wevads-platform/scripts/api_run_script.php

<?php
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *');

$script = $_GET['script'] ?? $_POST['script'] ?? null;

if (!$script) {
    echo json_encode(['success' => false, 'error' => 'No script specified']);
    exit;
}

// Sécurité: vérifier que le script est dans les dossiers autorisés
$allowedPaths = ['/opt/wevads/scripts/', '/opt/wevads/cron/', '/opt/wevads/public/'];
$isAllowed = false;
foreach ($allowedPaths as $path) {
    if (strpos($script, $path) === 0) {
        $isAllowed = true;
        break;
    }
}

if (!$isAllowed || !file_exists($script)) {
    echo json_encode(['success' => false, 'error' => 'Script not found or not allowed: ' . $script]);
    exit;
}

// Déterminer comment exécuter le script
$ext = pathinfo($script, PATHINFO_EXTENSION);
switch ($ext) {
    case 'sh':
        $cmd = "bash " . escapeshellarg($script) . " 2>&1";
        break;
    case 'py':
        $cmd = "/usr/bin/python3 " . escapeshellarg($script) . " 2>&1";
        break;
    case 'php':
        $cmd = "/usr/bin/php " . escapeshellarg($script) . " 2>&1";
        break;
    default:
        echo json_encode(['success' => false, 'error' => 'Unknown script type']);
        exit;
}

// Exécuter avec timeout de 60 secondes
$output = [];
$returnCode = 0;
exec("timeout 60 " . $cmd, $output, $returnCode);

$outputStr = implode("\n", $output);
if (strlen($outputStr) > 2000) {
    $outputStr = substr($outputStr, 0, 2000) . "\n... (truncated)";
}

echo json_encode([
    'success' => $returnCode === 0,
    'output' => $outputStr ?: 'Script executed (no output)',
    'return_code' => $returnCode,
    'script' => basename($script)
]);