#!/usr/bin/env bash
#
# onx-fail2ban-mail-notify — ONOXSOFT branded HTML mail (fail2ban action.d'den çağrılır).
#
# Args:
#   $1: event (ban|unban)
#   $2: jail name
#   $3: banned IP
#   $4: failure count (ban için; unban'da 0)
#   $5: bantime in seconds
#   $6: sender (From)
#   $7: dest (To)
#
# Usage from action.d/onox-mail.conf:
#   actionban   = /usr/local/onoxsoft/bin/onx-fail2ban-mail-notify ban "<name>" "<ip>" "<failures>" "<bantime>" "<sender>" "<dest>"
#   actionunban = /usr/local/onoxsoft/bin/onx-fail2ban-mail-notify unban "<name>" "<ip>" 0 "<bantime>" "<sender>" "<dest>"
#

set -uo pipefail

event="${1:-ban}"
jail="${2:-unknown}"
ip="${3:-0.0.0.0}"
failures="${4:-0}"
bantime="${5:-3600}"
sender="${6:-fail2ban@localhost}"
dest="${7:-root}"

# v59b SENDER GUARD: Public mail provider (gmail/yahoo/hotmail/outlook) sender = SPF fail!
# Gmail kendi SPF'inde panel IP'sini include etmez. Panel kendi domain'inden gondermeli.
# myorigin=$mydomain ile postfix zaten dogru envelope From yapiyor; ek koruma.
case "${sender##*@}" in
    gmail.com|yahoo.com|yahoo.com.tr|hotmail.com|outlook.com|outlook.com.tr|live.com|aol.com|icloud.com|msn.com)
        local_domain="$(hostname -d 2>/dev/null)"
        [[ -z "$local_domain" ]] && local_domain="$(hostname -f 2>/dev/null | sed -E 's/^[^.]+\.//')"
        [[ -z "$local_domain" ]] && local_domain="localhost"
        sender="fail2ban@${local_domain}"
        ;;
esac

now="$(date '+%Y-%m-%d %H:%M:%S %Z')"

# Bantime saniye → human friendly
if   (( bantime >= 86400 )); then bantime_h="$((bantime / 86400)) gün"
elif (( bantime >= 3600 ));  then bantime_h="$((bantime / 3600)) saat"
elif (( bantime >= 60 ));    then bantime_h="$((bantime / 60)) dakika"
else                              bantime_h="${bantime} saniye"
fi

if [[ "$event" == "ban" ]]; then
    subject="[ONOXSOFT] ${jail} jail'inde ${ip} engellendi"
    header_color="linear-gradient(135deg,#dc2626,#9f1239)"
    icon="🚫"
    title="IP Engellendi"
    intro="<strong>${jail}</strong> jail'i tarafından şüpheli aktivite tespit edildi ve IP adresi otomatik olarak engellendi."
    ip_bg="#fef2f2"
    ip_color="#991b1b"
    extra_row="<tr><td style='background:#f3f4f6;font-weight:600'>Deneme Sayısı</td><td style='background:#fafafa'>${failures}</td></tr>"
    tip="<div style='background:#eff6ff;border-left:4px solid #2563eb;padding:12px 16px;margin:16px 0;border-radius:0 6px 6px 0;font-size:13px;color:#1e3a8a'>💡 <strong>İpucu:</strong> Eğer bu IP güvenilirse Panel → Fail2ban → İzin Listesi bölümünden ekleyebilirsiniz.</div>"
else
    subject="[ONOXSOFT] ${jail} jail'inde ${ip} engel kaldırıldı"
    header_color="linear-gradient(135deg,#059669,#047857)"
    icon="✅"
    title="IP Engeli Kaldırıldı"
    intro="Ban süresi doldu, <strong>${jail}</strong> jail'inden engel kaldırıldı."
    ip_bg="#f0fdf4"
    ip_color="#065f46"
    extra_row=""
    tip=""
fi

{
    echo "From: ONOXSOFT Panel <${sender}>"
    echo "To: ${dest}"
    echo "Subject: ${subject}"
    echo "MIME-Version: 1.0"
    echo "Content-Type: text/html; charset=UTF-8"
    echo ""
    cat <<HTMLEOF
<html><body style="font-family:Arial,Helvetica,sans-serif;background:#f5f7fb;margin:0;padding:24px;color:#1f2937">
<table cellpadding="0" cellspacing="0" style="max-width:600px;margin:0 auto;background:#fff;border-radius:12px;overflow:hidden;box-shadow:0 4px 12px rgba(0,0,0,0.08)">
  <tr><td style="background:${header_color};padding:24px;color:#fff">
    <div style="font-size:13px;letter-spacing:1.5px;opacity:0.85;text-transform:uppercase">ONOXSOFT Panel · Güvenlik Bildirimi</div>
    <div style="font-size:24px;font-weight:700;margin-top:8px">${icon} ${title}</div>
  </td></tr>
  <tr><td style="padding:24px">
    <p style="margin:0 0 16px;font-size:15px;line-height:1.5">${intro}</p>
    <table cellpadding="8" cellspacing="0" style="width:100%;border-collapse:collapse;font-size:14px;margin:16px 0">
      <tr><td style="background:#f3f4f6;font-weight:600;width:140px;border-radius:6px 0 0 6px">IP Adresi</td><td style="background:${ip_bg};color:${ip_color};font-family:monospace;font-weight:700;border-radius:0 6px 6px 0">${ip}</td></tr>
      <tr><td style="background:#f3f4f6;font-weight:600">Jail</td><td style="background:#fafafa">${jail}</td></tr>
      ${extra_row}
      <tr><td style="background:#f3f4f6;font-weight:600">Zaman</td><td style="background:#fafafa">${now}</td></tr>
      <tr><td style="background:#f3f4f6;font-weight:600;border-radius:0 0 0 6px">Ban Süresi</td><td style="background:#fafafa;border-radius:0 0 6px 0">${bantime_h}</td></tr>
    </table>
    ${tip}
    <p style="margin:24px 0 0;font-size:12px;color:#6b7280;text-align:center">
      Bu otomatik bir bildirimdir. ONOXSOFT Hosting Kontrol Paneli tarafından gönderildi.<br>
      <a href="https://panel.onoxsoft.com.tr:666/admin/security/fail2ban" style="color:#2563eb;text-decoration:none">Panel'i Aç</a>
    </p>
  </td></tr>
</table>
</body></html>
HTMLEOF
} | /usr/sbin/sendmail -f "${sender}" "${dest}"

exit 0
