feat(api): add phone number registration endpoint and update related logic

pkg/handlers/phone_numbers.go

@@ -3,8 +3,12 @@ package handlers
 import (
 	"encoding/json"
 	"net/http"
+	"regexp"
 )
 
+var validLanguageCode = regexp.MustCompile(`^[a-z]{2,3}(_[A-Z]{2})?$`)
+var validOTPCode = regexp.MustCompile(`^\d{4,8}$`)
+
 // ListPhoneNumbers returns all phone numbers for the account.
 // POST /api/phone-numbers  {"account_id"}
 func (h *Handlers) ListPhoneNumbers(w http.ResponseWriter, r *http.Request) {
@@ -47,7 +51,8 @@ func (h *Handlers) RequestVerificationCode(w http.ResponseWriter, r *http.Reques
 	var req struct {
 		AccountID     string `json:"account_id"`
 		PhoneNumberID string `json:"phone_number_id"`
-		Method        string `json:"method"` // "SMS" or "VOICE"
+		Method        string `json:"code_method"` // "SMS" or "VOICE"
+		Language      string `json:"language"`
 	}
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
@@ -55,13 +60,16 @@ func (h *Handlers) RequestVerificationCode(w http.ResponseWriter, r *http.Reques
 	}
 
 	if req.PhoneNumberID == "" || req.Method == "" {
-		http.Error(w, "phone_number_id and method are required", http.StatusBadRequest)
+		http.Error(w, "phone_number_id and code_method are required", http.StatusBadRequest)
 		return
 	}
 	if req.Method != "SMS" && req.Method != "VOICE" {
-		http.Error(w, "method must be SMS or VOICE", http.StatusBadRequest)
+		http.Error(w, "code_method must be SMS or VOICE", http.StatusBadRequest)
 		return
 	}
+	if req.Language == "" || !validLanguageCode.MatchString(req.Language) {
+		req.Language = "en_US"
+	}
 
 	baClient, err := h.getBusinessAPIClient(req.AccountID)
 	if err != nil {
@@ -69,7 +77,7 @@ func (h *Handlers) RequestVerificationCode(w http.ResponseWriter, r *http.Reques
 		return
 	}
 
-	if err := baClient.RequestVerificationCode(r.Context(), req.PhoneNumberID, req.Method); err != nil {
+	if err := baClient.RequestVerificationCode(r.Context(), req.PhoneNumberID, req.Method, req.Language); err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
@@ -99,6 +107,10 @@ func (h *Handlers) VerifyCode(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, "phone_number_id and code are required", http.StatusBadRequest)
 		return
 	}
+	if !validOTPCode.MatchString(req.Code) {
+		http.Error(w, "code must be 4-8 digits", http.StatusBadRequest)
+		return
+	}
 
 	baClient, err := h.getBusinessAPIClient(req.AccountID)
 	if err != nil {
@@ -113,3 +125,44 @@ func (h *Handlers) VerifyCode(w http.ResponseWriter, r *http.Request) {
 
 	writeJSON(w, map[string]string{"status": "ok"})
 }
+
+// RegisterPhoneNumber registers a phone number with the WhatsApp Cloud API.
+// POST /api/phone-numbers/register  {"account_id","phone_number_id","pin"}
+func (h *Handlers) RegisterPhoneNumber(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodPost {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	var req struct {
+		AccountID     string `json:"account_id"`
+		PhoneNumberID string `json:"phone_number_id"`
+		Pin           string `json:"pin"` // 6-digit two-step verification PIN
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	if req.PhoneNumberID == "" {
+		http.Error(w, "phone_number_id is required", http.StatusBadRequest)
+		return
+	}
+	if !validOTPCode.MatchString(req.Pin) {
+		http.Error(w, "pin must be 4-8 digits", http.StatusBadRequest)
+		return
+	}
+
+	baClient, err := h.getBusinessAPIClient(req.AccountID)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	if err := baClient.RegisterPhoneNumber(r.Context(), req.PhoneNumberID, req.Pin); err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	writeJSON(w, map[string]string{"status": "ok"})
+}