File: //proc/thread-self/root/opt/cpguard/app/scripts/enhance_suspend_hook.php
#!/opt/cpguard/cpg-php-fpm/bin/php
<?php
## DO NOT CUSTOMISE THIS FILE
## This file may be updated during software update
## Please make a copy of the file for customising it
sleep(2);
if (!isset($argv[1])) {
die("Argument missing!");
}
$input = json_decode($argv[1], true);
/*
$input['user'] - (string) The user to be suspended
$input['domain'] - (string) Domain
$input['reason'] - (string) Reason for suspendsion
$input['emails'] - (array) Primary and secondary notification emails
*/
$conf = parse_ini_file('/opt/cpguard/app/scripts/enhance.ini');
if (empty($conf['host']) || empty($conf['organisation_id']) || empty($conf['auth_token'])) {
die("API values missing");
}
$hostname = gethostname();
$public_ips = get_public_ips();
if (empty($conf['server_id']) || $conf['expiry'] ?? 0 < time()) {
$servers = enhance_get('servers');
foreach ($servers->items as $server) {
if ($server->hostname === $hostname || $server->friendlyName === $hostname) {
$conf['server_id'] = $server->id;
$conf['expiry'] = time() + 43200;
save_ini('/opt/cpguard/app/scripts/enhance.ini', $conf);
break;
}
}
}
if (!isset($conf['server_id'])) { //Cannot proceed
die("Couldnt identify Server ID");
}
$websites = enhance_get('orgs/' . $conf['organisation_id'] . '/websites?recursion=infinite&servers=' . $conf['server_id']);
//Find the correct "website" for the domain from website list of the server
foreach ($websites->items as $website) {
if ($website->domain->domain === $input['domain']) {
$found = $website;
break;
} else {
foreach ($website->aliases as $alias) {
if ($alias->domain === $input['domain']) {
$found = $website;
break;
}
}
}
}
//Call API to suspend the domain
if (!empty($found->id)) {
if (empty($found->suspendedBy)) {
echo "Suspending " . $input['domain'] . ' ' . $found->id . PHP_EOL;
$request_body = [
"status" => "disabled",
//"active"
//"isSuspended" => true
];
$code = enhance_patch('orgs/' . $conf['organisation_id'] . "/websites/$found->id", $request_body);
if ($code === 204) {
//Send an email
send_email_notification($input);
//Send a notification in slack
//slack_notification($input);
}
} else {
echo "Domain " . $input['domain'] . " already suspended!\n";
}
} else {
echo "Failed to identify website\n";
}
/* -------------------------------------------------------------------------
* SENDING EMAILS TO END USERS
* ---------------------------------------------------------------------- */
function send_email_notification($input)
{
if (empty($input['emails'])) {
echo "User email ids are not available. Email not sent\n";
return false;
}
$server = gethostname();
$to_address = implode(',', $input['emails']);
$subject = $input['domain'] . " domain suspended on $server";
$message = "
<html>
<head>
<title>" . $input['domain'] . " domain suspended on $server</title>
</head>
<body>
<h2>" . $input['domain'] . " suspended on $server</h2>
<p>Reason : " . $input['reason'] . "</p>
</body>
</html>
";
// Always set content-type when sending HTML email
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
// More headers
$headers .= "From: cpguard@$server" . "\r\n";
//$headers .= 'Cc: myboss@example.com' . "\r\n";
mail($to_address, $subject, $message, $headers);
}
/* -------------------------------------------------------------------------
* SLACK WEBHOOKS
* REFER https://api.slack.com/messaging/webhooks
* ---------------------------------------------------------------------- */
function slack_notification($input)
{
$server = gethostname();
//Update the webhook url below
$webhook_url = "https://hooks.slack.com/services/xxxxxxxxxxxxxxx";
$data = array(
"text" => $input['domain'] . " domain suspended! on $server",
"blocks" => array(
array(
"type" => "section",
"text" => array(
"type" => "mrkdwn",
"text" => "*" . $input['user'] . " domain suspended! on $server*\nReason : " . $input['reason']
)
)
)
);
$data_string = json_encode($data);
$ch = curl_init($webhook_url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt(
$ch,
CURLOPT_HTTPHEADER,
array(
'Content-Type: application/json',
'Content-Length: ' . strlen($data_string)
)
);
$result = curl_exec($ch);
}
/***************************** REQUIRED FUNCTIONS ********************/
function save_ini($filename, $data)
{
$content = '';
foreach ($data as $key => $value) {
$content .= ($key . ' = ' . $value . PHP_EOL);
}
file_put_contents($filename, $content);
}
function get_public_ips()
{
if (file_exists('/etc/os-release')) {
//centos 7
$ips = shell_exec("/sbin/ifconfig | /bin/grep 'inet '| /bin/grep -v '127.0.0.1' | /usr/bin/cut -d: -f2 | /usr/bin/awk '{ print $2}' | /bin/grep -Ev '^(192.168|10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.)'");
} else {
//centos 6
$ips = shell_exec("/sbin/ifconfig | /bin/grep 'inet addr:'| /bin/grep -v '127.0.0.1' | /usr/bin/cut -d: -f2 | /usr/bin/awk '{ print $1}' | /bin/grep -Ev '^(192.168|10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.)'");
}
return array_unique(explode("\n", trim(is_string($ips)) ? $ips : ''));
}
function enhance_get($query)
{
global $conf; //$host, $organisation_id, $auth_token;
/* Init cURL resource */
$ch = curl_init($conf['host'] . '/api/' . $query);
/* Set Headers */
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type:application/json', "Authorization: Bearer " . $conf['auth_token']]);
/* set return type json */
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
/* execute request */
$result = curl_exec($ch);
if ($error = curl_error($ch) || curl_getinfo($ch, CURLINFO_HTTP_CODE) != 200) {
die("Enhance API error for $query : $error\n$result \n");
return false;
}
/* close cURL resource */
curl_close($ch);
$json = json_decode($result);
if (is_object($json)) {
return $json;
} else {
die("Invalid Enhance API response for $query.. Exiting..\n");
}
}
function enhance_patch($query, $payload)
{
global $conf; //$host, $organisation_id, $auth_token;
/* Init cURL resource */
$ch = curl_init($conf['host'] . '/api/' . $query);
// Attach encoded JSON string to the POST fields
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PATCH');
/* Set Headers */
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type:application/json', "Authorization: Bearer " . $conf['auth_token']]);
/* set return type json */
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
/* execute request */
$result = curl_exec($ch);
echo $result;
if ($error = curl_error($ch)) {
die("Enhance API error for $query : $error\n$result \n");
return false;
}
/* close cURL resource */
curl_close($ch);
return curl_getinfo($ch, CURLINFO_HTTP_CODE);
}