<?php
/**
* @copyright 2021 Double Bastion LLC <www.doublebastion.com>
*
* @author Double Bastion LLC
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
declare(strict_types=1);
namespace OCA\SMSRelentless\Controller;
use OCP\AppFramework\ApiController;
use OCP\IRequest;
use OCA\SMSRelentless\Service\SmsrelentlessService;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCSController;
use OCP\IUserSession;
use \DateTime;
use OCP\AppFramework\Controller;
use OCP\Files\IAppData;
use OCP\AppFramework\App;
use OCP\Files\NotPermittedException;
use \ReflectionClass;
use OCP\Notification;
use OCP\Notification\INotification;
use OCP\Notification\IManager;
use OCP\Notification\IAction;
use Plivo\RestClient;
use Plivo\Util\signatureValidation;
class AuthorApiController extends ApiController {
private $service;
private $userId;
public function __construct($appName, IRequest $request, SmsrelentlessService $service, $userId) {
parent::__construct(
$appName,
$request,
'PUT, POST, GET, DELETE, PATCH',
'Authorization, Content-Type, Accept',
1728000);
$this->service = $service;
$this->userId = $userId;
}
/**
* @NoAdminRequired
*/
public function object_to_array($obj) {
if(is_object($obj)) $obj = (array)$this->dismount($obj);
if(is_array($obj)) {
$new = array();
foreach($obj as $key => $val) {
$new[$key] = $this->object_to_array($val);
}
}
else $new = $obj;
return $new;
}
/**
* @NoAdminRequired
*/
public function dismount($object) {
$reflectionClass = new ReflectionClass(get_class($object));
$array = array();
foreach ($reflectionClass->getProperties() as $property) {
$property->setAccessible(true);
$array[$property->getName()] = $property->getValue($object);
$property->setAccessible(false);
}
return $array;
}
/**
* @NoAdminRequired
*/
public function verifyHeader($receiveddata, $signature_header, $timestamp, $public_key = '', $tolerance = null ) {
// Typecast timestamp to int for comparisons
$timestamp = (int)$timestamp;
// Check if timestamp is within tolerance
if (($tolerance > 0) && (\abs(\time() - $timestamp) > $tolerance)) {
return false;
} else {
// Convert base64 string to bytes for sodium crypto functions
$public_key_bytes = base64_decode($public_key);
$signature_header_bytes = base64_decode($signature_header);
// Construct a message to test against the signature header using the timestamp and payload
$constructed_string = $timestamp . '|' . $receiveddata;
if (!\sodium_crypto_sign_verify_detached($signature_header_bytes, $constructed_string, $public_key_bytes)) {
return false;
} else {
return true;
}
}
}
/**
* @NoAdminRequired
* @NoCSRFRequired
* @PublicPage
*/
public function recdeliveryreptel() {
$request = file_get_contents("php://input");
$recdata = json_decode($request, TRUE);
$delsmswebhookurl = $recdata["data"]["payload"]["webhook_url"];
$ncuserfortelnyxdel = $this->service->getuserbyteldelrwhurl($delsmswebhookurl);
if ($ncuserfortelnyxdel != '' && $ncuserfortelnyxdel != null && $ncuserfortelnyxdel != 'undefined') {
$messageid = $recdata["data"]["payload"]["id"];
$network = $recdata["data"]["payload"]["to"][0]["carrier"];
$messageprice = $recdata["data"]["payload"]["cost"]["amount"];
$deliverystatus = $recdata["data"]["payload"]["to"][0]["status"];
$goterrorinit = $recdata["data"]["payload"]["errors"];
if (!empty($goterrorinit)) {
$retrievedtitle = $recdata["data"]["payload"]["errors"][0]["title"];
$retrievedcode = $recdata["data"]["payload"]["errors"][0]["code"];
$messagestatus = "(Error " . $retrievedcode . ") " . $retrievedtitle;
} else {
$messagestatus = "Success ! The message has been successfully accepted for delivery.";
}
return $this->service->updatedeliverystatustel($ncuserfortelnyxdel, $messageid, $network, $messageprice, $messagestatus, $deliverystatus);
} else { return "access denied"; }
}
/**
* @NoAdminRequired
* @NoCSRFRequired
* @PublicPage
*/
public function recdeliveryrepnex() {
$plivodrurl = $_SERVER['REQUEST_SCHEME'] . "://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$ncuserforplivodel = $this->service->getuserbyplivodelrwhurl($plivodrurl);
if ($ncuserforplivodel != '' && $ncuserforplivodel != null && $ncuserforplivodel != 'undefined') {
$networkcode = "";
$mStatus = "";
if (isset($_REQUEST["MessageUUID"])) { $messageid = $_REQUEST["MessageUUID"]; }
if (isset($_REQUEST["MCC"]) && isset($_REQUEST["MNC"])) { $networkcode = $_REQUEST["MCC"] . " " . $_REQUEST["MNC"]; }
if (isset($_REQUEST["TotalAmount"])) { $messageprice = $_REQUEST["TotalAmount"]; }
if (isset($_REQUEST["ErrorCode"]) && $_REQUEST["ErrorCode"] == "") {
$mStatus = "Success ! The message has been successfully accepted for delivery.";
} elseif (isset($_REQUEST["ErrorCode"]) && $_REQUEST["ErrorCode"] != "") { $mStatus = "Error " . $_REQUEST["ErrorCode"]; }
if (isset($_REQUEST["Status"])) { $deliverystatus = $_REQUEST["Status"]; }
return $this->service->updatedeliverystatusnex($ncuserforplivodel, $messageid, $networkcode, $messageprice, $mStatus, $deliverystatus);
} else { return "access denied"; }
}
/**
* @NoAdminRequired
* @NoCSRFRequired
* @PublicPage
*/
public function receivesmstel() {
$signature = $_SERVER['HTTP_TELNYX_SIGNATURE_ED25519'];
$timestamp = $_SERVER['HTTP_TELNYX_TIMESTAMP'];
$receivereq = file_get_contents('php://input');
$recmesdata = json_decode($receivereq, TRUE);
$recsmswebhookurl = $recmesdata["data"]["payload"]["webhook_url"];
$ncuserfortelnyx = $this->service->getuserbytelrecwhurl($recsmswebhookurl);
$credentials = $this->service->getapicredentials($ncuserfortelnyx);
$telpubkey = $credentials[1];
// Verify message signature
$signatureverify = $this->verifyHeader($receivereq, $signature, $timestamp, $telpubkey, $tolerance = 30);
if ($signatureverify) {
if ($ncuserfortelnyx != '' && $ncuserfortelnyx != null && $ncuserfortelnyx != 'undefined') {
$messagetext = $recmesdata["data"]["payload"]["text"];
$messageid = $recmesdata["data"]["payload"]["id"];
$messagedate = date("Y-m-d H:i:s");
$messagefrom = $recmesdata["data"]["payload"]["from"]["phone_number"];
$messageto = "Telnyx: " . $recmesdata["data"]["payload"]["to"][0]["phone_number"];
$recmessagearr = [$messageid, $messagedate, $messagefrom, $messageto, $messagetext];
$this->service->insertrecsms($ncuserfortelnyx, $recmessagearr);
// Send notifications
$nameofhost = exec("hostname");
$telsmsapicred = $this->service->getapicredentials($ncuserfortelnyx);
$telnotify = $telsmsapicred[12];
$emailaddress = $telsmsapicred[13];
$includemessageinemail = $telsmsapicred[14];
if ($telnotify != 0 ) {
$notifytel = exec("php ./occ notification:generate ".$ncuserfortelnyx." 'SMS Relentless has received a new SMS message !' -l 'You can read the new message by going to SMS Relentless and clicking on the Received SMS Messages button.'");
}
if ($emailaddress != '') {
$gmtind = "UTC " . date('P');
$smsdateinit = date("Y-m-d H:i:s");
$smsdate = $smsdateinit . " " . $gmtind;
$subject = "New SMS message received";
if ($includemessageinemail == 0) {
$message = "Hello, <br><br> You have received a new message on ".$smsdate." .<br> You can check the new message by going to 'SMS Relentless' > 'Received SMS Messages'. <br><br> Yours, <br> SMS Relentless <br> An SMS application for Nextcloud <br> Host: '".$nameofhost."' <br>";
} else {
$message = "Hello, <br><br> You have received a new message on ".$smsdate." :<br><br><br> Message ID: ".$messageid." <br> Message Date: ".$messagedate." <br> From: ".$messagefrom." <br> To: ".$messageto."<br> Message Text: <br><br><b>".$messagetext."</b><br><br>____________<br><br> Yours, <br> SMS Relentless <br> An SMS application for Nextcloud <br> Host: '".$nameofhost."' <br>";
}
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type: text/html; charset=UTF-8" . "\r\n";
// Set the email sender
$headers .= "From: " . $emailaddress . "\r\n";
$headers .= "Reply-To: " . $emailaddress . "\r\n";
mail($emailaddress, $subject, $message, $headers);
}
return http_response_code(200);
} else { return "access denied"; }
} else { return "access denied"; }
}
/**
* @NoAdminRequired
* @NoCSRFRequired
* @PublicPage
*/
public function receivesmsnex() {
$plivosignature = $_SERVER['HTTP_X_PLIVO_SIGNATURE_V2'];
$plivononce = $_SERVER["HTTP_X_PLIVO_SIGNATURE_V2_NONCE"];
$plivorecurl = $_SERVER['REQUEST_SCHEME'] . "://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$ncuserforplivo = $this->service->getuserbyplivorecwhurl($plivorecurl);
$smsapicred = $this->service->getapicredentials($ncuserforplivo);
$plivoauthtoken = $smsapicred[6];
$baseplivourlinit = explode("?", $plivorecurl);
$baseplivoURI = $baseplivourlinit[0];
// Verify message signature
$SigValidation = new signatureValidation();
$signverify = $SigValidation->validateSignature($baseplivoURI, $plivononce, $plivosignature, $plivoauthtoken);
if ($signverify) {
if ($ncuserforplivo != '' && $ncuserforplivo != null && $ncuserforplivo != 'undefined') {
$messageid = $_REQUEST["MessageUUID"];
$messagedate = date("Y-m-d H:i:s");
$messagefrom = "+" . $_REQUEST['From'];
$messageto = "Plivo: +" . $_REQUEST['To'];
$messagetext = $_REQUEST['Text'];
$recmessagearr = [$messageid, $messagedate, $messagefrom, $messageto, $messagetext];
$this->service->insertrecsms($ncuserforplivo, $recmessagearr);
// Send notifications
$nameofhost = exec("hostname");
$nextnotify = $smsapicred[12];
$emailaddress = $smsapicred[13];
$includemessageinemail = $smsapicred[14];
if ($nextnotify != 0 ) {
$notifynext = exec("php ./occ notification:generate ".$ncuserforplivo." 'SMS Relentless has received a new SMS message !' -l 'You can read the new message by going to SMS Relentless and clicking on the Received SMS Messages button.'");
}
if ($emailaddress != '') {
$gmtind = "UTC " . date('P');
$smsdateinit = date("Y-m-d H:i:s");
$smsdate = $smsdateinit . " " . $gmtind;
$subject = "New SMS message received";
if ($includemessageinemail == 0) {
$message = "Hello, <br><br> You have received a new message on ".$smsdate." .<br> You can check the new message by going to 'SMS Relentless' > 'Received SMS Messages'. <br><br> Yours, <br> SMS Relentless <br> An SMS application for Nextcloud <br> Host: '".$nameofhost."' <br>";
} else {
$message = "Hello, <br><br> You have received a new message on ".$smsdate." :<br><br><br> Message ID: ".$messageid." <br> Message Date: ".$messagedate." <br> From: ".$messagefrom." <br> To: ".$messageto."<br> Message Text: <br><br><b>".$messagetext."</b><br><br>____________<br><br> Yours, <br> SMS Relentless <br> An SMS application for Nextcloud <br> Host: '".$nameofhost."' <br>";
}
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type: text/html; charset=UTF-8" . "\r\n";
// Set the email sender
$headers .= "From: " . $emailaddress . "\r\n";
$headers .= "Reply-To: " . $emailaddress . "\r\n";
mail($emailaddress, $subject, $message, $headers);
}
return http_response_code(200);
} else { return "access denied"; }
} else { return "access denied"; }
}
}