nabeh/backend/app/Controllers/WhatsAppController.php

<?php

namespace App\Controllers;

use App\Core\Request;
use App\Core\Response;
use App\Models\WhatsAppSession;

/**
 * Handles WhatsApp Session Management and communicates with Baileys Node.js Gateway
 */
class WhatsAppController extends BaseController
{
    /**
     * Get the current WhatsApp connection status for the company
     */
    public function status(Request $request, Response $response)
    {
        $companyId = $request->company_id; // Added by AuthMiddleware
        $sessionModel = new WhatsAppSession();
        $session = $sessionModel->findOrCreate($companyId);
        
        // Strip sensitive/internal data before sending to frontend
        unset($session['phone_hash']);
        
        $response->json([
            'status' => 'success',
            'data' => $session
        ]);
    }

    /**
     * Request a new connection/QR code from the Baileys service
     */
    public function requestQr(Request $request, Response $response)
    {
        $companyId = $request->company_id;
        $sessionModel = new WhatsAppSession();
        $session = $sessionModel->findOrCreate($companyId);
        
        // Temporarily set to connecting
        $sessionModel->updateState($session['id'], ['status' => 'connecting']);
        
        // Call Baileys Node.js Service on port 3722
        $nodeUrl = 'http://127.0.0.1:3722/api/sessions/start';
        $payload = json_encode([
            'session_key' => $session['session_key'],
            'webhook_url' => getenv('APP_URL') . '/api/whatsapp/webhook'
        ]);
        
        $ch = curl_init($nodeUrl);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_POST, true);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
        curl_setopt($ch, CURLOPT_HTTPHEADER, [
            'Content-Type: application/json',
            'X-Webhook-Secret: ' . getenv('WEBHOOK_SECRET')
        ]);
        curl_setopt($ch, CURLOPT_TIMEOUT, 5);
        $result = curl_exec($ch);
        $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
        curl_close($ch);
        
        // Note: Even if it fails immediately, the webhook will try to correct the state
        if ($httpCode >= 200 && $httpCode < 300) {
            $response->json([
                'status' => 'success',
                'message' => 'Connection requested. Please poll status to get QR code.'
            ]);
        } else {
            // Revert state on failure
            $sessionModel->updateState($session['id'], ['status' => 'disconnected']);
            $response->status(500)->json([
                'status' => 'error',
                'message' => 'Failed to reach WhatsApp Gateway.'
            ]);
        }
    }

    /**
     * Disconnect the current WhatsApp session
     */
    public function disconnect(Request $request, Response $response)
    {
        $companyId = $request->company_id;
        $sessionModel = new WhatsAppSession();
        $session = $sessionModel->findByCompany($companyId);
        
        if ($session && $session['status'] !== 'disconnected') {
            // Call Baileys Node.js Service to disconnect
            $nodeUrl = 'http://127.0.0.1:3722/api/sessions/disconnect';
            $payload = json_encode(['session_key' => $session['session_key']]);
            
            $ch = curl_init($nodeUrl);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
            curl_setopt($ch, CURLOPT_POST, true);
            curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
            curl_setopt($ch, CURLOPT_HTTPHEADER, [
                'Content-Type: application/json',
                'X-Webhook-Secret: ' . getenv('WEBHOOK_SECRET')
            ]);
            curl_setopt($ch, CURLOPT_TIMEOUT, 5);
            curl_exec($ch);
            curl_close($ch);
            
            $sessionModel->updateState($session['id'], [
                'status' => 'disconnected',
                'qr_code' => null,
                'phone' => null,
                'phone_hash' => null
            ]);
        }
        
        $response->json(['status' => 'success', 'message' => 'Session disconnected']);
    }

    /**
     * Webhook called by Baileys Node.js server to sync state
     */
    public function webhook(Request $request, Response $response)
    {
        // Internal Security Check
        $secret = $request->getHeader('X-Webhook-Secret');
        if ($secret !== getenv('WEBHOOK_SECRET')) {
            $response->status(403)->json(['error' => 'Unauthorized webhook access']);
            return;
        }

        $body = $request->getBody();
        if (empty($body['session_key']) || empty($body['state'])) {
            $response->status(400)->json(['error' => 'Missing session_key or state']);
            return;
        }

        $sessionModel = new WhatsAppSession();
        $session = $sessionModel->findBySessionKey($body['session_key']);
        
        if (!$session) {
            $response->status(404)->json(['error' => 'Session not found']);
            return;
        }

        $updateData = [
            'status' => $body['state'] // 'waiting_qr', 'connected', 'disconnected'
        ];

        if ($body['state'] === 'waiting_qr' && !empty($body['qr_code'])) {
            $updateData['qr_code'] = $body['qr_code'];
        } elseif ($body['state'] === 'connected') {
            $updateData['qr_code'] = null; // Clear QR when connected
            if (!empty($body['phone'])) {
                $updateData['phone'] = $body['phone'];
            }
        } elseif ($body['state'] === 'disconnected') {
            $updateData['qr_code'] = null;
        }

        $sessionModel->updateState($session['id'], $updateData);

        $response->json(['status' => 'success']);
    }
}