add api token

2024-10-17 15:13:26 +04:00 · 2024-10-17 15:13:26 +04:00 · 8c47dfa285
parent 8040aa1fd8
commit 8c47dfa285
4 changed files with 14 additions and 5 deletions
--- a/backend/.env
+++ b/backend/.env
@ -11,3 +11,5 @@ APP_SECRET=850da55654c68f779822ea80d2b66a94
 DATABASE_URL="postgresql://app:!ChangeMe!@127.0.0.1:5432/app?serverVersion=16&charset=utf8"
 ###< doctrine/doctrine-bundle ###
 DOT_DOT_URL='http://dot-dot.local'
+
+API_TOKEN='secret'
--- a/backend/src/Api/Request/SignRequest.php
+++ b/backend/src/Api/Request/SignRequest.php
@ -10,4 +10,5 @@ class SignRequest implements RequestDtoInterface
 {
    public string $url;
    public int $batch;
+    public string $apiToken;
 }
--- a/backend/src/Controller/SignController.php
+++ b/backend/src/Controller/SignController.php
@ -24,6 +24,6 @@ class SignController extends AbstractController
    {
        $token = $request->server->get('HTTP_AUTHORIZATION');

-        return new JsonResponse($this->signService->signDocument($signRequest->url, $token, $signRequest->batch));
+        return new JsonResponse($this->signService->signDocument($signRequest, $token));
    }
 }
--- a/backend/src/SignService.php
+++ b/backend/src/SignService.php
@ -6,9 +6,11 @@ namespace App;

 use App\Api\Api;
 use App\Api\ApiParams;
+use App\Api\Request\SignRequest;
 use App\Infrastructure\External\Api\BinaryStringFileResult;
 use Exception;
 use RuntimeException;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;

 class SignService
 {
@ -22,16 +24,20 @@ class SignService
        $this->devSignService = new DevSignService();
        $this->prodSignService = new ProdSignService();
    }
-    public function signDocument(string $url, string $token, int $batch): array
+    public function signDocument(SignRequest $request,string $token): array
    {
+        if ($_ENV['API_TOKEN'] !== $request->apiToken) {
+            throw new AccessDeniedHttpException('Доступ запрещен');
+        }
+
        $this->api->apiParams = $this->apiParams;

        try {
-            $document = $this->api->download($url, $token);
+            $document = $this->api->download($request->url, $token);

            $this->sign($document->tempFileName);

-            $response = $this->api->send($token, $document->tempFileName . '_sign.pdf', $batch);
+            $response = $this->api->send($token, $document->tempFileName . '_sign.pdf', $request->batch);

            $this->removeExistingDocument($document);