db)->where('company_key', $company_key)->first()) {
self::setDb($company->db);
return true;
}
}
return false;
}
public static function findAndSetDbByDomain($subdomain) :bool
{
foreach (self::$dbs as $db) {

4
database/migrations/2020_07_28_104218_shop_token.php
View File

@ -13,8 +13,8 @@ class ShopToken extends Migration
*/
public function up()
{
Schema::table('company_user', function (Blueprint $table) {
$table->boolean('shop_restricted')->default(false);
Schema::table('companies', function (Blueprint $table) {
$table->boolean('enable_shop_api')->default(false);
});
}

14
routes/shop.php
View File

@ -2,13 +2,13 @@
use Illuminate\Support\Facades\Route;
Route::group(['middleware' => ['api_db','shop_token_auth','locale']], function () {
Route::group(['middleware' => ['company_key_db','locale'], 'prefix' => 'api/v1'], function () {
Route::get('products', 'Shop\ProductController@index');
Route::get('clients', 'Shop\ClientController@index');
Route::get('invoices', 'Shop\InvoiceController@index');
Route::get('client/{contact_key}', 'Shop\ClientController@show');
Route::get('invoice/{invitation_key}', 'Shop\InvoiceController@show');
Route::get('product/{product_key}', 'Shop\ProductController@show');
Route::get('shop/products', 'Shop\ProductController@index');
Route::get('shop/clients', 'Shop\ClientController@index');
Route::get('shop/invoices', 'Shop\InvoiceController@index');
Route::get('shop/client/{contact_key}', 'Shop\ClientController@show');
Route::get('shop/invoice/{invitation_key}', 'Shop\InvoiceController@show');
Route::get('shop/product/{product_key}', 'Shop\ProductController@show');
});