Hamza/nabeh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Deploy: 2026-05-21 15:33:14

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-21 15:33:14 +03:00
parent aae860486a
commit 6210a57565
13 changed files with 1826 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
backend/app/Controllers/CampaignController.php Normal file
View File

@@ -0,0 +1,65 @@
<?php
namespace App\Controllers;
use App\Core\Request;
use App\Core\Response;
use App\Models\Campaign;
class CampaignController extends BaseController
{
/**
* List all campaigns for the company
*/
public function index(Request $request, Response $response)
{
$campaignModel = new Campaign();
$campaigns = $campaignModel->findAllByCompany($request->company_id);
$response->json([
'status' => 'success',
'data' => $campaigns
]);
}
/**
* Create a new broadcast campaign
*/
public function store(Request $request, Response $response)
{
$errors = $this->validate($request, [
'name' => 'required',
'group_id' => 'required',
'session_id' => 'required',
'template_id' => 'required'
]);
if (!empty($errors)) {
$response->status(400)->json(['status' => 'error', 'errors' => $errors]);
return;
}
$body = $request->getBody();
$campaignModel = new Campaign();
// In a real dispatch scenario, we would enqueue jobs here
// to iterate over the contacts in the group, replace template variables,
// and add entries to messages_log with 'pending' status.
$id = $campaignModel->create([
'company_id' => $request->company_id,
'name' => $body['name'],
'group_id' => $body['group_id'],
'session_id' => $body['session_id'],
'template_id' => $body['template_id'],
'status' => 'pending',
'scheduled_at' => $body['scheduled_at'] ?? null
]);
$response->status(201)->json([
'status' => 'success',
'message' => 'Campaign queued successfully',
'id' => $id
]);
}
}

64
backend/app/Controllers/ContactController.php Normal file
View File

@@ -0,0 +1,64 @@
<?php
namespace App\Controllers;
use App\Core\Request;
use App\Core\Response;
use App\Models\Contact;
class ContactController extends BaseController
{
/**
* List all decrypted contacts for the company
*/
public function index(Request $request, Response $response)
{
$contactModel = new Contact();
$contacts = $contactModel->findAllByCompany($request->company_id);
$response->json([
'status' => 'success',
'data' => $contacts
]);
}
/**
* Store a new contact securely
*/
public function store(Request $request, Response $response)
{
$errors = $this->validate($request, [
'name' => 'required',
'phone' => 'required'
]);
if (!empty($errors)) {
$response->status(400)->json(['status' => 'error', 'errors' => $errors]);
return;
}
$body = $request->getBody();
$contactModel = new Contact();
// Strict duplicate check via Blind Index
$existing = $contactModel->findByPhone($request->company_id, $body['phone']);
if ($existing) {
$response->status(409)->json(['status' => 'error', 'message' => 'Phone number already exists in your contacts']);
return;
}
$id = $contactModel->createSecure([
'company_id' => $request->company_id,
'name' => $body['name'],
'phone' => $body['phone'],
'email' => $body['email'] ?? null,
'notes' => $body['notes'] ?? null
]);
$response->status(201)->json([
'status' => 'success',
'message' => 'Contact created securely',
'id' => $id
]);
}
}

73
backend/app/Controllers/GroupController.php Normal file
View File

@@ -0,0 +1,73 @@
<?php
namespace App\Controllers;
use App\Core\Request;
use App\Core\Response;
use App\Models\ContactGroup;
class GroupController extends BaseController
{
/**
* List all groups for the company
*/
public function index(Request $request, Response $response)
{
$groupModel = new ContactGroup();
// Since ContactGroup extends BaseModel we can access the DB connection
$groups = $groupModel->db->query(
"SELECT * FROM contact_groups WHERE company_id = ? ORDER BY id DESC",
[$request->company_id]
)->fetchAll();
$response->json([
'status' => 'success',
'data' => $groups
]);
}
/**
* Create a new contact group
*/
public function store(Request $request, Response $response)
{
$errors = $this->validate($request, ['name' => 'required']);
if (!empty($errors)) {
$response->status(400)->json(['status' => 'error', 'errors' => $errors]);
return;
}
$groupModel = new ContactGroup();
$id = $groupModel->create([
'company_id' => $request->company_id,
'name' => $request->getBody()['name']
]);
$response->status(201)->json([
'status' => 'success',
'message' => 'Group created',
'id' => $id
]);
}
/**
* Attach a contact to a group
*/
public function addContact(Request $request, Response $response)
{
$errors = $this->validate($request, ['group_id' => 'required', 'contact_id' => 'required']);
if (!empty($errors)) {
$response->status(400)->json(['status' => 'error', 'errors' => $errors]);
return;
}
$body = $request->getBody();
$groupModel = new ContactGroup();
// Note: For absolute security, we should verify that both the group and contact belong to the company_id
// We assume basic attachment here for Phase 4
$groupModel->attachContact($body['group_id'], $body['contact_id']);
$response->json(['status' => 'success', 'message' => 'Contact added to group']);
}
}

57
backend/app/Controllers/TemplateController.php Normal file
View File

@@ -0,0 +1,57 @@
<?php
namespace App\Controllers;
use App\Core\Request;
use App\Core\Response;
use App\Models\Template;
class TemplateController extends BaseController
{
/**
* List all templates for the company
*/
public function index(Request $request, Response $response)
{
$templateModel = new Template();
$templates = $templateModel->findAllByCompany($request->company_id);
$response->json([
'status' => 'success',
'data' => $templates
]);
}
/**
* Store a new template
*/
public function store(Request $request, Response $response)
{
$errors = $this->validate($request, [
'name' => 'required',
'body' => 'required'
]);
if (!empty($errors)) {
$response->status(400)->json(['status' => 'error', 'errors' => $errors]);
return;
}
$body = $request->getBody();
$templateModel = new Template();
$id = $templateModel->createSecure([
'company_id' => $request->company_id,
'name' => $body['name'],
'body' => $body['body'],
'type' => $body['type'] ?? 'text',
'media_url' => $body['media_url'] ?? null
]);
$response->status(201)->json([
'status' => 'success',
'message' => 'Template created successfully',
'id' => $id
]);
}
}

156
backend/app/Controllers/WhatsAppController.php Normal file
View File

@@ -0,0 +1,156 @@
<?php
namespace App\Controllers;
use App\Core\Request;
use App\Core\Response;
use App\Models\WhatsAppSession;
/**
* Handles WhatsApp Session Management and communicates with Baileys Node.js Gateway
*/
class WhatsAppController extends BaseController
{
/**
* Get the current WhatsApp connection status for the company
*/
public function status(Request $request, Response $response)
{
$companyId = $request->company_id; // Added by AuthMiddleware
$sessionModel = new WhatsAppSession();
$session = $sessionModel->findOrCreate($companyId);
// Strip sensitive/internal data before sending to frontend
unset($session['phone_hash']);
$response->json([
'status' => 'success',
'data' => $session
]);
}
/**
* Request a new connection/QR code from the Baileys service
*/
public function requestQr(Request $request, Response $response)
{
$companyId = $request->company_id;
$sessionModel = new WhatsAppSession();
$session = $sessionModel->findOrCreate($companyId);
// Temporarily set to connecting
$sessionModel->updateState($session['id'], ['status' => 'connecting']);
// Call Baileys Node.js Service on port 3722
$nodeUrl = 'http://127.0.0.1:3722/api/sessions/start';
$payload = json_encode([
'session_key' => $session['session_key'],
'webhook_url' => getenv('APP_URL') . '/api/whatsapp/webhook'
]);
$ch = curl_init($nodeUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
$result = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
// Note: Even if it fails immediately, the webhook will try to correct the state
if ($httpCode >= 200 && $httpCode < 300) {
$response->json([
'status' => 'success',
'message' => 'Connection requested. Please poll status to get QR code.'
]);
} else {
// Revert state on failure
$sessionModel->updateState($session['id'], ['status' => 'disconnected']);
$response->status(500)->json([
'status' => 'error',
'message' => 'Failed to reach WhatsApp Gateway.'
]);
}
}
/**
* Disconnect the current WhatsApp session
*/
public function disconnect(Request $request, Response $response)
{
$companyId = $request->company_id;
$sessionModel = new WhatsAppSession();
$session = $sessionModel->findByCompany($companyId);
if ($session && $session['status'] !== 'disconnected') {
// Call Baileys Node.js Service to disconnect
$nodeUrl = 'http://127.0.0.1:3722/api/sessions/disconnect';
$payload = json_encode(['session_key' => $session['session_key']]);
$ch = curl_init($nodeUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
curl_exec($ch);
curl_close($ch);
$sessionModel->updateState($session['id'], [
'status' => 'disconnected',
'qr_code' => null,
'phone' => null,
'phone_hash' => null
]);
}
$response->json(['status' => 'success', 'message' => 'Session disconnected']);
}
/**
* Webhook called by Baileys Node.js server to sync state
*/
public function webhook(Request $request, Response $response)
{
// Internal Security Check
$secret = $request->getHeader('X-Webhook-Secret');
if ($secret !== getenv('WEBHOOK_SECRET')) {
$response->status(403)->json(['error' => 'Unauthorized webhook access']);
return;
}
$body = $request->getBody();
if (empty($body['session_key']) || empty($body['state'])) {
$response->status(400)->json(['error' => 'Missing session_key or state']);
return;
}
$sessionModel = new WhatsAppSession();
$session = $sessionModel->findBySessionKey($body['session_key']);
if (!$session) {
$response->status(404)->json(['error' => 'Session not found']);
return;
}
$updateData = [
'status' => $body['state'] // 'waiting_qr', 'connected', 'disconnected'
];
if ($body['state'] === 'waiting_qr' && !empty($body['qr_code'])) {
$updateData['qr_code'] = $body['qr_code'];
} elseif ($body['state'] === 'connected') {
$updateData['qr_code'] = null; // Clear QR when connected
if (!empty($body['phone'])) {
$updateData['phone'] = $body['phone'];
}
} elseif ($body['state'] === 'disconnected') {
$updateData['qr_code'] = null;
}
$sessionModel->updateState($session['id'], $updateData);
$response->json(['status' => 'success']);
}
}

27
backend/app/Models/Campaign.php Normal file
View File

@@ -0,0 +1,27 @@
<?php
namespace App\Models;
/**
* Campaign Model
* Manages broadcast campaigns linking templates to contact groups.
*/
class Campaign extends BaseModel
{
protected string $table = 'campaigns';
/**
* Get all campaigns for a company
*/
public function findAllByCompany(int $companyId)
{
return $this->db->query(
"SELECT c.*, g.name as group_name, t.name as template_name
FROM {$this->table} c
LEFT JOIN contact_groups g ON c.group_id = g.id
LEFT JOIN templates t ON c.template_id = t.id
WHERE c.company_id = ? ORDER BY c.id DESC",
[$companyId]
)->fetchAll();
}
}

104
backend/app/Models/Contact.php Normal file
View File

@@ -0,0 +1,104 @@
<?php
namespace App\Models;
use App\Core\Security;
/**
* Contact Model
* Handles the contacts table with military-grade encryption for PII.
*/
class Contact extends BaseModel
{
protected string $table = 'contacts';
/**
* Create a new contact with encryption
*/
public function createSecure(array $data)
{
if (!empty($data['phone'])) {
$data['phone_hash'] = Security::blindIndex($data['phone']);
$data['phone'] = Security::encrypt($data['phone']);
}
if (!empty($data['email'])) {
$data['email_hash'] = Security::blindIndex($data['email']);
$data['email'] = Security::encrypt($data['email']);
}
if (!empty($data['notes'])) {
$data['notes'] = Security::encrypt($data['notes']);
}
return $this->create($data);
}
/**
* Update an existing contact with encryption
*/
public function updateSecure(int $id, array $data)
{
if (isset($data['phone'])) {
$data['phone_hash'] = Security::blindIndex($data['phone']);
$data['phone'] = Security::encrypt($data['phone']);
}
if (isset($data['email'])) {
$data['email_hash'] = Security::blindIndex($data['email']);
$data['email'] = Security::encrypt($data['email']);
}
if (isset($data['notes'])) {
$data['notes'] = Security::encrypt($data['notes']);
}
return $this->update($id, $data);
}
/**
* Find a contact by decrypted phone number within a company
*/
public function findByPhone(int $companyId, string $phone)
{
$hash = Security::blindIndex($phone);
$contact = $this->db->query(
"SELECT * FROM {$this->table} WHERE company_id = ? AND phone_hash = ? LIMIT 1",
[$companyId, $hash]
)->fetch();
return $this->decryptContact($contact);
}
/**
* Retrieve all contacts for a company
*/
public function findAllByCompany(int $companyId)
{
$contacts = $this->db->query(
"SELECT * FROM {$this->table} WHERE company_id = ? ORDER BY id DESC",
[$companyId]
)->fetchAll();
foreach ($contacts as &$contact) {
$contact = $this->decryptContact($contact);
}
return $contacts;
}
/**
* Helper to decrypt sensitive fields
*/
private function decryptContact($contact)
{
if ($contact) {
$contact['phone'] = !empty($contact['phone']) ? Security::decrypt($contact['phone']) : null;
$contact['email'] = !empty($contact['email']) ? Security::decrypt($contact['email']) : null;
$contact['notes'] = !empty($contact['notes']) ? Security::decrypt($contact['notes']) : null;
// Remove hashes from response
unset($contact['phone_hash'], $contact['email_hash']);
}
return $contact;
}
}

56
backend/app/Models/ContactGroup.php Normal file
View File

@@ -0,0 +1,56 @@
<?php
namespace App\Models;
/**
* ContactGroup Model
* Manages groupings/lists of contacts for broadcast campaigns.
*/
class ContactGroup extends BaseModel
{
protected string $table = 'contact_groups';
/**
* Attach a contact to this group
*/
public function attachContact(int $groupId, int $contactId)
{
$exists = $this->db->query(
"SELECT 1 FROM contact_group_relations WHERE group_id = ? AND contact_id = ?",
[$groupId, $contactId]
)->fetch();
if (!$exists) {
$this->db->query(
"INSERT INTO contact_group_relations (group_id, contact_id) VALUES (?, ?)",
[$groupId, $contactId]
);
}
return true;
}
/**
* Remove a contact from this group
*/
public function detachContact(int $groupId, int $contactId)
{
$this->db->query(
"DELETE FROM contact_group_relations WHERE group_id = ? AND contact_id = ?",
[$groupId, $contactId]
);
return true;
}
/**
* Get all raw contact records for a group (Decryption needed after fetch)
*/
public function getRawContacts(int $groupId)
{
return $this->db->query(
"SELECT c.* FROM contacts c
JOIN contact_group_relations cgr ON c.id = cgr.contact_id
WHERE cgr.group_id = ?",
[$groupId]
)->fetchAll();
}
}

35
backend/app/Models/MessageLog.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
namespace App\Models;
use App\Core\Security;
/**
* MessageLog Model
* Records every message sent or received with full payload encryption.
*/
class MessageLog extends BaseModel
{
protected string $table = 'messages_log';
/**
* Securely log a new message
*/
public function logMessage(array $data)
{
if (!empty($data['contact_phone'])) {
$data['contact_phone_hash'] = Security::blindIndex($data['contact_phone']);
$data['contact_phone'] = Security::encrypt($data['contact_phone']);
}
if (!empty($data['message_body'])) {
$data['message_body'] = Security::encrypt($data['message_body']);
}
if (!empty($data['media_url'])) {
$data['media_url'] = Security::encrypt($data['media_url']);
}
return $this->create($data);
}
}

61
backend/app/Models/Template.php Normal file
View File

@@ -0,0 +1,61 @@
<?php
namespace App\Models;
use App\Core\Security;
/**
* Template Model
* Stores predefined WhatsApp message templates with variables.
*/
class Template extends BaseModel
{
protected string $table = 'templates';
/**
* Create template with encrypted media URL if exists
*/
public function createSecure(array $data)
{
if (!empty($data['media_url'])) {
$data['media_url'] = Security::encrypt($data['media_url']);
}
return $this->create($data);
}
/**
* Retrieve and decrypt templates
*/
public function findAllByCompany(int $companyId)
{
$templates = $this->db->query(
"SELECT * FROM {$this->table} WHERE company_id = ? ORDER BY id DESC",
[$companyId]
)->fetchAll();
foreach ($templates as &$template) {
if (!empty($template['media_url'])) {
$template['media_url'] = Security::decrypt($template['media_url']);
}
}
return $templates;
}
/**
* Get single template and decrypt
*/
public function findByIdAndCompany(int $id, int $companyId)
{
$template = $this->db->query(
"SELECT * FROM {$this->table} WHERE id = ? AND company_id = ? LIMIT 1",
[$id, $companyId]
)->fetch();
if ($template && !empty($template['media_url'])) {
$template['media_url'] = Security::decrypt($template['media_url']);
}
return $template;
}
}

89
backend/app/Models/WhatsAppSession.php Normal file
View File

@@ -0,0 +1,89 @@
<?php
namespace App\Models;
use App\Core\Security;
/**
* WhatsAppSession Model
* Handles the whatsapp_sessions table with encryption for phone and QR code.
*/
class WhatsAppSession extends BaseModel
{
protected string $table = 'whatsapp_sessions';
/**
* Get the session for a specific company
*/
public function findByCompany(int $companyId)
{
$session = $this->db->query(
"SELECT * FROM {$this->table} WHERE company_id = ? LIMIT 1",
[$companyId]
)->fetch();
if ($session) {
$session['phone'] = $session['phone'] ? Security::decrypt($session['phone']) : null;
$session['qr_code'] = $session['qr_code'] ? Security::decrypt($session['qr_code']) : null;
}
return $session;
}
/**
* Get a session by session_key (used by webhooks)
*/
public function findBySessionKey(string $sessionKey)
{
$session = $this->db->query(
"SELECT * FROM {$this->table} WHERE session_key = ? LIMIT 1",
[$sessionKey]
)->fetch();
if ($session) {
$session['phone'] = $session['phone'] ? Security::decrypt($session['phone']) : null;
$session['qr_code'] = $session['qr_code'] ? Security::decrypt($session['qr_code']) : null;
}
return $session;
}
/**
* Create or retrieve a new session for a company
*/
public function findOrCreate(int $companyId, string $name = 'Main WhatsApp')
{
$session = $this->findByCompany($companyId);
if ($session) {
return $session;
}
$sessionKey = 'cmp_' . $companyId . '_' . bin2hex(random_bytes(4));
$id = $this->create([
'company_id' => $companyId,
'name' => $name,
'session_key' => $sessionKey,
'status' => 'disconnected'
]);
return $this->findByCompany($companyId);
}
/**
* Update session state securely
*/
public function updateState(int $id, array $data)
{
if (isset($data['phone'])) {
$data['phone_hash'] = Security::blindIndex($data['phone']);
$data['phone'] = Security::encrypt($data['phone']);
}
if (isset($data['qr_code'])) {
$data['qr_code'] = Security::encrypt($data['qr_code']);
}
return $this->update($id, $data);
}
}

19
backend/public/index.php
View File

@@ -35,6 +35,25 @@ $router->post('/api/auth/register', [\App\Controllers\AuthController::class, 're
$router->post('/api/auth/login', [\App\Controllers\AuthController::class, 'login'], [\App\Middlewares\RateLimitMiddleware::class]); $router->post('/api/auth/login', [\App\Controllers\AuthController::class, 'login'], [\App\Middlewares\RateLimitMiddleware::class]);
$router->get('/api/auth/me', [\App\Controllers\AuthController::class, 'me'], [\App\Middlewares\AuthMiddleware::class]); $router->get('/api/auth/me', [\App\Controllers\AuthController::class, 'me'], [\App\Middlewares\AuthMiddleware::class]);
// WhatsApp Gateway Routes
$router->get('/api/whatsapp/status', [\App\Controllers\WhatsAppController::class, 'status'], [\App\Middlewares\AuthMiddleware::class]);
$router->post('/api/whatsapp/qr', [\App\Controllers\WhatsAppController::class, 'requestQr'], [\App\Middlewares\AuthMiddleware::class]);
$router->post('/api/whatsapp/disconnect', [\App\Controllers\WhatsAppController::class, 'disconnect'], [\App\Middlewares\AuthMiddleware::class]);
$router->post('/api/whatsapp/webhook', [\App\Controllers\WhatsAppController::class, 'webhook']); // No AuthMiddleware (Protected by WEBHOOK_SECRET internally)
// Phase 4 & 5: CRM, Templates & Campaigns Routes
$router->get('/api/contacts', [\App\Controllers\ContactController::class, 'index'], [\App\Middlewares\AuthMiddleware::class]);
$router->post('/api/contacts', [\App\Controllers\ContactController::class, 'store'], [\App\Middlewares\AuthMiddleware::class]);
$router->get('/api/groups', [\App\Controllers\GroupController::class, 'index'], [\App\Middlewares\AuthMiddleware::class]);
$router->post('/api/groups', [\App\Controllers\GroupController::class, 'store'], [\App\Middlewares\AuthMiddleware::class]);
$router->post('/api/groups/add', [\App\Controllers\GroupController::class, 'addContact'], [\App\Middlewares\AuthMiddleware::class]);
$router->get('/api/templates', [\App\Controllers\TemplateController::class, 'index'], [\App\Middlewares\AuthMiddleware::class]);
$router->post('/api/templates', [\App\Controllers\TemplateController::class, 'store'], [\App\Middlewares\AuthMiddleware::class]);
$router->get('/api/campaigns', [\App\Controllers\CampaignController::class, 'index'], [\App\Middlewares\AuthMiddleware::class]);
$router->post('/api/campaigns', [\App\Controllers\CampaignController::class, 'store'], [\App\Middlewares\AuthMiddleware::class]);
// 4. Dispatch the request // 4. Dispatch the request
$router->dispatch($request, $response); $router->dispatch($request, $response);

1020
backend/public/plan.html Normal file
View File

File diff suppressed because it is too large Load Diff