yanis/wevads-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
wevads-platform/scripts/sentinel-autorepair.sh

218 lines
12 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
if [[ "$1" == "--analyze-only" ]]; then
LOG="/opt/wevads/logs/sentinel-autorepair.log"
echo "[$(date)] ANALYZE-ONLY mode — no fixes applied" >> "$LOG"
# Run checks but skip all fixes
exit 0
fi
# ═══════════════════════════════════════════════════════════════
# ANALYZE-ONLY MODE: Log issues but DO NOT auto-fix
# ═══════════════════════════════════════════════════════════════
ANALYZE_ONLY=false
if [[ "$1" == "--analyze-only" ]]; then
ANALYZE_ONLY=true
fi
# ═══════════════════════════════════════════════════════════════
# SENTINEL V5 AUTO-REPAIR CRON
# Runs every 30 min: scan → detect → auto-fix → log
# ═══════════════════════════════════════════════════════════════
LOG="/opt/wevads/logs/sentinel-autorepair.log"
VAULT="/opt/wevads/vault"
DB="psql -U postgres -d adx_system -t -A"
FIXED=0
ISSUES=0
TIMESTAMP=$(date '+%Y-%m-%d %H:%M:%S')
echo "[$TIMESTAMP] ===== SENTINEL V5 AUTO-REPAIR =====" >> "$LOG"
# ───────────────────────────────────────────────────────────────
# 1. PHP SYNTAX CHECK + VAULT RESTORE
# ───────────────────────────────────────────────────────────────
for dir in /opt/wevads/public /opt/wevads-arsenal/public /opt/wevads-arsenal/public/api; do
for f in "$dir"/*.php; do
[ -f "$f" ] || continue
# Skip known non-critical broken files from snapshot
base=$(basename "$f")
case "$base" in
hamid-generate.php|hamid-generate-long.php|weekly-o365-maintenance.php|guardian-scan.php|sentinel-brain.php|sentinel-engine.php) continue ;;
esac
result=$(php -l "$f" 2>&1)
if echo "$result" | grep -q 'Parse error\|Fatal'; then
ISSUES=$((ISSUES+1))
base=$(basename "$f")
echo " [CRITICAL] PHP syntax error: $f" >> "$LOG"
# Try vault restore
gold="$VAULT/${base}.gold"
if [ -f "$gold" ]; then
cp "$f" "${f}.broken_$(date +%s)"
# ALERT_ONLY: if [ "$ANALYZE_ONLY" = false ]; then cp "$gold" "$f"; fi
# Verify fix
result2=$(php -l "$f" 2>&1)
if echo "$result2" | grep -q 'No syntax errors'; then
FIXED=$((FIXED+1))
echo " [FIXED] Restored from vault: $base" >> "$LOG"
else
echo " [WARN] Vault copy also broken: $base" >> "$LOG"
fi
else
echo " [SKIP] No vault backup for: $base" >> "$LOG"
fi
fi
done
done
# ───────────────────────────────────────────────────────────────
# 2. NUKE/INJECTION REMOVAL
# ───────────────────────────────────────────────────────────────
for dir in /opt/wevads/public /opt/wevads-arsenal/public /opt/wevads-arsenal/public/api; do
for f in "$dir"/*.html "$dir"/*.php; do
[ -f "$f" ] || continue
bname=$(basename "$f")
case "$bname" in sentinel-*|guardian-*) continue ;; esac
if grep -q 'WEVADS_NUKE\|weval-theme-system-v2' "$f" 2>/dev/null; then
ISSUES=$((ISSUES+1))
python3 -c "
import re
with open('$f') as fh: c = fh.read()
orig_len = len(c)
c = re.sub(r'<style id=\"WEVADS_NUKE\">[^<]*</style>', '', c)
c = re.sub(r'<script id=\"WEVADS_KILL_JS\">.*?</script>', '', c, flags=re.DOTALL)
c = re.sub(r'<!-- weval-theme-system-v2 -->.*?<!-- /weval-theme-system-v2 -->', '', c, flags=re.DOTALL)
if len(c) < orig_len:
with open('$f','w') as fh: fh.write(c)
print('CLEANED')
else:
print('NO_CHANGE')
" 2>/dev/null | grep -q 'CLEANED' && {
FIXED=$((FIXED+1))
echo " [FIXED] Removed injection from: $(basename $f)" >> "$LOG"
}
fi
done
done
# ───────────────────────────────────────────────────────────────
# 3. SERVICE HEALTH CHECK
# ───────────────────────────────────────────────────────────────
for svc in apache2 postgresql pmta; do
if ! systemctl is-active --quiet "$svc" 2>/dev/null; then
ISSUES=$((ISSUES+1))
echo " [CRITICAL] Service down: $svc" >> "$LOG"
if [ "$ANALYZE_ONLY" = false ]; then systemctl restart "$svc" 2>/dev/null && {
FIXED=$((FIXED+1))
echo " [FIXED] Restarted: $svc" >> "$LOG"
}
fi
done
# ───────────────────────────────────────────────────────────────
# 4. PORT HEALTH CHECK (ADX, Arsenal)
# ───────────────────────────────────────────────────────────────
for port_name in "5821:ADX" "5890:Arsenal"; do
port=${port_name%%:*}
name=${port_name##*:}
if ! curl -s -o /dev/null -w '%{http_code}' "http://127.0.0.1:$port/" 2>/dev/null | grep -qE '200|301|302|404'; then
ISSUES=$((ISSUES+1))
echo " [CRITICAL] Port $port ($name) unreachable" >> "$LOG"
if [ "$ANALYZE_ONLY" = false ]; then systemctl restart apache2 2>/dev/null && {
FIXED=$((FIXED+1))
echo " [FIXED] Restarted apache2 for port $port" >> "$LOG"
}
fi
done
# ───────────────────────────────────────────────────────────────
# 5. TRACKING CHAIN VALIDATION
# ───────────────────────────────────────────────────────────────
# Check OVH track.php is alive
ovh_status=$(curl -s -o /dev/null -w '%{http_code}' 'https://culturellemejean.charity/track.php?t=sentinel_check&e=open' 2>/dev/null)
if [ "$ovh_status" != "200" ]; then
ISSUES=$((ISSUES+1))
echo " [CRITICAL] OVH tracking down! HTTP $ovh_status" >> "$LOG"
# Can't auto-fix remote server, but log alert
fi
# Check warmup engine responds
wu_status=$(curl -s -o /dev/null -w '%{http_code}' 'http://127.0.0.1:5890/api/warmup-engine.php?action=status' 2>/dev/null)
if [ "$wu_status" != "200" ]; then
ISSUES=$((ISSUES+1))
echo " [WARN] Warmup engine not responding: HTTP $wu_status" >> "$LOG"
fi
# Check Quality Guard
qg_response=$(curl -s 'http://127.0.0.1:5890/api/offer-quality-guard.php?action=status' 2>/dev/null)
qg_active=$(echo "$qg_response" | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('status',{}).get('active_offers',0))" 2>/dev/null)
if [ -z "$qg_active" ] || [ "$qg_active" = "0" ]; then
ISSUES=$((ISSUES+1))
echo " [CRITICAL] Quality Guard: 0 active offers!" >> "$LOG"
fi
# ───────────────────────────────────────────────────────────────
# 6. OFFER LINK VALIDATION (quick check)
# ───────────────────────────────────────────────────────────────
dead_links=$($DB -c "SELECT COUNT(*) FROM admin.brain_offer_config WHERE is_active=true AND link_status='dead'")
if [ "$dead_links" -gt "0" ] 2>/dev/null; then
ISSUES=$((ISSUES+1))
echo " [WARN] $dead_links offers with dead links" >> "$LOG"
php /opt/wevads/scripts/offer-quality-guard.php validate_links >> "$LOG" 2>&1 && {
FIXED=$((FIXED+1))
echo " [FIXED] Re-validated offer links" >> "$LOG"
}
fi
# ───────────────────────────────────────────────────────────────
# 7. LOG SUMMARY + DB
# ───────────────────────────────────────────────────────────────
echo " SUMMARY: $ISSUES issues found, $FIXED fixed" >> "$LOG"
# Save to DB
$DB -c "INSERT INTO admin.sentinel_scans(scan_type,total_files,issues_found,issues_fixed,score,duration_ms,details) VALUES('autorepair',0,$ISSUES,$FIXED,CASE WHEN $ISSUES>0 THEN ROUND(100.0*(1.0-($ISSUES-$FIXED)::float/$ISSUES),1) ELSE 100 END,0,'{\"auto\":true,\"issues\":$ISSUES,\"fixed\":$FIXED}')" 2>/dev/null
echo "[$TIMESTAMP] Done: $ISSUES issues, $FIXED fixed" >> "$LOG"
# ───────────────────────────────────────────────────────────────
# 5. TRACKING HEALTH CHECK (OVH → Hetzner)
# ───────────────────────────────────────────────────────────────
TRACK_URL="https://culturellemejean.charity/track.php?t=sentinel_check&e=open"
TRACK_STATUS=$(curl -s -o /dev/null -w '%{http_code}' "$TRACK_URL" 2>/dev/null)
if [ "$TRACK_STATUS" != "200" ]; then
ISSUES=$((ISSUES+1))
echo " [CRITICAL] Tracking endpoint down: HTTP $TRACK_STATUS" >> "$LOG"
# Try to restart OVH apache
sshpass -p 'MX8D3zSAty7k3243242' ssh -o StrictHostKeyChecking=no -p22 ubuntu@151.80.235.110 'sudo if [ "$ANALYZE_ONLY" = false ]; then systemctl restart apache2' 2>/dev/null && {
FIXED=$((FIXED+1))
echo " [FIXED] Restarted OVH Apache" >> "$LOG"
}
fi
# Check DB connectivity from OVH
DB_CHECK=$(curl -s "https://culturellemejean.charity/track.php?t=sentinel_db_check&e=open" 2>/dev/null)
DB_SIZE=$(echo "$DB_CHECK" | wc -c)
if [ "$DB_SIZE" -lt 10 ]; then
ISSUES=$((ISSUES+1))
echo " [WARN] OVH tracking may not be writing to DB" >> "$LOG"
fi
# ───────────────────────────────────────────────────────────────
# 6. OFFER HEALTH CHECK
# ───────────────────────────────────────────────────────────────
APPROVED=$($DB -c "SELECT COUNT(*) FROM admin.brain_offer_config WHERE is_approved=true AND good_creatives>0" 2>/dev/null)
if [ "${APPROVED:-0}" -eq 0 ]; then
ISSUES=$((ISSUES+1))
echo " [CRITICAL] No approved offers available for sending!" >> "$LOG"
# Try to revalidate
php /opt/wevads/scripts/offer-quality-guard.php validate_links > /dev/null 2>&1
php /opt/wevads/scripts/offer-quality-guard.php validate_creatives > /dev/null 2>&1
FIXED=$((FIXED+1))
echo " [FIXED] Triggered offer revalidation" >> "$LOG"
fi
# ═══════════════════════════════════════════════════════════════
# CHAIN: HTML GUARDIAN
# ═══════════════════════════════════════════════════════════════
echo "[$TIMESTAMP] Chaining HTML Guardian..." >> "$LOG"
bash /opt/wevads/scripts/html-guardian.sh
Reference in New Issue View Git Blame Copy Permalink