package calendar import ( "context" "errors" "log/slog" "net/http" "strings" "github.com/go-chi/chi/v5" "github.com/ultisuite/ulti-backend/internal/api/apiresponse" "github.com/ultisuite/ulti-backend/internal/api/apivalidate" "github.com/ultisuite/ulti-backend/internal/api/middleware" "github.com/ultisuite/ulti-backend/internal/api/query" "github.com/ultisuite/ulti-backend/internal/auth" meetpkg "github.com/ultisuite/ulti-backend/internal/meet" "github.com/ultisuite/ulti-backend/internal/nextcloud" "github.com/ultisuite/ulti-backend/internal/permission" ) type Handler struct { svc *Service logger *slog.Logger } func NewHandler(nc *nextcloud.Client, meetCfg *meetpkg.Config) *Handler { return &Handler{ svc: NewService(nc, meetCfg), logger: slog.Default().With("component", "calendar-api"), } } func (h *Handler) Routes() chi.Router { r := chi.NewRouter() read := middleware.RequirePermission(permission.ResourceCalendar, permission.LevelRead) write := middleware.RequirePermission(permission.ResourceCalendar, permission.LevelWrite) r.With(read).Get("/", h.ListCalendars) r.With(read).Get("/{calID}/events", h.ListEvents) r.With(read).Post("/freebusy", h.FreeBusy) r.With(write).Post("/", h.CreateCalendar) r.With(write).Patch("/{calID}", h.UpdateCalendar) r.With(write).Delete("/{calID}", h.DeleteCalendar) r.With(write).Post("/{calID}/events", h.CreateEvent) r.With(write).Put("/events/*", h.UpdateEvent) r.With(write).Post("/events/response/*", h.RespondToInvitation) r.With(write).Post("/events/meet-link/*", h.CreateMeetLink) r.With(write).Delete("/events/*", h.DeleteEvent) return r } func (h *Handler) nextcloudUser(w http.ResponseWriter, r *http.Request, claims *auth.Claims) (string, bool) { userID, err := h.svc.EnsureNextcloudUser(r.Context(), claims) if err != nil { h.logger.Error("ensure nextcloud user", "error", err, "sub", claims.Sub, "email", claims.Email) apivalidate.WriteInternal(w, r) return "", false } return userID, true } func (h *Handler) retryOnDAVMissing( ctx context.Context, claims *auth.Claims, ncUser string, op func(userID string) error, ) error { err := op(ncUser) if !errors.Is(err, nextcloud.ErrDAVCredentialsMissing) { return err } refreshed, reproErr := h.svc.ReprovisionPrincipal(ctx, claims) if reproErr != nil { h.logger.Error("reprovision nextcloud principal", "error", reproErr, "user", ncUser) return err } return op(refreshed) } func (h *Handler) ListCalendars(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } var cals []nextcloud.Calendar err := h.retryOnDAVMissing(r.Context(), claims, ncUser, func(userID string) error { var listErr error cals, listErr = h.svc.ListCalendars(r.Context(), userID) return listErr }) if err != nil { h.logger.Error("list calendars", "error", err) apivalidate.WriteInternal(w, r) return } apiresponse.WriteJSON(w, http.StatusOK, map[string]any{"calendars": cals}) } func (h *Handler) CreateCalendar(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } var req calendarPropsRequest if err := apivalidate.DecodeJSON(w, r, maxRequestBody, &req); err != nil { return } normalized, verr := validateCreateCalendar(&req) if verr != nil { apivalidate.WriteValidationError(w, r, verr) return } err := h.retryOnDAVMissing(r.Context(), claims, ncUser, func(userID string) error { return h.svc.CreateCalendar(r.Context(), userID, normalized.ID, normalized.DisplayName, normalized.Color) }) if err != nil { h.logger.Error("create calendar", "error", err) apivalidate.WriteInternal(w, r) return } apiresponse.WriteJSON(w, http.StatusCreated, map[string]any{"id": normalized.ID}) } func (h *Handler) UpdateCalendar(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } calID := chi.URLParam(r, "calID") var req calendarPropsRequest if err := apivalidate.DecodeJSON(w, r, maxRequestBody, &req); err != nil { return } if verr := validateUpdateCalendar(&req); verr != nil { apivalidate.WriteValidationError(w, r, verr) return } err := h.retryOnDAVMissing(r.Context(), claims, ncUser, func(userID string) error { return h.svc.UpdateCalendar(r.Context(), userID, calID, strings.TrimSpace(req.DisplayName), strings.TrimSpace(req.Color)) }) if err != nil { h.logger.Error("update calendar", "error", err) apivalidate.WriteInternal(w, r) return } w.WriteHeader(http.StatusNoContent) } func (h *Handler) DeleteCalendar(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } calID := chi.URLParam(r, "calID") err := h.retryOnDAVMissing(r.Context(), claims, ncUser, func(userID string) error { return h.svc.DeleteCalendar(r.Context(), userID, calID) }) if err != nil { h.logger.Error("delete calendar", "error", err) apivalidate.WriteInternal(w, r) return } w.WriteHeader(http.StatusNoContent) } func (h *Handler) ListEvents(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } params, err := query.ParseListRequest(r) if err != nil { apivalidate.WriteQueryError(w, r, err) return } calID := chi.URLParam(r, "calID") var result EventsList err = h.retryOnDAVMissing(r.Context(), claims, ncUser, func(userID string) error { var listErr error result, listErr = h.svc.ListEvents(r.Context(), userID, calID, params) return listErr }) if err != nil { h.logger.Error("list events", "error", err) apivalidate.WriteInternal(w, r) return } apiresponse.WriteJSON(w, http.StatusOK, result) } func (h *Handler) FreeBusy(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } var req freeBusyRequest if err := apivalidate.DecodeJSON(w, r, maxRequestBody, &req); err != nil { return } ncReq, verr := validateFreeBusy(&req) if verr != nil { apivalidate.WriteValidationError(w, r, verr) return } var result *nextcloud.FreeBusyResponse err := h.retryOnDAVMissing(r.Context(), claims, ncUser, func(userID string) error { var fbErr error result, fbErr = h.svc.FreeBusy(r.Context(), userID, ncReq) return fbErr }) if err != nil { h.logger.Error("free/busy", "error", err) apivalidate.WriteInternal(w, r) return } apiresponse.WriteJSON(w, http.StatusOK, result) } func (h *Handler) CreateEvent(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } var event nextcloud.Event if err := apivalidate.DecodeJSON(w, r, maxRequestBody, &event); err != nil { return } if verr := validateCreateEvent(&event); verr != nil { apivalidate.WriteValidationError(w, r, verr) return } calID := chi.URLParam(r, "calID") if strings.TrimSpace(event.Organizer) == "" { event.Organizer = claims.Email } err := h.retryOnDAVMissing(r.Context(), claims, ncUser, func(userID string) error { return h.svc.CreateEvent(r.Context(), userID, calID, &event) }) if err != nil { h.logger.Error("create event", "error", err) apivalidate.WriteInternal(w, r) return } w.WriteHeader(http.StatusCreated) } func (h *Handler) UpdateEvent(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } eventPath := strings.TrimSuffix(chi.URLParam(r, "*"), "/") if verr := validateDeletePath(eventPath); verr != nil { apivalidate.WriteValidationError(w, r, verr) return } ifMatch := strings.TrimSpace(r.Header.Get("If-Match")) if ifMatch == "" { apivalidate.WriteValidationError(w, r, apivalidate.NewValidationError(apivalidate.FieldDetail{ Field: "If-Match", Message: "required", })) return } var event nextcloud.Event if err := apivalidate.DecodeJSON(w, r, maxRequestBody, &event); err != nil { return } if verr := validateCreateEvent(&event); verr != nil { apivalidate.WriteValidationError(w, r, verr) return } if strings.TrimSpace(event.Organizer) == "" { event.Organizer = claims.Email } var etag string err := h.retryOnDAVMissing(r.Context(), claims, ncUser, func(userID string) error { var updErr error etag, updErr = h.svc.UpdateEvent(r.Context(), userID, eventPath, ifMatch, &event) return updErr }) if err != nil { if errors.Is(err, nextcloud.ErrETagMismatch) { apiresponse.WriteError(w, r, http.StatusPreconditionFailed, "etag_mismatch", "etag does not match current resource version", nil) return } h.logger.Error("update event", "error", err) apivalidate.WriteInternal(w, r) return } apiresponse.WriteJSON(w, http.StatusOK, map[string]any{"etag": etag}) } func (h *Handler) RespondToInvitation(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } eventPath := strings.TrimSuffix(chi.URLParam(r, "*"), "/") if verr := validateDeletePath(eventPath); verr != nil { apivalidate.WriteValidationError(w, r, verr) return } var req respondInvitationRequest if err := apivalidate.DecodeJSON(w, r, maxRequestBody, &req); err != nil { return } if strings.TrimSpace(req.Email) == "" { req.Email = claims.Email } normalized, verr := validateRespondInvitation(&req) if verr != nil { apivalidate.WriteValidationError(w, r, verr) return } var etag string err := h.retryOnDAVMissing(r.Context(), claims, ncUser, func(userID string) error { var respErr error etag, respErr = h.svc.RespondToInvitation(r.Context(), userID, eventPath, normalized.Email, normalized.Response, normalized.IfMatch) return respErr }) if err != nil { switch { case errors.Is(err, nextcloud.ErrAttendeeNotFound): apiresponse.WriteError(w, r, http.StatusNotFound, "attendee_not_found", "attendee not found in event", nil) case errors.Is(err, nextcloud.ErrETagMismatch): apiresponse.WriteError(w, r, http.StatusPreconditionFailed, "etag_mismatch", "etag does not match current resource version", nil) default: h.logger.Error("respond invitation", "error", err) apivalidate.WriteInternal(w, r) } return } apiresponse.WriteJSON(w, http.StatusOK, map[string]any{"etag": etag}) } func (h *Handler) CreateMeetLink(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } eventPath := strings.TrimSuffix(chi.URLParam(r, "*"), "/") if verr := validateDeletePath(eventPath); verr != nil { apivalidate.WriteValidationError(w, r, verr) return } var req createMeetLinkRequest if r.ContentLength > 0 { if err := apivalidate.DecodeJSON(w, r, maxRequestBody, &req); err != nil { return } } if verr := validateCreateMeetLink(&req); verr != nil { apivalidate.WriteValidationError(w, r, verr) return } var meetURL, etag string err := h.retryOnDAVMissing(r.Context(), claims, ncUser, func(userID string) error { var linkErr error meetURL, etag, linkErr = h.svc.CreateMeetLink(r.Context(), userID, claims.Name, claims.Email, eventPath, req.IfMatch) return linkErr }) if err != nil { if errors.Is(err, ErrMeetDisabled) { apiresponse.WriteError(w, r, http.StatusConflict, "meet_disabled", "meet integration is disabled", nil) return } if errors.Is(err, nextcloud.ErrETagMismatch) { apiresponse.WriteError(w, r, http.StatusPreconditionFailed, "etag_mismatch", "etag does not match current resource version", nil) return } h.logger.Error("create meet link", "error", err) apivalidate.WriteInternal(w, r) return } apiresponse.WriteJSON(w, http.StatusOK, map[string]any{ "meet_url": meetURL, "etag": etag, }) } func (h *Handler) DeleteEvent(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } eventPath := chi.URLParam(r, "*") if verr := validateDeletePath(eventPath); verr != nil { apivalidate.WriteValidationError(w, r, verr) return } err := h.retryOnDAVMissing(r.Context(), claims, ncUser, func(userID string) error { return h.svc.DeleteEvent(r.Context(), userID, eventPath) }) if err != nil { h.logger.Error("delete event", "error", err) apivalidate.WriteInternal(w, r) return } w.WriteHeader(http.StatusNoContent) }