TooEasy
/
backend-php


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159
							<?php

namespace Controllers;

use Libs\MultipartFormDataParser;
use Libs\ResponseLib;
use Models\DocumentModel;
use Psr\Http\Message\ServerRequestInterface;
use Services\DocumentStorageService;

class DocumentUploadController
{
    private DocumentModel $documentModel;
    private DocumentStorageService $storage;
    private int $maxUploadBytes;
    private bool $debug;

    public function __construct()
    {
        $this->documentModel = new DocumentModel();
        $this->storage = new DocumentStorageService();
        $this->maxUploadBytes = 30 * 1024 * 1024;
        $this->debug = filter_var($_ENV['DOCUMENT_UPLOAD_DEBUG'] ?? 'true', FILTER_VALIDATE_BOOLEAN);
    }

    private function log(string $requestId, string $message, array $context = []): void
    {
        if (!$this->debug) {
            return;
        }

        $json = '';
        if (!empty($context)) {
            $json = ' ' . json_encode($context, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
        }

        error_log('[documents.upload][' . $requestId . '] ' . $message . $json);
    }

    public function __invoke(ServerRequestInterface $request)
    {
        $requestId = bin2hex(random_bytes(4));
        $userId = (int)($request->getAttribute('api_user_id') ?? 0);
        $companyId = (int)($request->getAttribute('api_company_id') ?? 0);

        if ($userId <= 0 || $companyId <= 0) {
            return ResponseLib::sendFail('Unauthorized', [], 'E_VALIDATE')->withStatus(401);
        }

        $contentLength = (int)$request->getHeaderLine('Content-Length');
        if ($contentLength > 0 && $contentLength > $this->maxUploadBytes) {
            $this->log($requestId, 'content-length exceeded', [
                'user_id' => $userId,
                'company_id' => $companyId,
                'content_length' => $contentLength,
                'content_type' => $request->getHeaderLine('Content-Type'),
                'user_agent' => $request->getHeaderLine('User-Agent'),
                'x_forwarded_for' => $request->getHeaderLine('X-Forwarded-For'),
                'x_forwarded_proto' => $request->getHeaderLine('X-Forwarded-Proto'),
            ]);
            return ResponseLib::sendFail('File too large. Max 30MB.', ['request_id' => $requestId], 'E_TOO_LARGE')->withStatus(413);
        }

        try {
            $parsed = MultipartFormDataParser::parse($request);
        } catch (\Throwable $e) {
            $this->log($requestId, 'multipart parse failed', [
                'user_id' => $userId,
                'company_id' => $companyId,
                'error' => $e->getMessage(),
                'content_type' => $request->getHeaderLine('Content-Type'),
                'content_length' => $request->getHeaderLine('Content-Length'),
                'transfer_encoding' => $request->getHeaderLine('Transfer-Encoding'),
                'user_agent' => $request->getHeaderLine('User-Agent'),
                'x_forwarded_for' => $request->getHeaderLine('X-Forwarded-For'),
                'x_forwarded_proto' => $request->getHeaderLine('X-Forwarded-Proto'),
            ]);
            return ResponseLib::sendFail('Invalid multipart form-data: ' . $e->getMessage(), ['request_id' => $requestId], 'E_VALIDATE')->withStatus(400);
        }

        $fields = $parsed['fields'] ?? [];
        $files = $parsed['files'] ?? [];
        $meta = $parsed['meta'] ?? [];

        $documentType = isset($fields['document_type']) ? (string)$fields['document_type'] : '';
        if ($documentType === '') {
            $this->log($requestId, 'missing document_type', [
                'user_id' => $userId,
                'company_id' => $companyId,
                'field_names' => array_keys($fields),
                'file_names' => array_keys($files),
                'meta' => $meta,
                'content_type' => $request->getHeaderLine('Content-Type'),
                'content_length' => $request->getHeaderLine('Content-Length'),
                'transfer_encoding' => $request->getHeaderLine('Transfer-Encoding'),
                'user_agent' => $request->getHeaderLine('User-Agent'),
                'x_forwarded_for' => $request->getHeaderLine('X-Forwarded-For'),
                'x_forwarded_proto' => $request->getHeaderLine('X-Forwarded-Proto'),
            ]);

            $data = ['request_id' => $requestId];
            if ($this->debug) {
                $data['debug'] = [
                    'field_names' => array_keys($fields),
                    'file_names' => array_keys($files),
                    'meta' => $meta,
                    'content_type' => $request->getHeaderLine('Content-Type'),
                    'content_length' => $request->getHeaderLine('Content-Length'),
                    'transfer_encoding' => $request->getHeaderLine('Transfer-Encoding'),
                ];
            }

            return ResponseLib::sendFail('Missing field: document_type', $data, 'E_VALIDATE')->withStatus(400);
        }

        $file = $files['file'] ?? null;
        if (!is_array($file) || !isset($file['content'])) {
            $this->log($requestId, 'missing file', [
                'user_id' => $userId,
                'company_id' => $companyId,
                'field_names' => array_keys($fields),
                'file_names' => array_keys($files),
                'meta' => $meta,
            ]);

            $data = ['request_id' => $requestId];
            if ($this->debug) {
                $data['debug'] = [
                    'field_names' => array_keys($fields),
                    'file_names' => array_keys($files),
                    'meta' => $meta,
                ];
            }

            return ResponseLib::sendFail('Missing file field: file', $data, 'E_VALIDATE')->withStatus(400);
        }

        $originalFilename = (string)($file['filename'] ?? 'upload.bin');
        $contentType = (string)($file['content_type'] ?? 'application/octet-stream');
        $content = (string)$file['content'];

        if (strlen($content) > $this->maxUploadBytes) {
            return ResponseLib::sendFail('File too large. Max 30MB.', ['request_id' => $requestId], 'E_TOO_LARGE')->withStatus(413);
        }

        try {
            $documentType = $this->storage->sanitizeDocumentType($documentType);
            $dir = $this->storage->ensureDirectory($companyId, $userId, $documentType);
            $storedFilename = $this->storage->buildStoredFilename($originalFilename, $contentType);
            $storedPath = $this->storage->writeFile($dir, $storedFilename, $content);

            $created = $this->documentModel->create($userId, $documentType, $storedPath);

            return ResponseLib::sendOk($created, 'S_CREATED');
        } catch (\Throwable $e) {
            return ResponseLib::sendFail('Upload failed: ' . $e->getMessage(), [], 'E_INTERNAL')->withStatus(500);
        }
    }
}