#!/bin/bash
#
#     Yiğid BALABAN, <fyb@fybx.dev>
#     login mailer
#

LOG_FILE="/var/log/auth.log"
LAST_LINE_FILE="/tmp/last_line_checked"
LOG_OUTPUT="/var/log/server-toolkit/login-mailer.log"
HOSTNAME=$(hostname)

if [[ -z "$EMAIL" || -z "$ENDPOINT" ]]; then
  echo "Error: EMAIL and ENDPOINT environment variables must be set." >&2
  exit 1
fi

mkdir -p "$(dirname "$LOG_OUTPUT")"

if [[ ! -f "$LAST_LINE_FILE" ]]; then
  echo "0" >"$LAST_LINE_FILE"
fi

log_message() {
  echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >>"$LOG_OUTPUT"
}

LAST_LINE=$(cat "$LAST_LINE_FILE")
NEW_LINES=$(tail -n +$((LAST_LINE + 1)) "$LOG_FILE")

if echo "$NEW_LINES" | grep -q "sshd.*Accepted"; then
  LOGIN_INFO=$(echo "$NEW_LINES" | grep "sshd.*Accepted" | awk '{print $9 " from " $11}')

  JSON_PAYLOAD=$(jq -n \
    --arg subject "New login on $HOSTNAME" \
    --arg text "SSH login detected: $LOGIN_INFO" \
    --arg recipient "$EMAIL" \
    '{subject: $subject, text: $text, recipient: $recipient}')

  RESPONSE_CODE=$(curl -s -o /dev/null -w "%{http_code}" \
    -H "Content-Type: application/json" \
    -d "$JSON_PAYLOAD" \
    -L "$ENDPOINT")

  if [[ "$RESPONSE_CODE" -ne 200 ]]; then
    log_message "Failed to send login alert. Response code: $RESPONSE_CODE"
  else
    log_message "Login alert sent successfully for: $LOGIN_INFO"
  fi
fi

wc -l <"$LOG_FILE" >"$LAST_LINE_FILE"