From ec7d8e69abaae91993f8e73e1b4ef898bcbe7189 Mon Sep 17 00:00:00 2001
From: Aldarien <aldarien85@gmail.com>
Date: Sat, 25 Nov 2023 00:55:31 -0300
Subject: [PATCH] FIX: Remove login for API

---
 app/resources/routes/01_api.php               |  2 +-
 app/resources/routes/02_inmobiliarias.php     |  2 +-
 app/resources/routes/03_proyectos.php         |  4 +-
 app/resources/routes/04_ventas.php            |  6 +--
 app/resources/routes/97_search.php            |  2 +-
 app/resources/routes/98_login.php             |  4 +-
 app/resources/routes/99_base.php              |  2 +-
 app/resources/views/home.blade.php            |  4 +-
 app/resources/views/home/alertas.blade.php    |  8 ++--
 .../views/home/cierres_vigentes.blade.php     |  2 +-
 .../views/home/cuotas_por_vencer.blade.php    |  2 +-
 .../views/layout/body/scripts.blade.php       | 12 ++++++
 app/resources/views/proyectos/list.blade.php  |  6 +--
 app/resources/views/proyectos/show.blade.php  | 12 +++---
 .../views/proyectos/unidades.blade.php        |  2 +-
 app/resources/views/search.blade.php          |  6 +--
 app/resources/views/ventas/add.blade.php      |  8 ++--
 .../views/ventas/cierres/list.blade.php       |  4 +-
 .../views/ventas/cuotas/abonar.blade.php      |  4 +-
 .../views/ventas/cuotas/pendientes.blade.php  |  2 +-
 app/resources/views/ventas/edit.blade.php     |  2 +-
 .../views/ventas/facturacion.blade.php        |  8 ++--
 app/resources/views/ventas/list.blade.php     |  4 +-
 .../views/ventas/pagos/pendientes.blade.php   |  6 +--
 .../views/ventas/precios/list.blade.php       |  6 +--
 .../views/ventas/propietarios/edit.blade.php  |  6 +--
 .../views/ventas/show/comentarios.blade.php   |  2 +-
 .../views/ventas/show/forma_pago.blade.php    |  4 +-
 app/setup/middlewares/01_auth.php             |  2 +-
 app/setup/setups/middlewares.php              |  9 +++--
 app/setup/setups/views.php                    |  1 +
 app/src/Controller/API/Money.php              | 14 +++----
 .../Exception/MissingAuthorizationHeader.php  | 13 ++++++
 app/src/Middleware/API.php                    | 40 +++++++++++++++++++
 34 files changed, 140 insertions(+), 71 deletions(-)
 create mode 100644 app/src/Exception/MissingAuthorizationHeader.php
 create mode 100644 app/src/Middleware/API.php

diff --git a/app/resources/routes/01_api.php b/app/resources/routes/01_api.php
index a8f19fa..73fb159 100644
--- a/app/resources/routes/01_api.php
+++ b/app/resources/routes/01_api.php
@@ -10,4 +10,4 @@ $app->group('/api', function($app) {
             include_once $file->getRealPath();
         }
     }
-});
+})->add($app->getContainer()->get(Incoviba\Middleware\API::class));
diff --git a/app/resources/routes/02_inmobiliarias.php b/app/resources/routes/02_inmobiliarias.php
index fd29f8d..8991df7 100644
--- a/app/resources/routes/02_inmobiliarias.php
+++ b/app/resources/routes/02_inmobiliarias.php
@@ -3,4 +3,4 @@ use Incoviba\Controller\Inmobiliarias;
 
 $app->group('/inmobiliarias', function($app) {
     $app->get('[/]', Inmobiliarias::class);
-});
+})->add($app->getContainer()->get(Incoviba\Middleware\Authentication::class));
diff --git a/app/resources/routes/03_proyectos.php b/app/resources/routes/03_proyectos.php
index 7c734ea..332e7e7 100644
--- a/app/resources/routes/03_proyectos.php
+++ b/app/resources/routes/03_proyectos.php
@@ -4,7 +4,7 @@ use Incoviba\Controller\Proyectos;
 $app->group('/proyectos', function($app) {
     $app->get('/unidades[/]', [Proyectos::class, 'unidades']);
     $app->get('[/]', Proyectos::class);
-});
+})->add($app->getContainer()->get(Incoviba\Middleware\Authentication::class));
 $app->group('/proyecto/{proyecto_id}', function($app) {
     $app->get('[/]', [Proyectos::class, 'show']);
-});
+})->add($app->getContainer()->get(Incoviba\Middleware\Authentication::class));
diff --git a/app/resources/routes/04_ventas.php b/app/resources/routes/04_ventas.php
index 4d41b9f..8e02291 100644
--- a/app/resources/routes/04_ventas.php
+++ b/app/resources/routes/04_ventas.php
@@ -11,10 +11,10 @@ $app->group('/ventas', function($app) {
     }
     $app->get('/add[/]', [Ventas::class, 'add']);
     $app->get('[/]', Ventas::class);
-});
+})->add($app->getContainer()->get(Incoviba\Middleware\Authentication::class));
 $app->group('/venta/{proyecto_nombre:[A-za-zÑñ\+\ %0-9]+}/{unidad_descripcion:[0-9]+}', function($app) {
     $app->get('[/]', [Ventas::class, 'showUnidad']);
-});
+})->add($app->getContainer()->get(Incoviba\Middleware\Authentication::class));
 $app->group('/venta/{venta_id:[0-9]+}', function($app) {
     $app->group('/propietario', function($app) {
         $app->get('[/]', [Ventas::class, 'propietario']);
@@ -29,4 +29,4 @@ $app->group('/venta/{venta_id:[0-9]+}', function($app) {
     });
     $app->get('/edit[/]', [Ventas::class, 'edit']);
     $app->get('[/]', [Ventas::class, 'show']);
-});
+})->add($app->getContainer()->get(Incoviba\Middleware\Authentication::class));
diff --git a/app/resources/routes/97_search.php b/app/resources/routes/97_search.php
index c76b639..79cd977 100644
--- a/app/resources/routes/97_search.php
+++ b/app/resources/routes/97_search.php
@@ -4,4 +4,4 @@ use Incoviba\Controller\Search;
 $app->group('/search', function($app) {
     $app->get('[/{query}[/{tipo}[/]]]', Search::class);
     $app->post('[/]', Search::class);
-});
+})->add($app->getContainer()->get(Incoviba\Middleware\Authentication::class));
diff --git a/app/resources/routes/98_login.php b/app/resources/routes/98_login.php
index 4521062..0623659 100644
--- a/app/resources/routes/98_login.php
+++ b/app/resources/routes/98_login.php
@@ -4,5 +4,5 @@ use Incoviba\Controller\Login;
 $app->group('/login', function($app) {
     $app->post('[/]', [Login::class, 'login']);
     $app->get('[/]', [Login::class, 'form']);
-});
-$app->get('/logout', [Login::class, 'logout']);
+})->add($app->getContainer()->get(Incoviba\Middleware\Authentication::class));
+$app->get('/logout', [Login::class, 'logout'])->add($app->getContainer()->get(Incoviba\Middleware\Authentication::class));
diff --git a/app/resources/routes/99_base.php b/app/resources/routes/99_base.php
index 24b84c0..12e7eb1 100644
--- a/app/resources/routes/99_base.php
+++ b/app/resources/routes/99_base.php
@@ -2,4 +2,4 @@
 use Incoviba\Controller\Base;
 
 $app->get('/construccion', [Base::class, 'construccion'])->setName('construccion');
-$app->get('[/]', Base::class);
+$app->get('[/]', Base::class)->add($app->getContainer()->get(Incoviba\Middleware\Authentication::class));
diff --git a/app/resources/views/home.blade.php b/app/resources/views/home.blade.php
index 134a306..63180f0 100644
--- a/app/resources/views/home.blade.php
+++ b/app/resources/views/home.blade.php
@@ -28,7 +28,7 @@
                 return {
                     hoy: () => {
                         const span = $('#cuotas_hoy')
-                        return fetch('{{$urls->api}}/ventas/cuotas/hoy').then(response => {
+                        return fetchAPI('{{$urls->api}}/ventas/cuotas/hoy').then(response => {
                             span.html('')
                             if (response.ok) {
                                 return response.json()
@@ -48,7 +48,7 @@
                     },
                     pendiente: () => {
                         const span = $('#cuotas_pendientes')
-                        return fetch('{{$urls->api}}/ventas/cuotas/pendiente').then(response => {
+                        return fetchAPI('{{$urls->api}}/ventas/cuotas/pendiente').then(response => {
                             span.html('')
                             if (response.ok) {
                                 return response.json()
diff --git a/app/resources/views/home/alertas.blade.php b/app/resources/views/home/alertas.blade.php
index 454cd2b..a1f9378 100644
--- a/app/resources/views/home/alertas.blade.php
+++ b/app/resources/views/home/alertas.blade.php
@@ -13,7 +13,7 @@
                     proyectos: () => {
                         this.draw().loading()
                         const url = '{{$urls->api}}/proyectos/escriturando'
-                        return fetch(url).then(response => {
+                        return fetchAPI(url).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
@@ -38,7 +38,7 @@
                     },
                     unidades: proyecto_id => {
                         const url = '{{$urls->api}}/ventas/unidades/disponibles'
-                        return fetch(url, {method: 'post', headers: {'Content-Type': 'application/json'}, body: JSON.stringify({proyecto_id})}).then(response => {
+                        return fetchAPI(url, {method: 'post', headers: {'Content-Type': 'application/json'}, body: JSON.stringify({proyecto_id})}).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
@@ -49,7 +49,7 @@
                     },
                     promesas: proyecto_id => {
                         const url = '{{$urls->api}}/ventas/estados/firmar'
-                        return fetch(url, {method: 'post', headers: {'Content-Type': 'application/json'}, body: JSON.stringify({proyecto_id})}).then(response => {
+                        return fetchAPI(url, {method: 'post', headers: {'Content-Type': 'application/json'}, body: JSON.stringify({proyecto_id})}).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
@@ -60,7 +60,7 @@
                     },
                     escrituras: proyecto_id => {
                         const url = '{{$urls->api}}/ventas/escrituras/estados';
-                        return fetch(url, {method: 'post', headers: {'Content-Type': 'application/json'}, body: JSON.stringify({proyecto_id})}).then(response => {
+                        return fetchAPI(url, {method: 'post', headers: {'Content-Type': 'application/json'}, body: JSON.stringify({proyecto_id})}).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
diff --git a/app/resources/views/home/cierres_vigentes.blade.php b/app/resources/views/home/cierres_vigentes.blade.php
index 06f6443..0cf75f2 100644
--- a/app/resources/views/home/cierres_vigentes.blade.php
+++ b/app/resources/views/home/cierres_vigentes.blade.php
@@ -10,7 +10,7 @@
                 list.append(
                     $('<div><div>').addClass('ui inline active loader')
                 )
-                fetch('{{$urls->api}}/ventas/cierres/vigentes').then(response => {
+                fetchAPI('{{$urls->api}}/ventas/cierres/vigentes').then(response => {
                     list.html('')
                     if (response.ok) {
                         return response.json()
diff --git a/app/resources/views/home/cuotas_por_vencer.blade.php b/app/resources/views/home/cuotas_por_vencer.blade.php
index feb15c0..b8a01a0 100644
--- a/app/resources/views/home/cuotas_por_vencer.blade.php
+++ b/app/resources/views/home/cuotas_por_vencer.blade.php
@@ -10,7 +10,7 @@
                 list.append(
                     $('<div><div>').addClass('ui inline active loader')
                 )
-                return fetch('{{$urls->api}}/ventas/cuotas/vencer').then(response => {
+                return fetchAPI('{{$urls->api}}/ventas/cuotas/vencer').then(response => {
                     list.html('')
                     if (response.ok) {
                         return response.json()
diff --git a/app/resources/views/layout/body/scripts.blade.php b/app/resources/views/layout/body/scripts.blade.php
index a8010eb..b1925f4 100644
--- a/app/resources/views/layout/body/scripts.blade.php
+++ b/app/resources/views/layout/body/scripts.blade.php
@@ -2,6 +2,18 @@
 <script src="https://cdnjs.cloudflare.com/ajax/libs/fomantic-ui/2.9.2/semantic.min.js" integrity="sha512-5cguXwRllb+6bcc2pogwIeQmQPXEzn2ddsqAexIBhh7FO1z5Hkek1J9mrK2+rmZCTU6b6pERxI7acnp1MpAg4Q==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
 
 <script type="text/javascript">
+    function fetchAPI(url, options=null) {
+        if (options === null) {
+            options = {}
+        }
+        if (!Object.hasOwn(options, 'headers')) {
+            options['headers'] = {}
+        }
+        if (!Object.hasOwn(options['headers'], 'Authorization')) {
+            options['headers']['Authorization'] = 'Bearer {{md5($API_KEY)}}'
+        }
+        return fetch(url, options)
+    }
     const calendar_date_options = {
         type: 'date',
         firstDayOfWeek: 1,
diff --git a/app/resources/views/proyectos/list.blade.php b/app/resources/views/proyectos/list.blade.php
index 98fd8c2..c01ac85 100644
--- a/app/resources/views/proyectos/list.blade.php
+++ b/app/resources/views/proyectos/list.blade.php
@@ -51,7 +51,7 @@
             get() {
                 return {
                     start: () => {
-                        return fetch('{{$urls->api}}/proyecto/' + this.id + '/inicio').then(response => {
+                        return fetchAPI('{{$urls->api}}/proyecto/' + this.id + '/inicio').then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
@@ -60,7 +60,7 @@
                         })
                     },
                     current: () => {
-                        return fetch('{{$urls->api}}/proyecto/' + this.id + '/estado').then(response => {
+                        return fetchAPI('{{$urls->api}}/proyecto/' + this.id + '/estado').then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
@@ -69,7 +69,7 @@
                         })
                     },
                     recepcion: () => {
-                        return fetch('{{$urls->api}}/proyecto/' + this.id + '/recepcion').then(response => {
+                        return fetchAPI('{{$urls->api}}/proyecto/' + this.id + '/recepcion').then(response => {
                             if (response.ok) {
                                 if (response.status === 204) {
                                     return null
diff --git a/app/resources/views/proyectos/show.blade.php b/app/resources/views/proyectos/show.blade.php
index 88986fd..835b783 100644
--- a/app/resources/views/proyectos/show.blade.php
+++ b/app/resources/views/proyectos/show.blade.php
@@ -134,7 +134,7 @@
                 return {
                     superficies: () => {
                         const url = '{{$urls->api}}/proyecto/{{$proyecto->id}}/superficies/vendible'
-                        return fetch(url).then(response => {
+                        return fetchAPI(url).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
@@ -197,7 +197,7 @@
             data: {},
             get: function() {
                 const url = '{{$urls->api}}/proyecto/{{$proyecto->id}}/unidades'
-                return fetch(url).then(response => {
+                return fetchAPI(url).then(response => {
                     if (response.ok) {
                         return response.json()
                     }
@@ -273,7 +273,7 @@
                 return {
                     ventas: () => {
                         const url = '{{$urls->api}}/ventas'
-                        return fetch(url, {method: 'post', headers: {'Content-Type': 'application/json'},
+                        return fetchAPI(url, {method: 'post', headers: {'Content-Type': 'application/json'},
                             body: JSON.stringify({proyecto_id: '{{$proyecto->id}}'})}).then(response => {
                             if (response.ok) {
                                 return response.json()
@@ -294,7 +294,7 @@
                     },
                     stock: () => {
                         const url = '{{$urls->api}}/proyecto/{{$proyecto->id}}/unidades/disponibles'
-                        return fetch(url).then(response => {
+                        return fetchAPI(url).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
@@ -315,7 +315,7 @@
                     },
                     venta: venta_id => {
                         const url = '{{$urls->api}}/venta/' + venta_id
-                        return fetch(url).then(response => {
+                        return fetchAPI(url).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
@@ -325,7 +325,7 @@
                     },
                     precio: unidad_id => {
                         const url = '{{$urls->api}}/ventas/precio/unidad/' + unidad_id
-                        return fetch(url).then(response => {
+                        return fetchAPI(url).then(response => {
                             if (response.ok) {
                                 if (response.status === 204) {
                                     return null
diff --git a/app/resources/views/proyectos/unidades.blade.php b/app/resources/views/proyectos/unidades.blade.php
index 75cfd88..759ae75 100644
--- a/app/resources/views/proyectos/unidades.blade.php
+++ b/app/resources/views/proyectos/unidades.blade.php
@@ -203,7 +203,7 @@
                 return {
                     tipos: proyecto_id => {
                         const url = '{{$urls->api}}/proyecto/' + proyecto_id + '/unidades/tipos'
-                        return fetch(url).then(response => {
+                        return fetchAPI(url).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
diff --git a/app/resources/views/search.blade.php b/app/resources/views/search.blade.php
index 608e4be..bf50a39 100644
--- a/app/resources/views/search.blade.php
+++ b/app/resources/views/search.blade.php
@@ -106,7 +106,7 @@
                         const data = new FormData(document.getElementById('search_form'))
                         const uri = '{{$urls->api}}/search'
                         this.data = []
-                        return fetch(uri, {method: 'post', body: data}).then(response => {
+                        return fetchAPI(uri, {method: 'post', body: data}).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
@@ -155,7 +155,7 @@
                     },
                     unidad: id => {
                         const url = '{{$urls->api}}/ventas/unidad/' + id
-                        return fetch(url).then(response => {
+                        return fetchAPI(url).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
@@ -163,7 +163,7 @@
                     },
                     venta: id => {
                         const url = '{{$urls->api}}/venta/' + id
-                        return fetch(url).then(response => {
+                        return fetchAPI(url).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
diff --git a/app/resources/views/ventas/add.blade.php b/app/resources/views/ventas/add.blade.php
index 7359c0a..00d7c02 100644
--- a/app/resources/views/ventas/add.blade.php
+++ b/app/resources/views/ventas/add.blade.php
@@ -269,7 +269,7 @@
                 return {
                     provincias: () => {
                         const uri = '{{$urls->api}}/region/' + this.data.region + '/provincias'
-                        return fetch(uri).then(response => {
+                        return fetchAPI(uri).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
@@ -286,7 +286,7 @@
                     },
                     comunas: provincia_id => {
                         const uri = '{{$urls->api}}/provincia/' + provincia_id + '/comunas'
-                        return fetch(uri).then(response => {
+                        return fetchAPI(uri).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
@@ -581,7 +581,7 @@
                 return {
                     propietario: rut => {
                         const uri = '{{$urls->api}}/ventas/propietario/' + rut.split('-')[0]
-                        return fetch(uri).then(response => {
+                        return fetchAPI(uri).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
@@ -664,7 +664,7 @@
                 return {
                     unidades: () => {
                         const uri = '{{$urls->api}}/proyecto/' + this.data.id + '/unidades'
-                        return fetch(uri).then(response => {
+                        return fetchAPI(uri).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
diff --git a/app/resources/views/ventas/cierres/list.blade.php b/app/resources/views/ventas/cierres/list.blade.php
index fb3827b..be09dff 100644
--- a/app/resources/views/ventas/cierres/list.blade.php
+++ b/app/resources/views/ventas/cierres/list.blade.php
@@ -201,7 +201,7 @@
 
                         this.draw().loading()
 
-                        return fetch('{{$urls->api}}/proyectos').then(response => {
+                        return fetchAPI('{{$urls->api}}/proyectos').then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
@@ -223,7 +223,7 @@
                         })
                     },
                     cierres: proyecto_id => {
-                        return fetch('{{$urls->api}}/ventas/cierres',
+                        return fetchAPI('{{$urls->api}}/ventas/cierres',
                             {method: 'post', headers: {'Content-Type': 'application/json'}, body: JSON.stringify({proyecto_id})}).then(response => {
                             if (response.ok) {
                                 return response.json()
diff --git a/app/resources/views/ventas/cuotas/abonar.blade.php b/app/resources/views/ventas/cuotas/abonar.blade.php
index babfa2a..e6bf045 100644
--- a/app/resources/views/ventas/cuotas/abonar.blade.php
+++ b/app/resources/views/ventas/cuotas/abonar.blade.php
@@ -105,7 +105,7 @@
                 const cuota_id = button.data('cuota')
                 const calendar = $(".ui.calendar[data-cuota='" + cuota_id + "']").calendar('get date')
                 const fecha = [calendar.getFullYear(), calendar.getMonth()+1, calendar.getDate()].join('-')
-                fetch('{{$urls->api}}/ventas/cuota/abonar', {
+                return fetchAPI('{{$urls->api}}/ventas/cuota/abonar', {
                     method: 'post', headers: {'Content-Type': 'application/json'}, body: JSON.stringify({cuota_id, fecha})
                 }).then(response => {
                     if (response.ok) {
@@ -125,7 +125,7 @@
                 const cuota_id = button.data('cuota')
                 const calendar = $(".ui.calendar[data-cuota='" + cuota_id + "']").calendar('get date')
                 const fecha = [calendar.getFullYear(), calendar.getMonth()+1, calendar.getDate()].join('-')
-                fetch('{{$urls->api}}/ventas/cuota/devolver', {
+                return fetchAPI('{{$urls->api}}/ventas/cuota/devolver', {
                     method: 'post', headers: {'Content-Type': 'application/json'}, body: JSON.stringify({cuota_id, fecha})
                 }).then(response => {
                     if (response.ok) {
diff --git a/app/resources/views/ventas/cuotas/pendientes.blade.php b/app/resources/views/ventas/cuotas/pendientes.blade.php
index ee0c4df..eae188e 100644
--- a/app/resources/views/ventas/cuotas/pendientes.blade.php
+++ b/app/resources/views/ventas/cuotas/pendientes.blade.php
@@ -105,7 +105,7 @@
                 const cuota_id = button.data('cuota')
                 const calendar = $(".ui.calendar[data-cuota='" + cuota_id + "']").calendar('get date')
                 const fecha = [calendar.getFullYear(), calendar.getMonth()+1, calendar.getDate()].join('-')
-                fetch('{{$urls->api}}/ventas/cuota/depositar', {
+                return fetchAPI('{{$urls->api}}/ventas/cuota/depositar', {
                     method: 'post', headers: {'Content-Type': 'application/json'}, body: JSON.stringify({cuota_id, fecha})
                 }).then(response => {
                     if (response.ok) {
diff --git a/app/resources/views/ventas/edit.blade.php b/app/resources/views/ventas/edit.blade.php
index ebc7387..8596b77 100644
--- a/app/resources/views/ventas/edit.blade.php
+++ b/app/resources/views/ventas/edit.blade.php
@@ -68,7 +68,7 @@
                 return
             }
             const uri = '{{$urls->api}}/venta/{{$venta->id}}'
-            return fetch(uri,
+            return fetchAPI(uri,
                 {method: 'put', headers: {'Content-Type': 'application/json'}, body: JSON.stringify(data)}
             ).then(response => {
                 if (response.ok) {
diff --git a/app/resources/views/ventas/facturacion.blade.php b/app/resources/views/ventas/facturacion.blade.php
index 7878c84..c29d765 100644
--- a/app/resources/views/ventas/facturacion.blade.php
+++ b/app/resources/views/ventas/facturacion.blade.php
@@ -53,7 +53,7 @@
                             method: 'post',
                             body: data
                         }
-                        return this.sent.uf[date.toISOString()] = fetch(url, options).then(response => {
+                        return this.sent.uf[date.toISOString()] = fetchAPI(url, options).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
@@ -75,7 +75,7 @@
                             method: 'post',
                             body: data
                         }
-                        return this.sent.ipc[dateKey] = fetch(url, options).then(response => {
+                        return this.sent.ipc[dateKey] = fetchAPI(url, options).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
@@ -127,7 +127,7 @@
                 return {
                     unidades: () => {
                         const url = '{{$urls->api}}/venta/' + this.id + '/unidades'
-                        return fetch(url).then(response => {
+                        return fetchAPI(url).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
@@ -233,7 +233,7 @@
                 return {
                     ventas: () => {
                         const url = '{{$urls->api}}/ventas/facturacion/proyecto/' + this.selected
-                        return fetch(url).then(response => {
+                        return fetchAPI(url).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
diff --git a/app/resources/views/ventas/list.blade.php b/app/resources/views/ventas/list.blade.php
index 4f77afd..0ff7a14 100644
--- a/app/resources/views/ventas/list.blade.php
+++ b/app/resources/views/ventas/list.blade.php
@@ -103,7 +103,7 @@
                     ventas: proyecto_id => {
                         this.data.venta_ids = []
                         this.data.ventas = []
-                        return fetch('{{$urls->api}}/ventas',
+                        return fetchAPI('{{$urls->api}}/ventas',
                             {method: 'post', headers: {'Content-Type': 'application/json'}, body: JSON.stringify({proyecto_id})}
                         ).then(response => {
                             this.loading.precios = false
@@ -130,7 +130,7 @@
                         })
                     },
                     venta: venta_id => {
-                        return fetch('{{$urls->api}}/venta/' + venta_id).then(response => {
+                        return fetchAPI('{{$urls->api}}/venta/' + venta_id).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
diff --git a/app/resources/views/ventas/pagos/pendientes.blade.php b/app/resources/views/ventas/pagos/pendientes.blade.php
index 131c009..4bf89a1 100644
--- a/app/resources/views/ventas/pagos/pendientes.blade.php
+++ b/app/resources/views/ventas/pagos/pendientes.blade.php
@@ -34,7 +34,7 @@
                 return {
                     pagos: () => {
                         const uri = '{{$urls->api}}/ventas/pagos/pendientes'
-                        fetch(uri).then(response => {
+                        return fetchAPI(uri).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
@@ -138,7 +138,7 @@
                 return {
                     pendientes: () => {
                         const uri = '{{$urls->api}}/ventas/pagos/abonar'
-                        fetch(uri).then(response => {
+                        return fetchAPI(uri).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
@@ -218,7 +218,7 @@
                 return {
                     devueltos: () => {
                         const uri = '{{$urls->api}}/ventas/pagos/rebotes'
-                        fetch(uri).then(response => {
+                        return fetchAPI(uri).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
diff --git a/app/resources/views/ventas/precios/list.blade.php b/app/resources/views/ventas/precios/list.blade.php
index 5b4ae22..a55a892 100644
--- a/app/resources/views/ventas/precios/list.blade.php
+++ b/app/resources/views/ventas/precios/list.blade.php
@@ -339,7 +339,7 @@
 
                         $(this.ids.buttons.add).hide()
 
-                        return fetch('{{$urls->api}}/proyectos').then(response => {
+                        return fetchAPI('{{$urls->api}}/proyectos').then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
@@ -357,7 +357,7 @@
                     },
                     precios: proyecto_id => {
                         this.data.precios = []
-                        return fetch('{{$urls->api}}/ventas/precios',
+                        return fetchAPI('{{$urls->api}}/ventas/precios',
                             {method: 'post', headers: {'Content-Type': 'application/json'}, body: JSON.stringify({proyecto_id})}
                         ).then(response => {
                             $('.item.proyecto').css('cursor', 'default')
@@ -639,7 +639,7 @@
                             fecha: $(this.ids.fields.calendar).calendar('get date'),
                             valor: $(this.ids.fields.valor).val()
                         }
-                        return fetch('{{$urls->api}}/precios/update',
+                        return fetchAPI('{{$urls->api}}/precios/update',
                             {method: 'post', headers: {'Content-Type': 'application/json'}, body: JSON.stringify(data)}
                         ).then(response => {
                             if (response.ok) {
diff --git a/app/resources/views/ventas/propietarios/edit.blade.php b/app/resources/views/ventas/propietarios/edit.blade.php
index 5b6438d..24dad58 100644
--- a/app/resources/views/ventas/propietarios/edit.blade.php
+++ b/app/resources/views/ventas/propietarios/edit.blade.php
@@ -79,7 +79,7 @@ Editar Propietario
         const original_id = $("[name='comuna']").val()
         const uri = '{{$urls->api}}/direcciones/comunas/find'
         const data = {direccion}
-        return fetch(uri,
+        return fetchAPI(uri,
             {method: 'post', headers: {'Content-Type': 'application/json'}, body: JSON.stringify(data)}
         ).then(response => {
             if (response.ok) {
@@ -101,7 +101,7 @@ Editar Propietario
         const parent = $('#comunas')
         parent.hide()
         const uri = '{{$urls->api}}/direcciones/region/' + region_id + '/comunas'
-        return fetch(uri).then(response => {
+        return fetchAPI(uri).then(response => {
             if (response.ok) {
                 return response.json()
             }
@@ -195,7 +195,7 @@ Editar Propietario
             redirect()
             return
         }
-        return fetch(uri,
+        return fetchAPI(uri,
             {method: 'put', headers: {'Content-Type': 'application/json'}, body: JSON.stringify(data)}
         ).then(response => {
             if (response.ok) {
diff --git a/app/resources/views/ventas/show/comentarios.blade.php b/app/resources/views/ventas/show/comentarios.blade.php
index 8dabe09..8c5d735 100644
--- a/app/resources/views/ventas/show/comentarios.blade.php
+++ b/app/resources/views/ventas/show/comentarios.blade.php
@@ -48,7 +48,7 @@
                 return {
                     comentarios: () => {
                         const uri = '{{$urls->api}}/venta/{{$venta->id}}/comentarios'
-                        return fetch(uri).then(response => {
+                        return fetchAPI(uri).then(response => {
                             if (response.ok) {
                                 return response.json()
                             }
diff --git a/app/resources/views/ventas/show/forma_pago.blade.php b/app/resources/views/ventas/show/forma_pago.blade.php
index f9f90b2..201bff6 100644
--- a/app/resources/views/ventas/show/forma_pago.blade.php
+++ b/app/resources/views/ventas/show/forma_pago.blade.php
@@ -176,7 +176,7 @@
             modal.find('.ui.button').click(event => {
                 modal.modal('hide')
                 const date = modal.find('#fecha').val()
-                return fetch(uri,
+                return fetchAPI(uri,
                     {method: 'put', body: JSON.stringify({fecha: date}), headers: {'Content-Type': 'application/json'}}
                 ).then(response => {
                     anchor.css('pointer-events', '')
@@ -206,7 +206,7 @@
             modal.modal('show')
             modal.find('.ui.button').click(event => {
                 const date = modal.find('#fecha').val()
-                return fetch(uri,
+                return fetchAPI(uri,
                     {method: 'put', body: JSON.stringify({fecha: date}), headers: {'Content-Type': 'application/json'}}
                 ).then(response => {
                     anchor.css('pointer-events', '')
diff --git a/app/setup/middlewares/01_auth.php b/app/setup/middlewares/01_auth.php
index 8f51dbe..55d016a 100644
--- a/app/setup/middlewares/01_auth.php
+++ b/app/setup/middlewares/01_auth.php
@@ -1,2 +1,2 @@
 <?php
-$app->add($app->getContainer()->get(Incoviba\Middleware\Authentication::class));
+//$app->add($app->getContainer()->get(Incoviba\Middleware\Authentication::class));
diff --git a/app/setup/setups/middlewares.php b/app/setup/setups/middlewares.php
index df7a7e2..567b36e 100644
--- a/app/setup/setups/middlewares.php
+++ b/app/setup/setups/middlewares.php
@@ -2,9 +2,6 @@
 use Psr\Container\ContainerInterface;
 
 return [
-    Psr\Http\Message\ResponseFactoryInterface::class => function(ContainerInterface $container) {
-        return $container->get(Nyholm\Psr7\Factory\Psr17Factory::class);
-    },
     Incoviba\Middleware\Authentication::class => function(ContainerInterface $container) {
         return new Incoviba\Middleware\Authentication(
             $container->get(Psr\Http\Message\ResponseFactoryInterface::class),
@@ -13,5 +10,11 @@ return [
             $container->get(Incoviba\Common\Alias\View::class),
             implode('/', [$container->get('APP_URL'), 'login'])
         );
+    },
+    Incoviba\Middleware\API::class => function(ContainerInterface $container) {
+        return new Incoviba\Middleware\API(
+            $container->get(Psr\Http\Message\ResponseFactoryInterface::class),
+            $container->get('API_KEY')
+        );
     }
 ];
diff --git a/app/setup/setups/views.php b/app/setup/setups/views.php
index 41cf638..c632889 100644
--- a/app/setup/setups/views.php
+++ b/app/setup/setups/views.php
@@ -9,6 +9,7 @@ return [
             'money_url' => '',
             'login' => $container->get(Incoviba\Service\Login::class),
             'format' => $container->get(Incoviba\Service\Format::class),
+            'API_KEY' => $container->get('API_KEY'),
         ];
         if ($global_variables['login']->isIn()) {
             $global_variables['user'] = $global_variables['login']->getUser();
diff --git a/app/src/Controller/API/Money.php b/app/src/Controller/API/Money.php
index 252bfc8..5dab0c6 100644
--- a/app/src/Controller/API/Money.php
+++ b/app/src/Controller/API/Money.php
@@ -47,20 +47,20 @@ class Money
     protected function getValue(Service\Redis $redisService, string $redisKey, Service\Money $moneyService,
                                 DateTimeInterface $date, string $provider): float
     {
-        if (isset($this->data[$date->format('Y-m-d')])) {
-            return $this->data[$date->format('Y-m-d')];
+        if (isset($this->data[$provider][$date->format('Y-m-d')])) {
+            return $this->data[$provider][$date->format('Y-m-d')];
         }
         try {
-            $this->data = (array) $this->fetchRedis($redisService, $redisKey);
-            if (!isset($this->data[$date->format('Y-m-d')])) {
+            $this->data[$provider] = (array) $this->fetchRedis($redisService, $redisKey);
+            if (!isset($this->data[$provider][$date->format('Y-m-d')])) {
                 throw new EmptyRedis($redisKey);
             }
         } catch (EmptyRedis) {
             $result = $moneyService->get($provider, $date);
-            $this->data[$date->format('Y-m-d')] = $result;
-            $this->saveRedis($redisService, $redisKey, $this->data, $this->time);
+            $this->data[$provider][$date->format('Y-m-d')] = $result;
+            $this->saveRedis($redisService, $redisKey, $this->data[$provider], $this->time);
         }
-        return $this->data[$date->format('Y-m-d')];
+        return $this->data[$provider][$date->format('Y-m-d')];
     }
     /*public function uf(ServerRequestInterface $request, ResponseInterface $response, Service\Redis $redisService, Service\Money $moneyService): ResponseInterface
     {
diff --git a/app/src/Exception/MissingAuthorizationHeader.php b/app/src/Exception/MissingAuthorizationHeader.php
new file mode 100644
index 0000000..8999018
--- /dev/null
+++ b/app/src/Exception/MissingAuthorizationHeader.php
@@ -0,0 +1,13 @@
+<?php
+namespace Incoviba\Exception;
+
+use Throwable;
+use Exception;
+
+class MissingAuthorizationHeader extends Exception
+{
+    public function __construct(string $message = "", int $code = 0, ?Throwable $previous = null)
+    {
+        parent::__construct($message, $code, $previous);
+    }
+}
diff --git a/app/src/Middleware/API.php b/app/src/Middleware/API.php
new file mode 100644
index 0000000..61a0d8a
--- /dev/null
+++ b/app/src/Middleware/API.php
@@ -0,0 +1,40 @@
+<?php
+namespace Incoviba\Middleware;
+
+use Psr\Http\Message\ResponseFactoryInterface;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+use Incoviba\Exception\MissingAuthorizationHeader;
+
+class API
+{
+    public function __construct(protected ResponseFactoryInterface $responseFactory, protected string $key) {}
+
+    public function __invoke(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
+    {
+        try {
+            $key = $this->getKey($request);
+        } catch (MissingAuthorizationHeader $exception) {
+            return $this->responseFactory->createResponse(401);
+        }
+        if ($this->validate($key)) {
+            return $handler->handle($request);
+        }
+        return $this->responseFactory->createResponse(403);
+    }
+    protected function getKey(ServerRequestInterface $request): string
+    {
+        $auth_headers = $request->getHeader('Authorization');
+        foreach ($auth_headers as $header) {
+            if (str_contains($header, 'Bearer')) {
+                return substr($header, strlen('Bearer '));
+            }
+        }
+        throw new MissingAuthorizationHeader();
+    }
+    protected function validate($incoming_key): bool
+    {
+        return $incoming_key === md5($this->key);
+    }
+}