QT/InvoiceShelf
1
0
Fork 0
mirror of https://github.com/InvoiceShelf/InvoiceShelf.git synced 2026-04-15 17:24:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(modules): marketplace install flow with checksum validation

Browse Source 
Rewires module installation to use slug + version + checksum_sha256 instead of the opaque module identifier. ModuleInstaller splits marketplace token handling out of install() into helpers, adopts structured error responses, and validates the downloaded archive's SHA-256 against the marketplace manifest before unpacking.

ModuleResource is simplified to accept an already-loaded installed-module instance rather than fetching it from state, exposes access_tier and checksum fields, and drops the auto-disable-on-unpurchased side effect that was bleeding write logic into a read resource. UnzipUpdateRequest accepts a nullable module with a conditional module_name field so the same endpoint serves both app and module updates.

ModulesPolicy::manageModules now short-circuits for super-admins so administration flows (token validation, store state) are not blocked on a company-scoped ability. Two new feature tests cover both the authorization bypass and ModuleResource serialization.
This commit is contained in:
Darko Gjorgjijoski
2026-04-10 17:30:00 +02:00
parent 2af31d0e5f
commit 23d1476870
10 changed files with 332 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/Http/Controllers/Admin/Modules/ModuleInstallationController.php
View File

@@ -15,7 +15,11 @@ class ModuleInstallationController extends Controller
{
$this->authorize('manage modules');
$response = ModuleInstaller::download($request->module, $request->version);
$response = ModuleInstaller::download(
(string) $request->slug,
(string) $request->version,
$request->checksum_sha256 ? (string) $request->checksum_sha256 : null,
);
return response()->json($response);
}
@@ -33,7 +37,7 @@ class ModuleInstallationController extends Controller
{
$this->authorize('manage modules');
$path = ModuleInstaller::unzip($request->module, $request->path);
$path = ModuleInstaller::unzip($request->module_name ?? $request->module, $request->path);
return response()->json([
'success' => true,
@@ -45,7 +49,7 @@ class ModuleInstallationController extends Controller
{
$this->authorize('manage modules');
$response = ModuleInstaller::copyFiles($request->module, $request->path);
$response = ModuleInstaller::copyFiles($request->module_name ?? $request->module, $request->path);
return response()->json([
'success' => $response,
@@ -56,7 +60,7 @@ class ModuleInstallationController extends Controller
{
$this->authorize('manage modules');
$response = ModuleInstaller::complete($request->module, $request->version);
$response = ModuleInstaller::complete($request->module_name ?? $request->module, $request->version);
return response()->json([
'success' => $response,

22
app/Http/Controllers/Admin/Modules/ModulesController.php
View File

@@ -18,7 +18,13 @@ class ModulesController extends Controller
{
$this->authorize('manage modules');
return ModuleInstaller::getModules();
$response = ModuleInstaller::getModules();
if (($response['status'] ?? 0) !== 200 || ! isset($response['body']->modules)) {
return response()->json(['error' => 'marketplace_unavailable'], 503);
}
return ModuleResource::collection(collect($response['body']->modules));
}
public function show(Request $request, string $module)
@@ -27,13 +33,19 @@ class ModulesController extends Controller
$response = ModuleInstaller::getModule($module);
if (! $response->success) {
return response()->json($response);
if (($response['status'] ?? 0) === 404) {
return response()->json(['error' => 'not_found'], 404);
}
return (new ModuleResource($response->module))
if (($response['status'] ?? 0) !== 200 || ! isset($response['body']->data)) {
return response()->json(['error' => 'marketplace_unavailable'], 503);
}
return (new ModuleResource($response['body']->data))
->additional(['meta' => [
'modules' => ModuleResource::collection(collect($response->modules)),
'modules' => ModuleResource::collection(
collect($response['body']->meta->modules ?? [])
),
]]);
}