kritbit

kritbit Git Source Tree


Root/web/application/controllers/service.php

<?php
 
use \vendor\DB\DB;
 
class service extends base {
 
    protected $loginRequired = false;
    protected $sessionRequired = false;
 
    /**
     * This service will expect a JSON POST data of:
     * ["data"] => {"nonce": "randomString", "message": "cipherText", "signature": "abcdef"}
     * Signature will be a sha256 of the message pre-encrypt with nonce appended to the end
     * ie
     * {JSON} + nonce + sharedhash
     * Note: sharedhash should NOT be the sharedkey that is used to encrypt the message
     *
     *
     * Unencrypted cipherText will look like
     * {"output": "stdout of run", "time_taken": 10, "result": 0}
     * Just like in most modern programs - a result of anything but 0 indicates an error
     *
     * @param $jobId
     */
    public function upload($jobId) {
        if ($jobId && is_numeric($jobId)) {
 
            /** @var \application\models\Jobs $job */
            $job = \application\models\Jobs::getByField("id", $jobId)[0];
            //decrypt message
            $data = json_decode($_POST["data"], true);
            $rawMessage = aes_decrypt($job->sharedkey, $data["message"]);
            /*$rawMessage = str_replace("\\n", "", $rawMessage);
            $rawMessage = str_replace("\\r", "", $rawMessage);
            $rawMessage = str_replace("\\", "", $rawMessage);*/
            $rawMessage = preg_replace('/[^(\x20-\x7F)]*/','', $rawMessage);
 
 
 
 
            // if decryption was successful -
            // check signature
            if (hash("sha256", $rawMessage . $data["nonce"] . $job->hash) == $data["signature"]) {
                // the message is verified
                $message = json_decode($rawMessage, true);
                $replayAttackCheck = DB::fetch("SELECT id FROM histories WHERE jobs_id = ? AND nonce = ?", [$job->id, $data["nonce"]]);
                if (count($replayAttackCheck) == 0) {
                    $history = \application\models\Histories::create($message);
                    $history->run_date = date("Y-m-d H:i:s");
                    $history->jobs_id = $job->id;
                    $history->nonce = $data["nonce"];
                    $history->save();
                    $job->last_result = $history->result;
                    $job->last_run = $history->run_date;
                    $job->save();
                }
            }
        }
    }
 
    private function rrmdir($dir) {
        if (is_dir($dir)) {
            $objects = scandir($dir);
            foreach ($objects as $object) {
                if ($object != "." && $object != "..") {
                    if (is_dir($dir."/".$object))
                        rrmdir($dir."/".$object);
                    else
                        unlink($dir."/".$object);
                }
            }
            rmdir($dir);
        }
    }
 
    public function run() {
        if (in_array($_SERVER["REMOTE_ADDR"], $this->config["ACCEPTED_IPS"])) { // not very secure - but worst case they fire off the run early
            if (!file_exists("/tmp/kritbot")) {
                touch("/tmp/kritbot");
                try {
                    /** @var \application\models\Jobs[] $jobs */
                    $jobs = DB::fetchObject("SELECT * FROM jobs", "\\application\\models\\Jobs");
                    foreach ($jobs as $job) {
                        if ($job->runType == 1) {
                            $cron = Cron\CronExpression::factory($job->cron);
                            if ($cron->isDue() || $job->force_run == 1) {
                                $output = [];
                                $returnVar = 0;
 
                                $jobName = (isset($job->jobName) && !empty($job->jobName) && $job->jobName) ? $job->jobName : "----NOT-SET----";
                                $dir = __DIR__ . DIRECTORY_SEPARATOR .".." . DIRECTORY_SEPARATOR . "tmp" . DIRECTORY_SEPARATOR . $jobName;
                                if (is_dir($dir)) {
                                    $this->rrmdir($dir . DIRECTORY_SEPARATOR);
                                    mkdir($dir, 0777, true);
                                } else {
                                    mkdir($dir, 0777, true);
                                }
 
                                $start = microtime(true);
                                // grumble grumble something something windows
                                if (stripos(php_uname("s"), "Win") !== false) {
                                    file_put_contents("$dir/kritscript.bat", $job->runScript);
                                    exec("c:\\windows\\system32\\cmd.exe /c $dir\kritscript.bat", $output, $returnVar);
                                } else {
                                    file_put_contents("$dir/kritscript", $job->runScript);
                                    chmod("$dir/kritscript", 0777);
                                    exec("$dir/kritscript", $output, $returnVar);
                                }
                                $end = microtime(true);
                                $delta = $end - $start;
                                $scriptOutput = implode("\n", $output);
                                if ($returnVar != 0) {
                                    if (stripos(php_uname("s"), "Win") !== false) {
                                        file_put_contents("$dir/failkritscript.bat", $job->failScript);
                                        exec("c:\\windows\\system32\\cmd.exe /c $dir\failkirtscript.bat");
                                    } else {
                                        file_put_contents("$dir/failkritscript", $job->failScript);
                                        chmod("$dir/failkritscript", 0777);
                                        exec("$dir/failkritscript", $output, $returnVar);
                                    }
                                }
                                $historyObj = new \application\models\Histories();
                                $historyObj->output = $scriptOutput;
                                $historyObj->result = $returnVar;
                                $historyObj->time_taken = $delta;
                                $historyObj->jobs_id = $job->id;
                                $now = date("Y-m-d H:i:s");
                                $historyObj->run_date = $now;
                                $historyObj->save();
                                $job->force_run = 0;
                                $job->last_run = $now;
                                $job->last_result = $returnVar;
                                $job->save();
                            }
                        }
                    }
                    unlink("/tmp/kritbot");
                } catch (\Exception $e) {
                    unlink("/tmp/kritbot");
                }
            }
 
        }
    }
}

Archive Download this file

Branches

Number of commits:
Page rendered in 0.08556s using 11 queries.