From aedfc6b887df2f82c957fbe7318e9b16ef1276e9 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Mon, 19 Mar 2018 21:13:17 +0100
Subject: [PATCH] work in progress pluggable backup providers for
 https://github.com/opnsense/core/pull/2251

Define a basic interface for backup providers and try to move our GoogleDrive backup in the process.
The basic idea is there, now we need to attach this to the current user interface (don't want to rework the legacy backup/restore page now) and move the last pieces for the google backup feature over to this.
Next we should be able to iterate over our providers and request a backup for the ones that are activated.

The responisibilty for what to backup lies within the provider at the moment, to keep things compatible and simple for the caller.
---
 .../library/OPNsense/Backup/BackupFactory.php |  81 +++++++
 .../mvc/app/library/OPNsense/Backup/Base.php  |  92 +++++++
 .../app/library/OPNsense/Backup/GDrive.php    | 225 ++++++++++++++++++
 .../OPNsense/Backup/IBackupProvider.php       |  69 ++++++
 4 files changed, 467 insertions(+)
 create mode 100644 src/opnsense/mvc/app/library/OPNsense/Backup/BackupFactory.php
 create mode 100644 src/opnsense/mvc/app/library/OPNsense/Backup/Base.php
 create mode 100644 src/opnsense/mvc/app/library/OPNsense/Backup/GDrive.php
 create mode 100644 src/opnsense/mvc/app/library/OPNsense/Backup/IBackupProvider.php

diff --git a/src/opnsense/mvc/app/library/OPNsense/Backup/BackupFactory.php b/src/opnsense/mvc/app/library/OPNsense/Backup/BackupFactory.php
new file mode 100644
index 000000000..8d3ffddcc
--- /dev/null
+++ b/src/opnsense/mvc/app/library/OPNsense/Backup/BackupFactory.php
@@ -0,0 +1,81 @@
+<?php
+/**
+*    Copyright (C) 2018 Deciso B.V.
+*
+*    All rights reserved.
+*
+*    Redistribution and use in source and binary forms, with or without
+*    modification, are permitted provided that the following conditions are met:
+*
+*    1. Redistributions of source code must retain the above copyright notice,
+*       this list of conditions and the following disclaimer.
+*
+*    2. Redistributions in binary form must reproduce the above copyright
+*       notice, this list of conditions and the following disclaimer in the
+*       documentation and/or other materials provided with the distribution.
+*
+*    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+*    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+*    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+*    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+*    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+*    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+*    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+*    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+*    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+*    POSSIBILITY OF SUCH DAMAGE.
+*
+*/
+
+namespace OPNsense\Backup;
+
+/**
+* Class BackupFactory
+* @package OPNsense\Backup
+*/
+class BackupFactory
+{
+
+    /**
+     * list installed backup providers
+     * @return array
+     */
+    public function listProviders()
+    {
+        $providers = array();
+        foreach (glob(__DIR__."/*.php") as $filename) {
+            $pathParts = explode('/', $filename);
+            $vendor = $pathParts[count($pathParts)-3];
+            $module = $pathParts[count($pathParts)-2];
+            $classname = explode('.php', $pathParts[count($pathParts)-1])[0];
+            try {
+                $reflClass = new \ReflectionClass("{$vendor}\\{$module}\\{$classname}");
+                if ($reflClass->implementsInterface('OPNsense\\Backup\\IBackupProvider')
+                        && !$reflClass->isInterface()) {
+                    $providers[$classname] = array(
+                        "class" => "{$vendor}\\{$module}\\{$classname}",
+                        "handle" => $reflClass->newInstance()
+                    );
+                }
+            } catch (\ReflectionException $e) {
+                null; // skip when unable to parse
+            }
+        }
+        return $providers;
+    }
+
+    /**
+     * return a specific provider by class name (without namespace)
+     * @param string $className without namespace
+     * @return mixed|null
+     */
+    public function getProvider($className)
+    {
+        $providers = $this->listProviders();
+        if (!empty($providers[$className])) {
+            return $providers[$className];
+        } else {
+            return null;
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/opnsense/mvc/app/library/OPNsense/Backup/Base.php b/src/opnsense/mvc/app/library/OPNsense/Backup/Base.php
new file mode 100644
index 000000000..046cb69fd
--- /dev/null
+++ b/src/opnsense/mvc/app/library/OPNsense/Backup/Base.php
@@ -0,0 +1,92 @@
+<?php
+/**
+ *    Copyright (C) 2018 Deciso B.V.
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\Backup;
+
+
+/**
+ * Backup stub file, contains shared logic for all backup strategies
+ * @package OPNsense\Backup
+ */
+abstract class Base
+{
+    /**
+     * encrypt+encode base64
+     * @param string $data to encrypt
+     * @param string $pass passphrase to use
+     * @return string base64 encoded crypted data
+     */
+    public function encrypt($data, $pass)
+    {
+        $file = tempnam(sys_get_temp_dir(), 'php-encrypt');
+        @unlink($file);
+
+        file_put_contents("{$file}.dec", $data);
+        exec(sprintf('/usr/local/bin/openssl enc -e -aes-256-cbc -in %s -out %s -k %s',
+            escapeshellarg("{$file}.dec"), escapeshellarg("{$file}.enc"), escapeshellarg($pass)
+        ));
+        @unlink("{$file}.dec");
+
+        if (file_exists("{$file}.enc")) {
+            $result = file_get_contents("{$file}.enc");
+            @unlink("{$file}.enc");
+            return base64_encode($result);
+        } else {
+            log_error('Failed to encrypt/decrypt data!');
+            return null;
+        }
+    }
+
+    /**
+     * decrypt base64 encoded data
+     * @param string $data to decrypt
+     * @param string $pass passphrase to use
+     * @return string data
+     */
+    public function decrypt($data, $pass)
+    {
+        $file = tempnam(sys_get_temp_dir(), 'php-encrypt');
+        @unlink($file);
+
+        file_put_contents("{$file}.dec", base64_decode($data));
+        exec(sprintf('/usr/local/bin/openssl enc -d -aes-256-cbc -in %s -out %s -k %s',
+            escapeshellarg("{$file}.dec"), escapeshellarg("{$file}.enc"), escapeshellarg($pass)
+        ));
+        @unlink("{$file}.dec");
+
+        if (file_exists("{$file}.enc")) {
+            $result = file_get_contents("{$file}.enc");
+            @unlink("{$file}.enc");
+            return $result;
+        } else {
+            log_error('Failed to encrypt/decrypt data!');
+            return null;
+        }
+    }
+}
diff --git a/src/opnsense/mvc/app/library/OPNsense/Backup/GDrive.php b/src/opnsense/mvc/app/library/OPNsense/Backup/GDrive.php
new file mode 100644
index 000000000..4af2c8dc0
--- /dev/null
+++ b/src/opnsense/mvc/app/library/OPNsense/Backup/GDrive.php
@@ -0,0 +1,225 @@
+<?php
+/**
+ *    Copyright (C) 2018 Deciso B.V.
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\Backup;
+use OPNsense\Core\Config;
+
+
+/**
+ * Class google drive backup
+ * @package OPNsense\Backup
+ */
+class Gdrive extends Base implements IBackupProvider
+{
+
+    /**
+     * get required (user interface) fields for backup connector
+     * @return array configuration fields, types and description
+     */
+    public function getConfigurationFields()
+    {
+        $fields = array();
+
+        $fields[] = array(
+            "name" => "GDriveEnabled",
+            "type" => "checkbox",
+            "label" => gettext("Enable")
+        );
+        $fields[] = array(
+            "name" => "GDriveEmail",
+            "type" => "text",
+            "label" => gettext("Email Address")
+        );
+        $fields[] = array(
+            "name" => "GDriveP12file",
+            "type" => "file",
+            "label" => gettext("P12 key (not loaded)")
+        );
+        $fields[] = array(
+            "name" => "GDriveFolderID",
+            "type" => "text",
+            "label" => gettext("Folder ID")
+        );
+        $fields[] = array(
+            "name" => "GDrivePrefixHostname",
+            "type" => "text",
+            "label" => gettext("Prefix hostname to backupfile")
+        );
+        $fields[] = array(
+            "name" => "GDriveBackupCount",
+            "type" => "text",
+            "label" => gettext("Backup Count")
+        );
+        $fields[] = array(
+            "name" => "GDrivePassword",
+            "type" => "password",
+            "label" => gettext("Password")
+        );
+        $fields[] = array(
+            "name" => "GDrivePasswordConfirm",
+            "type" => "password",
+            "label" => gettext("Confirm")
+        );
+
+        return $fields;
+    }
+
+    /**
+     * backup provider name
+     * @return string user friendly name
+     */
+    public function getName()
+    {
+        return gettext("Google Drive");
+    }
+
+    /**
+     * validate and set configuration
+     * @param array $conf configuration array
+     * @return array of validation errors
+     */
+    public function setConfiguration($conf)
+    {
+        // TODO: Implement setConfiguration() method.
+    }
+
+    /**
+     * @return array filelist
+     */
+    public function backup()
+    {
+        $cnf = Config::getInstance();
+        if ($cnf->isValid()) {
+            $config = $cnf->object();
+            if (isset($config->system->remotebackup) && isset($config->system->remotebackup->GDriveEnabled)
+                    && !empty($config->system->remotebackup->GDriveEnabled)) {
+                if (!empty($config->system->remotebackup->GDrivePrefixHostname)) {
+                    $fileprefix = (string)$config->system->hostname . "." . (string)$config->system->domain . "-";
+                } else {
+                    $fileprefix = "config-";
+                }
+                try {
+                    $client = new Google\API\Drive();
+                    $client->login($config->system->remotebackup->GDriveEmail->__toString(),
+                        $config->system->remotebackup->GDriveP12key->__toString());
+                } catch (Exception $e) {
+                    log_error("error connecting to Google Drive");
+                    return array();
+                }
+
+                // backup source data to local strings (plain/encrypted)
+                $confdata = file_get_contents('/conf/config.xml');
+                $confdata_enc = chunk_split(
+                    $this->encrypt($confdata, $config->system->remotebackup->GDrivePassword->__toString())
+                );
+
+                // read filelist ({prefix}*.xml)
+                try {
+                    $files = $client->listFiles($config->system->remotebackup->GDriveFolderID->__toString());
+                } catch (Exception $e) {
+                    log_error("error while fetching filelist from Google Drive");
+                    return array();
+                }
+
+                $configfiles = array();
+                foreach ($files as $file) {
+                    if (fnmatch("{$fileprefix}*.xml", $file['title'])) {
+                        $configfiles[$file['title']] = $file;
+                    }
+                }
+                krsort($configfiles);
+
+
+                // backup new file if changed (or if first in backup)
+                $target_filename = $fileprefix . time() . ".xml";
+                if (count($configfiles) > 1) {
+                    // compare last backup with current, only save new
+                    try {
+                        $bck_data_enc = $client->download($configfiles[array_keys($configfiles)[0]]);
+                        $bck_data = $this->decrypt($bck_data_enc,
+                            $config->system->remotebackup->GDrivePassword->__toString());
+                        if ($bck_data == $confdata) {
+                            $target_filename = null;
+                        }
+                    } catch (Exception $e) {
+                        log_error("unable to download " . $configfiles[array_keys($configfiles)[0]]->description . " from Google Drive (" . $e . ")");
+                    }
+                }
+                if (!is_null($target_filename)) {
+                    log_error("backup configuration as " . $target_filename);
+                    try {
+                        $configfiles[$target_filename] = $client->upload($config->system->remotebackup->GDriveFolderID->__toString(), $target_filename, $confdata_enc);
+                    } catch (Exception $e) {
+                        log_error("unable to upload " . $target_filename . " to Google Drive (" . $e . ")");
+                        return array();
+                    }
+
+                    krsort($configfiles);
+                }
+
+                // cleanup old files
+                if (isset($config->system->remotebackup->GDriveBackupCount) && is_numeric($config->system->remotebackup->GDriveBackupCount->__toString())) {
+                    $fcount = 0;
+                    foreach ($configfiles as $filename => $file) {
+                        if ($fcount >= $config->system->remotebackup->GDriveBackupCount->__toString()) {
+                            log_error("remove " . $filename . " from Google Drive");
+                            try {
+                                $client->delete($file);
+                            } catch (Google_Service_Exception $e) {
+                                log_error("unable to remove " . $filename . " from Google Drive");
+                            }
+                        }
+                        $fcount++;
+                    }
+                }
+
+                // return filelist
+                return $configfiles;
+            }
+        }
+
+        // not configured / issue, return empty list
+        return array();
+    }
+
+    /**
+     * Is this provider enabled
+     * @return boolean enabled status
+     */
+    public function isEnabled()
+    {
+        $cnf = Config::getInstance();
+        if ($cnf->isValid()) {
+            $config =$cnf->object();
+            return isset($config->system->remotebackup) && isset($config->system->remotebackup->GDriveEnabled)
+                && !empty($config->system->remotebackup->GDriveEnabled);
+        }
+        return false;
+    }
+}
\ No newline at end of file
diff --git a/src/opnsense/mvc/app/library/OPNsense/Backup/IBackupProvider.php b/src/opnsense/mvc/app/library/OPNsense/Backup/IBackupProvider.php
new file mode 100644
index 000000000..68bf7a214
--- /dev/null
+++ b/src/opnsense/mvc/app/library/OPNsense/Backup/IBackupProvider.php
@@ -0,0 +1,69 @@
+<?php
+/**
+ *    Copyright (C) 2018 Deciso B.V.
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\Backup;
+
+/**
+ * Interface for backup connectors
+ * @package OPNsense\Backup
+ */
+interface IBackupProvider
+{
+    /**
+     * get required (user interface) fields for backup connector, ideally these should be stored in a model
+     * but for backwards compatibility reasons we delegate the decision what to use to the backup class.
+     * @return array configuration fields, types and description
+     */
+    public function getConfigurationFields();
+
+    /**
+     * validate and set configuration
+     * @param array $conf configuration array
+     * @return array of validation errors
+     */
+    public function setConfiguration($conf);
+
+    /**
+     * backup provider name
+     * @return string user friendly name
+     */
+    public function getName();
+
+    /**
+     * Perform actual backup
+     * @return array filelist
+     */
+    public function backup();
+
+    /**
+     * Is this provider enabled
+     * @return boolean enabled status
+     */
+    public function isEnabled();
+}