From f399eb8d473204f2b25a68b66014e722673f31b4 Mon Sep 17 00:00:00 2001
From: Juan Pablo Vial <jpvialb@incoviba.cl>
Date: Thu, 29 May 2025 19:43:06 -0400
Subject: [PATCH] Validate with service

---
 app/setup/settings/urls.php               | 2 +-
 app/src/Middleware/API.php                | 4 ++++
 app/src/Service/Venta/MediosPago/Toku.php | 7 +++++++
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/app/setup/settings/urls.php b/app/setup/settings/urls.php
index 6446900..31a8912 100644
--- a/app/setup/settings/urls.php
+++ b/app/setup/settings/urls.php
@@ -30,7 +30,7 @@ return [
     'externalPaths' => [
         '/api/external' => [
             '/toku/success' => [
-                'header' => 'x-api-key',
+                'validator' => Incoviba\Service\Venta\MediosPago\Toku::class,
                 'token' => $_ENV['TOKU_TOKEN']
             ]
         ],
diff --git a/app/src/Middleware/API.php b/app/src/Middleware/API.php
index 1b05692..5c66679 100644
--- a/app/src/Middleware/API.php
+++ b/app/src/Middleware/API.php
@@ -86,6 +86,10 @@ class API
     protected function validateExternalKey(ServerRequestInterface $request, $basePath, $subPath): bool
     {
         $data = $this->externalPaths[$basePath][$subPath];
+        if (isset($data['validator'])) {
+            $method = [$data['validator'], 'validateToken'];
+            return $method($request, $data['token']);
+        }
         if (isset($data['header']) and $request->hasHeader($data['header'])) {
             $token = $request->getHeaderLine($data['header']);
             if ($token === $this->externalPaths[$basePath][$subPath]['token']) {
diff --git a/app/src/Service/Venta/MediosPago/Toku.php b/app/src/Service/Venta/MediosPago/Toku.php
index 67f243d..6b58df3 100644
--- a/app/src/Service/Venta/MediosPago/Toku.php
+++ b/app/src/Service/Venta/MediosPago/Toku.php
@@ -2,6 +2,7 @@
 namespace Incoviba\Service\Venta\MediosPago;
 
 use InvalidArgumentException;
+use Psr\Http\Message\ServerRequestInterface;
 use Incoviba\Service\Venta\MediosPago\Toku\{Customer,Subscription,Invoice};
 use Incoviba\Common\Ideal;
 use Incoviba\Common\Implement\Exception\EmptyResponse;
@@ -393,4 +394,10 @@ class Toku extends Ideal\Service
         $data['date'] = $data['transaction_date'];
         return $data;
     }
+
+    public static function validateToken(ServerRequestInterface $request, string $token): bool
+    {
+        $tokenHeader = json_decode($request->getHeaderLine('token'));
+        return strtolower($tokenHeader->header) === 'x-api-key' and $tokenHeader->token === $token;
+    }
 }