web-base/core/Api/ContactAPI.class.php

<?php

namespace Api {

  use Objects\User;

  abstract class ContactAPI extends Request {

    protected ?string $messageId;

    public function __construct(User $user, bool $externalCall, array $params) {
      parent::__construct($user, $externalCall, $params);
      $this->messageId = null;
      $this->csrfTokenRequired = false;

    }

    protected function sendMail(string $name, ?string $fromEmail, string $subject, string $message, ?string $to = null): bool {
      $request = new \Api\Mail\Send($this->user);
      $this->success = $request->execute(array(
        "subject" => $subject,
        "body" => $message,
        "replyTo" => $fromEmail,
        "replyName" => $name,
        "to" => $to
      ));

      $this->lastError = $request->getLastError();
      if ($this->success) {
        $this->messageId = $request->getResult()["messageId"];
      }

      return $this->success;
    }
  }
}

namespace Api\Contact {

  use Api\ContactAPI;
  use Api\Parameter\Parameter;
  use Api\Parameter\StringType;
  use Api\VerifyCaptcha;
  use Driver\SQL\Condition\Compare;
  use Driver\SQL\Condition\CondNot;
  use Driver\SQL\Expression\CaseWhen;
  use Driver\SQL\Expression\Sum;
  use Objects\User;

  class Request extends ContactAPI {

    public function __construct(User $user, bool $externalCall = false) {
      $parameters = array(
        'fromName' => new StringType('fromName', 32),
        'fromEmail' => new Parameter('fromEmail', Parameter::TYPE_EMAIL),
        'message' => new StringType('message', 512),
      );

      $settings = $user->getConfiguration()->getSettings();
      if ($settings->isRecaptchaEnabled()) {
        $parameters["captcha"] = new StringType("captcha");
      }

      parent::__construct($user, $externalCall, $parameters);
    }

    public function _execute(): bool {
      $settings = $this->user->getConfiguration()->getSettings();
      if ($settings->isRecaptchaEnabled()) {
        $captcha = $this->getParam("captcha");
        $req = new VerifyCaptcha($this->user);
        if (!$req->execute(array("captcha" => $captcha, "action" => "contact"))) {
          return $this->createError($req->getLastError());
        }
      }

      // parameter
      $message = $this->getParam("message");
      $name = $this->getParam("fromName");
      $email = $this->getParam("fromEmail");

      $sendMail = $this->sendMail($name, $email, "Contact Request", $message);
      $mailError = $this->getLastError();

      $insertDB = $this->insertContactRequest();
      $dbError = $this->getLastError();

      // Create a log entry
      if (!$sendMail || $mailError) {
        $message = "Error processing contact request.";
        if (!$sendMail) {
          $message .= " Mail: $mailError";
        }

        if (!$insertDB) {
          $message .= " Mail: $dbError";
        }

        error_log($message);
      }

      if (!$sendMail && !$insertDB) {
        return $this->createError("The contact request could not be sent. The Administrator is already informed. Please try again later.");
      }

      return $this->success;
    }

    private function insertContactRequest(): bool {
      $sql = $this->user->getSQL();
      $name = $this->getParam("fromName");
      $email = $this->getParam("fromEmail");
      $message = $this->getParam("message");
      $messageId = $this->messageId ?? null;

      $res = $sql->insert("ContactRequest", array("from_name", "from_email", "message", "messageId"))
        ->addRow($name, $email, $message, $messageId)
        ->returning("uid")
        ->execute();

      $this->success = ($res !== FALSE);
      $this->lastError = $sql->getLastError();
      return $this->success;
    }
  }

  class Respond extends ContactAPI {

    public function __construct(User $user, bool $externalCall = false) {
      parent::__construct($user, $externalCall, array(
        "requestId" => new Parameter("requestId", Parameter::TYPE_INT),
        'message' => new StringType('message', 512),
      ));
      $this->loginRequired = true;
      $this->csrfTokenRequired = false;
    }

    private function getSenderMail(): ?string {
      $requestId = $this->getParam("requestId");
      $sql = $this->user->getSQL();
      $res = $sql->select("from_email")
        ->from("ContactRequest")
        ->where(new Compare("uid", $requestId))
        ->execute();

      $this->success = ($res !== false);
      $this->lastError = $sql->getLastError();

      if ($this->success) {
        if (empty($res)) {
          return $this->createError("Request does not exist");
        } else {
          return $res[0]["from_email"];
        }
      }

      return null;
    }

    private function insertResponseMessage(): bool {
      $sql = $this->user->getSQL();
      $message = $this->getParam("message");
      $requestId = $this->getParam("requestId");

      $this->success = $sql->insert("ContactMessage", ["request_id", "user_id", "message", "messageId", "read"])
        ->addRow($requestId, $this->user->getId(), $message, $this->messageId, true)
        ->execute();

      $this->lastError = $sql->getLastError();
      return $this->success;
    }

    private function updateEntity() {
      $sql = $this->user->getSQL();
      $requestId = $this->getParam("requestId");

      $sql->update("EntityLog")
        ->set("modified", $sql->now())
        ->where(new Compare("entityId", $requestId))
        ->execute();
    }

    public function _execute(): bool {
      $message = $this->getParam("message");
      $senderMail = $this->getSenderMail();
      if (!$this->success) {
        return false;
      }

      $fromName = $this->user->getUsername();
      $fromEmail = $this->user->getEmail();

      if (!$this->sendMail($fromName, $fromEmail, "Re: Contact Request", $message, $senderMail)) {
        return false;
      }

      if (!$this->insertResponseMessage()) {
        return false;
      }

      $this->updateEntity();
      return $this->success;
    }
  }

  class Fetch extends ContactAPI {

    public function __construct(User $user, bool $externalCall = false) {
      parent::__construct($user, $externalCall, array());
      $this->loginRequired = true;
      $this->csrfTokenRequired = false;
    }

    public function _execute(): bool {
      $sql = $this->user->getSQL();
      $res = $sql->select("ContactRequest.uid", "from_name", "from_email", "from_name",
          new Sum(new CaseWhen(new CondNot("ContactMessage.read"), 1, 0), "unread"))
        ->from("ContactRequest")
        ->groupBy("ContactRequest.uid")
        ->leftJoin("ContactMessage", "ContactRequest.uid", "ContactMessage.request_id")
        ->execute();

      $this->success = ($res !== false);
      $this->lastError = $sql->getLastError();

      if ($this->success) {
        $this->result["contactRequests"] = [];
        foreach ($res as $row) {
          $this->result["contactRequests"][] = array(
            "uid" => intval($row["uid"]),
            "from_name" => $row["from_name"],
            "from_email" => $row["from_email"],
            "unread" => intval($row["unread"]),
          );
        }
      }

      return $this->success;
    }
  }

  class Get extends ContactAPI {

    public function __construct(User $user, bool $externalCall = false) {
      parent::__construct($user, $externalCall, array(
        "requestId" => new Parameter("requestId", Parameter::TYPE_INT),
      ));
      $this->loginRequired = true;
      $this->csrfTokenRequired = false;
    }

    private function updateRead() {
      $requestId = $this->getParam("requestId");
      $sql = $this->user->getSQL();
      $sql->update("ContactMessage")
        ->set("read", 1)
        ->where(new Compare("request_id", $requestId))
        ->execute();
    }

    public function _execute(): bool {
      $requestId = $this->getParam("requestId");
      $sql = $this->user->getSQL();

      $res = $sql->select("from_name", "from_email", "message", "created_at")
        ->from("ContactRequest")
        ->where(new Compare("uid", $requestId))
        ->execute();

      $this->success = ($res !== false);
      $this->lastError = $sql->getLastError();

      if ($this->success) {
        if (empty($res)) {
          return $this->createError("Request does not exist");
        } else {
          $row = $res[0];
          $this->result["request"] = array(
            "from_name" => $row["from_name"],
            "from_email" => $row["from_email"],
            "messages" => array(
              ["sender_id" => null, "message" => $row["message"], "timestamp" => $row["created_at"]]
            )
          );

          $res = $sql->select("user_id", "message", "created_at")
            ->from("ContactMessage")
            ->where(new Compare("request_id", $requestId))
            ->orderBy("created_at")
            ->execute();

          $this->success = ($res !== false);
          $this->lastError = $sql->getLastError();

          if ($this->success) {
            foreach ($res as $row) {
              $this->result["request"]["messages"][] = array(
                "sender_id" => $row["user_id"], "message" => $row["message"], "timestamp" => $row["created_at"]
              );
            }

            $this->updateRead();
          }
        }
      }

      return $this->success;
    }
  }
}