From dd42972e38c8d37685a8ce697c1e0c154653a5c8 Mon Sep 17 00:00:00 2001
From: babak alizadeh <alizadeh.babak@gmail.com>
Date: Fri, 12 Jan 2024 18:05:28 +0000
Subject: [PATCH] start hook develop

---
 hesabixCore/config/packages/security.yaml     |  2 +
 .../src/Controller/BusinessController.php     | 37 ++++++++-
 .../src/Repository/APITokenRepository.php     | 15 ++++
 .../src/Security/ApiKeyAuthenticator.php      |  2 -
 .../src/Security/ParttyAuthenticator.php      | 80 +++++++++++++++++++
 5 files changed, 131 insertions(+), 5 deletions(-)
 create mode 100644 hesabixCore/src/Security/ParttyAuthenticator.php

diff --git a/hesabixCore/config/packages/security.yaml b/hesabixCore/config/packages/security.yaml
index a77281c..0642f4f 100644
--- a/hesabixCore/config/packages/security.yaml
+++ b/hesabixCore/config/packages/security.yaml
@@ -25,6 +25,7 @@ security:
 
             custom_authenticators:
                 - App\Security\ApiKeyAuthenticator
+                - App\Security\ParttyAuthenticator
             # activate different ways to authenticate
             # https://symfony.com/doc/current/security.html#the-firewall
 
@@ -50,6 +51,7 @@ security:
     access_control:
         # - { path: ^/admin, roles: ROLE_ADMIN }
         - { path: ^/api/acc/*, roles: ROLE_USER }
+        - { path: ^/hooks/*, roles: ROLE_USER }
         - { path: ^/api/app/*, roles: ROLE_USER }
         - { path: ^/api/admin/*, roles: ROLE_ADMIN }
         - { path: ^/app/*, roles: ROLE_ADMIN }
diff --git a/hesabixCore/src/Controller/BusinessController.php b/hesabixCore/src/Controller/BusinessController.php
index 2987ae4..528b5c0 100644
--- a/hesabixCore/src/Controller/BusinessController.php
+++ b/hesabixCore/src/Controller/BusinessController.php
@@ -2,6 +2,7 @@
 
 namespace App\Controller;
 
+use App\Entity\APIToken;
 use App\Entity\BankAccount;
 use App\Entity\Commodity;
 use App\Entity\HesabdariDoc;
@@ -12,6 +13,7 @@ use App\Entity\Person;
 use App\Entity\Plugin;
 use App\Entity\User;
 use App\Entity\Business;
+use App\Entity\Hook;
 use App\Entity\Year;
 use App\Service\Access;
 use App\Service\Jdate;
@@ -544,11 +546,40 @@ class BusinessController extends AbstractController
         return $this->json($response);
     }
 
-    #[Route('v2/api/settings/chack-api', name: 'api_business_check_api')]
-    public function api_business_check_api(Access $access,Log $log,Request $request,EntityManagerInterface $entityManager): Response
+    #[Route('hooks/setting/SetChangeHook', name: 'api_business_SetChangeHook')]
+    public function api_business_SetChangeHook(Access $access,Log $log,Request $request,EntityManagerInterface $entityManager): JsonResponse
     {
+        
+        $api = $entityManager->getRepository(APIToken::class)->findOneBy([
+            'token' => $request->headers->get('api-key'),
+        ]);
+       
+        $params = [];
+        if ($content = $request->getContent()) {
+            $params = json_decode($content, true);
+        }
+        $hook = $entityManager->getRepository(Hook::class)->findOneBy([
+            'url'=> $params['url'],
+            'password'=> $params['hookPassword'],
+            'bid' => $api->getBid(),
+            'submitter'=>$this->getUser()
+        ]);
+        if(!$hook){
+            $hook = new Hook();
+            $hook->setBid($api->getBid());
+            $hook->setSubmitter($this->getUser());
+            $hook->setPassword($params['hookPassword']);
+            $hook->setUrl($params['url']);
+            $entityManager->persist($hook);
+            $entityManager->flush();
+        }
+        
+        $year = $entityManager->getRepository(Year::class)->findOneBy(['bid'=>$api->getBid(),'head'=>true])->getId();
         return $this->json([
-            'Success'=>true
+            'Success'=>true,
+            'bid' => $api->getBid()->getId(),
+            'year' => $year,
+            'money' => $api->getBid()->getMoney()->getId()
         ]);
     }
 }
diff --git a/hesabixCore/src/Repository/APITokenRepository.php b/hesabixCore/src/Repository/APITokenRepository.php
index feac50d..941796f 100644
--- a/hesabixCore/src/Repository/APITokenRepository.php
+++ b/hesabixCore/src/Repository/APITokenRepository.php
@@ -45,4 +45,19 @@ class APITokenRepository extends ServiceEntityRepository
 //            ->getOneOrNullResult()
 //        ;
 //    }
+
+    /**
+     * @throws NonUniqueResultException
+     */
+    public function findByApiToken($value): APIToken | null
+    {
+        return $this->createQueryBuilder('u')
+            ->andWhere('u.token = :val')
+            ->setParameter('val', $value)
+            ->orderBy('u.id', 'ASC')
+            ->setMaxResults(10)
+            ->getQuery()
+            ->getOneOrNullResult()
+            ;
+    }
 }
diff --git a/hesabixCore/src/Security/ApiKeyAuthenticator.php b/hesabixCore/src/Security/ApiKeyAuthenticator.php
index 67a39fa..f65715b 100644
--- a/hesabixCore/src/Security/ApiKeyAuthenticator.php
+++ b/hesabixCore/src/Security/ApiKeyAuthenticator.php
@@ -67,8 +67,6 @@ class ApiKeyAuthenticator extends AbstractAuthenticator
 
     public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
     {
-        echo 55;
-        die();
         $data = [
             // you may want to customize or obfuscate the message first
             'message' => strtr($exception->getMessageKey(), $exception->getMessageData())
diff --git a/hesabixCore/src/Security/ParttyAuthenticator.php b/hesabixCore/src/Security/ParttyAuthenticator.php
new file mode 100644
index 0000000..69c3d56
--- /dev/null
+++ b/hesabixCore/src/Security/ParttyAuthenticator.php
@@ -0,0 +1,80 @@
+<?php
+
+// src/Security/ParttyAuthenticator.php
+namespace App\Security;
+
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
+use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
+use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
+use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
+use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
+use Symfony\Component\Security\Core\Exception\UserNotFoundException;
+
+use App\Repository\APITokenRepository;
+
+class ParttyAuthenticator extends AbstractAuthenticator
+{
+
+    /**
+     * @var APITokenRepository
+     */
+    private APITokenRepository $APITokenRepository;
+
+    public function __construct(APITokenRepository $APITokenRepository)
+    {
+        $this->APITokenRepository = $APITokenRepository;
+    }
+    /**
+     * Called on every request to decide if this authenticator should be
+     * used for the request. Returning `false` will cause this authenticator
+     * to be skipped.
+     */
+    public function supports(Request $request): ?bool
+    {
+        return $request->headers->has('api-key');
+    }
+
+    public function authenticate(Request $request): Passport
+    {
+        $apiToken = $request->headers->get('api-key');
+        if (null === $apiToken) {
+            // The token header was empty, authentication fails with HTTP Status
+            // Code 401 "Unauthorized"
+            throw new CustomUserMessageAuthenticationException('No API token provided');
+        }
+
+        return new SelfValidatingPassport(
+            new UserBadge($apiToken, function($apiToken) {
+                $tk = $this->APITokenRepository->findByApiToken($apiToken);
+                if (! $tk) {
+                    throw new UserNotFoundException();
+                }
+                return $tk->getSubmitter();
+            })
+        );
+    }
+
+    public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
+    {
+        // on success, let the request continue
+        return null;
+    }
+
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
+    {
+        $data = [
+            // you may want to customize or obfuscate the message first
+            'message' => strtr($exception->getMessageKey(), $exception->getMessageData())
+
+            // or to translate this message
+            // $this->translator->trans($exception->getMessageKey(), $exception->getMessageData())
+        ];
+
+        return new JsonResponse($data, Response::HTTP_UNAUTHORIZED);
+    }
+}
\ No newline at end of file