yanis/wevia-brain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
wevia-brain/auth-sovereign-scanner.sh
Yanis Mahboub b86aed20b3 Wave 143: Router 6051L — reinit after corrupt objects
2026-04-12 23:01:36 +02:00

77 lines
4.4 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# WEVIA SOVEREIGN AUTH SCANNER v1.0
# Uses Groq to validate page classification + tests all pages
# Cron: every 6h alongside l99-sso-test.sh
LOG="/var/log/wevia-director/auth-scanner.log"
DATE=$(date "+%Y-%m-%d %H:%M")
P=0; F=0; T=0; W=0
# PUBLIC pages — must return 200
PUBLIC="/index.html /pricing.html /booking.html /cgu.html /privacy-policy.html /terms-of-service.html /wevia.html /wevia-widget.html /enterprise-model.html /plan-du-site.html /trust-center.html /solution-finder.html /case-studies.html /use-cases.html /huawei-cloud.html /ecosysteme-ia-maroc.html /data-deletion.html /login"
for p in $PUBLIC; do
T=$((T+1))
C=$(curl -sk -o /dev/null -w "%{http_code}" --max-time 3 -H "Cookie: x=y" "https://127.0.0.1$p" -H "Host: weval-consulting.com")
[ "$C" = "200" ] && P=$((P+1)) || { F=$((F+1)); echo "[$DATE] FAIL public $p=$C" >> $LOG; }
done
# PUBLIC patterns
for prefix in /products/ /blog/ /service/ /contact-us/ /ethica/; do
T=$((T+1))
SAMPLE=$(find /var/www/html${prefix} -name "*.html" -maxdepth 1 2>/dev/null | head -1 | sed "s|/var/www/html||")
[ -z "$SAMPLE" ] && continue
C=$(curl -sk -o /dev/null -w "%{http_code}" --max-time 3 -H "Cookie: x=y" "https://127.0.0.1$SAMPLE" -H "Host: weval-consulting.com")
[ "$C" = "200" ] && P=$((P+1)) || { F=$((F+1)); echo "[$DATE] FAIL public $SAMPLE=$C" >> $LOG; }
done
# PROTECTED pages — must return 302 without cookie
PROTECTED_SAMPLES="/admin.html /agents-alive.html /blade-ai.html /l99-fullscreen.html /wevia-master.html /director.html /crm.html /crons-monitor.html /test-report/report.html /warmup-manager.html /architecture.html /command-center.html /ethica-monitor.html /mega-command-center.html /wevia-go-live.html /security-dashboard.html /technology-radar.html /tools-hub.html /ops-center.html /apps.html"
for p in $PROTECTED_SAMPLES; do
T=$((T+1))
C=$(curl -sk -o /dev/null -w "%{http_code}" --max-time 3 -H "Cookie: PHPSESSID=fake" "https://127.0.0.1$p" -H "Host: weval-consulting.com")
[ "$C" = "302" ] && P=$((P+1)) || { F=$((F+1)); echo "[$DATE] FAIL protected $p=$C (expected 302)" >> $LOG; }
done
# LOGIN FLOW
T=$((T+1))
curl -sk -c /tmp/as_c -o /dev/null --max-time 3 "https://127.0.0.1/login?r=/" -H "Host: weval-consulting.com" -d "user=yacine&pass=Weval@2026"
A=$(curl -sk -b /tmp/as_c -o /dev/null -w "%{http_code}" --max-time 3 "https://127.0.0.1/architecture.html" -H "Host: weval-consulting.com")
[ "$A" = "200" ] && P=$((P+1)) || { F=$((F+1)); echo "[$DATE] FAIL login flow=$A" >> $LOG; }
rm -f /tmp/as_c
# SSO BAR present
T=$((T+1))
curl -sk --max-time 3 "https://127.0.0.1/" -H "Host: weval-consulting.com" 2>/dev/null | grep -q "weval-sso-bar" && P=$((P+1)) || { F=$((F+1)); echo "[$DATE] FAIL sso-bar missing" >> $LOG; }
# Subdomains
for d in mm.weval-consulting.com analytics.weval-consulting.com n8n.weval-consulting.com crm.weval-consulting.com monitor.weval-consulting.com mirofish.weval-consulting.com paperclip.weval-consulting.com; do
T=$((T+1))
C=$(curl -sk -o /dev/null -w "%{http_code}" --max-time 3 "https://127.0.0.1" -H "Host: $d")
[ "$C" = "200" ] || [ "$C" = "302" ] && P=$((P+1)) || { F=$((F+1)); echo "[$DATE] FAIL subdomain $d=$C" >> $LOG; }
done
# Zero authentik
T=$((T+1))
AK=$(grep -rl "authentik\|outpost\|9090" /etc/nginx/sites-enabled/ 2>/dev/null | grep -cv ".gold\|.bak\|.DISABLED")
[ "$AK" = "0" ] && P=$((P+1)) || { F=$((F+1)); echo "[$DATE] FAIL authentik refs=$AK" >> $LOG; }
S=$((P*100/T))
echo "[$DATE] AUTH-SCANNER: $P/$T ($S%) F=$F" >> $LOG
# Groq diagnostic if fails
if [ $F -gt 0 ]; then
GROQ_KEY=$(grep "GROQ_KEY" /etc/weval/secrets.env | cut -d= -f2)
if [ -n "$GROQ_KEY" ]; then
FAILS=$(tail -5 $LOG | grep FAIL)
curl -s --max-time 15 "https://api.groq.com/openai/v1/chat/completions" \
-H "Authorization: Bearer $GROQ_KEY" -H "Content-Type: application/json" \
-d "{\"model\":\"llama-3.3-70b-versatile\",\"messages\":[{\"role\":\"user\",\"content\":\"Auth scan failed: $FAILS. Fix in 2 lines.\"}],\"max_tokens\":100}" 2>/dev/null \
| python3 -c "import sys,json;print(json.load(sys.stdin)[choices][0][message][content])" >> $LOG 2>/dev/null
fi
# Telegram
TG=$(cat /etc/weval/tg_bot_token 2>/dev/null)
[ -n "$TG" ] && curl -s "https://api.telegram.org/bot${TG}/sendMessage" -d "chat_id=7605775322" --data-urlencode "text=AUTH-SCANNER: $P/$T ($S%) $F fails" >/dev/null 2>&1
fi
[ $F -eq 0 ] && echo "AUTH-SCANNER: $P/$T ($S%) ✅" || echo "AUTH-SCANNER: $P/$T ($S%) ❌ F=$F"
Reference in New Issue View Git Blame Copy Permalink