mirror of
https://github.com/InvoiceShelf/InvoiceShelf.git
synced 2026-07-16 22:05:20 +00:00
Foundation for the AI chatbot + text generation feature. Phase 1 is infrastructure only: driver plumbing, configuration storage with encrypted API keys, global vs per-company resolution, admin + company UI pages, and an optional installer wizard step. The chat assistant and text-generation WYSIWYG integration come in later phases.
**Driver plumbing (app/Support/Ai/)** — AiDriver abstract, AiDriverFactory, AiException, AiChatResponse DTO, OpenRouterDriver concrete implementation. OpenRouter is the OpenAI-compatible aggregator that unlocks hundreds of models behind one API key and one request shape — ideal as the default v1 driver. Drivers are extensible the same way exchange rate drivers are: the module Registry's generic registerDriver('ai', ...) machinery plus a typed Registry::registerAiDriver() convenience wrapper (shipped in the upstream invoiceshelf/modules package in a paired commit).
**AiConfigurationService** — mirrors MailConfigurationService shape but with one deliberate deviation: API keys are encrypted at the service layer via Crypt::encryptString before persistence. OpenRouter bearer tokens have much bigger blast radius than SMTP passwords. Same settings / company_settings tables, same global-vs-per-company pattern, same use_custom_ai_config override toggle. Resolution order: global ai_enabled must be YES, then the company either overrides via use_custom_ai_config=YES (and can opt out with ai_enabled=NO inside the override) or inherits the global config.
**Controllers** — Admin/Settings/AiConfigurationController (global CRUD + driver list + test connection), Company/Settings/CompanyAiConfigurationController (per-company override + test), Setup/AiConfigurationController (installer wizard step, skippable with explicit ai_enabled=NO). API key is always masked as '********' in GET responses — the frontend submits the placeholder back on save and the backend preserves the stored value.
**Installer wizard** — new optional step 7 'AI' between Mail and Account. Default OFF with a Skip button. MailView.vue now routes to installation.ai instead of installation.account; installation.ai then routes to installation.account. Step order comment updated in routes.ts.
**Admin + Company settings pages** — AdminAiConfigView (no toggle, always global) and AiConfigView (with use_custom_ai_config BaseSwitchSection that auto-saves OFF). Both share AiConfigurationForm which renders the driver selector, API key input with show/hide, driver-specific config_fields (base_url for OpenRouter), and per-role enable toggles with free-text model inputs backed by a datalist of suggested models from driver metadata.
**Bootstrap endpoint** — adds an ai block to the response: { enabled, chat_enabled, text_generation_enabled }. All three are booleans resolved through AiConfigurationService::resolveForCompany(). Never leaks the API key. Frontend feature flags read from bootstrapData.ai to decide whether to show Phase 2/3 UI.
**Bouncer ability** 'manage ai config' added to SettingsPolicy, gated on isSuperAdmin() (same pattern as manage email config, manage pdf config).
**Tests** (22 new) — Unit: AiDriverFactory resolves built-in + Registry-contributed drivers, rejects unknown, merges availableDrivers. AiConfigurationService: encryption round-trip, resolution order (3 cases: global off, inherit global, override with company key, override with opt-out), makeDriver null/instance cases, listDrivers metadata. Feature: admin save + read with api key masking, preserve-on-placeholder behavior, company toggle ON/OFF semantics, bootstrap ai flags reflect resolution, company opt-out path.
372 tests pass (was 350, +22). Pint clean. npm run build clean. Phase 2 (chat assistant + tool calling) and Phase 3 (WYSIWYG text generation popup) are separate follow-up commits — this one is the foundation only.
193 lines
6.6 KiB
PHP
193 lines
6.6 KiB
PHP
<?php
|
|
|
|
namespace App\Providers;
|
|
|
|
use App\Policies\CompanyPolicy;
|
|
use App\Policies\CustomerPolicy;
|
|
use App\Policies\DashboardPolicy;
|
|
use App\Policies\EstimatePolicy;
|
|
use App\Policies\ExpensePolicy;
|
|
use App\Policies\InvoicePolicy;
|
|
use App\Policies\ItemPolicy;
|
|
use App\Policies\ModulesPolicy;
|
|
use App\Policies\NotePolicy;
|
|
use App\Policies\OwnerPolicy;
|
|
use App\Policies\PaymentPolicy;
|
|
use App\Policies\RecurringInvoicePolicy;
|
|
use App\Policies\ReportPolicy;
|
|
use App\Policies\RolePolicy;
|
|
use App\Policies\SettingsPolicy;
|
|
use App\Policies\UserPolicy;
|
|
use App\Support\Bouncer\BouncerDefaultScope;
|
|
use App\Support\Setup\InstallUtils;
|
|
use App\Support\Setup\InstallWizardAuth;
|
|
use Gate;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Broadcast;
|
|
use Illuminate\Support\Facades\Mail;
|
|
use Illuminate\Support\Facades\Notification;
|
|
use Illuminate\Support\ServiceProvider;
|
|
use Laravel\Sanctum\Sanctum;
|
|
use Silber\Bouncer\Database\Models as BouncerModels;
|
|
use Silber\Bouncer\Database\Role;
|
|
use View;
|
|
|
|
class AppServiceProvider extends ServiceProvider
|
|
{
|
|
/**
|
|
* The path to your application's "home" route.
|
|
*
|
|
* Typically, users are redirected here after authentication.
|
|
*
|
|
* @var string
|
|
*/
|
|
public const HOME = '/admin/dashboard';
|
|
|
|
/**
|
|
* The path to the "customer home" route for your application.
|
|
*
|
|
* This is used by Laravel authentication to redirect customers after login.
|
|
*
|
|
* @var string
|
|
*/
|
|
public const CUSTOMER_HOME = '/customer/dashboard';
|
|
|
|
/**
|
|
* Bootstrap any application services.
|
|
*/
|
|
public function boot(): void
|
|
{
|
|
$this->configureInstallWizardTokenAuth();
|
|
|
|
if (InstallUtils::isDbCreated()) {
|
|
$this->addMenus();
|
|
}
|
|
|
|
Gate::policy(Role::class, RolePolicy::class);
|
|
|
|
View::addNamespace('pdf_templates', storage_path('app/templates/pdf'));
|
|
|
|
$this->bootAuth();
|
|
$this->bootBroadcast();
|
|
|
|
// In demo mode, prevent all outgoing emails and notifications
|
|
if (config('app.env') === 'demo') {
|
|
Mail::fake();
|
|
Notification::fake();
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Register any application services.
|
|
*/
|
|
public function register(): void
|
|
{
|
|
BouncerModels::scope(new BouncerDefaultScope);
|
|
}
|
|
|
|
public function addMenus()
|
|
{
|
|
// main menu
|
|
\Menu::make('main_menu', function ($menu) {
|
|
foreach (config('invoiceshelf.main_menu') as $data) {
|
|
$this->generateMenu($menu, $data);
|
|
}
|
|
});
|
|
|
|
// admin menu (super admin mode)
|
|
\Menu::make('admin_menu', function ($menu) {
|
|
foreach (config('invoiceshelf.admin_menu') as $data) {
|
|
$this->generateMenu($menu, $data);
|
|
}
|
|
});
|
|
|
|
// setting menu
|
|
\Menu::make('setting_menu', function ($menu) {
|
|
foreach (config('invoiceshelf.setting_menu') as $data) {
|
|
$this->generateMenu($menu, $data);
|
|
}
|
|
});
|
|
|
|
\Menu::make('customer_portal_menu', function ($menu) {
|
|
foreach (config('invoiceshelf.customer_menu') as $data) {
|
|
$this->generateMenu($menu, $data);
|
|
}
|
|
});
|
|
}
|
|
|
|
public function generateMenu($menu, $data)
|
|
{
|
|
$menu->add($data['title'], $data['link'])
|
|
->data('icon', $data['icon'])
|
|
->data('name', $data['name'])
|
|
->data('owner_only', $data['owner_only'])
|
|
->data('super_admin_only', $data['super_admin_only'] ?? false)
|
|
->data('ability', $data['ability'])
|
|
->data('model', $data['model'])
|
|
->data('group', $data['group'])
|
|
->data('group_label', $data['group_label'] ?? '')
|
|
->data('priority', $data['priority'] ?? 100);
|
|
}
|
|
|
|
public function bootAuth()
|
|
{
|
|
|
|
Gate::define('create company', [CompanyPolicy::class, 'create']);
|
|
Gate::define('transfer company ownership', [CompanyPolicy::class, 'transferOwnership']);
|
|
Gate::define('delete company', [CompanyPolicy::class, 'delete']);
|
|
|
|
Gate::define('manage modules', [ModulesPolicy::class, 'manageModules']);
|
|
|
|
Gate::define('manage settings', [SettingsPolicy::class, 'manageSettings']);
|
|
Gate::define('manage company', [SettingsPolicy::class, 'manageCompany']);
|
|
Gate::define('manage backups', [SettingsPolicy::class, 'manageBackups']);
|
|
Gate::define('manage file disk', [SettingsPolicy::class, 'manageFileDisk']);
|
|
Gate::define('manage email config', [SettingsPolicy::class, 'manageEmailConfig']);
|
|
Gate::define('manage ai config', [SettingsPolicy::class, 'manageAiConfig']);
|
|
Gate::define('manage pdf config', [SettingsPolicy::class, 'managePDFConfig']);
|
|
Gate::define('manage notes', [NotePolicy::class, 'manageNotes']);
|
|
Gate::define('view notes', [NotePolicy::class, 'viewNotes']);
|
|
|
|
Gate::define('send invoice', [InvoicePolicy::class, 'send']);
|
|
Gate::define('send estimate', [EstimatePolicy::class, 'send']);
|
|
Gate::define('send payment', [PaymentPolicy::class, 'send']);
|
|
|
|
Gate::define('delete multiple items', [ItemPolicy::class, 'deleteMultiple']);
|
|
Gate::define('delete multiple customers', [CustomerPolicy::class, 'deleteMultiple']);
|
|
Gate::define('delete multiple users', [UserPolicy::class, 'deleteMultiple']);
|
|
Gate::define('delete multiple invoices', [InvoicePolicy::class, 'deleteMultiple']);
|
|
Gate::define('delete multiple estimates', [EstimatePolicy::class, 'deleteMultiple']);
|
|
Gate::define('delete multiple expenses', [ExpensePolicy::class, 'deleteMultiple']);
|
|
Gate::define('delete multiple payments', [PaymentPolicy::class, 'deleteMultiple']);
|
|
Gate::define('delete multiple recurring invoices', [RecurringInvoicePolicy::class, 'deleteMultiple']);
|
|
|
|
Gate::define('view dashboard', [DashboardPolicy::class, 'view']);
|
|
|
|
Gate::define('view report', [ReportPolicy::class, 'viewReport']);
|
|
|
|
Gate::define('owner only', [OwnerPolicy::class, 'managedByOwner']);
|
|
}
|
|
|
|
public function bootBroadcast()
|
|
{
|
|
Broadcast::routes(['middleware' => 'api.auth']);
|
|
}
|
|
|
|
private function configureInstallWizardTokenAuth(): void
|
|
{
|
|
Sanctum::authenticateAccessTokensUsing(function ($accessToken, bool $isValid): bool {
|
|
if (! $isValid) {
|
|
return false;
|
|
}
|
|
|
|
$request = request();
|
|
|
|
if (! $request instanceof Request || ! $request->attributes->get('install_wizard', false)) {
|
|
return $isValid;
|
|
}
|
|
|
|
return $accessToken->can(InstallWizardAuth::TOKEN_ABILITY);
|
|
});
|
|
}
|
|
}
|