start hook develop

hesabixCore/config/packages/security.yaml

@@ -25,6 +25,7 @@ security:
 
             custom_authenticators:
                 - App\Security\ApiKeyAuthenticator
+                - App\Security\ParttyAuthenticator
             # activate different ways to authenticate
             # https://symfony.com/doc/current/security.html#the-firewall
 
@@ -50,6 +51,7 @@ security:
     access_control:
         # - { path: ^/admin, roles: ROLE_ADMIN }
         - { path: ^/api/acc/*, roles: ROLE_USER }
+        - { path: ^/hooks/*, roles: ROLE_USER }
         - { path: ^/api/app/*, roles: ROLE_USER }
         - { path: ^/api/admin/*, roles: ROLE_ADMIN }
         - { path: ^/app/*, roles: ROLE_ADMIN }

hesabixCore/src/Controller/BusinessController.php

@@ -2,6 +2,7 @@
 
 namespace App\Controller;
 
+use App\Entity\APIToken;
 use App\Entity\BankAccount;
 use App\Entity\Commodity;
 use App\Entity\HesabdariDoc;
@@ -12,6 +13,7 @@ use App\Entity\Person;
 use App\Entity\Plugin;
 use App\Entity\User;
 use App\Entity\Business;
+use App\Entity\Hook;
 use App\Entity\Year;
 use App\Service\Access;
 use App\Service\Jdate;
@@ -544,11 +546,40 @@ class BusinessController extends AbstractController
         return $this->json($response);
     }
 
-    #[Route('v2/api/settings/chack-api', name: 'api_business_check_api')]
+    #[Route('hooks/setting/SetChangeHook', name: 'api_business_SetChangeHook')]
-    public function api_business_check_api(Access $access,Log $log,Request $request,EntityManagerInterface $entityManager): Response
+    public function api_business_SetChangeHook(Access $access,Log $log,Request $request,EntityManagerInterface $entityManager): JsonResponse
     {
+        
+        $api = $entityManager->getRepository(APIToken::class)->findOneBy([
+            'token' => $request->headers->get('api-key'),
+        ]);
+       
+        $params = [];
+        if ($content = $request->getContent()) {
+            $params = json_decode($content, true);
+        }
+        $hook = $entityManager->getRepository(Hook::class)->findOneBy([
+            'url'=> $params['url'],
+            'password'=> $params['hookPassword'],
+            'bid' => $api->getBid(),
+            'submitter'=>$this->getUser()
+        ]);
+        if(!$hook){
+            $hook = new Hook();
+            $hook->setBid($api->getBid());
+            $hook->setSubmitter($this->getUser());
+            $hook->setPassword($params['hookPassword']);
+            $hook->setUrl($params['url']);
+            $entityManager->persist($hook);
+            $entityManager->flush();
+        }
+        
+        $year = $entityManager->getRepository(Year::class)->findOneBy(['bid'=>$api->getBid(),'head'=>true])->getId();
         return $this->json([
-            'Success'=>true
+            'Success'=>true,
+            'bid' => $api->getBid()->getId(),
+            'year' => $year,
+            'money' => $api->getBid()->getMoney()->getId()
         ]);
     }
 }

hesabixCore/src/Repository/APITokenRepository.php

@@ -45,4 +45,19 @@ class APITokenRepository extends ServiceEntityRepository
 //            ->getOneOrNullResult()
 //        ;
 //    }
+
+    /**
+     * @throws NonUniqueResultException
+     */
+    public function findByApiToken($value): APIToken | null
+    {
+        return $this->createQueryBuilder('u')
+            ->andWhere('u.token = :val')
+            ->setParameter('val', $value)
+            ->orderBy('u.id', 'ASC')
+            ->setMaxResults(10)
+            ->getQuery()
+            ->getOneOrNullResult()
+            ;
+    }
 }

hesabixCore/src/Security/ApiKeyAuthenticator.php

@@ -67,8 +67,6 @@ class ApiKeyAuthenticator extends AbstractAuthenticator
 
     public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
     {
-        echo 55;
-        die();
         $data = [
             // you may want to customize or obfuscate the message first
             'message' => strtr($exception->getMessageKey(), $exception->getMessageData())

hesabixCore/src/Security/ParttyAuthenticator.php

@@ -0,0 +1,80 @@
+<?php
+
+// src/Security/ParttyAuthenticator.php
+namespace App\Security;
+
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
+use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
+use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
+use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
+use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
+use Symfony\Component\Security\Core\Exception\UserNotFoundException;
+
+use App\Repository\APITokenRepository;
+
+class ParttyAuthenticator extends AbstractAuthenticator
+{
+
+    /**
+     * @var APITokenRepository
+     */
+    private APITokenRepository $APITokenRepository;
+
+    public function __construct(APITokenRepository $APITokenRepository)
+    {
+        $this->APITokenRepository = $APITokenRepository;
+    }
+    /**
+     * Called on every request to decide if this authenticator should be
+     * used for the request. Returning `false` will cause this authenticator
+     * to be skipped.
+     */
+    public function supports(Request $request): ?bool
+    {
+        return $request->headers->has('api-key');
+    }
+
+    public function authenticate(Request $request): Passport
+    {
+        $apiToken = $request->headers->get('api-key');
+        if (null === $apiToken) {
+            // The token header was empty, authentication fails with HTTP Status
+            // Code 401 "Unauthorized"
+            throw new CustomUserMessageAuthenticationException('No API token provided');
+        }
+
+        return new SelfValidatingPassport(
+            new UserBadge($apiToken, function($apiToken) {
+                $tk = $this->APITokenRepository->findByApiToken($apiToken);
+                if (! $tk) {
+                    throw new UserNotFoundException();
+                }
+                return $tk->getSubmitter();
+            })
+        );
+    }
+
+    public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
+    {
+        // on success, let the request continue
+        return null;
+    }
+
+    public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
+    {
+        $data = [
+            // you may want to customize or obfuscate the message first
+            'message' => strtr($exception->getMessageKey(), $exception->getMessageData())
+
+            // or to translate this message
+            // $this->translator->trans($exception->getMessageKey(), $exception->getMessageData())
+        ];
+
+        return new JsonResponse($data, Response::HTTP_UNAUTHORIZED);
+    }
+}