169 lines
4.8 KiB
Go
169 lines
4.8 KiB
Go
package handlers
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/http"
|
|
"regexp"
|
|
)
|
|
|
|
var validLanguageCode = regexp.MustCompile(`^[a-z]{2,3}(_[A-Z]{2})?$`)
|
|
var validOTPCode = regexp.MustCompile(`^\d{4,8}$`)
|
|
|
|
// ListPhoneNumbers returns all phone numbers for the account.
|
|
// POST /api/phone-numbers {"account_id"}
|
|
func (h *Handlers) ListPhoneNumbers(w http.ResponseWriter, r *http.Request) {
|
|
if r.Method != http.MethodPost {
|
|
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
|
|
return
|
|
}
|
|
|
|
var req struct {
|
|
AccountID string `json:"account_id"`
|
|
}
|
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
baClient, err := h.getBusinessAPIClient(req.AccountID)
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
resp, err := baClient.ListPhoneNumbers(r.Context())
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
writeJSON(w, resp)
|
|
}
|
|
|
|
// RequestVerificationCode sends a verification code to a phone number.
|
|
// POST /api/phone-numbers/request-code {"account_id","phone_number_id","method":"SMS"|"VOICE"}
|
|
func (h *Handlers) RequestVerificationCode(w http.ResponseWriter, r *http.Request) {
|
|
if r.Method != http.MethodPost {
|
|
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
|
|
return
|
|
}
|
|
|
|
var req struct {
|
|
AccountID string `json:"account_id"`
|
|
PhoneNumberID string `json:"phone_number_id"`
|
|
Method string `json:"code_method"` // "SMS" or "VOICE"
|
|
Language string `json:"language"`
|
|
}
|
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if req.PhoneNumberID == "" || req.Method == "" {
|
|
http.Error(w, "phone_number_id and code_method are required", http.StatusBadRequest)
|
|
return
|
|
}
|
|
if req.Method != "SMS" && req.Method != "VOICE" {
|
|
http.Error(w, "code_method must be SMS or VOICE", http.StatusBadRequest)
|
|
return
|
|
}
|
|
if req.Language == "" || !validLanguageCode.MatchString(req.Language) {
|
|
req.Language = "en_US"
|
|
}
|
|
|
|
baClient, err := h.getBusinessAPIClient(req.AccountID)
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if err := baClient.RequestVerificationCode(r.Context(), req.PhoneNumberID, req.Method, req.Language); err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
writeJSON(w, map[string]string{"status": "ok"})
|
|
}
|
|
|
|
// VerifyCode verifies a phone number with the code received.
|
|
// POST /api/phone-numbers/verify-code {"account_id","phone_number_id","code"}
|
|
func (h *Handlers) VerifyCode(w http.ResponseWriter, r *http.Request) {
|
|
if r.Method != http.MethodPost {
|
|
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
|
|
return
|
|
}
|
|
|
|
var req struct {
|
|
AccountID string `json:"account_id"`
|
|
PhoneNumberID string `json:"phone_number_id"`
|
|
Code string `json:"code"`
|
|
}
|
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if req.PhoneNumberID == "" || req.Code == "" {
|
|
http.Error(w, "phone_number_id and code are required", http.StatusBadRequest)
|
|
return
|
|
}
|
|
if !validOTPCode.MatchString(req.Code) {
|
|
http.Error(w, "code must be 4-8 digits", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
baClient, err := h.getBusinessAPIClient(req.AccountID)
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if err := baClient.VerifyCode(r.Context(), req.PhoneNumberID, req.Code); err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
writeJSON(w, map[string]string{"status": "ok"})
|
|
}
|
|
|
|
// RegisterPhoneNumber registers a phone number with the WhatsApp Cloud API.
|
|
// POST /api/phone-numbers/register {"account_id","phone_number_id","pin"}
|
|
func (h *Handlers) RegisterPhoneNumber(w http.ResponseWriter, r *http.Request) {
|
|
if r.Method != http.MethodPost {
|
|
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
|
|
return
|
|
}
|
|
|
|
var req struct {
|
|
AccountID string `json:"account_id"`
|
|
PhoneNumberID string `json:"phone_number_id"`
|
|
Pin string `json:"pin"` // 6-digit two-step verification PIN
|
|
}
|
|
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if req.PhoneNumberID == "" {
|
|
http.Error(w, "phone_number_id is required", http.StatusBadRequest)
|
|
return
|
|
}
|
|
if !validOTPCode.MatchString(req.Pin) {
|
|
http.Error(w, "pin must be 4-8 digits", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
baClient, err := h.getBusinessAPIClient(req.AccountID)
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if err := baClient.RegisterPhoneNumber(r.Context(), req.PhoneNumberID, req.Pin); err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
writeJSON(w, map[string]string{"status": "ok"})
|
|
}
|