From 97ef70618396510a52c3c06395b32331cacd3efd Mon Sep 17 00:00:00 2001
From: Vincent Vanwaelscappel <vincent@cubedesigners.com>
Date: Mon, 18 Sep 2023 09:33:15 +0200
Subject: [PATCH] wip #6286 @0.5

---
 app/Models/TeamServers.php | 108 +++++++++++++++++++------------------
 1 file changed, 56 insertions(+), 52 deletions(-)

diff --git a/app/Models/TeamServers.php b/app/Models/TeamServers.php
index de60378cc..e2f69286c 100644
--- a/app/Models/TeamServers.php
+++ b/app/Models/TeamServers.php
@@ -6,6 +6,7 @@ use App\SubForms\TeamServer;
 use Cubist\Backpack\Magic\Fields\BunchOfFieldsMultiple;
 use Cubist\Backpack\Magic\Fields\Textarea;
 use Cubist\Backpack\Magic\Models\CubistMagicAbstractModel;
+use Cubist\Util\Files\Files;
 use Cubist\Util\Text;
 
 class TeamServers extends CubistMagicAbstractModel
@@ -26,69 +27,67 @@ class TeamServers extends CubistMagicAbstractModel
         $this->addField('blacklist', Textarea::class, __('Liste noire'));
     }
 
-    public function generateFirewall($for)
+    public function postSave()
     {
         $servers = $this->servers;
-        $found = false;
-        foreach ($servers as $k => $server) {
-            if ($server['name'] === $for) {
-                $found = true;
-                break;
-            }
-        }
-
-        if (!$found) {
-            return;
-        }
 
         $blacklist = Text::explodeNewLines($this->blacklist);
         $clients = Text::explodeNewLines($this->clients);
         $ip = Text::explodeNewLines($this->ip);
 
-        $res = '#!/bin/bash' . "\n";
-
-        $res .= 'apt install bind9 dnsutils' . "\n";
-        $res .= 'service bind9 restart' . "\n";
-
-        $res .= 'blacklist=(' . implode(' ', $blacklist) . ')' . "\n";
+        foreach ($servers as $k => $server) {
+            $fw = '#!/bin/bash' . "\n\n";
+
+            $fw .= 'apt install bind9 dnsutils' . "\n";
+            $fw .= 'service bind9 restart' . "\n\n";
+
+            $fw .= 'blacklist=(' . implode(' ', $blacklist) . ')' . "\n";
+
+            $hosts = [];
+            foreach ($servers as $k => $s) {
+                $hosts[] = '$s' . $k;
+                $fw .= 's' . $k . '=`dig +short ' . $s['name'] . '.cubedesigners.com | tail -1`' . "\n";
+                $others = Text::explodeNewLines($s['others']);
+                foreach ($others as $kk => $o) {
+                    $hosts[] = '$s' . $k . '_' . $kk;
+                    $fw .= 's' . $k . '_' . $kk . '=`dig +short ' . $o . ' | tail -1`' . "\n";
+                }
+            }
+            $fw .= "\n";
 
-        $hosts = [];
-        foreach ($servers as $k => $s) {
-            $hosts[] = '$s' . $k;
-            $res .= 's' . $k . '=`dig +short ' . $s['name'] . '.cubedesigners.com | tail -1`' . "\n";
-            $others = Text::explodeNewLines($s['others']);
-            foreach ($others as $kk => $o) {
-                $hosts[] = '$s' . $k . '_' . $kk;
-                $res .= 's' . $k . '_' . $kk . '=`dig +short ' . $o . ' | tail -1`' . "\n";
+            foreach ($ip as $k => $i) {
+                $hosts[] = '$i' . $k;
+                $fw .= 'i' . $k . '=`dig +short ' . $i . ' | tail -1`' . "\n";
             }
-        }
-        foreach ($ip as $k => $i) {
-            $hosts[] = '$i' . $k;
-            $res .= 'i' . $k . '=`dig +short ' . $i . ' | tail -1`' . "\n";
-        }
+            $fw .= "\n";
 
 
-        $res .= 'auth=(' . implode(' ', $hosts) . ')' . "\n";
+            $fw .= 'auth=(' . implode(' ', $hosts) . ')' . "\n";
 
-        if ($server['backup']) {
-            $backup = [];
-            foreach ($clients as $k => $c) {
-                $backup[] = '$c' . $k;
-                $res .= 'c' . $k . '=`dig +short ' . $c . ' | tail -1`' . "\n";
+            if ($server['backup']) {
+                $backup = [];
+                foreach ($clients as $k => $c) {
+                    $backup[] = '$c' . $k;
+                    $fw .= 'c' . $k . '=`dig +short ' . $c . ' | tail -1`' . "\n";
+                }
+                $fw .= 'backup=(' . implode(' ', $backup) . ')' . "\n";
             }
-            $res .= 'backup=(' . implode(' ', $backup) . ')' . "\n";
-        }
 
-        $openPorts = explode(',',);
-        if ($server['dns']) {
-            $openPorts[] = 53;
-        }
-        if ($server['http']) {
-            $openPorts[] = 80;
-            $openPorts[] = 443;
-        }
+            $openPorts = explode(',', $server['ports']);
+            if ($server['dns']) {
+                $openPorts[] = 53;
+            }
+            if ($server['http']) {
+                $openPorts[] = 80;
+                $openPorts[] = 443;
+            }
+
+            foreach ($openPorts as $openPort) {
+                $fw .= 'ufw allow ' . $openPort . "\n";
+            }
+            $fw .= "\n";
 
-        $res .= 'for ip in "${blacklist[@]}"
+            $fw .= 'for ip in "${blacklist[@]}"
 do
         ufw deny in from $ip
         ufw deny in to $ip
@@ -102,13 +101,13 @@ do
         ufw allow from $ip
         ufw allow to $ip
 done' . "\n\n";
-        if (isset($backup) && count($backup)) {
-            $res .= 'for ip in "${auth[@]}"
+            if (isset($backup) && count($backup)) {
+                $fw .= 'for ip in "${auth[@]}"
 do
         ufw allow in from $ip port 22
 done' . "\n\n";
-        }
-        $res .= '#SSH
+            }
+            $fw .= '#SSH
 ufw deny out 22
 # Finally enable firewall
 ufw --force enable
@@ -124,5 +123,10 @@ rm /etc/ufw/before6.rules.*
 rm /lib/ufw/user6.rules.*
 rm /lib/ufw/user.rules.*
 ';
+
+            file_put_contents(Files::mkdir(resource_path('servers/' . $server['name'])) . 'firewall', $fw);
+        }
+
+
     }
 }
-- 
2.39.5