package contacts import ( "errors" "log/slog" "net/http" "strconv" "strings" "github.com/go-chi/chi/v5" "github.com/jackc/pgx/v5/pgxpool" "github.com/ultisuite/ulti-backend/internal/api/apiresponse" "github.com/ultisuite/ulti-backend/internal/api/apivalidate" "github.com/ultisuite/ulti-backend/internal/api/middleware" "github.com/ultisuite/ulti-backend/internal/api/query" "github.com/ultisuite/ulti-backend/internal/auth" "github.com/ultisuite/ulti-backend/internal/nextcloud" "github.com/ultisuite/ulti-backend/internal/permission" ) type Handler struct { svc *Service logger *slog.Logger } func NewHandler(nc *nextcloud.Client, db *pgxpool.Pool) *Handler { return &Handler{ svc: NewService(nc, db), logger: slog.Default().With("component", "contacts-api"), } } func (h *Handler) Routes() chi.Router { r := chi.NewRouter() read := middleware.RequirePermission(permission.ResourceContacts, permission.LevelRead) write := middleware.RequirePermission(permission.ResourceContacts, permission.LevelWrite) r.With(read).Get("/books", h.ListAddressBooks) r.With(read).Get("/books/{bookID}/sync", h.SyncContacts) r.With(read).Get("/books/{bookID}", h.ListContacts) r.With(read).Get("/books/{bookID}/interactions/*", h.GetContactInteractions) r.With(read).Get("/search", h.SearchContacts) r.With(read).Get("/interactions", h.GetInteractionsByEmail) r.With(write).Post("/books/{bookID}", h.CreateContact) r.With(write).Post("/books/{bookID}/merge-duplicates", h.MergeDuplicateContacts) r.With(write).Put("/*", h.UpdateContact) r.With(write).Delete("/*", h.DeleteContact) return r } func (h *Handler) nextcloudUser(w http.ResponseWriter, r *http.Request, claims *auth.Claims) (string, bool) { userID, err := h.svc.EnsureNextcloudUser(r.Context(), claims) if err != nil { h.logger.Error("ensure nextcloud user", "error", err, "sub", claims.Sub, "email", claims.Email) apivalidate.WriteInternal(w, r) return "", false } return userID, true } func (h *Handler) writeContactServiceError(w http.ResponseWriter, r *http.Request, op string, err error) { if errors.Is(err, nextcloud.ErrPrincipalNotFound) { apiresponse.WriteError(w, r, http.StatusNotFound, "contact_book_not_found", "contacts address book not found for user", nil) return } if errors.Is(err, nextcloud.ErrDAVCredentialsMissing) { apiresponse.WriteError(w, r, http.StatusServiceUnavailable, "contacts_unavailable", "contacts backend credentials need refresh; retry shortly", nil) return } h.logger.Error(op, "error", err) apivalidate.WriteInternal(w, r) } func (h *Handler) ListAddressBooks(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } books, err := h.svc.ListAddressBooks(r.Context(), ncUser) if err != nil { h.writeContactServiceError(w, r, "list address books", err) return } apiresponse.WriteJSON(w, http.StatusOK, map[string]any{"address_books": books}) } func (h *Handler) SyncContacts(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } syncToken, verr := validateSyncToken(r.URL.Query().Get("sync_token")) if verr != nil { apivalidate.WriteValidationError(w, r, verr) return } result, err := h.svc.SyncContacts(r.Context(), ncUser, chi.URLParam(r, "bookID"), syncToken) if err != nil { if errors.Is(err, nextcloud.ErrSyncTokenInvalid) { apiresponse.WriteError(w, r, http.StatusConflict, "sync_token_invalid", "sync token is no longer valid; omit sync_token to perform a full resync", nil) return } h.writeContactServiceError(w, r, "sync contacts", err) return } apiresponse.WriteJSON(w, http.StatusOK, result) } func (h *Handler) ListContacts(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } params, err := query.ParseListRequest(r) if err != nil { apivalidate.WriteQueryError(w, r, err) return } result, err := h.svc.ListContacts(r.Context(), ncUser, chi.URLParam(r, "bookID"), params) if err != nil { h.writeContactServiceError(w, r, "list contacts", err) return } apiresponse.WriteJSON(w, http.StatusOK, result) } func (h *Handler) SearchContacts(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } params, err := query.ParseListRequest(r) if err != nil { apivalidate.WriteQueryError(w, r, err) return } bookID := r.URL.Query().Get("book_id") if bookID == "" { bookID = "contacts" } q := r.URL.Query().Get("q") result, err := h.svc.SearchContacts(r.Context(), ncUser, bookID, q, params) if err != nil { h.writeContactServiceError(w, r, "search contacts", err) return } apiresponse.WriteJSON(w, http.StatusOK, result) } func (h *Handler) CreateContact(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } var contact nextcloud.Contact if err := apivalidate.DecodeJSON(w, r, maxRequestBody, &contact); err != nil { return } if verr := validateCreateContact(&contact); verr != nil { apivalidate.WriteValidationError(w, r, verr) return } if err := h.svc.CreateContact(r.Context(), ncUser, chi.URLParam(r, "bookID"), &contact); err != nil { h.writeContactServiceError(w, r, "create contact", err) return } w.WriteHeader(http.StatusCreated) } func (h *Handler) UpdateContact(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } contactPath := strings.TrimSuffix(chi.URLParam(r, "*"), "/") if verr := validateDeletePath(contactPath); verr != nil { apivalidate.WriteValidationError(w, r, verr) return } ifMatch := strings.TrimSpace(r.Header.Get("If-Match")) if verr := validateIfMatch(ifMatch); verr != nil { apivalidate.WriteValidationError(w, r, verr) return } var contact nextcloud.Contact if err := apivalidate.DecodeJSON(w, r, maxRequestBody, &contact); err != nil { return } if verr := validateCreateContact(&contact); verr != nil { apivalidate.WriteValidationError(w, r, verr) return } etag, err := h.svc.UpdateContact(r.Context(), ncUser, contactPath, ifMatch, &contact) if err != nil { if errors.Is(err, nextcloud.ErrETagMismatch) { apiresponse.WriteError(w, r, http.StatusPreconditionFailed, "etag_mismatch", "etag does not match current resource version", nil) return } h.writeContactServiceError(w, r, "update contact", err) return } apiresponse.WriteJSON(w, http.StatusOK, map[string]any{"etag": etag}) } func (h *Handler) MergeDuplicateContacts(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } var req MergeDuplicatesRequest if r.ContentLength > 0 { if err := apivalidate.DecodeJSON(w, r, maxRequestBody, &req); err != nil { return } } result, err := h.svc.MergeDuplicates(r.Context(), ncUser, chi.URLParam(r, "bookID"), req) if err != nil { h.writeContactServiceError(w, r, "merge duplicate contacts", err) return } apiresponse.WriteJSON(w, http.StatusOK, result) } func (h *Handler) GetInteractionsByEmail(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) email, limit, verr := validateInteractionQuery(r.URL.Query().Get("email"), r.URL.Query().Get("limit")) if verr != nil { apivalidate.WriteValidationError(w, r, verr) return } result, err := h.svc.ContactInteractionsByEmail(r.Context(), claims.Sub, email, limit) if err != nil { h.logger.Error("contact interactions by email", "error", err) apivalidate.WriteInternal(w, r) return } apiresponse.WriteJSON(w, http.StatusOK, result) } func (h *Handler) GetContactInteractions(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } contactPath := strings.TrimSuffix(chi.URLParam(r, "*"), "/") if verr := validateDeletePath(contactPath); verr != nil { apivalidate.WriteValidationError(w, r, verr) return } limit := 20 if raw := strings.TrimSpace(r.URL.Query().Get("limit")); raw != "" { val, err := strconv.Atoi(raw) if err != nil || val < 1 || val > 100 { apivalidate.WriteValidationError(w, r, apivalidate.NewValidationError(apivalidate.FieldDetail{ Field: "limit", Message: "must be between 1 and 100", })) return } limit = val } result, err := h.svc.ContactInteractionsByPath(r.Context(), ncUser, contactPath, limit) if err != nil { if errors.Is(err, ErrContactEmailMissing) { apivalidate.WriteValidationError(w, r, apivalidate.NewValidationError(apivalidate.FieldDetail{ Field: "email", Message: "required for enrichment", })) return } h.writeContactServiceError(w, r, "contact interactions by path", err) return } apiresponse.WriteJSON(w, http.StatusOK, result) } func (h *Handler) DeleteContact(w http.ResponseWriter, r *http.Request) { claims := middleware.ClaimsFromContext(r.Context()) ncUser, ok := h.nextcloudUser(w, r, claims) if !ok { return } contactPath := chi.URLParam(r, "*") if verr := validateDeletePath(contactPath); verr != nil { apivalidate.WriteValidationError(w, r, verr) return } if err := h.svc.DeleteContact(r.Context(), ncUser, contactPath); err != nil { h.writeContactServiceError(w, r, "delete contact", err) return } w.WriteHeader(http.StatusNoContent) }