1#@!#!123s

: / opt / cpguard / app / scripts /
Filename : enhance_suspend_hook.php
back
#!/opt/cpguard/cpg-php-fpm/bin/php
<?php

## DO NOT CUSTOMISE THIS FILE
## This file may be updated during software update
## Please make a copy of the file for customising it


sleep(2);

if (!isset($argv[1])) {
    die("Argument missing!");
}
$input = json_decode($argv[1], true);

/*
    $input['user']      - (string) The user to be suspended
    $input['domain']    - (string) Domain
    $input['reason']    - (string) Reason for suspendsion
    $input['emails']    - (array) Primary and secondary notification emails
 */

$conf = parse_ini_file('/opt/cpguard/app/scripts/enhance.ini');
if (empty($conf['host']) || empty($conf['organisation_id']) || empty($conf['auth_token'])) {
    die("API values missing");
}

$hostname = gethostname();
$public_ips = get_public_ips();


if (empty($conf['server_id']) || $conf['expiry'] ?? 0 < time()) {
    $servers = enhance_get('servers');
    foreach ($servers->items as $server) {
        if ($server->hostname === $hostname || $server->friendlyName === $hostname) {
            $conf['server_id'] = $server->id;
            $conf['expiry'] = time() + 43200;
            save_ini('/opt/cpguard/app/scripts/enhance.ini', $conf);
            break;
        }
    }
}


if (!isset($conf['server_id'])) { //Cannot proceed
    die("Couldnt identify Server ID");
}

$websites = enhance_get('orgs/' . $conf['organisation_id'] . '/websites?recursion=infinite&servers=' . $conf['server_id']);

//Find the correct "website" for the domain from website list of the server
foreach ($websites->items as $website) {

    if ($website->domain->domain === $input['domain']) {
        $found = $website;
        break;
    } else {
        foreach ($website->aliases as $alias) {
            if ($alias->domain === $input['domain']) {
                $found = $website;
                break;
            }
        }
    }
}


//Call API to suspend the domain
if (!empty($found->id)) {

    if (empty($found->suspendedBy)) {

        echo "Suspending " . $input['domain'] . ' ' . $found->id . PHP_EOL;

        $request_body = [
            "status" => "disabled",
            //"active"
            //"isSuspended" => true
        ];

        $code = enhance_patch('orgs/' . $conf['organisation_id'] . "/websites/$found->id", $request_body);
        if ($code === 204) {

            //Send an email
            send_email_notification($input);

            //Send a notification in slack
            //slack_notification($input);

        }
    } else {
        echo "Domain " . $input['domain'] . " already suspended!\n";
    }
} else {
    echo "Failed to identify website\n";
}

/* -------------------------------------------------------------------------
 *      SENDING EMAILS TO END USERS
 * ---------------------------------------------------------------------- */

function send_email_notification($input)
{
    if (empty($input['emails'])) {
        echo "User email ids are not available. Email not sent\n";
        return false;
    }
    $server = gethostname();
    $to_address = implode(',', $input['emails']);
    $subject = $input['domain'] . " domain suspended on $server";

    $message = "
       <html>
           <head>
               <title>" . $input['domain'] . " domain suspended on $server</title>
           </head>
           <body>
               <h2>" . $input['domain'] . " suspended on $server</h2>
               <p>Reason : " . $input['reason'] . "</p>
           </body>
       </html>
       ";

    // Always set content-type when sending HTML email
    $headers = "MIME-Version: 1.0" . "\r\n";
    $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";

    // More headers
    $headers .= "From: cpguard@$server" . "\r\n";
    //$headers .= 'Cc: myboss@example.com' . "\r\n";


    mail($to_address, $subject, $message, $headers);
}



/* -------------------------------------------------------------------------
 *      SLACK WEBHOOKS
 *      REFER https://api.slack.com/messaging/webhooks
 * ---------------------------------------------------------------------- */

function slack_notification($input)
{

    $server = gethostname();

    //Update the webhook url below
    $webhook_url = "https://hooks.slack.com/services/xxxxxxxxxxxxxxx";

    $data = array(
        "text" => $input['domain'] . " domain suspended! on $server",
        "blocks" => array(
            array(
                "type" => "section",
                "text" => array(
                    "type" => "mrkdwn",
                    "text" => "*" . $input['user'] . " domain suspended! on $server*\nReason : " . $input['reason']
                )
            )
        )
    );

    $data_string = json_encode($data);
    $ch = curl_init($webhook_url);
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt(
        $ch,
        CURLOPT_HTTPHEADER,
        array(
            'Content-Type: application/json',
            'Content-Length: ' . strlen($data_string)
        )
    );

    $result = curl_exec($ch);
}












/***************************** REQUIRED FUNCTIONS ********************/



function save_ini($filename, $data)
{
    $content = '';
    foreach ($data as $key => $value) {
        $content .= ($key . ' = ' . $value . PHP_EOL);
    }
    file_put_contents($filename, $content);
}


function get_public_ips()
{
    if (file_exists('/etc/os-release')) {
        //centos 7
        $ips = shell_exec("/sbin/ifconfig | /bin/grep 'inet '| /bin/grep  -v '127.0.0.1'  |  /usr/bin/cut -d: -f2 | /usr/bin/awk '{ print $2}' | /bin/grep -Ev '^(192.168|10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.)'");
    } else {
        //centos 6
        $ips = shell_exec("/sbin/ifconfig  | /bin/grep 'inet addr:'| /bin/grep  -v '127.0.0.1' | /usr/bin/cut -d: -f2 | /usr/bin/awk '{ print $1}' | /bin/grep -Ev '^(192.168|10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.)'");
    }

    return array_unique(explode("\n", trim(is_string($ips)) ? $ips : ''));
}


function enhance_get($query)
{

    global $conf; //$host, $organisation_id, $auth_token;

    /* Init cURL resource */
    $ch = curl_init($conf['host'] . '/api/' . $query);

    /* Set Headers */
    curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type:application/json', "Authorization: Bearer " . $conf['auth_token']]);

    /* set return type json */
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    /* execute request */
    $result = curl_exec($ch);

    if ($error = curl_error($ch) || curl_getinfo($ch, CURLINFO_HTTP_CODE) != 200) {
        die("Enhance API error for $query : $error\n$result \n");
        return false;
    }

    /* close cURL resource */
    curl_close($ch);

    $json = json_decode($result);

    if (is_object($json)) {
        return $json;
    } else {
        die("Invalid Enhance API response for $query.. Exiting..\n");
    }
}

function enhance_patch($query, $payload)
{

    global $conf; //$host, $organisation_id, $auth_token;

    /* Init cURL resource */
    $ch = curl_init($conf['host'] . '/api/' . $query);

    // Attach encoded JSON string to the POST fields
    curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));

    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PATCH');

    /* Set Headers */
    curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type:application/json', "Authorization: Bearer " . $conf['auth_token']]);

    /* set return type json */
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    /* execute request */
    $result = curl_exec($ch);

    echo $result;

    if ($error = curl_error($ch)) {
        die("Enhance API error for $query : $error\n$result \n");
        return false;
    }

    /* close cURL resource */
    curl_close($ch);

    return curl_getinfo($ch, CURLINFO_HTTP_CODE);
}