From 84c25ce390fde0a65ac029f48568b0be3a35876e Mon Sep 17 00:00:00 2001
From: hhftechnologies <hhf@uandh.in>
Date: Wed, 27 Nov 2024 20:19:20 +0530
Subject: [PATCH] update

---
 security/certificate-monitor.sh | 242 ++++++++++++++++++++++++++++++++
 1 file changed, 242 insertions(+)
 create mode 100644 security/certificate-monitor.sh

diff --git a/security/certificate-monitor.sh b/security/certificate-monitor.sh
new file mode 100644
index 0000000..59f3825
--- /dev/null
+++ b/security/certificate-monitor.sh
@@ -0,0 +1,242 @@
+#!/bin/bash
+
+#-----------------------------------#
+#             VARIABLES             #
+#-----------------------------------#
+
+this_script_url="https://git.hhf.technology/hhf/script-management-cloudpanel/raw/branch/main/security/certificate-monitor.sh"
+this_script_name="Certificate Monitoring and Installation Script"
+formatter_url="https://git.hhf.technology/hhf/TaskFormatter/raw/branch/main/bash_task_formatter/task_formatter.sh"
+scriptname=$0
+
+# Initialize success flag
+success=0
+
+# Determine the user (use the first argument if provided, otherwise fallback)
+USER_TO_RUN_AS="${1:-$SUDO_USER}"
+USER_HOME=$(eval echo ~$USER_TO_RUN_AS)
+
+# Certificate paths
+ACME_PATH="/root/.acme.sh"
+NGINX_SITES="/etc/nginx/sites-enabled"
+INSTALL_PATH="/usr/local/bin"
+
+#-----------------------------------#
+#             FORMATTER             #
+#-----------------------------------#
+
+# Download and source the formatter with error handling
+download_formatter() {
+    if [ ! -f "task_formatter.sh" ]; then
+        if ! wget "$formatter_url" --no-check-certificate -O task_formatter.sh > /dev/null 2>&1; then
+            echo "Error: Failed to download task_formatter.sh"
+            exit 1
+        fi
+    fi
+
+    if [ ! -f "task_formatter.sh" ]; then
+        echo "Error: task_formatter.sh not found after download attempt"
+        exit 1
+    fi
+
+    chmod +x task_formatter.sh
+    source ./task_formatter.sh || { echo "Error: Failed to source task_formatter.sh"; exit 1; }
+    
+    if ! declare -f print_header > /dev/null; then
+        echo "Error: print_header function not found after sourcing."
+        exit 1
+    fi
+}
+
+# Call the download_formatter function
+download_formatter
+
+#-----------------------------------#
+#             FUNCTIONS             #
+#-----------------------------------#
+
+# Function to install required packages
+install_dependencies() {
+    if ! dpkg -l | grep -q incron; then
+        sudo apt-get update > /dev/null 2>&1
+        sudo apt-get install -y incron > /dev/null 2>&1
+        if [ $? -eq 0 ]; then
+            echo -e "incron installed successfully $CHECK_MARK"
+            return 0
+        else
+            echo -e "Failed to install incron $CROSS_MARK"
+            return 1
+        fi
+    else
+        echo -e "incron already installed $CHECK_MARK"
+        return 0
+    fi
+}
+
+# Function to get root domain
+get_root_domain() {
+    local domain="$1"
+    echo "$domain" | awk -F'.' '{print $(NF-1) FS $NF}'
+}
+
+# Function to setup acme.sh
+setup_acme() {
+    if [ ! -f "/root/.acme.sh/acme.sh" ]; then
+        curl https://get.acme.sh | sh > /dev/null 2>&1
+        if [ $? -eq 0 ]; then
+            echo -e "acme.sh installed successfully $CHECK_MARK"
+            return 0
+        else
+            echo -e "Failed to install acme.sh $CROSS_MARK"
+            return 1
+        fi
+    else
+        echo -e "acme.sh already installed $CHECK_MARK"
+        return 0
+    fi
+}
+
+# Function to install certificate installer script
+install_certificate_script() {
+    cat > "${INSTALL_PATH}/clp-install-certificate" << 'EOF'
+#!/usr/bin/env bash
+
+# Function to extract root domain from a given domain
+get_root_domain() {
+    domain="$1"
+    root_domain=$(echo "$domain" | awk -F'.' '{print $(NF-1) FS $NF}')
+    echo "$root_domain"
+}
+
+# Check if a parameter is provided
+if [ $# -eq 1 ]; then
+    # If a parameter is provided, extract the domain from the filename
+    filename="$1"
+    domain="${filename%.conf}"
+    domains="$domain"
+else
+    # If no parameter is provided, retrieve domains from the database
+    query="SELECT domain_name FROM site WHERE domain_name LIKE '%htpc.zone';"
+    domains=$(sqlite3 /home/clp/htdocs/app/data/db.sq3 "$query")
+fi
+
+for domain in $domains; do
+    root_domain=$(get_root_domain "$domain")
+    certificate=/root/.acme.sh/$root_domain/fullchain.cer
+    private_key=/root/.acme.sh/$root_domain/htpc.zone.key
+
+    # Execute the command for each domain
+    command="/usr/bin/clpctl site:install:certificate --domainName=$domain --privateKey=$private_key --certificate=$certificate"
+    echo "Executing command for domain: $domain"
+    $command
+done
+EOF
+
+    chmod +x "${INSTALL_PATH}/clp-install-certificate"
+    if [ $? -eq 0 ]; then
+        echo -e "Certificate installer script installed successfully $CHECK_MARK"
+        return 0
+    else
+        echo -e "Failed to install certificate installer script $CROSS_MARK"
+        return 1
+    fi
+}
+
+# Function to setup incron
+setup_incron() {
+    echo "/etc/nginx/sites-enabled/ IN_CREATE /usr/local/bin/clp-install-certificate \$#" | sudo incrontab -
+    if [ $? -eq 0 ]; then
+        echo -e "incron setup completed successfully $CHECK_MARK"
+        return 0
+    else
+        echo -e "Failed to setup incron $CROSS_MARK"
+        return 1
+    fi
+}
+
+# Function to verify installation
+verify_installation() {
+    local errors=0
+    
+    # Check incron installation
+    if ! command -v incrontab >/dev/null 2>&1; then
+        echo "Error: incron not found"
+        errors=$((errors + 1))
+    fi
+    
+    # Check certificate installer script
+    if [ ! -x "${INSTALL_PATH}/clp-install-certificate" ]; then
+        echo "Error: certificate installer script not found or not executable"
+        errors=$((errors + 1))
+    fi
+    
+    # Check acme.sh installation
+    if [ ! -f "/root/.acme.sh/acme.sh" ]; then
+        echo "Error: acme.sh not found"
+        errors=$((errors + 1))
+    fi
+    
+    if [ $errors -eq 0 ]; then
+        echo -e "All components verified successfully $CHECK_MARK"
+        return 0
+    else
+        echo -e "Verification failed with $errors errors $CROSS_MARK"
+        return 1
+    fi
+}
+
+# Remove created files on cleanup
+cleanup_files() {
+    rm -f task_formatter.sh
+    echo -e "Cleaned up temporary files $CHECK_MARK"
+    return 0
+}
+
+#-----------------------------------#
+#             MAIN LOGIC            #
+#-----------------------------------#
+
+# Check if print_header function exists
+if ! command -v print_header >/dev/null 2>&1; then
+    echo "Error: print_header function not found. Formatter may not be properly sourced."
+    exit 1
+fi
+
+# Print header
+print_header "$this_script_name" "$this_script_url"
+
+echo -e "Running as User: $USER_TO_RUN_AS\nUser Home: $USER_HOME\n"
+
+# Run the installation functions with formatted output
+if ! format_output install_dependencies "Installing Dependencies"; then
+    cleanup_files
+    success=1
+fi
+
+if ! format_output setup_acme "Setting up acme.sh"; then
+    cleanup_files
+    success=1
+fi
+
+if ! format_output install_certificate_script "Installing Certificate Script"; then
+    cleanup_files
+    success=1
+fi
+
+if ! format_output setup_incron "Setting up incron"; then
+    cleanup_files
+    success=1
+fi
+
+if ! format_output verify_installation "Verifying Installation"; then
+    cleanup_files
+    success=1
+fi
+
+format_output cleanup_files "Cleaning up temporary files"
+
+# Print final message
+final_message "$this_script_name" "$success"
+
+# Exit with appropriate status
+exit $success
\ No newline at end of file