first commit

backend/api/register-device.php

@@ -0,0 +1,120 @@
+<?php
+/**
+ * POST /api/register-device
+ *
+ * Register a Caller Android device.
+ *
+ * Request body:
+ *   {
+ *     "device_id": "DEVICE_XXX",
+ *     "phone_number": "+9627XXXXXXXX",
+ *     "sim_slot": 0,
+ *     "app_key": "SECRET_DEVICE_KEY"
+ *   }
+ */
+
+header('Content-Type: application/json; charset=utf-8');
+header('Access-Control-Allow-Origin: *');
+header('Access-Control-Allow-Methods: POST, OPTIONS');
+header('Access-Control-Allow-Headers: Content-Type, X-App-Key');
+
+if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
+    http_response_code(204);
+    exit;
+}
+
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+    http_response_code(405);
+    echo json_encode(['success' => false, 'message' => 'method_not_allowed']);
+    exit;
+}
+
+require_once __DIR__ . '/../includes/Database.php';
+require_once __DIR__ . '/../includes/Auth.php';
+require_once __DIR__ . '/../includes/Logger.php';
+
+// Authenticate — requires device key
+Auth::requireAuth('device');
+
+$input = json_decode(file_get_contents('php://input'), true);
+
+if (!$input || !isset($input['device_id']) || !isset($input['phone_number'])) {
+    http_response_code(400);
+    echo json_encode(['success' => false, 'message' => 'missing_required_fields']);
+    RequestLogger::log('register-device', 'POST', $input, 400, 'missing_fields');
+    exit;
+}
+
+$deviceId = trim($input['device_id']);
+$phoneNumber = trim($input['phone_number']);
+$simSlot = isset($input['sim_slot']) ? (int) $input['sim_slot'] : 0;
+
+// Validate device_id
+if (strlen($deviceId) < 5 || strlen($deviceId) > 50) {
+    http_response_code(400);
+    echo json_encode(['success' => false, 'message' => 'invalid_device_id_length']);
+    RequestLogger::log('register-device', 'POST', $input, 400, 'invalid_device_id');
+    exit;
+}
+
+// Validate phone format
+if (!preg_match('/^\+[1-9]\d{6,14}$/', $phoneNumber)) {
+    http_response_code(400);
+    echo json_encode(['success' => false, 'message' => 'invalid_phone_format']);
+    RequestLogger::log('register-device', 'POST', $input, 400, 'invalid_phone');
+    exit;
+}
+
+// Validate sim_slot
+if ($simSlot < 0 || $simSlot > 3) {
+    http_response_code(400);
+    echo json_encode(['success' => false, 'message' => 'invalid_sim_slot']);
+    RequestLogger::log('register-device', 'POST', $input, 400, 'invalid_sim_slot');
+    exit;
+}
+
+$db = Database::getInstance();
+
+try {
+    // Check if device already registered
+    $stmt = $db->prepare("SELECT id, is_active FROM caller_devices WHERE device_id = ?");
+    $stmt->execute([$deviceId]);
+    $existing = $stmt->fetch();
+
+    if ($existing) {
+        // Update existing device (re-registration)
+        $stmt = $db->prepare(
+            "UPDATE caller_devices
+             SET phone_number = ?, sim_slot = ?, is_active = 1, last_seen = NOW()
+             WHERE device_id = ?"
+        );
+        $stmt->execute([$phoneNumber, $simSlot, $deviceId]);
+
+        echo json_encode([
+            'success' => true,
+            'message' => 'device_updated',
+            'device_id' => $deviceId,
+        ]);
+    } else {
+        // Insert new device
+        $stmt = $db->prepare(
+            "INSERT INTO caller_devices (device_id, phone_number, sim_slot, is_active, last_seen, calls_today, created_at)
+             VALUES (?, ?, ?, 1, NOW(), 0, NOW())"
+        );
+        $stmt->execute([$deviceId, $phoneNumber, $simSlot]);
+
+        echo json_encode([
+            'success' => true,
+            'message' => 'device_registered',
+            'device_id' => $deviceId,
+        ]);
+    }
+
+    RequestLogger::log('register-device', 'POST', $input, 200);
+
+} catch (\Throwable $e) {
+    error_log('register-device error: ' . $e->getMessage());
+    http_response_code(500);
+    echo json_encode(['success' => false, 'message' => 'internal_error']);
+    RequestLogger::log('register-device', 'POST', $input, 500, $e->getMessage());
+}