AdminGit2026/nis2-agile
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c37423f900
nis2-agile/simulate-nis2-b2b.php
DevEnv nis2-agile 90ac82156b [FIX] simulate-nis2-b2b: POST /invites → /invites/create (router mapping) 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 15:55:23 +01:00

424 lines
20 KiB
PHP
Raw Blame History

<?php
/**
* NIS2 Agile — Simulazione Flusso B2B Licenze
*
* Testa il ciclo completo: Mktg crea invito → Cliente registrazione ridotta
* → Provision org → Login → Accesso dashboard + API Key.
*
* 6 Scenari:
* SIM-B1: Mktg login + creazione invito B2B con dati destinatario
* SIM-B2: Validazione invito pubblico → verifica dati pre-compilazione
* SIM-B3: Registrazione ridotta cliente (solo password, dati da invito)
* SIM-B4: Provision organizzazione post-register → org + API Key
* SIM-B5: Login cliente → verifica org caricata + membership
* SIM-B6: API Key da provision → dashboard overview + compliance-summary
*
* CLI: php simulate-nis2-b2b.php [--reset]
* Web: public/simulate-b2b.html
*/
declare(strict_types=1);
define('SIM_B2B_VERSION', '1.0.0');
define('MKTG_EMAIL', 'sim-b2b-mktg@nis2agile.it');
define('MKTG_PWD', 'SimB2B2026!');
define('MKTG_NAME', 'Sim B2B Mktg');
define('CLIENTE_EMAIL', 'laura.bianchi@techstart.b2b.demo');
define('CLIENTE_PWD', 'TechStartB2B2026!');
define('CLIENTE_NOME', 'Laura');
define('CLIENTE_COGNOME', 'Bianchi');
define('CLIENTE_FULLNAME','Laura Bianchi');
define('CLIENTE_COMPANY', 'TechStart S.r.l.');
define('CLIENTE_PIVA', '03456789012');
define('CLIENTE_SECTOR', 'ict');
$_sseMode = (bool)getenv('NIS2_SSE');
define('IS_CLI', php_sapi_name() === 'cli' && !$_sseMode);
define('IS_WEB', !IS_CLI);
if (IS_CLI || $_sseMode) {
define('API_BASE', getenv('NIS2_API_BASE') ?: 'https://nis2.agile.software/api');
} else {
$proto = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
$host = $_SERVER['HTTP_HOST'] ?? 'localhost';
define('API_BASE', "{$proto}://{$host}/api");
}
if (IS_WEB) {
header('Content-Type: text/event-stream');
header('Cache-Control: no-cache');
header('X-Accel-Buffering: no');
ob_implicit_flush(true);
while (ob_get_level()) ob_end_flush();
}
$S = [
'mktg_jwt' => null,
'invite_token'=> null,
'invite_id' => null,
'cliente_jwt' => null,
'org_id' => null,
'api_key' => null,
'stats' => ['pass' => 0, 'skip' => 0, 'fail' => 0, 'warn' => 0],
'sim_start' => microtime(true),
];
// ── Output helpers ──────────────────────────────────────────────────────────
function simLog(string $msg, string $type = 'info'): void
{
static $lastHb = 0;
$ts = date('H:i:s');
if (IS_CLI) {
$p = ['phase'=>"\033[34m══\033[0m",'ok'=>"\033[32m ✓\033[0m",'skip'=>"\033[90m →\033[0m",
'warn'=>"\033[33m ⚠\033[0m",'error'=>"\033[31m ✗\033[0m",'info'=>' '][$type] ?? ' ';
echo "[$ts] {$p} {$msg}\n"; flush();
} else {
$now = time();
if ($now - $lastHb >= 25) { echo ": heartbeat $ts\n\n"; $lastHb = $now; }
echo 'data: ' . json_encode(['t' => $type, 'm' => "[$ts] $msg"]) . "\n\n"; flush();
}
}
function simDone(array $stats): void
{
$e = round(microtime(true) - $GLOBALS['S']['sim_start'], 1);
$msg = "B2B completata in {$e}s — ✓{$stats['pass']}{$stats['skip']}{$stats['warn']}{$stats['fail']}";
simLog($msg, IS_CLI ? 'phase' : 'info');
if (IS_WEB) { echo 'data: ' . json_encode(['t' => 'done', 'stats' => $stats]) . "\n\n"; flush(); }
}
function simPhase(int $n, string $title): void
{
if (IS_CLI) {
$line = str_pad("SIM-B{$n}: {$title}", 60);
echo "\n\033[34m╔════════════════════════════════════════════════════════════╗\033[0m\n";
echo "\033[34m║ {$line}\033[0m\n";
echo "\033[34m╚════════════════════════════════════════════════════════════╝\033[0m\n";
} else { simLog("━━ SIM-B{$n}: {$title}", 'phase'); }
}
function ok(string $m): void { global $S; $S['stats']['pass']++; simLog($m, 'ok'); }
function skip(string $m): void { global $S; $S['stats']['skip']++; simLog($m, 'skip'); }
function fail(string $m): void { global $S; $S['stats']['fail']++; simLog($m, 'error'); }
function warn(string $m): void { global $S; $S['stats']['warn']++; simLog($m, 'warn'); }
function info(string $m): void { simLog($m, 'info'); }
// ── API client ──────────────────────────────────────────────────────────────
function api(string $method, string $path, ?array $body = null,
?string $jwt = null, ?int $orgId = null, ?string $apiKey = null): array
{
$ch = curl_init(API_BASE . $path);
$h = ['Content-Type: application/json', 'Accept: application/json'];
if ($jwt) $h[] = 'Authorization: Bearer ' . $jwt;
if ($orgId) $h[] = 'X-Organization-Id: ' . $orgId;
if ($apiKey) $h[] = 'X-Api-Key: ' . $apiKey;
curl_setopt_array($ch, [CURLOPT_RETURNTRANSFER=>true, CURLOPT_TIMEOUT=>30,
CURLOPT_HTTPHEADER=>$h, CURLOPT_CUSTOMREQUEST=>strtoupper($method),
CURLOPT_SSL_VERIFYPEER=>false, CURLOPT_SSL_VERIFYHOST=>0]);
if ($body !== null) curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($body, JSON_UNESCAPED_UNICODE));
$raw = curl_exec($ch);
$code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($raw === false) return ['success'=>false,'error'=>'cURL fallito','_http'=>0];
$res = json_decode($raw, true) ?? ['success'=>false,'error'=>'JSON invalido','_raw'=>substr($raw,0,200)];
$res['_http'] = $code;
return $res;
}
function apiOk(array $res, string $ctx = ''): bool
{
if (!empty($res['success'])) return true;
warn('API Error' . ($ctx ? " [$ctx]" : '') . ': ' . ($res['error'] ?? $res['message'] ?? 'errore') . " (HTTP {$res['_http']})");
return false;
}
// ── DB helpers ──────────────────────────────────────────────────────────────
function dbConnect(): ?PDO
{
$envFile = __DIR__ . '/.env';
if (!is_file($envFile)) return null;
$env = [];
foreach (file($envFile, FILE_IGNORE_NEW_LINES|FILE_SKIP_EMPTY_LINES) as $line) {
if (str_starts_with(trim($line), '#') || !str_contains($line, '=')) continue;
[$k, $v] = explode('=', $line, 2);
$env[trim($k)] = trim($v);
}
try {
return new PDO(
sprintf('mysql:host=%s;port=%s;dbname=%s;charset=utf8mb4',
$env['DB_HOST']??'localhost', $env['DB_PORT']??'3306', $env['DB_NAME']??'nis2_agile_db'),
$env['DB_USER']??'', $env['DB_PASS']??'',
[PDO::ATTR_ERRMODE=>PDO::ERRMODE_EXCEPTION]
);
} catch (Throwable) { return null; }
}
function dbSeedMktgUser(): bool
{
$pdo = dbConnect();
if (!$pdo) return false;
$hash = password_hash(MKTG_PWD, PASSWORD_DEFAULT);
$pdo->prepare('INSERT INTO users (email,password_hash,full_name,role,is_active) VALUES (?,?,?,\'super_admin\',1)
ON DUPLICATE KEY UPDATE password_hash=VALUES(password_hash),role=\'super_admin\',is_active=1')
->execute([MKTG_EMAIL, $hash, MKTG_NAME]);
return true;
}
function dbResetB2B(): void
{
$pdo = dbConnect();
if (!$pdo) { warn('Reset B2B non disponibile (DB non accessibile)'); return; }
$pdo->prepare("DELETE FROM users WHERE email LIKE '%.b2b.demo%' OR email = ?")->execute([MKTG_EMAIL]);
$pdo->exec("DELETE FROM organizations WHERE vat_number = '" . CLIENTE_PIVA . "' OR provisioned_by = 'sim-b2b'");
$pdo->exec("DELETE FROM invites WHERE channel = 'sim-b2b'");
info('Reset B2B completato');
}
// ── Reset ────────────────────────────────────────────────────────────────────
$args = IS_CLI ? array_slice($argv ?? [], 1) : [];
if (in_array('--reset', $args, true) || (IS_WEB && ($_GET['reset'] ?? '') === '1')) {
simPhase(0, 'Reset dati B2B demo');
dbResetB2B();
simDone($S['stats']); exit;
}
// ══════════════════════════════════════════════════════════════════════════════
// SIMULAZIONE
// ══════════════════════════════════════════════════════════════════════════════
simLog('NIS2 Agile B2B Simulator v' . SIM_B2B_VERSION . ' — ' . API_BASE, 'phase');
// ── SIM-B1: Mktg crea invito ─────────────────────────────────────────────────
simPhase(1, 'Mktg crea invito B2B con dati destinatario');
dbSeedMktgUser()
? ok('Operatore mktg seeded: ' . MKTG_EMAIL)
: warn('DB non accessibile — mktg user deve già esistere');
info('Login operatore mktg...');
$res = api('POST', '/auth/login', ['email' => MKTG_EMAIL, 'password' => MKTG_PWD]);
if (!apiOk($res, 'mktg-login')) { fail('Login mktg fallito'); simDone($S['stats']); exit(1); }
$S['mktg_jwt'] = $res['data']['access_token'];
ok('Login mktg OK (user_id: ' . ($res['data']['user']['id'] ?? '?') . ')');
// Cleanup inviti precedenti
$listRes = api('GET', '/invites?channel=sim-b2b&status=pending', null, $S['mktg_jwt']);
if (!empty($listRes['data']['invites'])) {
foreach ($listRes['data']['invites'] as $old) api('DELETE', '/invites/' . $old['id'], null, $S['mktg_jwt']);
info(' Rimossi ' . count($listRes['data']['invites']) . ' inviti pending precedenti');
}
info('Creazione invito B2B piano Professional 12 mesi...');
$res = api('POST', '/invites/create', [
'plan' => 'professional', 'duration_months' => 12, 'invite_expires_days' => 30,
'max_uses' => 1, 'label' => 'TechStart - Sim B2B', 'channel' => 'sim-b2b',
'notes' => 'Invito simulazione B2B — auto-generato',
'recipient_first_name' => CLIENTE_NOME, 'recipient_last_name' => CLIENTE_COGNOME,
'recipient_email' => CLIENTE_EMAIL, 'recipient_company' => CLIENTE_COMPANY,
'recipient_vat' => CLIENTE_PIVA,
], $S['mktg_jwt']);
if (!apiOk($res, 'create-invite')) { fail('Creazione invito fallita'); simDone($S['stats']); exit(1); }
$invite = $res['data']['invites'][0] ?? null;
if (!$invite || empty($invite['token'])) { fail('Token invito mancante'); simDone($S['stats']); exit(1); }
$S['invite_token'] = $invite['token'];
$S['invite_id'] = $invite['id'];
ok('Invito creato: ' . $invite['token_prefix'] . '... (id=' . $invite['id'] . ')');
info(' Piano: ' . $invite['plan'] . ' · Durata: ' . $invite['duration_months'] . ' mesi');
info(' Destinatario: ' . CLIENTE_FULLNAME . ' <' . CLIENTE_EMAIL . '> · P.IVA: ' . CLIENTE_PIVA);
info(' invite_url: ' . ($invite['invite_url'] ?? 'n/a'));
// ── SIM-B2: Valida invito (pubblico, nessuna auth) ───────────────────────────
simPhase(2, 'Validazione invito pubblico (nessuna auth)');
info('POST /auth/validate-invite...');
$res = api('POST', '/auth/validate-invite', ['invite_token' => $S['invite_token']]);
if (!apiOk($res, 'validate-invite')) { fail('Validazione invito fallita'); simDone($S['stats']); exit(1); }
ok('Invito valido (HTTP ' . $res['_http'] . ')');
$vd = $res['data'];
info(' Piano: ' . ($vd['plan'] ?? '?') . ' · Durata: ' . ($vd['duration_months'] ?? '?') . ' mesi');
$recipient = $vd['recipient'] ?? null;
if ($recipient) {
ok('Dati recipient presenti → form verrà pre-compilato');
info(' Nome: ' . ($recipient['first_name'] ?? '?') . ' ' . ($recipient['last_name'] ?? '?'));
info(' Email: ' . ($recipient['email'] ?? '?') . ' · P.IVA: ' . ($recipient['vat'] ?? '?'));
if (!empty($recipient['first_name']) && !empty($recipient['last_name']) && !empty($recipient['email'])) {
ok('Dati sufficienti per registrazione ridotta (solo password richiesta al cliente)');
} else {
warn('Dati incompleti — form completo sarà mostrato');
}
} else {
warn('Nessun dato recipient nell\'invito — form completo mostrato');
}
// Verifica via GET endpoint alternativo
$res2 = api('GET', '/invites/validate?token=' . urlencode($S['invite_token']));
!empty($res2['success'])
? ok('GET /invites/validate OK (HTTP ' . $res2['_http'] . ')')
: warn('GET /invites/validate: ' . ($res2['error'] ?? 'n/a') . ' (HTTP ' . $res2['_http'] . ')');
// ── SIM-B3: Registrazione ridotta (solo password) ────────────────────────────
simPhase(3, 'Registrazione ridotta cliente (dati da invito, solo password)');
$pdo = dbConnect();
if ($pdo) {
$pdo->prepare('DELETE FROM users WHERE email = ?')->execute([CLIENTE_EMAIL]);
info('Utente cliente precedente rimosso');
}
info('POST /auth/register con invite_token + solo password...');
$res = api('POST', '/auth/register', [
'email' => CLIENTE_EMAIL,
'password' => CLIENTE_PWD,
'full_name' => CLIENTE_FULLNAME,
'role' => 'org_admin',
'invite_token' => $S['invite_token'],
'vat_number' => CLIENTE_PIVA,
]);
if (!apiOk($res, 'register')) { fail('Registrazione cliente fallita'); simDone($S['stats']); exit(1); }
$S['cliente_jwt'] = $res['data']['access_token'] ?? null;
ok('Registrazione ridotta OK (HTTP ' . $res['_http'] . ')');
info(' user_id: ' . ($res['data']['user']['id'] ?? '?') . ' · role: ' . ($res['data']['user']['role'] ?? '?'));
// Verifica: nessuna org pre-provision
$meRes = api('GET', '/auth/me', null, $S['cliente_jwt']);
if (!empty($meRes['success'])) {
$orgs = $meRes['data']['organizations'] ?? [];
count($orgs) === 0
? ok('Pre-provision: nessuna org → accede a dashboard solo dopo provision')
: warn('Attenzione: org già presente prima del provision: ' . count($orgs));
}
// ── SIM-B4: Provision org post-register ─────────────────────────────────────
simPhase(4, 'Provision organizzazione post-register (invite_token)');
info('POST /services/provision con invite_token...');
$provBody = [
'invite_token' => $S['invite_token'],
'company' => [
'ragione_sociale' => CLIENTE_COMPANY,
'partita_iva' => CLIENTE_PIVA,
'forma_giuridica' => 'S.r.l.',
'sector' => CLIENTE_SECTOR,
'nis2_entity_type' => 'important',
'numero_dipendenti' => 35,
'fatturato_annuo' => 2500000,
'sede_legale' => 'Via Torino 42, 10100 Torino TO',
],
'admin' => [
'email' => CLIENTE_EMAIL,
'full_name'=> CLIENTE_FULLNAME,
'phone' => '+39 011 1234567',
'title' => 'CEO',
],
'caller' => ['system' => 'sim-b2b'],
];
$res = api('POST', '/services/provision', $provBody);
if (!apiOk($res, 'provision')) { fail('Provision fallita'); simDone($S['stats']); exit(1); }
$prov = $res['data'];
$S['org_id'] = $prov['org_id'] ?? null;
$S['api_key'] = $prov['api_key'] ?? null;
ok('Provision OK (HTTP ' . $res['_http'] . ')');
info(' org_id: ' . $S['org_id']);
info(' org_name: ' . ($prov['org_name'] ?? '?'));
info(' entity_type: ' . ($prov['entity_type'] ?? '?'));
info(' api_key: ' . substr($S['api_key'] ?? '', 0, 24) . '...');
info(' api_key_scopes: ' . implode(', ', $prov['api_key_scopes'] ?? []));
info(' license_expires: ' . ($prov['license_expires_at'] ?? '?'));
info(' invito marcato: ' . ($prov['invite_id'] ?? '?'));
// Idempotenza
$res2 = api('POST', '/services/provision', $provBody);
(!empty($res2['success']) && ($res2['data']['org_id'] ?? null) === $S['org_id'])
? ok('Idempotenza OK — stessa org_id: ' . $S['org_id'])
: warn('Idempotenza: risposta inattesa (HTTP ' . $res2['_http'] . ')');
// ── SIM-B5: Login → verifica org + accesso dashboard ────────────────────────
simPhase(5, 'Login cliente → verifica org attiva e accesso dashboard');
$res = api('POST', '/auth/login', ['email' => CLIENTE_EMAIL, 'password' => CLIENTE_PWD]);
if (!apiOk($res, 'cliente-login')) { fail('Login cliente fallito'); simDone($S['stats']); exit(1); }
$S['cliente_jwt'] = $res['data']['access_token'];
ok('Login cliente OK');
$loginOrgs = $res['data']['organizations'] ?? [];
if (count($loginOrgs) > 0) {
ok('Organizzazioni nel login: ' . count($loginOrgs));
foreach ($loginOrgs as $org) {
info(sprintf(' org_id=%s nome="%s" ruolo=%s settore=%s',
$org['organization_id'] ?? '?', $org['name'] ?? '?',
$org['role'] ?? '?', $org['sector'] ?? '?'));
}
} else {
fail('Nessuna org nel login — provision non collegato');
}
$meRes = api('GET', '/auth/me', null, $S['cliente_jwt']);
if (!empty($meRes['success'])) {
ok('GET /auth/me OK — ' . count($meRes['data']['organizations'] ?? []) . ' org(s)');
info(' must_change_password: ' . (($meRes['data']['must_change_password'] ?? false) ? 'SI' : 'NO (password propria)'));
}
$dash = api('GET', '/dashboard/overview', null, $S['cliente_jwt'], $S['org_id']);
!empty($dash['success'])
? ok('Dashboard overview OK (score: ' . ($dash['data']['compliance_score'] ?? 0) . '%)')
: warn('Dashboard: ' . ($dash['error'] ?? $dash['message'] ?? 'n/a') . ' (HTTP ' . $dash['_http'] . ')');
// ── SIM-B6: API Key M2M ──────────────────────────────────────────────────────
simPhase(6, 'API Key da provision → accesso M2M (compliance-summary, risks-feed)');
if (!$S['api_key']) {
skip('API Key non disponibile — SIM-B6 saltato');
} else {
info('Accesso M2M con API Key: ' . substr($S['api_key'], 0, 24) . '...');
$r = api('GET', '/services/compliance-summary', null, null, $S['org_id'], $S['api_key']);
!empty($r['success'])
? ok('GET /services/compliance-summary OK — score: ' . ($r['data']['overall_score'] ?? 0) . '%')
: warn('compliance-summary: ' . ($r['error'] ?? 'n/a') . ' (HTTP ' . $r['_http'] . ')');
$r = api('GET', '/services/risks-feed', null, null, $S['org_id'], $S['api_key']);
!empty($r['success'])
? ok('GET /services/risks-feed OK — rischi: ' . count($r['data']['risks'] ?? []))
: warn('risks-feed: ' . ($r['error'] ?? 'n/a') . ' (HTTP ' . $r['_http'] . ')');
$r = api('GET', '/services/status', null, null, $S['org_id'], $S['api_key']);
if (!empty($r['success'])) {
ok('GET /services/status OK — API Key attiva e valida');
info(' org: ' . ($r['data']['organization']['name'] ?? '?'));
info(' scopes: ' . implode(', ', $r['data']['api_key']['scopes'] ?? []));
info(' expires: ' . ($r['data']['api_key']['expires_at'] ?? '?'));
} else {
warn('services/status: ' . ($r['error'] ?? 'n/a') . ' (HTTP ' . $r['_http'] . ')');
}
ok('Flusso M2M completo — sistema partner può sincronizzare via API Key');
}
// ── Riepilogo ────────────────────────────────────────────────────────────────
simLog('', 'info');
simLog('══ RIEPILOGO FLUSSO B2B ═══════════════════════════════════', 'phase');
simLog('Mktg: ' . MKTG_EMAIL, 'info');
simLog('Invito: ' . substr($S['invite_token'] ?? 'n/a', 0, 20) . '...', 'info');
simLog('Cliente: ' . CLIENTE_EMAIL, 'info');
simLog('Org: id=' . ($S['org_id'] ?? 'n/a') . ' — ' . CLIENTE_COMPANY, 'info');
simLog('API Key: ' . substr($S['api_key'] ?? 'n/a', 0, 24) . '...', 'info');
simLog('', 'info');
$st = $S['stats'];
simLog("Risultato: ✓{$st['pass']} pass →{$st['skip']} skip ⚠{$st['warn']} warn ✗{$st['fail']} fail", 'phase');
simDone($S['stats']);
Reference in New Issue View Git Blame Copy Permalink