From 426e574b85d363cd5a1fa256034dc2a281fc7272 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 15 May 2020 17:24:05 +0200
Subject: [remoteaccess] New module

---
 modules-available/remoteaccess/api.inc.php | 77 ++++++++++++++++++++++++++++++
 1 file changed, 77 insertions(+)
 create mode 100644 modules-available/remoteaccess/api.inc.php

(limited to 'modules-available/remoteaccess/api.inc.php')

diff --git a/modules-available/remoteaccess/api.inc.php b/modules-available/remoteaccess/api.inc.php
new file mode 100644
index 00000000..2e1e4bf9
--- /dev/null
+++ b/modules-available/remoteaccess/api.inc.php
@@ -0,0 +1,77 @@
+<?php
+
+$ip = $_SERVER['REMOTE_ADDR'];
+if (substr($ip, 0, 7) === '::ffff:') $ip = substr($ip, 7);
+
+$password = Request::post('password', false, 'string');
+if ($password !== false) {
+	$c = Database::queryFirst("SELECT machineuuid FROM machine WHERE clientip = :ip", ['ip' => $ip]);
+	if ($c !== false) {
+		Database::exec("INSERT INTO remoteaccess_machine (machineuuid, password)
+				VALUES (:uuid, :passwd)
+				ON DUPLICATE KEY UPDATE password = VALUES(password)", ['uuid' => $c['machineuuid'], 'passwd' => $password]);
+	}
+	exit;
+}
+
+$range = IpUtil::parseCidr(Property::get(RemoteAccess::PROP_ALLOWED_VNC_NET));
+if ($range === false) {
+	die('No allowed IP defined');
+}
+$iplong = ip2long($ip);
+if (PHP_INT_SIZE === 4) {
+	$iplong = sprintf('%u', $iplong);
+}
+if ($iplong < $range['start'] || $iplong > $range['end']) {
+	die('Access denied');
+}
+
+Header('Content-Type: application/json');
+
+$remoteLocations = RemoteAccess::getEnabledLocations();
+
+if (empty($remoteLocations)) {
+	$rows = [];
+} else {
+// TODO fail-counter for WOL, so we can ignore machines that apparently can't be woken up
+// -> Reset counter in our ~poweron hook, but only if the time roughly matches a WOL attempt (within ~5 minutes)
+	$rows = Database::queryAll("SELECT m.clientip, m.locationid, m.state, ram.password, ram.woltime FROM machine m
+	LEFT JOIN remoteaccess_machine ram ON (ram.machineuuid = m.machineuuid AND (ram.password IS NOT NULL OR m.state <> 'IDLE'))
+	LEFT JOIN runmode r ON (r.machineuuid = m.machineuuid)
+	WHERE m.locationid IN (:locs)
+		AND r.machineuuid IS NULL",
+		['locs' => $remoteLocations]);
+
+	$wolCut = time() - 90;
+	foreach ($rows as &$row) {
+		if (($row['state'] === 'OFFLINE' || $row['state'] === 'STANDBY') && $row['woltime'] > $wolCut) {
+			$row['wol_in_progress'] = true;
+		}
+		settype($row['locationid'], 'int');
+		unset($row['woltime']);
+	}
+}
+
+$groups = Database::queryAll("SELECT g.groupid AS id, g.groupname AS name,
+       GROUP_CONCAT(l.locationid) AS locationids, g.passwd AS password
+	FROM remoteaccess_group g INNER JOIN remoteaccess_x_location l USING (groupid)
+	WHERE g.active = 1
+	GROUP BY g.groupid");
+foreach ($groups as &$group) {
+	$group['locationids'] = explode(',', $group['locationids']);
+	if (empty($group['password'])) {
+		unset($group['password']);
+	}
+	settype($group['id'], 'int');
+	foreach ($group['locationids'] as &$lid) {
+		settype($lid, 'int');
+	}
+}
+
+$fakeid = 100000;
+echo json_encode(['clients' => $rows, 'locations' => $groups]);
+
+// WTF, this makes the server return a 500 -.-
+//fastcgi_finish_request();
+
+RemoteAccess::ensureMachinesRunning();
-- 
cgit v1.2.3-55-g7522