00681a8e30
- Tambah validasi HMAC (X-Signature, X-Timestamp, X-Api-Key) pada setiap request. - Standarkan format respons sesuai ResponseCode; hapus `response_description` (gabung ke `response_message`). - `BalanceSummaryRequest`: validasi header + `validateHmac512`, pakai secret dari config, logging detail, bedakan invalid API key vs invalid signature. - `AccountBalanceController`: sederhanakan pesan error “Rekening tidak ditemukan”. - Konfigurasi baru: `webstatement.api_key`, `webstatement.secret_key`; pastikan helper `validateHmac512` tersedia. - Breaking: Bearer token tidak didukung; gunakan HMAC headers. - Validasi nomor rekening di database sebelum proses bisnis. - Logging terstruktur untuk setiap percobaan validasi HMAC (header & hasil verifikasi). - Konsistensi kode error via ResponseCode enum untuk semua kasus gagal.
98 lines
3.3 KiB
PHP
98 lines
3.3 KiB
PHP
<?php
|
|
|
|
namespace Modules\Webstatement\Http\Controllers\Api;
|
|
|
|
use App\Http\Controllers\Controller;
|
|
use Illuminate\Http\JsonResponse;
|
|
use Illuminate\Support\Facades\Log;
|
|
use Modules\Webstatement\Http\Requests\BalanceSummaryRequest;
|
|
use Modules\Webstatement\Http\Requests\DetailedBalanceRequest;
|
|
use Modules\Webstatement\Services\AccountBalanceService;
|
|
use Modules\Webstatement\Http\Resources\BalanceSummaryResource;
|
|
use Modules\Webstatement\Http\Resources\DetailedBalanceResource;
|
|
use Modules\Webstatement\Enums\ResponseCode;
|
|
use Exception;
|
|
|
|
class AccountBalanceController extends Controller
|
|
{
|
|
protected AccountBalanceService $accountBalanceService;
|
|
|
|
public function __construct(AccountBalanceService $accountBalanceService)
|
|
{
|
|
$this->accountBalanceService = $accountBalanceService;
|
|
}
|
|
|
|
/**
|
|
* Get account balance summary (opening and closing balance)
|
|
*
|
|
* @param BalanceSummaryRequest $request
|
|
* @return JsonResponse
|
|
*/
|
|
public function getBalanceSummary(BalanceSummaryRequest $request): JsonResponse
|
|
{
|
|
try {
|
|
$accountNumber = $request->input('account_number');
|
|
$startDate = $request->input('start_date');
|
|
$endDate = $request->input('end_date');
|
|
|
|
Log::info('Account balance summary requested', [
|
|
'account_number' => $accountNumber,
|
|
'start_date' => $startDate,
|
|
'end_date' => $endDate,
|
|
'ip' => $request->ip(),
|
|
'user_agent' => $request->userAgent()
|
|
]);
|
|
|
|
$result = $this->accountBalanceService->getBalanceSummary(
|
|
$accountNumber,
|
|
$startDate,
|
|
$endDate
|
|
);
|
|
|
|
if (empty($result)) {
|
|
return response()->json(
|
|
ResponseCode::DATA_NOT_FOUND->toResponse(
|
|
null,
|
|
'Rekening tidak ditemukan'
|
|
),
|
|
ResponseCode::DATA_NOT_FOUND->getHttpStatus()
|
|
);
|
|
}
|
|
|
|
return response()->json(
|
|
ResponseCode::SUCCESS->toResponse(
|
|
(new BalanceSummaryResource($result))->toArray($request),
|
|
|
|
),
|
|
ResponseCode::SUCCESS->getHttpStatus()
|
|
);
|
|
|
|
} catch (Exception $e) {
|
|
Log::error('Error getting account balance summary', [
|
|
'error' => $e->getMessage(),
|
|
'file' => $e->getFile(),
|
|
'line' => $e->getLine(),
|
|
'trace' => $e->getTraceAsString()
|
|
]);
|
|
|
|
$responseCode = match ($e->getCode()) {
|
|
404 => ResponseCode::DATA_NOT_FOUND,
|
|
401 => ResponseCode::UNAUTHORIZED,
|
|
403 => ResponseCode::UNAUTHORIZED,
|
|
408 => ResponseCode::TIMEOUT,
|
|
503 => ResponseCode::SERVICE_UNAVAILABLE,
|
|
400 => ResponseCode::INVALID_FIELD,
|
|
default => ResponseCode::SYSTEM_MALFUNCTION
|
|
};
|
|
|
|
return response()->json(
|
|
$responseCode->toResponse(
|
|
null,
|
|
config('app.debug') ? $e->getMessage() : 'Terjadi kesalahan sistem'
|
|
),
|
|
$responseCode->getHttpStatus()
|
|
);
|
|
}
|
|
}
|
|
}
|