#!/bin/sh

# === CONFIGURATION ===
WHITELIST_FILE="/etc/ddos_whitelist.conf"
LOG_FILE="/var/log/whitelist.log"
BLACKHOLE_IP="127.0.0.1"
METIN2_PORT="3000"

# Email Configuration
EMAIL_ENABLED=true
SMTP_SERVER="smtp.gmail.com"
SMTP_PORT=587
EMAIL_SENDER="your_email@gmail.com"
EMAIL_PASSWORD="your_app_password"
EMAIL_RECEIVER="admin@example.com"
EMAIL_SUBJECT="DDoS Protection Notification"

# === FUNCTIONS ===
log_action() {
  echo "[$(date +"%Y-%m-%d %H:%M:%S")] $1" >> $LOG_FILE
  if [ "$EMAIL_ENABLED" = true ]; then
    send_email "$1"
  fi
}

send_email() {
  message=$1
  echo "Subject: $EMAIL_SUBJECT\\n\\n$message" | \
    msmtp --host=$SMTP_SERVER --port=$SMTP_PORT \
          --auth=on --user=$EMAIL_SENDER --passwordeval "echo $EMAIL_PASSWORD" \
          --tls=on --tls-starttls -- $EMAIL_RECEIVER
}

add_to_whitelist() {
  ip=$1
  pfctl -t whitelist -T add $ip
  echo $ip >> $WHITELIST_FILE
  log_action "ADDED: $ip by user $(whoami)"
}

remove_from_whitelist() {
  ip=$1
  pfctl -t whitelist -T delete $ip
  sed -i "" "/$ip/d" $WHITELIST_FILE
  log_action "REMOVED: $ip by user $(whoami)"
}

show_whitelist() {
  pfctl -t whitelist -T show
  log_action "SHOW: Whitelist displayed by user $(whoami)"
}

# === LOAD INITIAL WHITELIST ===
if [ -f $WHITELIST_FILE ]; then
  while IFS= read -r ip; do
    pfctl -t whitelist -T add $ip
  done < $WHITELIST_FILE
fi

# === USAGE ===
echo "DDoS Protection System with Email Notifications is active."
echo "Use the following commands:"
echo "  add_to_whitelist <IP>    - Add an IP to whitelist and notify"
echo "  remove_from_whitelist <IP> - Remove an IP from whitelist and notify"
echo "  show_whitelist          - Show current whitelist and notify"
echo "Logs are saved in $LOG_FILE and emails are sent to $EMAIL_RECEIVER"

exit 0