path: root/src/Controllers/Client/ClientController.php

<?php

namespace App\Controllers\Client;

use App\Database;
use App\Errors\AppException;
use App\Errors\UnknownError;
use App\Models\Device;
use App\Models\RoomEvent;
use App\Models\Tokens;
use App\Models\User;
use App\Support\Logger;
use App\Support\Parser;
use App\Support\RequestValidator;
use Matrix\Data\AccountData;
use Matrix\Data\DeviceLists;
use Matrix\Data\LoginFlow;
use Matrix\Data\Presence;
use Matrix\Data\Room\Ephemeral;
use Matrix\Data\Room\JoinedRoom;
use Matrix\Data\Room\RoomSummary;
use Matrix\Data\Room\Rooms;
use Matrix\Data\Room\State;
use Matrix\Data\Room\Timeline;
use Matrix\Data\Room\UnreadNotificationCounts;
use Matrix\Data\ToDevice;
use Matrix\Enums\ErrorCode;
use Matrix\Enums\LoginType;
use Matrix\Enums\MembershipState;
use Matrix\Enums\PresenceState;
use Matrix\Enums\UserRegistrationKind;
use Matrix\Events\PresenceEvent;
use Matrix\Responses\ClientLoginGetResponse;
use Matrix\Responses\ClientLoginPostResponse;
use Matrix\Responses\ClientRefreshPostResponse;
use Matrix\Responses\ClientRegisterPostResponse;
use Matrix\Responses\ClientSyncGetResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\Routing\Attribute\Route;

class ClientController
{
  #[Route(path: "_matrix/client/r0/login", methods: ["GET"])]
  #[Route(path: "_matrix/client/v3/login", methods: ["GET"])]
  public function supportedLoginTypes(Request $request): Response
  {
    return new JsonResponse(new ClientLoginGetResponse([
      (new LoginFlow(LoginType::PASSWORD)),
    ]));
  }

  #[Route(path: "_matrix/client/r0/login", methods: ["POST"])]
  #[Route(path: "_matrix/client/v3/login", methods: ["POST"])]
  public function login(Request $request): Response
  {
    Logger::logRequestToFile($request);

    $body = json_decode($request->getContent(), true);
    RequestValidator::validateJson();

    // validate login type
    $loginType = null;
    try {
      $loginType = LoginType::from($body["type"]);
    } catch (\ValueError $error) {
      throw new UnknownError("Bad login type.", Response::HTTP_BAD_REQUEST);
    }

    // get user id
    $userId = Parser::parseUser($body["identifier"]["user"]);
    if (empty($userId["server"])) {
      $userId = "@$userId[username]:$_ENV[DOMAIN]";
      #$userId = "@$userId[username]:localhost";
    } else {
      $userId = "@$userId[username]:$userId[server]";
    }

    if ($loginType !== LoginType::PASSWORD) {
      throw new AppException(ErrorCode::UNRECOGNIZED, "only password login supported for now", Response::HTTP_SERVICE_UNAVAILABLE);
    }

    $user = User::fetchWithPassword($userId, $body["password"]);

    if (! $user) {
      throw new AppException(ErrorCode::FORBIDDEN, "Invalid credentials", Response::HTTP_FORBIDDEN);
    }

    $deviceId = $body["device_id"] ?? "";

    $device = null;
    $tokens = null;

    // create new device with tokens
    if (empty($deviceId)) {
      $device = Device::new(
        $user->getId(),
        initialDisplayName: $body["initial_device_display_name"] ?? "",
      );
      $device->insert();

      $tokens = Tokens::new($userId, $device->getId());
      $tokens->insert();
    } else { // fetch existing device and tokens
      $device = $user->fetchDevice($deviceId);
      $tokens = Tokens::fetch($userId, $device->getId());

      if (empty($tokens)) {
        throw new AppException(
          ErrorCode::UNKNOWN_TOKEN,
          "Soft logged out",
          Response::HTTP_UNAUTHORIZED,
          ["soft_logout" => true],
        );
      }
    }

    return new JsonResponse(new ClientLoginPostResponse(
      accessToken: $tokens->getAccessToken(),
      deviceId:$device->getId(),
      userId: $user->getId(),
      expiresInMilliseconds: $tokens->getExpiresIn(),
      refreshToken: $tokens->getRefreshToken(),
    ));
  }

  #[Route(path: "_matrix/client/v3/register", methods: ["POST"])]
  public function register(Request $request): Response
  {
    $body = json_decode($request->getContent(), true);
    RequestValidator::validateJson();

    // validate kind
    $kind = null;
    try {
      $kind = UserRegistrationKind::from($request->query->get("kind") ?? "user");
    } catch (\ValueError $error) {
      throw new UnknownError("Bad registration kind.", Response::HTTP_BAD_REQUEST);
    }

    $username = $body["username"];
    $userId = "@$username:$_ENV[DOMAIN]";

    Database::getInstance()->query("insert into users (id, password) values (:id, :password)", [
      "id" => $userId,
      "password" => $body["password"],
    ]);

    $device_id = $body["device_id"] ?? "";
    $initialDeviceDisplayName = $body["initial_device_display_name"] ?? "";

    $device = Device::new($userId, $device_id, $initialDeviceDisplayName);
    $device->insert();

    $tokens = Tokens::new($userId, $device->getId());
    $tokens->insert();

    return new JsonResponse(new ClientRegisterPostResponse(
      accessToken: $tokens->getAccessToken(),
      deviceId: $device->getId(),
      expiresInMilliseconds: $tokens->getExpiresIn(),
      refreshToken: $tokens->getRefreshToken(),
      userId: $userId,
    ));
  }

  /**
   * @see https://spec.matrix.org/v1.15/client-server-api/#get_matrixclientv3sync
   * @see https://spec.matrix.org/v1.15/client-server-api/#extensions-to-sync
   */
  #[Route(path: "_matrix/client/r0/sync", methods: ["GET"])]
  #[Route(path: "_matrix/client/v3/sync", methods: ["GET"])]
  public function sync(Request $request): Response
  {
    $user = User::authenticateWithRequest($request);

    $filter = $request->query->get("filter", "");
    $syncFullState = $request->query->get("full_state", false);
    $setPresence = PresenceState::tryFrom($request->query->get("set_presence") ?? "") ?? PresenceState::ONLINE;
    $since = $request->query->get("since", "");
    $timeout = $request->query->get("timeout", 0);
    $useStateAfter = $request->query->get("use_state_after", false);

    if (! empty($filter)) {
      if (str_starts_with($filter, "{")) {
        $filter = json_decode($filter, true);
      } else {
        $filter = Database::getInstance()->query("select * from filters where id=:id", ["id" => $filter])->fetch();
      }
    }

    $rooms = Database::getInstance()->query(<<<SQL
      select * from rooms
      left join room_memberships
      on rooms.id = room_memberships.room_id
      where room_memberships.user_id = :user_id
    SQL, [
      "user_id" => $user->getId(),
    ])->fetchAll();

    $invitedRooms = [];
    $joinedRooms = [];
    $knockedRooms = [];
    $leftRooms = [];

    foreach ($rooms as $room) {
      $events = Database::getInstance()->query(<<<SQL
        select * from room_events
        where room_id = :room_id
      SQL, [
        "room_id" => $room["room_id"],
        #"limit" => ($filter["room"]["timeline"]["limit"] ?? false) ? "limit " . $filter["room"]["timeline"]["limit"] : "",
      ])->fetchAll();

      if ($since === "" && MembershipState::tryFrom($room["state"]) === MembershipState::JOIN) {
        $joinedRooms[$room["room_id"]] = new JoinedRoom(
          accountData: new AccountData([]),
          ephemeral: new Ephemeral([]),
          state: new State([]),
          summary: new RoomSummary(
            heroes: [],
            invitedMemberCount: 0,
            joinedMemberCount: 1,
          ),
          timeline: new Timeline(
            events: array_map([RoomEvent::class, "transformEvent"], $events),
            limited: false,# $filter["room"]["timeline"]["limit"] ?? false,
            previousBatch: null,
          ),
          unreadNotifications: new UnreadNotificationCounts(0, 0),
          unreadThreadNotifications: [],
        );
      }
    }

    return new JsonResponse(new ClientSyncGetResponse(
      nextBatch: "1",

      accountData: new AccountData([]),

      deviceLists: new DeviceLists([], []),

      deviceOneTimeKeysCount: [
        "signed_curve25519" => 10,
      ],

      presence: new Presence([
        new PresenceEvent(
          sender: $user->getId(),
          presence: $setPresence,
        ),
      ]),

      rooms: new Rooms(
        $invitedRooms,
        $joinedRooms,
        $knockedRooms,
        $leftRooms,
      ),

      toDevice: new ToDevice([]),
    ));
  }

  #[Route(path: "/_matrix/client/v3/refresh", methods: ["POST"])]
  public function refresh(Request $request): Response
  {
    $body = json_decode($request->getContent(), true);
    RequestValidator::validateJson();

    $tokens = Tokens::fetchWithRefreshToken($body["refresh_token"]);

    if (empty($tokens)) {
      throw new AppException(
        ErrorCode::UNKNOWN_TOKEN,
        "Soft logged out",
        Response::HTTP_UNAUTHORIZED,
        ["soft_logout" => true],
      );
    }

    $newTokens = Tokens::new($tokens->getUserId(), $tokens->getDeviceId());
    $newTokens->insert();

    return new JsonResponse(new ClientRefreshPostResponse(
      accessToken: $newTokens->getAccessToken(),
      expiresInMilliseconds: $newTokens->getExpiresIn(),
      refreshToken: $newTokens->getRefreshToken(),
    ));
  }
}