Files
autocrm/app/Providers/Filament/TenantPanelProvider.php
T
Vasyka eaa05d68c1 Deploy 2: 2FA (App + Email) + REST API + CSV import-export + auto backup
- Filament v5 multiFactorAuthentication enabled on both panels (App + Email)
- HasAppAuthentication + HasEmailAuthentication on User and SuperAdmin
- Migration: app_authentication_secret + recovery_codes + email_authentication_at
- Sanctum REST API: /api/v1/login, /me, clients, vehicles, work-orders
- EnsureTokenMatchesTenant middleware blocks cross-tenant token usage
- CsvImportExport service: clients + vehicles bulk via plain CSV
- Import/Export buttons on Client + Vehicle list pages
- ApiTokens page in tenant panel (generate/revoke + last-used)
- BackupAllTenantsCommand + scheduler (daily 03:00, retain 14 days)
- Background scheduler in entrypoint.sh
2026-05-07 19:25:27 +00:00

255 lines
14 KiB
PHP

<?php
namespace App\Providers\Filament;
use App\Http\Middleware\CheckTenantStatus;
use App\Http\Middleware\ResolveTenant;
use Filament\Http\Middleware\Authenticate;
use Filament\Http\Middleware\AuthenticateSession;
use Filament\Http\Middleware\DisableBladeIconComponents;
use Filament\Http\Middleware\DispatchServingFilamentEvent;
use Filament\Pages\Dashboard;
use Filament\Panel;
use Filament\PanelProvider;
use Filament\Support\Colors\Color;
use Filament\View\PanelsRenderHook;
use Illuminate\Support\Facades\Blade;
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
use Illuminate\Cookie\Middleware\EncryptCookies;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken;
use Illuminate\Routing\Middleware\SubstituteBindings;
use Illuminate\Session\Middleware\StartSession;
use Illuminate\View\Middleware\ShareErrorsFromSession;
/**
* Tenant panel — served on every <slug>.service.mir.md.
* ResolveTenant middleware loads the current Company before any auth check.
*/
class TenantPanelProvider extends PanelProvider
{
public function panel(Panel $panel): Panel
{
return $panel
->id('tenant')
->path('app')
->login()
->brandName('AutoCRM')
->colors([
'primary' => Color::Blue,
])
->authGuard('web')
->databaseNotifications()
->databaseNotificationsPolling('30s')
->globalSearchKeyBindings(['command+k', 'ctrl+k'])
->multiFactorAuthentication([
\Filament\Auth\MultiFactor\App\AppAuthentication::make(),
\Filament\Auth\MultiFactor\Email\EmailAuthentication::make(),
])
->profile()
->discoverResources(in: app_path('Filament/Tenant/Resources'), for: 'App\\Filament\\Tenant\\Resources')
->discoverPages(in: app_path('Filament/Tenant/Pages'), for: 'App\\Filament\\Tenant\\Pages')
->pages([
Dashboard::class,
])
->discoverWidgets(in: app_path('Filament/Tenant/Widgets'), for: 'App\\Filament\\Tenant\\Widgets')
->widgets([
\App\Filament\Tenant\Widgets\StatsOverview::class,
\App\Filament\Tenant\Widgets\FinanceOverview::class,
\App\Filament\Tenant\Widgets\LowStockTable::class,
])
->middleware([
// CRITICAL: tenant resolution must run BEFORE Filament's
// Authenticate middleware (which is inserted by authMiddleware
// between ShareErrorsFromSession and AuthenticateSession).
// Otherwise User::find() during auth check has no tenant
// context → TenantScope returns 0 rows → user appears
// unauthenticated → endless redirect to /app/login.
ResolveTenant::class,
CheckTenantStatus::class,
EncryptCookies::class,
AddQueuedCookiesToResponse::class,
StartSession::class,
\App\Http\Middleware\SetLocale::class,
AuthenticateSession::class,
ShareErrorsFromSession::class,
VerifyCsrfToken::class,
SubstituteBindings::class,
DisableBladeIconComponents::class,
DispatchServingFilamentEvent::class,
])
->authMiddleware([
Authenticate::class,
])
// PWA + theming injection
->renderHook(
PanelsRenderHook::HEAD_END,
fn (): string => Blade::render(<<<'BLADE'
@php
$t = app(\App\Tenancy\TenantManager::class)->current();
$themeColor = $t?->settings['theme_color'] ?? '#3B82F6';
$name = $t?->display_name ?? $t?->name ?? 'AutoCRM';
$favicon = $t?->getFaviconUrl();
// Generate primary color shades from theme_color hex.
$hex = ltrim($themeColor, '#');
if (strlen($hex) === 6) {
$r = hexdec(substr($hex, 0, 2));
$g = hexdec(substr($hex, 2, 2));
$b = hexdec(substr($hex, 4, 2));
} else { $r = 59; $g = 130; $b = 246; }
@endphp
<link rel="manifest" href="/manifest.json">
<meta name="theme-color" content="{{ $themeColor }}">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="default">
<meta name="apple-mobile-web-app-title" content="{{ $name }}">
@if ($favicon)
<link rel="icon" type="image/png" href="{{ $favicon }}">
<link rel="apple-touch-icon" href="{{ $favicon }}">
@endif
<style>
:root {
--primary-50: {{ "rgb({$r} {$g} {$b} / 0.05)" }};
--primary-100: {{ "rgb({$r} {$g} {$b} / 0.10)" }};
--primary-200: {{ "rgb({$r} {$g} {$b} / 0.20)" }};
--primary-300: {{ "rgb({$r} {$g} {$b} / 0.35)" }};
--primary-400: {{ "rgb({$r} {$g} {$b} / 0.55)" }};
--primary-500: {{ "rgb({$r} {$g} {$b})" }};
--primary-600: {{ "rgb({$r} {$g} {$b})" }};
--primary-700: {{ "rgb(" . max(0,$r-20) . " " . max(0,$g-20) . " " . max(0,$b-20) . ")" }};
--primary-800: {{ "rgb(" . max(0,$r-40) . " " . max(0,$g-40) . " " . max(0,$b-40) . ")" }};
--primary-900: {{ "rgb(" . max(0,$r-60) . " " . max(0,$g-60) . " " . max(0,$b-60) . ")" }};
--primary-950: {{ "rgb(" . max(0,$r-80) . " " . max(0,$g-80) . " " . max(0,$b-80) . ")" }};
}
</style>
BLADE)
)
->renderHook(
PanelsRenderHook::USER_MENU_BEFORE,
fn (): string => Blade::render(<<<'BLADE'
@php
$locale = app()->getLocale();
$langs = ['ro' => 'RO', 'ru' => 'RU', 'en' => 'EN'];
$csrf = csrf_token();
@endphp
<div class="al-locale" x-data="{ open: false }">
<button type="button" class="al-locale-btn" @click="open = !open" @click.away="open = false">
🌐 {{ $langs[$locale] ?? 'RO' }}
<span class="al-locale-caret"></span>
</button>
<div x-show="open" x-cloak class="al-locale-menu">
@foreach ($langs as $code => $label)
<form method="POST" action="/locale/{{ $code }}">
<input type="hidden" name="_token" value="{{ $csrf }}">
<button type="submit" class="al-locale-item {{ $locale === $code ? 'active' : '' }}">
{{ $label }}
<span style="opacity:.7;font-size:11px;">
@switch($code)
@case('ro') Română @break
@case('ru') Русский @break
@case('en') English @break
@endswitch
</span>
</button>
</form>
@endforeach
</div>
</div>
<style>
.al-locale { position: relative; margin-right: 8px; }
.al-locale-btn {
background: transparent; border: 1px solid rgba(0,0,0,.08);
border-radius: 8px; padding: 6px 10px; font-size: 12px;
cursor: pointer; color: inherit; display: flex; align-items: center; gap: 4px;
}
.dark .al-locale-btn { border-color: rgba(255,255,255,.1); }
.al-locale-btn:hover { background: rgba(0,0,0,.04); }
.dark .al-locale-btn:hover { background: rgba(255,255,255,.04); }
.al-locale-caret { font-size: 10px; opacity: .6; }
.al-locale-menu {
position: absolute; top: 100%; right: 0; margin-top: 4px;
background: #fff; border: 1px solid #e5e7eb; border-radius: 8px;
box-shadow: 0 4px 12px rgba(0,0,0,.08);
min-width: 160px; z-index: 50; overflow: hidden;
}
.dark .al-locale-menu { background: #1f2937; border-color: #374151; }
.al-locale-menu form { margin: 0; }
.al-locale-item {
display: block; width: 100%; text-align: left;
background: transparent; border: none; padding: 8px 12px;
font-size: 13px; cursor: pointer; color: inherit;
}
.al-locale-item:hover { background: #f3f4f6; }
.dark .al-locale-item:hover { background: #374151; }
.al-locale-item.active { background: #eff6ff; color: #2563eb; font-weight: 600; }
.dark .al-locale-item.active { background: #1e3a8a; color: #93c5fd; }
</style>
BLADE)
)
->renderHook(
PanelsRenderHook::SIDEBAR_LOGO_BEFORE,
fn (): string => Blade::render(<<<'BLADE'
@php
$t = app(\App\Tenancy\TenantManager::class)->current();
$logo = $t?->getLogoUrl();
@endphp
@if ($logo)
<div style="padding: 12px 16px; display: flex; justify-content: center; border-bottom: 1px solid rgba(0,0,0,.06);">
<img src="{{ $logo }}" alt="logo" style="max-height: 56px; max-width: 100%;">
</div>
@endif
BLADE)
)
->renderHook(
PanelsRenderHook::BODY_END,
fn (): string => Blade::render(<<<'BLADE'
@php
$tenant = app(\App\Tenancy\TenantManager::class)->current();
$reverbKey = config('broadcasting.connections.reverb.key');
$reverbHost = config('broadcasting.connections.reverb.options.host');
$reverbPort = config('broadcasting.connections.reverb.options.port');
$reverbScheme = config('broadcasting.connections.reverb.options.scheme', 'https');
$broadcastEnabled = config('broadcasting.default') === 'reverb' && $reverbKey && $reverbHost;
@endphp
<script>
if ('serviceWorker' in navigator) {
window.addEventListener('load', () => {
navigator.serviceWorker.register('/sw.js').catch(() => {});
});
}
</script>
@if ($broadcastEnabled && $tenant)
<script src="https://js.pusher.com/8.4/pusher.min.js"></script>
<script>
(function() {
if (typeof Pusher === 'undefined') return;
Pusher.logToConsole = false;
window.AutoCRMEcho = new Pusher('{{ $reverbKey }}', {
wsHost: '{{ $reverbHost }}',
wsPort: {{ $reverbPort ?: ($reverbScheme === 'https' ? 443 : 80) }},
wssPort: {{ $reverbPort ?: 443 }},
forceTLS: {{ $reverbScheme === 'https' ? 'true' : 'false' }},
enabledTransports: ['ws', 'wss'],
cluster: 'mt1',
authEndpoint: '/broadcasting/auth',
auth: {
headers: {
'X-CSRF-TOKEN': document.querySelector('meta[name="csrf-token"]')?.content || ''
}
}
});
const ch = window.AutoCRMEcho.subscribe('private-tenant.{{ $tenant->slug }}');
ch.bind('work-order.updated', function(payload) {
window.dispatchEvent(new CustomEvent('autocrm:wo-updated', { detail: payload }));
// If we're on the kanban or a WO list page, refresh the Livewire component.
if (typeof Livewire !== 'undefined') {
Livewire.all().forEach(c => c.$refresh && c.$refresh());
}
});
})();
</script>
@endif
BLADE)
);
}
}