Feat/add lading examples

[Anidem1995]

Summary by CodeRabbit

• New Features

  • Added endpoints to generate Carta Porte 3.1 complement invoices.
  • Added endpoints to generate payroll (nomina) complement invoices, including reference-based variants.

• Chores

  • Updated FiscalAPI dependency to version 4.0.372.

[coderabbitai]

📝 Walkthrough

Walkthrough

Maven dependency for FiscalAPI library updated from version 4.0.272 to 4.0.372. Controllers refactored to use BigDecimal for numeric values. Four new endpoints added to handle Carta Porte and payroll CFDI complement construction.

Changes

Cohort / File(s)	Summary
Dependency Management pom.xml	Updated com.fiscalapi:fiscalapi dependency version from 4.0.272 to 4.0.372.
Invoice Complements & Endpoints src/main/java/com/fiscalapi/samples/spring/controller/InvoicesController.java	Added issuer CSD certificate/key fields; converted numeric literals to BigDecimal throughout; refactored payment complement attachment via Complement object; introduced OptUtil.parseLocalDateTime() for date parsing. Added four new endpoints: /crear-factura-carta-porte, /crear-factura-carta-porte-referencias, /crear-complement-nomina, and /crear-complemento-nomina-por-referencias for Carta Porte 3.1 and payroll (type N) CFDI construction with associated domain models and autotransporte/figura configuration.
Product Pricing src/main/java/com/fiscalapi/samples/spring/controller/ProductController.java	Refactored hardcoded monetary values (unitPrice) and tax rates (setRate()) to use BigDecimal constructor with string parameters instead of primitive numeric literals.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 A FiscalAPI Upgrade Tale

With BigDecimal precision, we hop and we sway,
Carta Porte and payroll in code find their way,
New endpoints for complements, so structured and bright,
Dependencies bouncing to version just right! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 4.76% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Feat/add lading examples' is partially related to the changeset. It refers to the Carta Porte (bill-of-lading) endpoints added, but misses the significant payroll complement functionality and the broader scope of dependency updates and numeric type refactoring.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/AddLadingExamples

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

src/main/java/com/fiscalapi/samples/spring/controller/InvoicesController.java (2)

1351-1561: Consider extracting common Carta Porte construction logic.

The two Carta Porte endpoints (crearFacturaCartaPorte and crearFacturaCartaPortePorReferencias) share approximately 90% of their code for building the CartaPorte complement (ubicaciones, mercancias, autotransporte, tiposFigura). Only the issuer/recipient setup differs.

While this is a demo application prioritizing simplicity, extracting the common logic into a helper method would reduce duplication and make the examples easier to maintain.

♻️ Suggested helper method

private CartaPorte buildCartaPorteComplement() {
    CartaPorte cartaPorte = new CartaPorte();
    cartaPorte.setTranspInternacId("No");
    cartaPorte.setTotalDistRec(new BigDecimal("1"));
    // ... all the ubicaciones, mercancias, autotransporte, tiposFigura setup
    return cartaPorte;
}

Then in each endpoint:

CartaPorte cartaPorte = buildCartaPorteComplement();
Complement complement = new Complement();
complement.setCartaPorte(cartaPorte);
invoice.setComplement(complement);

Also applies to: 1563-1751

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@src/main/java/com/fiscalapi/samples/spring/controller/InvoicesController.java`
around lines 1351 - 1561, Duplicate CartaPorte construction appears in
crearFacturaCartaPorte and crearFacturaCartaPortePorReferencias; extract the
shared setup into a private helper (e.g., buildCartaPorteComplement) that
creates and returns a fully populated CartaPorte (ubicaciones, mercancias,
autotransporte, tiposFigura) and replace the in-place construction in both
methods by calling that helper and attaching it via new
Complement().setCartaPorte(...), leaving only issuer/recipient differences in
each endpoint.

---

1753-1948: Similar duplication exists in payroll complement endpoints.

The payroll complement endpoints (crearNominaComplemento and crearNominaComplementoPorReferencias) also share most of their code for building earnings, deductions, and the Payroll object. The same helper method approach could be applied here.

Also applies to: 1950-2105

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@src/main/java/com/fiscalapi/samples/spring/controller/InvoicesController.java`
around lines 1753 - 1948, The two endpoints crearNominaComplemento and
crearNominaComplementoPorReferencias duplicate construction of Payroll,
PayrollEarnings (earningList + otherPayments) and deductions; extract reusable
builders (e.g., buildPayrollEarnings(), buildPayrollDeductions(),
buildPayroll(LocalDateTime paymentDate, LocalDateTime start, LocalDateTime end))
that return PayrollEarnings, List<PayrollDeduction> and Payroll respectively,
then call those helpers from both controller methods and set
complement.setPayroll(...) before create(invoice); use the types Payroll,
PayrollEarnings, PayrollEarning, PayrollEarningOtherPayment, PayrollDeduction to
locate where to move the logic.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pom.xml`:
- Line 47: The pom.xml currently pins the fiscalapi dependency to a non-existent
version "4.0.372"; update the <version> element for the fiscalapi dependency to
a valid published release (e.g., "4.0.272") so Maven can resolve the artifact,
then run mvn dependency:resolve or a build to verify the change; ensure the
changed <version> element is the one associated with the fiscalapi dependency.

In
`@src/main/java/com/fiscalapi/samples/spring/controller/InvoicesController.java`:
- Around line 71-73: The InvoicesController currently embeds sensitive test
cert/key strings in the fields escuelaKemperBase64Cert and
escuelaKemperBase64Key; externalize them into configuration and inject them
instead. Add properties like fiscalapi.escuelaKemper.base64Cert and
fiscalapi.escuelaKemper.base64Key to application.properties (or environment),
create a configuration or use `@Value` to bind them, and replace the hardcoded
fields in InvoicesController with injected values (referencing the field names
escuelaKemperBase64Cert and escuelaKemperBase64Key and the class
InvoicesController) so the secrets are no longer in source.

---

Nitpick comments:
In
`@src/main/java/com/fiscalapi/samples/spring/controller/InvoicesController.java`:
- Around line 1351-1561: Duplicate CartaPorte construction appears in
crearFacturaCartaPorte and crearFacturaCartaPortePorReferencias; extract the
shared setup into a private helper (e.g., buildCartaPorteComplement) that
creates and returns a fully populated CartaPorte (ubicaciones, mercancias,
autotransporte, tiposFigura) and replace the in-place construction in both
methods by calling that helper and attaching it via new
Complement().setCartaPorte(...), leaving only issuer/recipient differences in
each endpoint.
- Around line 1753-1948: The two endpoints crearNominaComplemento and
crearNominaComplementoPorReferencias duplicate construction of Payroll,
PayrollEarnings (earningList + otherPayments) and deductions; extract reusable
builders (e.g., buildPayrollEarnings(), buildPayrollDeductions(),
buildPayroll(LocalDateTime paymentDate, LocalDateTime start, LocalDateTime end))
that return PayrollEarnings, List<PayrollDeduction> and Payroll respectively,
then call those helpers from both controller methods and set
complement.setPayroll(...) before create(invoice); use the types Payroll,
PayrollEarnings, PayrollEarning, PayrollEarningOtherPayment, PayrollDeduction to
locate where to move the logic.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 41ee0355-7915-40dd-8c45-45975fba15ee

📥 Commits

Reviewing files that changed from the base of the PR and between d885c47 and 3298833.

📒 Files selected for processing (3)

• pom.xml
• src/main/java/com/fiscalapi/samples/spring/controller/InvoicesController.java
• src/main/java/com/fiscalapi/samples/spring/controller/ProductController.java

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check if fiscalapi 4.0.372 exists on Maven Central
curl -s "https://search.maven.org/solrsearch/select?q=g:com.fiscalapi+AND+a:fiscalapi&rows=5&wt=json" | jq '.response.docs[] | {id, latestVersion}'

Repository: FiscalAPI/fiscalapi-samples-spring

Length of output: 60

---

🏁 Script executed:

cat -n pom.xml | head -60

Repository: FiscalAPI/fiscalapi-samples-spring

Length of output: 2356

---

🏁 Script executed:

# Check if there are repository declarations in pom.xml
grep -n "repository" pom.xml
# Also check for settings.xml or other configuration
ls -la | grep -E "settings|pom"
# Search for any README or documentation about dependencies
find . -name "README*" -o -name "*.md" | head -5

Repository: FiscalAPI/fiscalapi-samples-spring

Length of output: 212

---

🏁 Script executed:

cat README.md

Repository: FiscalAPI/fiscalapi-samples-spring

Length of output: 9030

---

🌐 Web query:

FiscalAPI fiscalapi java maven 4.0.372 version release

💡 Result:

No evidence found of a FiscalAPI Java Maven release version 4.0.372. The FiscalAPI Java SDK (groupId: com.fiscalapi, artifactId: fiscalapi) exists on Maven Central repositories, with documented versions up to 4.0.272 as of recent listings. The GitHub repository github.com/FiscalAPI/fiscalapi-java shows last activity around Aug 2025 but no published releases or changelog mentioning 4.0.372. Similar versioning patterns appear in Python (up to 4.0.360) and .NET SDKs, suggesting 4.0.372 may not be released or is unreleased/private. Official site fiscalapi.com provides the API service for Mexican CFDI electronic invoicing, with SDKs in multiple languages including Java under MPL-2.0 license. Maven dependency example: <dependency><groupId>com.fiscalapi</groupId><artifactId>fiscalapi</artifactId><version>4.0.272</version></dependency>. Check https://repo1.maven.org/maven2/com/fiscalapi/fiscalapi/ for available versions.

Citations:

• 1: https://libraries.io/maven/com.fiscalapi:fiscalapi
• 2: https://repo1.maven.org/maven2/com/fiscalapi
• 3: https://github.com/FiscalAPI
• 4: https://github.com/Fiscalapi
• 5: https://central.sonatype.com/namespace/com.fiscalapi

---

Update fiscalapi version to a valid, published release.

The specified version 4.0.372 does not exist in Maven Central or any public Maven repository. The latest published version is 4.0.272. Update the dependency to use an existing, stable version.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pom.xml` at line 47, The pom.xml currently pins the fiscalapi dependency to a
non-existent version "4.0.372"; update the <version> element for the fiscalapi
dependency to a valid published release (e.g., "4.0.272") so Maven can resolve
the artifact, then run mvn dependency:resolve or a build to verify the change;
ensure the changed <version> element is the one associated with the fiscalapi
dependency.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Hardcoded credentials in source code.

While this is a sample/demo application with test credentials (as noted in the file header), hardcoding private keys and certificates in source code is a security risk that could be accidentally replicated in production code. Consider externalizing these to configuration properties or environment variables, even in sample code, to promote better practices.

💡 Suggested approach

+    `@Value`("${fiscalapi.escuelaKemper.base64Cert}")
+    private String escuelaKemperBase64Cert;
+    
+    `@Value`("${fiscalapi.escuelaKemper.base64Key}")
+    private String escuelaKemperBase64Key;
-    private String escuelaKemperBase64Cert = "MIIFsD...";
-    private String escuelaKemperBase64Key = "MIIFDj...";

Then add to application.properties:

fiscalapi.escuelaKemper.base64Cert=MIIFsD...
fiscalapi.escuelaKemper.base64Key=MIIFDj...

🧰 Tools

🪛 Betterleaks (1.1.1)

[high] 72-72: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@src/main/java/com/fiscalapi/samples/spring/controller/InvoicesController.java`
around lines 71 - 73, The InvoicesController currently embeds sensitive test
cert/key strings in the fields escuelaKemperBase64Cert and
escuelaKemperBase64Key; externalize them into configuration and inject them
instead. Add properties like fiscalapi.escuelaKemper.base64Cert and
fiscalapi.escuelaKemper.base64Key to application.properties (or environment),
create a configuration or use `@Value` to bind them, and replace the hardcoded
fields in InvoicesController with injected values (referencing the field names
escuelaKemperBase64Cert and escuelaKemperBase64Key and the class
InvoicesController) so the secrets are no longer in source.