132 lines
7.1 KiB
PHP
132 lines
7.1 KiB
PHP
<?php
|
|
// WEVIA Phase 2 CF-Bypass - 4 prompts doctrine 77 (cf_dns, cert, vhost, status)
|
|
// V37 Opus 17avr - UX guide avant tout WRITE gated
|
|
// Chaque prompt affiche: pre-flight + blockers + mot magique + alternatives
|
|
|
|
header('Content-Type: application/json');
|
|
$msg = $_GET['msg'] ?? '';
|
|
$type = $_GET['type'] ?? 'status'; // status | cf_dns | cert | vhost
|
|
|
|
// Helper: call sentinel S95 to exec a check command
|
|
function s95_exec($cmd, $timeout = 8) {
|
|
$url = 'https://wevads.weval-consulting.com/api/sentinel-brain.php';
|
|
$ch = curl_init($url);
|
|
curl_setopt_array($ch, [
|
|
CURLOPT_POST => true,
|
|
CURLOPT_POSTFIELDS => http_build_query([
|
|
'action' => 'exec',
|
|
'cmd' => $cmd
|
|
]),
|
|
CURLOPT_RETURNTRANSFER => true,
|
|
CURLOPT_TIMEOUT => $timeout,
|
|
]);
|
|
$r = curl_exec($ch);
|
|
curl_close($ch);
|
|
$d = @json_decode($r, true);
|
|
return trim($d['output'] ?? '');
|
|
}
|
|
|
|
$result = ['type' => 'UX_GUIDE_V37', 'intent_type' => $type];
|
|
|
|
switch ($type) {
|
|
case 'cf_dns':
|
|
// Pre-flight CF DNS record
|
|
$dns_current = s95_exec('dig +short track.s95.wevup.app A @1.1.1.1 2>/dev/null | head -1');
|
|
$script_ready = s95_exec('test -x /usr/local/sbin/wevads-cf-dns-add-track.sh && echo YES || echo NO');
|
|
$creds_ok = s95_exec('PGPASSWORD=admin123 psql -h localhost -U admin -d adx_system -t -A -c "SELECT (api_key IS NOT NULL AND LENGTH(api_key) > 10) FROM cloudflare_accounts WHERE id=37;" 2>/dev/null');
|
|
|
|
$result['preflight'] = [
|
|
'dns_current_value' => $dns_current ?: 'EMPTY (expected, record not yet created)',
|
|
'api_script_ready' => $script_ready,
|
|
'cf_creds_available' => ($creds_ok === 't') ? 'YES' : 'NO',
|
|
'zone_id' => '53e067fbc5c532a142222d60f7ecda9d',
|
|
'target_ip' => '95.216.167.89',
|
|
'grey_cloud' => 'proxied=false (VRAI bypass CF)',
|
|
];
|
|
$result['blockers'] = [];
|
|
if ($script_ready !== 'YES') $result['blockers'][] = 'script wevads-cf-dns-add-track.sh missing';
|
|
if ($creds_ok !== 't') $result['blockers'][] = 'CF credentials account 37 missing or invalid';
|
|
if (!empty($dns_current) && $dns_current !== '95.216.167.89') $result['blockers'][] = "DNS already points to $dns_current (should be empty or 95.216.167.89)";
|
|
|
|
$result['magic_word'] = 'ajoute dns track s95 confirmed';
|
|
$result['message'] = empty($result['blockers'])
|
|
? "PRE-FLIGHT OK. Pour creer le A record via CF API, tape: 'ajoute dns track s95 confirmed'"
|
|
: "BLOCKERS detectes, voir blockers[]";
|
|
break;
|
|
|
|
case 'cert':
|
|
$dns_resolved = s95_exec('dig +short track.s95.wevup.app A @1.1.1.1 2>/dev/null | head -1');
|
|
$port80_ok = s95_exec('curl -s -o /dev/null -w "%{http_code}" -m 5 "http://track.s95.wevup.app/.well-known/acme-challenge/test" 2>/dev/null');
|
|
$certbot_ok = s95_exec('which certbot && certbot --version 2>&1 | head -1');
|
|
$cert_exists = s95_exec('test -d /etc/letsencrypt/live/track.s95.wevup.app && echo EXISTS || echo NONE');
|
|
|
|
$result['preflight'] = [
|
|
'dns_resolves_to' => $dns_resolved ?: 'NOT_PROPAGATED',
|
|
'expected_ip' => '95.216.167.89',
|
|
'dns_match' => ($dns_resolved === '95.216.167.89') ? 'YES' : 'NO (wait for DNS propagation or check grey cloud)',
|
|
'port_80_http_code' => $port80_ok ?: 'UNREACHABLE',
|
|
'certbot_version' => $certbot_ok,
|
|
'cert_already_exists' => $cert_exists,
|
|
];
|
|
$result['blockers'] = [];
|
|
if ($dns_resolved !== '95.216.167.89') $result['blockers'][] = "DNS not propagated yet or wrong target (got '$dns_resolved')";
|
|
if (!in_array($port80_ok, ['200', '404'])) $result['blockers'][] = "port 80 returns '$port80_ok' (expected 200 or 404)";
|
|
if ($cert_exists === 'EXISTS') $result['blockers'][] = "cert already exists, no-op";
|
|
|
|
$result['magic_word'] = 'cert track s95 confirmed';
|
|
$result['message'] = empty($result['blockers'])
|
|
? "PRE-FLIGHT OK. Pour generer le cert LE, tape: 'cert track s95 confirmed'"
|
|
: "BLOCKERS detectes, DNS probablement pas encore propagé (attendre 2-5 min)";
|
|
break;
|
|
|
|
case 'vhost':
|
|
$cert_ok = s95_exec('test -f /etc/letsencrypt/live/track.s95.wevup.app/fullchain.pem && echo YES || echo NO');
|
|
$apache_ok = s95_exec('curl -s -o /dev/null -w "%{http_code}" -m 3 http://127.0.0.1:58421/ 2>/dev/null');
|
|
$vhost_exists = s95_exec('test -L /etc/nginx/sites-enabled/track-s95-wevup.conf && echo EXISTS || echo NONE');
|
|
$script_ready = s95_exec('test -x /usr/local/sbin/wevads-track-s95-vhost.sh && echo YES || echo NO');
|
|
|
|
$result['preflight'] = [
|
|
'cert_available' => $cert_ok,
|
|
'apache_58421_http' => $apache_ok ?: 'UNREACHABLE',
|
|
'vhost_already_enabled' => $vhost_exists,
|
|
'deploy_script_ready' => $script_ready,
|
|
];
|
|
$result['blockers'] = [];
|
|
if ($cert_ok !== 'YES') $result['blockers'][] = 'cert LE missing, run cert gated first';
|
|
if ($script_ready !== 'YES') $result['blockers'][] = 'deploy script missing';
|
|
if ($vhost_exists === 'EXISTS') $result['blockers'][] = 'vhost already deployed, use rollback first if you want to redeploy';
|
|
|
|
$result['magic_word'] = 'deploy vhost track s95 confirmed';
|
|
$result['message'] = empty($result['blockers'])
|
|
? "PRE-FLIGHT OK. Pour deployer le vhost nginx + reload, tape: 'deploy vhost track s95 confirmed'"
|
|
: "BLOCKERS detectes";
|
|
break;
|
|
|
|
case 'status':
|
|
default:
|
|
$dns = s95_exec('dig +short track.s95.wevup.app A @1.1.1.1 2>/dev/null | head -1');
|
|
$cert = s95_exec('test -f /etc/letsencrypt/live/track.s95.wevup.app/fullchain.pem && openssl x509 -in /etc/letsencrypt/live/track.s95.wevup.app/cert.pem -noout -enddate 2>/dev/null | cut -d= -f2 || echo NONE');
|
|
$vhost = s95_exec('test -L /etc/nginx/sites-enabled/track-s95-wevup.conf && echo YES || echo NO');
|
|
$healthz = s95_exec('curl -s -m 3 https://track.s95.wevup.app/healthz 2>/dev/null | head -c 50');
|
|
$scripts = s95_exec('ls /usr/local/sbin/wevads-*track* /usr/local/sbin/wevads-cf-dns* 2>/dev/null | wc -l');
|
|
|
|
$result['phase_2_status'] = [
|
|
'dns_resolves_to' => $dns ?: 'NOT_CREATED',
|
|
'cert_expiry' => $cert,
|
|
'vhost_enabled' => $vhost,
|
|
'healthz_response' => $healthz ?: 'UNREACHABLE',
|
|
'scripts_deployed' => (int)$scripts,
|
|
'business_live' => ($vhost === 'YES' && strpos($healthz, 'track-s95-ok') !== false) ? 'YES' : 'NO',
|
|
];
|
|
|
|
$next = [];
|
|
if (empty($dns) || $dns === 'NOT_CREATED') $next[] = "1) 'ajoute dns track s95' pour pre-flight CF DNS";
|
|
if ($cert === 'NONE') $next[] = "2) 'cert track s95' apres DNS propagation";
|
|
if ($vhost !== 'YES') $next[] = "3) 'deploy vhost track s95' apres cert";
|
|
if (empty($next)) $next[] = "Phase 2 LIVRE. Pour rollback: 'rollback track s95 confirmed'";
|
|
$result['next_steps'] = $next;
|
|
break;
|
|
}
|
|
|
|
echo json_encode($result, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
|