<?php
/**
 * Helper class for Bash Exec Plugin
 */
class helper_plugin_bashexec extends DokuWiki_Plugin {
 
    /**
     * Validation stricte des arguments
     */
    public function validateArgument($arg) {
        // Autorise uniquement alphanumérique, tirets et underscores
        if (!preg_match('/^[a-zA-Z0-9_-]{1,50}$/', $arg)) {
            return false;
        }
        return true;
    }
 
    /**
     * Validation du chemin du script
     */
    public function validateScriptPath($path) {
        $allowedPaths = array(
            DOKU_PLUGIN . 'bashexec/scripts/',
            '/usr/local/bin/'
        );
 
        foreach ($allowedPaths as $allowed) {
            if (strpos($path, $allowed) === 0) {
                return true;
            }
        }
        return false;
    }
 
    /**
     * Journalisation des exécutions
     */
    public function logExecution($script, $args, $returnCode, $user) {
        $logFile = DOKU_LOG . '/bashexec.log';
        $timestamp = date('Y-m-d H:i:s');
        $entry = sprintf(
            "[%s] User: %s | Script: %s | Args: %s | Return: %d\n",
            $timestamp,
            $user,
            basename($script),
            implode(' ', $args),
            $returnCode
        );
        file_put_contents($logFile, $entry, FILE_APPEND);
    }
 
    /**
     * Vérification des permissions
     */
    public function checkPermissions() {
        global $USERINFO;
 
        // Vérifie si l'utilisateur est connecté
        if (!isset($USERINFO['name'])) {
            return false;
        }
 
        // Optionnel : Restreindre à certains groupes
        $allowedGroups = $this->getConf('allowed_groups');
        if ($allowedGroups) {
            $userGroups = explode(',', $allowedGroups);
            foreach ($userGroups as $group) {
                if (in_array(trim($group), $USERINFO['groups'])) {
                    return true;
                }
            }
            return false;
        }
 
        return true;
    }
}