feat: dist/ pridan do repa pro server deploy

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

dist/api/admin/received-invoices.php

@@ -0,0 +1,97 @@
+<?php
+
+/**
+ * Received Invoices API - přijaté faktury (upload, CRUD, stats)
+ *
+ * GET    ?action=list&month=X&year=Y   - Seznam přijatých faktur
+ * GET    ?action=stats&month=X&year=Y  - KPI statistiky
+ * GET    ?action=detail&id=X           - Detail záznamu (bez BLOB)
+ * GET    ?action=file&id=X             - Stažení/zobrazení souboru
+ * POST   (FormData)                    - Bulk upload: files[] + invoices JSON
+ * PUT    ?id=X                         - Update metadat / změna stavu
+ * DELETE ?id=X                         - Smazání záznamu
+ */
+
+declare(strict_types=1);
+
+require_once dirname(__DIR__) . '/config.php';
+require_once dirname(__DIR__) . '/includes/JWTAuth.php';
+require_once dirname(__DIR__) . '/includes/AuditLog.php';
+require_once dirname(__DIR__) . '/includes/CnbRates.php';
+require_once __DIR__ . '/handlers/received-invoices-handlers.php';
+
+setCorsHeaders();
+setSecurityHeaders();
+setNoCacheHeaders();
+header('Content-Type: application/json; charset=utf-8');
+
+$authData = JWTAuth::requireAuth();
+AuditLog::setUser($authData['user_id'], $authData['user']['username'] ?? 'unknown');
+
+$method = $_SERVER['REQUEST_METHOD'];
+$action = $_GET['action'] ?? '';
+$id = isset($_GET['id']) ? (int) $_GET['id'] : null;
+
+try {
+    $pdo = db();
+
+    switch ($method) {
+        case 'GET':
+            requirePermission($authData, 'invoices.view');
+            switch ($action) {
+                case 'stats':
+                    handleGetStats($pdo);
+                    break;
+                case 'detail':
+                    if (!$id) {
+                        errorResponse('ID je povinné');
+                    }
+                    handleGetDetail($pdo, $id);
+                    break;
+                case 'file':
+                    if (!$id) {
+                        errorResponse('ID je povinné');
+                    }
+                    handleGetFile($pdo, $id);
+                    break;
+                default:
+                    handleGetList($pdo);
+            }
+            break;
+
+        case 'POST':
+            requirePermission($authData, 'invoices.create');
+            handleBulkUpload($pdo, $authData);
+            break;
+
+        case 'PUT':
+            requirePermission($authData, 'invoices.edit');
+            if (!$id) {
+                errorResponse('ID je povinné');
+            }
+            handleUpdateReceivedInvoice($pdo, $id);
+            break;
+
+        case 'DELETE':
+            requirePermission($authData, 'invoices.delete');
+            if (!$id) {
+                errorResponse('ID je povinné');
+            }
+            handleDeleteReceivedInvoice($pdo, $id);
+            break;
+
+        default:
+            errorResponse('Metoda není povolena', 405);
+    }
+} catch (PDOException $e) {
+    error_log('Received Invoices API error: ' . $e->getMessage());
+    if (DEBUG_MODE) {
+        errorResponse('Chyba databáze: ' . $e->getMessage(), 500);
+    } else {
+        errorResponse('Chyba databáze', 500);
+    }
+}
+
+// --- Allowed MIME types ---
+
+/** @return list<string> */