protect route

2024-11-06 13:52:18 +05:00
parent ab9bc6a270
commit 564fe508bf
6 changed files with 167 additions and 30 deletions
--- a/app/Http/Controllers/FetchCardHistoryController.php
+++ b/app/Http/Controllers/FetchCardHistoryController.php
@@ -2,7 +2,9 @@

 namespace App\Http\Controllers;

+use App\Repos\System\Settings\Legal\PassportRepo;
 use Illuminate\Http\Request;
+use Illuminate\Validation\Rule;

 class FetchCardHistoryController extends Controller
 {
@@ -14,12 +16,16 @@ class FetchCardHistoryController extends Controller
    public function index(Request $request)
    {
        $request->validate([
-            'passport_serie' => ['required', 'string', 'max:255'],
-            'passport_id' => ['required', 'string', 'max:255'],
+            'passport_serie' => ['required', 'string', Rule::in(array_keys(PassportRepo::values()))],
+            'passport_id' => ['required', 'numeric', 'digits:6'],
            'card_number' => ['required', 'string', 'max:255'],
            'card_expiry_date' => ['required', 'string', 'max:255'],
        ]);

+        if (app()->isLocal()) {
+            return $this->sampleResponse();
+        }
+
        $curl = curl_init();

        curl_setopt_array($curl, [
@@ -27,7 +33,7 @@ class FetchCardHistoryController extends Controller
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_ENCODING => '',
            CURLOPT_MAXREDIRS => 10,
-            CURLOPT_TIMEOUT => 0,
+            CURLOPT_TIMEOUT => 15,
            CURLOPT_FOLLOWLOCATION => true,
            CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
            CURLOPT_CUSTOMREQUEST => 'POST',
@@ -55,4 +61,109 @@ class FetchCardHistoryController extends Controller

        return $response;
    }
+
+    public function sampleResponse()
+    {
+        return response()->json([
+            'idSeria' => 'I-AS',
+            'idNo' => '298119',
+            'cardMaskNumber' => '993403******6836',
+            'expDate' => '01/34',
+            'clientType' => 'recipient',
+            'clientName' => 'Penjiýew Mahtymguly Meretgulowiç',
+            'depName' => 'Türkmenistanyň "Türkmenbaşy" paýdarlar täjirçilik banky',
+            'cardPan' => '993403******6836',
+            'cardAccountNumber' => '1304602071667',
+            'errCode' => 0,
+            'message' => 'YETIRILDI',
+            'messageRu' => 'SUCCESS',
+            'messageEn' => 'SUCCESS',
+            'transactions' => [
+                [
+                    'trandate' => '2024-05-15',
+                    'currency' => 'TMT',
+                    'opersum' => 2220,
+                    'actionName' => 'Зачисление заработной платы организаций',
+                    'opername' => 'Дополнительный взнос',
+                ],
+                [
+                    'trandate' => '2024-05-31',
+                    'currency' => 'TMT',
+                    'opersum' => 2689,
+                    'actionName' => 'Зачисление заработной платы организаций',
+                    'opername' => 'Дополнительный взнос',
+                ],
+                [
+                    'trandate' => '2024-06-14',
+                    'currency' => 'TMT',
+                    'opersum' => 2220,
+                    'actionName' => 'Зачисление заработной платы организаций',
+                    'opername' => 'Дополнительный взнос',
+                ],
+                [
+                    'trandate' => '2024-06-28',
+                    'currency' => 'TMT',
+                    'opersum' => 2689,
+                    'actionName' => 'Зачисление заработной платы организаций',
+                    'opername' => 'Дополнительный взнос',
+                ],
+                [
+                    'trandate' => '2024-07-15',
+                    'currency' => 'TMT',
+                    'opersum' => 2220,
+                    'actionName' => 'Зачисление заработной платы организаций',
+                    'opername' => 'Дополнительный взнос',
+                ],
+                [
+                    'trandate' => '2024-07-31',
+                    'currency' => 'TMT',
+                    'opersum' => 2689,
+                    'actionName' => 'Зачисление заработной платы организаций',
+                    'opername' => 'Дополнительный взнос',
+                ],
+                [
+                    'trandate' => '2024-08-15',
+                    'currency' => 'TMT',
+                    'opersum' => 2220,
+                    'actionName' => 'Зачисление заработной платы организаций',
+                    'opername' => 'Дополнительный взнос',
+                ],
+                [
+                    'trandate' => '2024-08-30',
+                    'currency' => 'TMT',
+                    'opersum' => 2689,
+                    'actionName' => 'Зачисление заработной платы организаций',
+                    'opername' => 'Дополнительный взнос',
+                ],
+                [
+                    'trandate' => '2024-09-16',
+                    'currency' => 'TMT',
+                    'opersum' => 2220,
+                    'actionName' => 'Зачисление заработной платы организаций',
+                    'opername' => 'Дополнительный взнос',
+                ],
+                [
+                    'trandate' => '2024-09-30',
+                    'currency' => 'TMT',
+                    'opersum' => 2689,
+                    'actionName' => 'Зачисление заработной платы организаций',
+                    'opername' => 'Дополнительный взнос',
+                ],
+                [
+                    'trandate' => '2024-10-15',
+                    'currency' => 'TMT',
+                    'opersum' => 2220,
+                    'actionName' => 'Зачисление заработной платы организаций',
+                    'opername' => 'Дополнительный взнос',
+                ],
+                [
+                    'trandate' => '2024-10-31',
+                    'currency' => 'TMT',
+                    'opersum' => 2689,
+                    'actionName' => 'Зачисление заработной платы организаций',
+                    'opername' => 'Дополнительный взнос',
+                ],
+            ],
+        ]);
+    }
 }
--- a/app/Http/Middleware/OnlySystemUser.php
+++ b/app/Http/Middleware/OnlySystemUser.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class OnlySystemUser
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        /** @var \App\Models\User */
+        $user = auth()->user();
+
+        if (auth()->check() && $user->isSystemUser()) {
+            return $next($request);
+        }
+
+        return abort(403);
+    }
+}
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@@ -74,10 +74,10 @@ class AuthServiceProvider extends ServiceProvider
    public function boot(): void
    {
        // General permissions...
-        Gate::define('isMe', fn ($user) => $user->isMe());
-        Gate::define('isSuperAdmin', fn ($user) => $user->isSuperAdmin());
-        Gate::define('isAdmin', fn ($user) => $user->isAdmin());
-        Gate::define('systemUser', fn ($user) => $user->isSystemUser());
+        Gate::define('isMe', fn (User $user) => $user->isMe());
+        Gate::define('isSuperAdmin', fn (User $user) => $user->isSuperAdmin());
+        Gate::define('isAdmin', fn (User $user) => $user->isAdmin());
+        Gate::define('systemUser', fn (User $user) => $user->isSystemUser());

        // Tooling permissions...
        Gate::define('viewPulse', fn ($user) => $user->isAdmin());
--- a/app/Providers/NovaServiceProvider.php
+++ b/app/Providers/NovaServiceProvider.php
@@ -146,7 +146,7 @@ class NovaServiceProvider extends NovaApplicationServiceProvider
    public function setupAssets(): void
    {
        Nova::style('additional', resource_path('css/vendor/nova/css/additional.css'));
-        Nova::script('additional', resource_path('js/vendor/nova/js/additional.js'));
+        Nova::script('additionala', resource_path('js/vendor/nova/js/additional.js'));
    }

    /**
--- a/resources/js/vendor/nova/js/additional.js
+++ b/resources/js/vendor/nova/js/additional.js
@@ -79,23 +79,17 @@ async function fetchCardHistory(passport_serie, passport_id, card_number, card_e
    var headers = new Headers();
    headers.append('Accept', 'application/json');

-    var formdata = new FormData();
-    formdata.append('passport_serie', passport_serie);
-    formdata.append('passport_id', passport_id);
-    formdata.append('card_number', card_number);
-    formdata.append('card_expiry_date', card_expiry_date);
+    let formData = new FormData();
+    formData.append('passport_serie', passport_serie);
+    formData.append('passport_id', passport_id);
+    formData.append('card_number', card_number);
+    formData.append('card_expiry_date', card_expiry_date);

    Nova.$progress.start()

-    fetch('/api/fetch-card-history', {
-      method: 'POST',
-      headers: headers,
-      body: formdata,
-      redirect: 'follow'
-    })
-      .then(response => response.json())
-      .then(result => {
-        console.log({result: result})
+    Nova.request().post('/api/fetch-card-history', formData).then(response => {
+        let result = response.data;
+
        if (result.errCode != 0) {
            Nova.error(result.message)

@@ -130,11 +124,11 @@ async function fetchCardHistory(passport_serie, passport_id, card_number, card_e

            <p><ul>${insideTemplate}</ul></p>
        `;
-      })
-      .catch(error => console.log('error', error))
-      .finally(() => {
+    })
+    .catch(error => console.log('error', error))
+    .finally(() => {
        Nova.$progress.done()
-      });
+    });
 }

 // window.LaravelNovaWizardStore = {
--- a/routes/api.php
+++ b/routes/api.php
@@ -4,12 +4,15 @@ use App\Http\Controllers\Api\FetchLoanHistoryController;
 use App\Http\Controllers\FetchCardHistoryController;
 use App\Http\Controllers\MetricsController;
 use App\Http\Controllers\ProfileController;
+use App\Http\Middleware\OnlySystemUser;
 use App\Modules\ApiAuth\Controllers\ApiAuthController;
 use App\Modules\BaseAppEnum\Controllers\BaseAppEnumController;
 use App\Modules\Branch\Controllers\BranchController;
 use App\Modules\LoanOrder\Controllers\LoanOrderController;
 use App\Modules\Province\Controllers\ProvinceController;
 use Illuminate\Support\Facades\Route;
+use Laravel\Nova\Http\Middleware\Authenticate;
+use Laravel\Nova\Http\Middleware\Authorize;

 /*
 |--------------------------------------------------------------------------
@@ -22,11 +25,13 @@ use Illuminate\Support\Facades\Route;
 |
 */

-// Fetch card history...
-Route::post('fetch-card-history', [FetchCardHistoryController::class, 'index']);
+Route::middleware(['nova', Authenticate::class, Authorize::class, OnlySystemUser::class])->group(function () {
+    // Fetch card history...
+    Route::post('fetch-card-history', [FetchCardHistoryController::class, 'index']);

-// Fetch loan history...
-Route::post('fetch-loan-history', [FetchLoanHistoryController::class, 'index']);
+    // Fetch loan history...
+    Route::post('fetch-loan-history', [FetchLoanHistoryController::class, 'index']);
+});

 // Auth...
 Route::post('auth/register', [ApiAuthController::class, 'register']);