From f32d4c55c57224e69d0bf1f734009265c381a46f Mon Sep 17 00:00:00 2001
From: Djery-Tom <dietchidjery@gmail.com>
Date: Wed, 16 Feb 2022 15:03:56 +0100
Subject: [PATCH] Remove security on pdf-viewer endpoint

---
 app/Http/Controllers/HelperController.php | 22 ++++++++++++++++++++++
 routes/web.php                            |  4 +++-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/app/Http/Controllers/HelperController.php b/app/Http/Controllers/HelperController.php
index 1f026f4..9b125f6 100644
--- a/app/Http/Controllers/HelperController.php
+++ b/app/Http/Controllers/HelperController.php
@@ -6,6 +6,28 @@ use Illuminate\Http\Request;
 
 class HelperController extends Controller
 {
+    /**
+     * @OA\Get(
+     *   path="/pdf-viewer",
+     *   summary="Afficher le PDF de la facture dans une web view",
+     *   tags={"Factures"},
+     *    @OA\Parameter(
+     *      parameter="url",
+     *      name="url",
+     *      description="URL du fichier",
+     *      in="query",
+     *      required=true,
+     *      @OA\Schema(
+     *           type="string",
+     *           default="http://localhost:8086/invoices-docs/31122021_28012022_aon8K9BZOn_1643395930.pdf"
+     *      )
+     *    ),
+     *    @OA\Response(
+     *      response=200,
+     *      description="OK"
+     *    )
+     * )
+     */
     public function pdfView(Request $request)
     {
         $this->validate($request, [
diff --git a/routes/web.php b/routes/web.php
index d2e4dbd..b8730e6 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -12,6 +12,9 @@
 | and give it the Closure to call when that URI is requested.
 |
 */
+
+$router->get('pdf-viewer', 'HelperController@pdfView');
+
 $router->group(['prefix' => '', 'middleware' => 'auth'], function () use ($router) {
     // Insurances routes
     $router->group(['prefix' => '/insurances'], function () use ($router) {
@@ -55,7 +58,6 @@ $router->group(['prefix' => '', 'middleware' => 'auth'], function () use ($route
 
     $router->get('invoices', 'InvoiceController@getInvoices');
     $router->get('generate-invoice', 'InvoiceController@generateInvoice');
-    $router->get('pdf-viewer', 'HelperController@pdfView');
 
     $router->get('authorizations-care-requests', 'AuthorizationCareRequestController@getAll');
     $router->post('authorizations-care-requests', 'AuthorizationCareRequestController@store');