trading-platform-backend-v2/src/modules/auth/controllers/phone-auth.controller.ts

/**
 * PhoneAuthController
 *
 * @description Controller for phone-based authentication (SMS/WhatsApp OTP).
 * Extracted from auth.controller.ts (P0-009: Auth Controller split).
 *
 * Routes:
 * - POST /auth/phone/send-otp - Send OTP via SMS or WhatsApp
 * - POST /auth/phone/verify - Verify phone OTP and authenticate
 *
 * @see EmailAuthController - Email/password authentication
 * @see OAuthController - OAuth authentication
 */
import { Request, Response, NextFunction } from 'express';
import { phoneService } from '../services/phone.service';

/**
 * Gets client info from request
 */
const getClientInfo = (req: Request) => ({
  userAgent: req.headers['user-agent'],
  ipAddress: req.ip || req.socket.remoteAddress,
});

/**
 * POST /auth/phone/send-otp
 *
 * Send OTP to phone number via SMS or WhatsApp
 */
export const sendPhoneOTP = async (req: Request, res: Response, next: NextFunction) => {
  try {
    const { phoneNumber, countryCode, channel } = req.body;

    const result = await phoneService.sendOTP(phoneNumber, countryCode, channel);

    res.json({
      success: true,
      message: result.message,
      data: { expiresAt: result.expiresAt },
    });
  } catch (error) {
    next(error);
  }
};

/**
 * POST /auth/phone/verify
 *
 * Verify phone OTP and authenticate user
 */
export const verifyPhoneOTP = async (req: Request, res: Response, next: NextFunction) => {
  try {
    const { phoneNumber, countryCode, otpCode } = req.body;
    const { userAgent, ipAddress } = getClientInfo(req);

    const result = await phoneService.verifyOTP(
      phoneNumber,
      countryCode,
      otpCode,
      userAgent,
      ipAddress,
    );

    res.json({
      success: true,
      data: result,
    });
  } catch (error) {
    next(error);
  }
};