#!/bin/bash

# ticket.sh - ticket request mail handler (htpasswd-based)
# Copyright (c) 2020 Kobu.Com. All rights reserved.
# Licence: Public domain
#
# 20-jun-21 postfix /etc/aliases mail handler 
# 20-jun-24 no more hash; use /dev/urandom
# 20-jun-24 tested with thunderbird and firefox
# 20-jul-09 domain name changed for publishing

echo "[ticket.sh] $(date +%y/%m/%d-%H:%M:%S) SENDER = $SENDER, RECIPIENT = $RECIPIENT"

SENDMAIL=/usr/sbin/sendmail
HTPWFILE=/var/www/etc/htp_tickets

# get path info from Subject header
path_info=$(cat | awk '/^Subject:/{print $2;}');
echo "path_info: $path_info"

# audit log: got request
logger -s "[ticket.sh] ticket requested for $path_info to $SENDER"

# sanitize email address so that it can be embedded in URL
username=$(echo $SENDER | tr "[:upper:]" "[:lower:]" | tr "@_.-" "HUAD")
echo "username: $username"

# get a password from random number generator
password=$(xxd -p -l 4 /dev/urandom)
echo "password: $password"

# build url

plain_url="https://example.net$path_info"
echo "plain_url: $plain_url"

full_url="https://$username:$password@example.net$path_info"
echo "full_url: $full_url"

# register username and password pair to apache password file
[ -e $HTPWFILE ] || option_c='-c'
htpasswd $option_c -b $HTPWFILE $username $password
if [ $? -ne 0 ]; then
  >&2 echo "Failed to write to $HTPWFILE: $username";
  exit 0
fi

# schedule deletion in one hour
at now + 1 hour <<AT_COMMAND
htpasswd -D $HTPWFILE $username
logger -s "[ticket.sh] ticket expired: path $path_info given to $SENDER"
AT_COMMAND

# send reply email
$SENDMAIL -F "Ticket Office" -f "$RECIPIENT" $SENDER <<REPLY_CONTENT
Subject: Re: $path_info

Hi, $SENDER,

You have requested a ticket to visit $path_info on our site.
Click the following URL and type the username and password on a popup dialog:

  $plain_url
    Username: $username
    Password: $password

For shortcut, you can just click the following URL: 

  $full_url

If you are not expecting this email, please just ignore and discard it.

Thank you.
Ticket Office
REPLY_CONTENT

# audit log: ticket sent 
logger -s "[ticket.sh] ticket issued for $path_info to $SENDER"

# must return exit code of zero
# otherwise an error mail is returned to the sender
exit 0