amneziavpnphp/scripts/api_cycle_awg_advanced.sh

#!/usr/bin/env bash
set -euo pipefail

PANEL_URL="${PANEL_URL:-http://localhost:8082}"
EMAIL="${EMAIL:-admin@amnez.ia}"
PASSWORD="${PASSWORD:-admin123}"
SERVER_HOST="${SERVER_HOST:-217.26.25.6}"
PROTOCOL_SLUG="${PROTOCOL_SLUG:-amnezia-wg-advanced}"
CLIENT_NAME="${CLIENT_NAME:-api-selfcheck}"
CLIENT_LOGIN="${CLIENT_LOGIN:-api-selfcheck}"
OUT_DIR="${OUT_DIR:-scripts/_cycle_out}"

mkdir -p "$OUT_DIR"

AUTH_RESP=$(curl -sS -X POST "$PANEL_URL/api/auth/token" -d "email=$EMAIL&password=$PASSWORD" || true)
TOKEN=$(printf '%s' "$AUTH_RESP" | python3 -c 'import sys,json; raw=sys.stdin.read().strip();
import sys
if not raw: sys.exit(2)
j=json.loads(raw)
print(j.get("token",""))
') || {
  echo "ERROR: failed to parse /api/auth/token response" >&2
  echo "PANEL_URL=$PANEL_URL" >&2
  echo "Response (first 500 chars):" >&2
  printf '%s' "$AUTH_RESP" | head -c 500 >&2
  echo >&2
  exit 1
}
if [[ -z "${TOKEN:-}" ]]; then
  echo "ERROR: token is empty" >&2
  printf '%s' "$AUTH_RESP" | head -c 500 >&2
  echo >&2
  exit 1
fi
echo "TOKEN_OK"

SERVER_JSON=$(curl -fsS "$PANEL_URL/api/servers" -H "Authorization: Bearer $TOKEN")
SERVER_ID=$(printf '%s' "$SERVER_JSON" | python3 -c 'import sys,json; j=json.load(sys.stdin); host=sys.argv[1];
out="";
for s in j.get("servers",[]):
  if str(s.get("host","" )).strip()==host:
    out=str(s.get("id",""))
    break
print(out)
' "$SERVER_HOST")

if [[ -z "${SERVER_ID:-}" ]]; then
  echo "ERROR: server with host $SERVER_HOST not found" >&2
  printf '%s' "$SERVER_JSON" | python3 -m json.tool | head -200
  exit 1
fi

echo "SERVER_ID=$SERVER_ID"

PROTO_JSON=$(curl -fsS "$PANEL_URL/api/protocols/active" -H "Authorization: Bearer $TOKEN")
PROTOCOL_ID=$(printf '%s' "$PROTO_JSON" | python3 -c 'import sys,json; j=json.load(sys.stdin); slug=sys.argv[1];
out="";
for p in j.get("protocols",[]):
  if p.get("slug")==slug:
    out=str(p.get("id",""))
    break
print(out)
' "$PROTOCOL_SLUG")

if [[ -z "${PROTOCOL_ID:-}" ]]; then
  echo "ERROR: protocol $PROTOCOL_SLUG not found" >&2
  printf '%s' "$PROTO_JSON" | python3 -m json.tool | head -200
  exit 1
fi

echo "PROTOCOL_ID=$PROTOCOL_ID"

pretty_print() {
  # Reads JSON from stdin and pretty-prints it. If it's not JSON, prints raw.
  local data
  data=$(cat)
  if python3 -m json.tool >/dev/null 2>&1 <<<"$data"; then
    python3 -m json.tool <<<"$data"
  else
    printf '%s' "$data"
  fi
}

echo "--- UNINSTALL $PROTOCOL_SLUG (ignore errors)"
set +e
UNINSTALL_RESP=$(curl -sS -X POST "$PANEL_URL/api/servers/$SERVER_ID/protocols/$PROTOCOL_SLUG/uninstall" \
  -H "Authorization: Bearer $TOKEN" || true)
printf '%s' "$UNINSTALL_RESP" >"$OUT_DIR/uninstall_${PROTOCOL_SLUG}.txt"
printf '%s' "$UNINSTALL_RESP" | pretty_print | head -200
set -e

echo "--- INSTALL protocol_id=$PROTOCOL_ID"
INSTALL_RESP=$(curl -sS -X POST "$PANEL_URL/api/servers/$SERVER_ID/protocols/install" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d "{\"protocol_id\":$PROTOCOL_ID}" || true)
printf '%s' "$INSTALL_RESP" >"$OUT_DIR/install_${PROTOCOL_ID}.txt"
printf '%s' "$INSTALL_RESP" | pretty_print | head -200

echo "--- CREATE client"
CLIENT_RESP=$(curl -fsS -X POST "$PANEL_URL/api/clients/create" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d "{\"server_id\":$SERVER_ID,\"protocol_id\":$PROTOCOL_ID,\"name\":\"$CLIENT_NAME\",\"login\":\"$CLIENT_LOGIN\"}")

printf '%s' "$CLIENT_RESP" >"$OUT_DIR/client_create_${PROTOCOL_ID}.txt"

printf '%s' "$CLIENT_RESP" | pretty_print | head -200
CLIENT_ID=$(printf '%s' "$CLIENT_RESP" | python3 -c 'import sys,json; j=json.load(sys.stdin); print(j.get("client",{}).get("id",""))')

if [[ -z "${CLIENT_ID:-}" ]]; then
  echo "ERROR: client_id missing" >&2
  exit 1
fi

echo "CLIENT_ID=$CLIENT_ID"

echo "--- SELFTEST"
SELFTEST_RESP=$(curl -fsS -X POST "$PANEL_URL/api/servers/$SERVER_ID/protocols/selftest" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d "{\"client_id\":$CLIENT_ID,\"create_client\":false,\"install\":false,\"protocol_id\":$PROTOCOL_ID}")

printf '%s' "$SELFTEST_RESP" >"$OUT_DIR/selftest_${CLIENT_ID}.txt"

printf '%s' "$SELFTEST_RESP" | pretty_print | head -260

NEED_DIAG=$(printf '%s' "$SELFTEST_RESP" | python3 -c 'import sys,json; j=json.load(sys.stdin); peer=(j.get("wg") or {}).get("peer") or {}; hs=int(peer.get("latest_handshake") or 0); ep=str(peer.get("endpoint") or ""); print("1" if (ep=="(none)" or hs==0) else "0")')

if [[ "$NEED_DIAG" == "1" ]]; then
  echo "--- DIAGNOSE HANDSHAKE"
  DIAG_RESP=$(curl -sS -X POST "$PANEL_URL/api/servers/$SERVER_ID/protocols/diagnose-handshake" \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d "{\"client_id\":$CLIENT_ID,\"duration_seconds\":5}" || true)
  printf '%s' "$DIAG_RESP" >"$OUT_DIR/diagnose_${CLIENT_ID}.txt"
  printf '%s' "$DIAG_RESP" | pretty_print | head -260
fi

echo "DONE (responses saved in $OUT_DIR)"