documentModel = new DocumentModel(); $this->storage = new DocumentStorageService(); $this->maxUploadBytes = 30 * 1024 * 1024; $this->debug = filter_var($_ENV['DOCUMENT_UPLOAD_DEBUG'] ?? 'true', FILTER_VALIDATE_BOOLEAN); } private function log(string $requestId, string $message, array $context = []): void { if (!$this->debug) { return; } $json = ''; if (!empty($context)) { $json = ' ' . json_encode($context, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE); } error_log('[documents.upload][' . $requestId . '] ' . $message . $json); } public function __invoke(ServerRequestInterface $request) { $requestId = bin2hex(random_bytes(4)); $userId = (int)($request->getAttribute('api_user_id') ?? 0); $companyId = (int)($request->getAttribute('api_company_id') ?? 0); if ($userId <= 0 || $companyId <= 0) { return ResponseLib::sendFail('Unauthorized', [], 'E_VALIDATE')->withStatus(401); } $contentLength = (int)$request->getHeaderLine('Content-Length'); if ($contentLength > 0 && $contentLength > $this->maxUploadBytes) { $this->log($requestId, 'content-length exceeded', [ 'user_id' => $userId, 'company_id' => $companyId, 'content_length' => $contentLength, 'content_type' => $request->getHeaderLine('Content-Type'), 'user_agent' => $request->getHeaderLine('User-Agent'), 'x_forwarded_for' => $request->getHeaderLine('X-Forwarded-For'), 'x_forwarded_proto' => $request->getHeaderLine('X-Forwarded-Proto'), ]); return ResponseLib::sendFail('File too large. Max 30MB.', ['request_id' => $requestId], 'E_TOO_LARGE')->withStatus(413); } try { $parsed = MultipartFormDataParser::parse($request); } catch (\Throwable $e) { $this->log($requestId, 'multipart parse failed', [ 'user_id' => $userId, 'company_id' => $companyId, 'error' => $e->getMessage(), 'content_type' => $request->getHeaderLine('Content-Type'), 'content_length' => $request->getHeaderLine('Content-Length'), 'transfer_encoding' => $request->getHeaderLine('Transfer-Encoding'), 'user_agent' => $request->getHeaderLine('User-Agent'), 'x_forwarded_for' => $request->getHeaderLine('X-Forwarded-For'), 'x_forwarded_proto' => $request->getHeaderLine('X-Forwarded-Proto'), ]); return ResponseLib::sendFail('Invalid multipart form-data: ' . $e->getMessage(), ['request_id' => $requestId], 'E_VALIDATE')->withStatus(400); } $fields = $parsed['fields'] ?? []; $files = $parsed['files'] ?? []; $meta = $parsed['meta'] ?? []; $documentType = isset($fields['document_type']) ? (string)$fields['document_type'] : ''; if ($documentType === '') { $this->log($requestId, 'missing document_type', [ 'user_id' => $userId, 'company_id' => $companyId, 'field_names' => array_keys($fields), 'file_names' => array_keys($files), 'meta' => $meta, 'content_type' => $request->getHeaderLine('Content-Type'), 'content_length' => $request->getHeaderLine('Content-Length'), 'transfer_encoding' => $request->getHeaderLine('Transfer-Encoding'), 'user_agent' => $request->getHeaderLine('User-Agent'), 'x_forwarded_for' => $request->getHeaderLine('X-Forwarded-For'), 'x_forwarded_proto' => $request->getHeaderLine('X-Forwarded-Proto'), ]); $data = ['request_id' => $requestId]; if ($this->debug) { $data['debug'] = [ 'field_names' => array_keys($fields), 'file_names' => array_keys($files), 'meta' => $meta, 'content_type' => $request->getHeaderLine('Content-Type'), 'content_length' => $request->getHeaderLine('Content-Length'), 'transfer_encoding' => $request->getHeaderLine('Transfer-Encoding'), ]; } return ResponseLib::sendFail('Missing field: document_type', $data, 'E_VALIDATE')->withStatus(400); } $file = $files['file'] ?? null; if (!is_array($file) || !isset($file['content'])) { $this->log($requestId, 'missing file', [ 'user_id' => $userId, 'company_id' => $companyId, 'field_names' => array_keys($fields), 'file_names' => array_keys($files), 'meta' => $meta, ]); $data = ['request_id' => $requestId]; if ($this->debug) { $data['debug'] = [ 'field_names' => array_keys($fields), 'file_names' => array_keys($files), 'meta' => $meta, ]; } return ResponseLib::sendFail('Missing file field: file', $data, 'E_VALIDATE')->withStatus(400); } $originalFilename = (string)($file['filename'] ?? 'upload.bin'); $contentType = (string)($file['content_type'] ?? 'application/octet-stream'); $content = (string)$file['content']; if (strlen($content) > $this->maxUploadBytes) { return ResponseLib::sendFail('File too large. Max 30MB.', ['request_id' => $requestId], 'E_TOO_LARGE')->withStatus(413); } try { $documentType = $this->storage->sanitizeDocumentType($documentType); $dir = $this->storage->ensureDirectory($companyId, $userId, $documentType); $storedFilename = $this->storage->buildStoredFilename($originalFilename, $contentType); $storedPath = $this->storage->writeFile($dir, $storedFilename, $content); $created = $this->documentModel->create($userId, $documentType, $storedPath); return ResponseLib::sendOk($created, 'S_CREATED'); } catch (\Throwable $e) { $this->log($requestId, 'upload failed', [ 'user_id' => $userId, 'company_id' => $companyId, 'error' => $e->getMessage(), ]); return ResponseLib::sendFail('Upload failed: ' . $e->getMessage(), [], 'E_INTERNAL')->withStatus(500); } } }