#!/bin/sh
#exit with zero status on auth success and 1 on error
#
#You can use our cgi to restrict access to Elephantdrive configuration page only for authenticated NAS OS users.
#==========================
#1. use login to verify authenticated NAS OS user
#
#for example:
#
#root@AS6208T-RD:/ # REMOTE_ADDR="127.0.0.1" QUERY_STRING="act=login&apptag=elephantdrive&account=admin&password=admin888" /usr/webman/portal/apis/appCentral/applogin.cgi
#Content-type: text/plain; charset=utf-8
#
#result:
#{ "success": true, "account": "admin", "sid": "yPgoWu95eXxCxZJr", "isAdminGroup": 1, "model": "AS6208T", "hostid": "20-16-01-21-14-01" }
#
#explanation:   
#apptag:  application name 
#account&password:  which you want to verify
#
#2. When you finish verifying authenticated NAS OS user, you must logout from NAS.
#
#for example:
#
#root@AS6208T-RD:/ # QUERY_STRING="act=logout&sid=yPgoWu95eXxCxZJr" /usr/webman/portal/apis/login.cgi
#Content-type: text/plain; charset=utf-8
#
#result
#{ "success": true }
#
#explanation:  
#sid:  same as above (login result)


#we want read e.g.:
#HTTP_COOKIE='access_key=sdu45KJFDHksadulf='
IFS=';'
for x in $HTTP_COOKIE
do
    eval $x
done
#we want get e.g.:
#access_key='user=admin;pwd=L4edNyoCC15.kDBLIN05480'
access_key=$(echo $access_key | base64 -d)

IFS=';'
for x in $access_key
do
    eval $x
done

CACHE="/usr/local/AppCentral/elephantdrive/var/lib/elephantdrive/access_key"
if [ -z "${user}" ] || [ -z "${pwd}" ]; then
	rm -f "$CACHE"
	exit 1
fi

if [ -f "$CACHE" ] && [ "$(expr $(date +%s) - $(date -r "$CACHE" +%s))" -lt 600 ]; then
	exit 0
fi

export REMOTE_ADDR="127.0.0.1" 
export QUERY_STRING="act=login&apptag=elephantdrive&account=${user}&password=${pwd}" 
S=$(/usr/webman/portal/apis/appCentral/applogin.cgi | sed '/"sid"/!d; s/\s\+//g; s/.*"sid":"\([^"]*\)".*/\1/')
if [ -z $S ]; then
	exit 1
else
	export QUERY_STRING="act=logout&sid=$S" 
	/usr/webman/portal/apis/login.cgi >/dev/null
	touch $CACHE
	exit 0
fi
