warden.module in Warden 6

<?php

/**
 * @file
 * Drupal system status
 */

/**
 * Implements hook_help().
 *
 * Displays help and module information.
 */
function warden_help($path, $arg) {
  switch ($path) {
    case 'admin/help#warden':
      $output = '<h2>' . t('Warden module information') . '</h2>';
      $output .= '<p>' . t('Warden provides an easy way to get an overview of all the available updates for your Drupal websites.') . '<br/>';
      $output .= t('Enable the Warden module on all your Drupal websites and allow reporting to your own Warden Dashboard for a centralized overview.') . '</p>';
      $output .= '<p>' . t('How does it work?') . '</p>';
      $output .= '<ul>';
      $output .= '<li>' . t('Enable the Warden module on your Drupal website') . '</li>';
      $output .= '<li>' . t('Click the "Add this site to your Warden Service" button to be redirected to your Warden Service with the necessary credentials.') . '</li>';
      $output .= '</ul>';
      return $output;
      break;
  }
}

/**
 * Implements hook_menu().
 */
function warden_menu() {
  $items = array();
  $items['admin/reports/warden'] = array(
    'title' => 'Warden',
    'description' => 'Output of the Warden module',
    'access callback' => 'warden_access_callback',
    'page callback' => 'warden_status_page',
    'file' => 'warden.page.inc',
    'type' => MENU_CALLBACK,
  );
  $items['admin/settings/warden'] = array(
    'title' => 'Warden',
    'description' => 'Configuration for Warden module',
    'page callback' => 'drupal_get_form',
    'page arguments' => array(
      'warden_form',
    ),
    'file' => 'warden.admin.inc',
    'access arguments' => array(
      'administer site configuration',
    ),
    'type' => MENU_NORMAL_ITEM,
  );
  return $items;
}

/**
 * Access callback: Check authorized IP.
 *
 * @see warden_menu()
 */
function warden_access_callback() {
  $allow_requests = variable_get('warden_allow_requests', FALSE);
  if (empty($allow_requests)) {
    watchdog('warden', 'Update request denied: warden_allow_requests is set to FALSE', array(), WATCHDOG_WARNING);
    return FALSE;
  }
  if (empty($_POST) || empty($_POST['token'])) {
    watchdog('warden', 'Update request denied: request body is empty or missing the security token', array(), WATCHDOG_WARNING);
    return FALSE;
  }
  if (!warden_get_api()
    ->isValidWardenToken($_POST['token'], time())) {
    watchdog('warden', 'Update request denied: Failed to validate security token in request at timestamp @time', array(
      '@time' => time(),
    ), WATCHDOG_WARNING);
    return FALSE;
  }
  $allowed_ips = variable_get('warden_public_allow_ips', '127.0.0.1,::1');
  if (!empty($allowed_ips)) {
    $ip_address = ip_address();
    $allowed_ips = explode(',', variable_get('warden_public_allow_ips', '127.0.0.1,::1'));
    foreach ($allowed_ips as &$address) {
      if ($ip_address === $address) {
        return TRUE;
      }
    }

    // No IP addresses match.
    watchdog('warden', 'Update request denied: The requesting IP is not in the warden_public_allow_ips whitelist - @ip', array(
      '@ip' => $ip_address,
    ), WATCHDOG_WARNING);
    return FALSE;
  }
  return TRUE;
}

/**
 * @return WardenAPI
 * @throws Exception
 */
function warden_get_api() {
  static $warden_encryption = NULL;
  module_load_include('inc', 'warden', 'warden_api');
  if (empty($warden_encryption)) {
    $url = variable_get('warden_server_host_path', FALSE);
    if (empty($url)) {
      throw new Exception('Warden URL not configured');
    }
    $username = variable_get('warden_http_username', '');
    $password = variable_get('warden_http_password', '');
    $warden_encryption = new WardenAPI($url, $username, $password);
  }
  return $warden_encryption;
}

/**
 * Get the local token or generate it if it is not set.
 *
 * @return string
 *   The local token
 */
function _warden_get_local_token() {
  $local_token = variable_get('warden_token', '');
  if (empty($local_token)) {
    $local_token = hash('sha256', mt_rand());
    variable_set('warden_token', $local_token);
  }
  return $local_token;
}