QT/InvoiceShelf
1
0
Fork 0
mirror of https://github.com/InvoiceShelf/InvoiceShelf.git synced 2026-04-15 17:24:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e44657bf7e36a2d2b6de96de6eca7b303bd5c494
InvoiceShelf/app/Http/Controllers/Admin/Modules/ModuleInstallationController.php
Darko Gjorgjijoski 23d1476870 refactor(modules): marketplace install flow with checksum validation 
Rewires module installation to use slug + version + checksum_sha256 instead of the opaque module identifier. ModuleInstaller splits marketplace token handling out of install() into helpers, adopts structured error responses, and validates the downloaded archive's SHA-256 against the marketplace manifest before unpacking.

ModuleResource is simplified to accept an already-loaded installed-module instance rather than fetching it from state, exposes access_tier and checksum fields, and drops the auto-disable-on-unpurchased side effect that was bleeding write logic into a read resource. UnzipUpdateRequest accepts a nullable module with a conditional module_name field so the same endpoint serves both app and module updates.

ModulesPolicy::manageModules now short-circuits for super-admins so administration flows (token validation, store state) are not blocked on a company-scoped ability. Two new feature tests cover both the authorization bypass and ModuleResource serialization.
2026-04-10 17:30:00 +02:00

70 lines
1.9 KiB
PHP
Raw Blame History

<?php
namespace App\Http\Controllers\Admin\Modules;
use App\Http\Controllers\Controller;
use App\Http\Requests\UnzipUpdateRequest;
use App\Http\Requests\UploadModuleRequest;
use App\Services\Module\ModuleInstaller;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
class ModuleInstallationController extends Controller
{
public function download(Request $request): JsonResponse
{
$this->authorize('manage modules');
$response = ModuleInstaller::download(
(string) $request->slug,
(string) $request->version,
$request->checksum_sha256 ? (string) $request->checksum_sha256 : null,
);
return response()->json($response);
}
public function upload(UploadModuleRequest $request): JsonResponse
{
$this->authorize('manage modules');
$response = ModuleInstaller::upload($request);
return response()->json($response);
}
public function unzip(UnzipUpdateRequest $request): JsonResponse
{
$this->authorize('manage modules');
$path = ModuleInstaller::unzip($request->module_name ?? $request->module, $request->path);
return response()->json([
'success' => true,
'path' => $path,
]);
}
public function copy(Request $request): JsonResponse
{
$this->authorize('manage modules');
$response = ModuleInstaller::copyFiles($request->module_name ?? $request->module, $request->path);
return response()->json([
'success' => $response,
]);
}
public function complete(Request $request): JsonResponse
{
$this->authorize('manage modules');
$response = ModuleInstaller::complete($request->module_name ?? $request->module, $request->version);
return response()->json([
'success' => $response,
]);
}
}
Reference in New Issue View Git Blame Copy Permalink