QT/InvoiceShelf
1
0
Fork 0
mirror of https://github.com/InvoiceShelf/InvoiceShelf.git synced 2026-04-15 17:24:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
23d14768705df67ac52de51017975fdd2b972985
InvoiceShelf/app/Http/Controllers/Admin/Modules/ModulesController.php
Darko Gjorgjijoski 23d1476870 refactor(modules): marketplace install flow with checksum validation 
Rewires module installation to use slug + version + checksum_sha256 instead of the opaque module identifier. ModuleInstaller splits marketplace token handling out of install() into helpers, adopts structured error responses, and validates the downloaded archive's SHA-256 against the marketplace manifest before unpacking.

ModuleResource is simplified to accept an already-loaded installed-module instance rather than fetching it from state, exposes access_tier and checksum fields, and drops the auto-disable-on-unpurchased side effect that was bleeding write logic into a read resource. UnzipUpdateRequest accepts a nullable module with a conditional module_name field so the same endpoint serves both app and module updates.

ModulesPolicy::manageModules now short-circuits for super-admins so administration flows (token validation, store state) are not blocked on a company-scoped ability. Two new feature tests cover both the authorization bypass and ModuleResource serialization.
2026-04-10 17:30:00 +02:00

87 lines
2.6 KiB
PHP
Raw Blame History

<?php
namespace App\Http\Controllers\Admin\Modules;
use App\Events\ModuleDisabledEvent;
use App\Events\ModuleEnabledEvent;
use App\Http\Controllers\Controller;
use App\Http\Resources\ModuleResource;
use App\Models\Module as ModelsModule;
use App\Services\Module\ModuleInstaller;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Nwidart\Modules\Facades\Module;
class ModulesController extends Controller
{
public function index(Request $request)
{
$this->authorize('manage modules');
$response = ModuleInstaller::getModules();
if (($response['status'] ?? 0) !== 200 || ! isset($response['body']->modules)) {
return response()->json(['error' => 'marketplace_unavailable'], 503);
}
return ModuleResource::collection(collect($response['body']->modules));
}
public function show(Request $request, string $module)
{
$this->authorize('manage modules');
$response = ModuleInstaller::getModule($module);
if (($response['status'] ?? 0) === 404) {
return response()->json(['error' => 'not_found'], 404);
}
if (($response['status'] ?? 0) !== 200 || ! isset($response['body']->data)) {
return response()->json(['error' => 'marketplace_unavailable'], 503);
}
return (new ModuleResource($response['body']->data))
->additional(['meta' => [
'modules' => ModuleResource::collection(
collect($response['body']->meta->modules ?? [])
),
]]);
}
public function checkToken(Request $request): JsonResponse
{
$this->authorize('manage modules');
return ModuleInstaller::checkToken($request->api_token);
}
public function enable(Request $request, string $module): JsonResponse
{
$this->authorize('manage modules');
$module = ModelsModule::where('name', $module)->first();
$module->update(['enabled' => true]);
$installedModule = Module::find($module->name);
$installedModule->enable();
ModuleEnabledEvent::dispatch($module);
return response()->json(['success' => true]);
}
public function disable(Request $request, string $module): JsonResponse
{
$this->authorize('manage modules');
$module = ModelsModule::where('name', $module)->first();
$module->update(['enabled' => false]);
$installedModule = Module::find($module->name);
$installedModule->disable();
ModuleDisabledEvent::dispatch($module);
return response()->json(['success' => true]);
}
}
Reference in New Issue View Git Blame Copy Permalink