121 lines
3.4 KiB
PHP
121 lines
3.4 KiB
PHP
<?php
|
|
/**
|
|
* POST /api/sms-done
|
|
*
|
|
* Called by Caller Android App after sending an SMS OTP.
|
|
*
|
|
* Request body:
|
|
* {
|
|
* "task_id": 43,
|
|
* "device_id": "DEVICE_XXX",
|
|
* "app_key": "SECRET_DEVICE_KEY",
|
|
* "result": "success" | "failed"
|
|
* }
|
|
*/
|
|
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
header('Access-Control-Allow-Origin: *');
|
|
header('Access-Control-Allow-Methods: POST, OPTIONS');
|
|
header('Access-Control-Allow-Headers: Content-Type, X-App-Key');
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
|
|
http_response_code(204);
|
|
exit;
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
http_response_code(405);
|
|
echo json_encode(['success' => false, 'message' => 'method_not_allowed']);
|
|
exit;
|
|
}
|
|
|
|
require_once __DIR__ . '/../includes/Database.php';
|
|
require_once __DIR__ . '/../includes/Auth.php';
|
|
require_once __DIR__ . '/../includes/Logger.php';
|
|
|
|
// Authenticate — requires device key
|
|
Auth::requireAuth('device');
|
|
|
|
$input = json_decode(file_get_contents('php://input'), true);
|
|
|
|
if (!$input || !isset($input['task_id']) || !isset($input['device_id']) || !isset($input['result'])) {
|
|
http_response_code(400);
|
|
echo json_encode(['success' => false, 'message' => 'missing_required_fields']);
|
|
RequestLogger::log('sms-done', 'POST', $input, 400, 'missing_fields');
|
|
exit;
|
|
}
|
|
|
|
$taskId = (int) $input['task_id'];
|
|
$deviceId = trim($input['device_id']);
|
|
$result = trim($input['result']);
|
|
|
|
// Validate result
|
|
$validResults = ['success', 'failed'];
|
|
if (!in_array($result, $validResults, true)) {
|
|
http_response_code(400);
|
|
echo json_encode(['success' => false, 'message' => 'invalid_result_value']);
|
|
RequestLogger::log('sms-done', 'POST', $input, 400, 'invalid_result');
|
|
exit;
|
|
}
|
|
|
|
$db = Database::getInstance();
|
|
|
|
try {
|
|
// Verify this task belongs to this device
|
|
$stmt = $db->prepare(
|
|
"SELECT id, status, method FROM otp_requests WHERE id = ? AND device_id = ?"
|
|
);
|
|
$stmt->execute([$taskId, $deviceId]);
|
|
$task = $stmt->fetch();
|
|
|
|
if (!$task) {
|
|
http_response_code(404);
|
|
echo json_encode(['success' => false, 'message' => 'task_not_found']);
|
|
RequestLogger::log('sms-done', 'POST', $input, 404, 'task_not_found');
|
|
exit;
|
|
}
|
|
|
|
if ($task['status'] !== 'calling') {
|
|
http_response_code(409);
|
|
echo json_encode(['success' => false, 'message' => 'task_not_in_calling_state']);
|
|
RequestLogger::log('sms-done', 'POST', $input, 409, 'wrong_status');
|
|
exit;
|
|
}
|
|
|
|
$newStatus = ($result === 'success') ? 'completed' : 'failed';
|
|
|
|
$db->beginTransaction();
|
|
|
|
// Update OTP request status
|
|
$stmt = $db->prepare(
|
|
"UPDATE otp_requests
|
|
SET status = ?, updated_at = NOW()
|
|
WHERE id = ? AND device_id = ?"
|
|
);
|
|
$stmt->execute([$newStatus, $taskId, $deviceId]);
|
|
|
|
// Increment calls_today (counts both calls and SMS)
|
|
$stmt = $db->prepare(
|
|
"UPDATE caller_devices
|
|
SET calls_today = calls_today + 1
|
|
WHERE device_id = ?"
|
|
);
|
|
$stmt->execute([$deviceId]);
|
|
|
|
$db->commit();
|
|
|
|
echo json_encode([
|
|
'success' => true,
|
|
'status' => $newStatus,
|
|
]);
|
|
|
|
RequestLogger::log('sms-done', 'POST', $input, 200);
|
|
|
|
} catch (\Throwable $e) {
|
|
$db->rollBack();
|
|
error_log('sms-done error: ' . $e->getMessage());
|
|
http_response_code(500);
|
|
echo json_encode(['success' => false, 'message' => 'internal_error']);
|
|
RequestLogger::log('sms-done', 'POST', $input, 500, $e->getMessage());
|
|
}
|