company_id; // Added by AuthMiddleware $sessionModel = new WhatsAppSession(); $session = $sessionModel->findOrCreate($companyId); // Strip sensitive/internal data before sending to frontend unset($session['phone_hash']); $response->json([ 'status' => 'success', 'data' => $session ]); } /** * Request a new connection/QR code from the Baileys service */ public function requestQr(Request $request, Response $response) { $companyId = $request->company_id; $sessionModel = new WhatsAppSession(); $session = $sessionModel->findOrCreate($companyId); // Temporarily set to connecting $sessionModel->updateState($session['id'], ['status' => 'connecting']); // Call Baileys Node.js Service on port 3722 $nodeUrl = 'http://127.0.0.1:3722/api/sessions/start'; $payload = json_encode([ 'session_key' => $session['session_key'], 'webhook_url' => getenv('APP_URL') . '/api/whatsapp/webhook' ]); $ch = curl_init($nodeUrl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); // Note: Even if it fails immediately, the webhook will try to correct the state if ($httpCode >= 200 && $httpCode < 300) { $response->json([ 'status' => 'success', 'message' => 'Connection requested. Please poll status to get QR code.' ]); } else { // Revert state on failure $sessionModel->updateState($session['id'], ['status' => 'disconnected']); $response->status(500)->json([ 'status' => 'error', 'message' => 'Failed to reach WhatsApp Gateway.' ]); } } /** * Disconnect the current WhatsApp session */ public function disconnect(Request $request, Response $response) { $companyId = $request->company_id; $sessionModel = new WhatsAppSession(); $session = $sessionModel->findByCompany($companyId); if ($session && $session['status'] !== 'disconnected') { // Call Baileys Node.js Service to disconnect $nodeUrl = 'http://127.0.0.1:3722/api/sessions/disconnect'; $payload = json_encode(['session_key' => $session['session_key']]); $ch = curl_init($nodeUrl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); $sessionModel->updateState($session['id'], [ 'status' => 'disconnected', 'qr_code' => null, 'phone' => null, 'phone_hash' => null ]); } $response->json(['status' => 'success', 'message' => 'Session disconnected']); } /** * Webhook called by Baileys Node.js server to sync state */ public function webhook(Request $request, Response $response) { // Internal Security Check $secret = $request->getHeader('X-Webhook-Secret'); if ($secret !== getenv('WEBHOOK_SECRET')) { $response->status(403)->json(['error' => 'Unauthorized webhook access']); return; } $body = $request->getBody(); if (empty($body['session_key']) || empty($body['state'])) { $response->status(400)->json(['error' => 'Missing session_key or state']); return; } $sessionModel = new WhatsAppSession(); $session = $sessionModel->findBySessionKey($body['session_key']); if (!$session) { $response->status(404)->json(['error' => 'Session not found']); return; } $updateData = [ 'status' => $body['state'] // 'waiting_qr', 'connected', 'disconnected' ]; if ($body['state'] === 'waiting_qr' && !empty($body['qr_code'])) { $updateData['qr_code'] = $body['qr_code']; } elseif ($body['state'] === 'connected') { $updateData['qr_code'] = null; // Clear QR when connected if (!empty($body['phone'])) { $updateData['phone'] = $body['phone']; } } elseif ($body['state'] === 'disconnected') { $updateData['qr_code'] = null; } $sessionModel->updateState($session['id'], $updateData); $response->json(['status' => 'success']); } }