package contacts import ( "context" "errors" "log/slog" "net/http" "strconv" "strings" "github.com/go-chi/chi/v5" "github.com/jackc/pgx/v5/pgxpool" "github.com/ultisuite/ulti-backend/internal/api/apiresponse" "github.com/ultisuite/ulti-backend/internal/api/apivalidate" "github.com/ultisuite/ulti-backend/internal/api/middleware" "github.com/ultisuite/ulti-backend/internal/api/query" "github.com/ultisuite/ulti-backend/internal/auth" "github.com/ultisuite/ulti-backend/internal/automation" "github.com/ultisuite/ulti-backend/internal/contacts/discovery" "github.com/ultisuite/ulti-backend/internal/mail/rules" "github.com/ultisuite/ulti-backend/internal/nextcloud" "github.com/ultisuite/ulti-backend/internal/permission" ) type Handler struct { svc *Service discovery *discovery.Service automation contactAutomation logger *slog.Logger } func NewHandler(nc *nextcloud.Client, db *pgxpool.Pool) *Handler { var disc *discovery.Service if db != nil { disc = discovery.NewService(db) if nc != nil { disc.SetNextcloud(discovery.NewNCAdapter(nc)) } } return &Handler{ svc: NewService(nc, db), discovery: disc, logger: slog.Default().With("component", "contacts-api"), } } func (h *Handler) Discovery() *discovery.Service { return h.discovery } func (h *Handler) Routes() chi.Router { r := chi.NewRouter() read := middleware.RequirePermission(permission.ResourceContacts, permission.LevelRead) write := middleware.RequirePermission(permission.ResourceContacts, permission.LevelWrite) r.With(read).Get("/books", h.ListAddressBooks) r.With(read).Get("/books/{bookID}/sync", h.SyncContacts) r.With(read).Get("/books/{bookID}", h.ListContacts) r.With(read).Get("/books/{bookID}/interactions/*", h.GetContactInteractions) r.With(read).Get("/search", h.SearchContacts) r.With(read).Get("/interactions", h.GetInteractionsByEmail) r.With(read).Get("/*", h.GetContact) r.With(write).Post("/books/{bookID}", h.CreateContact) r.With(write).Post("/books/{bookID}/merge-duplicates", h.MergeDuplicateContacts) r.With(write).Post("/improve", h.ImproveContact) r.With(write).Put("/*", h.UpdateContact) r.With(write).Delete("/*", h.DeleteContact) r.Mount("/discovery", h.discoveryRoutes()) return r } func (h *Handler) nextcloudUser(w http.ResponseWriter, r *http.Request, claims *auth.Claims) (string, bool) { userID, err := h.svc.EnsureNextcloudUser(r.Context(), claims) if err != nil { h.logger.Error("ensure nextcloud user", "error", err, "sub", claims.Sub, "email", claims.Email) apivalidate.WriteInternal(w, r) return "", false } return userID, true } func (h *Handler) writeContactServiceError(w http.ResponseWriter, r *http.Request, op string, err error) { if errors.Is(err, nextcloud.ErrPrincipalNotFound) { apiresponse.WriteError(w, r, http.StatusNotFound, "contact_book_not_found", "contacts address book not found for user", nil) return } if errors.Is(err, nextcloud.ErrDAVCredentialsMissing) { apiresponse.WriteError(w, r, http.StatusServiceUnavailable, "contacts_unavailable", "contacts backend credentials need refresh; retry shortly", nil) return } h.logger.Error(op, "error", err) apivalidate.WriteInternal(w, r) } func (h *Handler) retryOnDAVMissing( ctx context.Context, claims *auth.Claims, ncUser string, op func(userID string) error, ) error { err := op(ncUser) if !errors.Is(err, nextcloud.ErrDAVCredentialsMissing) { return err } refreshed, reproErr := h.svc.ReprovisionPrincipal(ctx, claims) if reproErr != nil { h.logger.Error("reprovision nextcloud principal", "error", reproErr, "user", ncUser) return err } return op(refreshed) } func (h *Handler) ListAddressBooks(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } var books []nextcloud.AddressBook err := h.retryOnDAVMissing(r.Context(), claims, ncUser, func(userID string) error { var listErr error books, listErr = h.svc.ListAddressBooks(r.Context(), userID) return listErr }) if err != nil { h.writeContactServiceError(w, r, "list address books", err) return } apiresponse.WriteJSON(w, http.StatusOK, map[string]any{"address_books": books}) } func (h *Handler) SyncContacts(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } syncToken, verr := validateSyncToken(r.URL.Query().Get("sync_token")) if verr != nil { apivalidate.WriteValidationError(w, r, verr) return } result, err := h.svc.SyncContacts(r.Context(), ncUser, chi.URLParam(r, "bookID"), syncToken) if err != nil { if errors.Is(err, nextcloud.ErrSyncTokenInvalid) { apiresponse.WriteError(w, r, http.StatusConflict, "sync_token_invalid", "sync token is no longer valid; omit sync_token to perform a full resync", nil) return } h.writeContactServiceError(w, r, "sync contacts", err) return } apiresponse.WriteJSON(w, http.StatusOK, result) } func (h *Handler) ListContacts(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } params, err := query.ParseListRequest(r) if err != nil { apivalidate.WriteQueryError(w, r, err) return } bookID := chi.URLParam(r, "bookID") var result ContactsList err = h.retryOnDAVMissing(r.Context(), claims, ncUser, func(userID string) error { var listErr error result, listErr = h.svc.ListContacts(r.Context(), userID, bookID, params) return listErr }) if err != nil { h.writeContactServiceError(w, r, "list contacts", err) return } apiresponse.WriteJSON(w, http.StatusOK, result) } func (h *Handler) SearchContacts(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } params, err := query.ParseListRequest(r) if err != nil { apivalidate.WriteQueryError(w, r, err) return } bookID := r.URL.Query().Get("book_id") if bookID == "" { bookID = "contacts" } q := r.URL.Query().Get("q") result, err := h.svc.SearchContacts(r.Context(), ncUser, bookID, q, params) if err != nil { h.writeContactServiceError(w, r, "search contacts", err) return } apiresponse.WriteJSON(w, http.StatusOK, result) } func (h *Handler) CreateContact(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } var contact nextcloud.Contact if err := apivalidate.DecodeJSON(w, r, maxRequestBody, &contact); err != nil { return } if verr := validateCreateContact(&contact); verr != nil { apivalidate.WriteValidationError(w, r, verr) return } bookID := chi.URLParam(r, "bookID") created, err := h.svc.CreateContact(r.Context(), ncUser, bookID, &contact) if err != nil { h.writeContactServiceError(w, r, "create contact", err) return } if h.automation != nil { h.automation.OnContactEvent(r.Context(), claims.Sub, rules.TriggerContactCreated, contactPayloadFrom(bookID, created)) } apiresponse.WriteJSON(w, http.StatusCreated, created) } func (h *Handler) GetContact(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } contactPath := strings.TrimSuffix(chi.URLParam(r, "*"), "/") if verr := validateDeletePath(contactPath); verr != nil { apivalidate.WriteValidationError(w, r, verr) return } var contact *nextcloud.Contact err := h.retryOnDAVMissing(r.Context(), claims, ncUser, func(userID string) error { var getErr error contact, getErr = h.svc.GetContact(r.Context(), userID, contactPath) return getErr }) if err != nil { h.writeContactServiceError(w, r, "get contact", err) return } apiresponse.WriteJSON(w, http.StatusOK, contact) } func (h *Handler) UpdateContact(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } contactPath := strings.TrimSuffix(chi.URLParam(r, "*"), "/") if verr := validateDeletePath(contactPath); verr != nil { apivalidate.WriteValidationError(w, r, verr) return } ifMatch := strings.TrimSpace(r.Header.Get("If-Match")) if verr := validateIfMatch(ifMatch); verr != nil { apivalidate.WriteValidationError(w, r, verr) return } var contact nextcloud.Contact if err := apivalidate.DecodeJSON(w, r, maxRequestBody, &contact); err != nil { return } if verr := validateCreateContact(&contact); verr != nil { apivalidate.WriteValidationError(w, r, verr) return } etag, err := h.svc.UpdateContact(r.Context(), ncUser, contactPath, ifMatch, &contact) if err != nil { if errors.Is(err, nextcloud.ErrETagMismatch) { apiresponse.WriteError(w, r, http.StatusPreconditionFailed, "etag_mismatch", "etag does not match current resource version", nil) return } h.writeContactServiceError(w, r, "update contact", err) return } if h.automation != nil { contact.Path = contactPath h.automation.OnContactEvent(r.Context(), claims.Sub, rules.TriggerContactUpdated, contactPayloadFrom("", &contact)) } apiresponse.WriteJSON(w, http.StatusOK, map[string]any{"etag": etag}) } func (h *Handler) MergeDuplicateContacts(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } var req MergeDuplicatesRequest if r.ContentLength > 0 { if err := apivalidate.DecodeJSON(w, r, maxRequestBody, &req); err != nil { return } } result, err := h.svc.MergeDuplicates(r.Context(), ncUser, chi.URLParam(r, "bookID"), req) if err != nil { h.writeContactServiceError(w, r, "merge duplicate contacts", err) return } apiresponse.WriteJSON(w, http.StatusOK, result) } func (h *Handler) GetInteractionsByEmail(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) email, limit, verr := validateInteractionQuery(r.URL.Query().Get("email"), r.URL.Query().Get("limit")) if verr != nil { apivalidate.WriteValidationError(w, r, verr) return } result, err := h.svc.ContactInteractionsByEmail(r.Context(), claims.Sub, email, limit) if err != nil { h.logger.Error("contact interactions by email", "error", err) apivalidate.WriteInternal(w, r) return } apiresponse.WriteJSON(w, http.StatusOK, result) } func (h *Handler) GetContactInteractions(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } contactPath := strings.TrimSuffix(chi.URLParam(r, "*"), "/") if verr := validateDeletePath(contactPath); verr != nil { apivalidate.WriteValidationError(w, r, verr) return } limit := 20 if raw := strings.TrimSpace(r.URL.Query().Get("limit")); raw != "" { val, err := strconv.Atoi(raw) if err != nil || val < 1 || val > 100 { apivalidate.WriteValidationError(w, r, apivalidate.NewValidationError(apivalidate.FieldDetail{ Field: "limit", Message: "must be between 1 and 100", })) return } limit = val } result, err := h.svc.ContactInteractionsByPath(r.Context(), ncUser, contactPath, limit) if err != nil { if errors.Is(err, ErrContactEmailMissing) { apivalidate.WriteValidationError(w, r, apivalidate.NewValidationError(apivalidate.FieldDetail{ Field: "email", Message: "required for enrichment", })) return } h.writeContactServiceError(w, r, "contact interactions by path", err) return } apiresponse.WriteJSON(w, http.StatusOK, result) } func (h *Handler) DeleteContact(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } contactPath := chi.URLParam(r, "*") if verr := validateDeletePath(contactPath); verr != nil { apivalidate.WriteValidationError(w, r, verr) return } if err := h.svc.DeleteContact(r.Context(), ncUser, contactPath); err != nil { h.writeContactServiceError(w, r, "delete contact", err) return } if h.automation != nil { h.automation.OnContactEvent(r.Context(), claims.Sub, rules.TriggerContactDeleted, automation.ContactPayload{ID: contactPath}) } w.WriteHeader(http.StatusNoContent) } func (h *Handler) ImproveContact(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) if h.discovery == nil { apiresponse.WriteError(w, r, http.StatusServiceUnavailable, "discovery_unavailable", "contact discovery unavailable", nil) return } var input discovery.ImproveContactInput if err := apivalidate.DecodeJSON(w, r, maxRequestBody, &input); err != nil { return } data, err := h.discovery.ImproveContact(r.Context(), claims.Sub, input) if err != nil { switch { case errors.Is(err, discovery.ErrLLMNotConfigured): apiresponse.WriteError(w, r, http.StatusBadRequest, "llm_not_configured", err.Error(), nil) default: h.logger.Error("improve contact", "error", err) apivalidate.WriteInternal(w, r) } return } apiresponse.WriteJSON(w, http.StatusOK, data) }