#!/bin/sh

AUTH_TOKEN="specify_a_unique_string_here"

. /lib/functions.sh
. /usr/share/libubox/jshn.sh

case "$1" in
        list)
                echo '{ "add": { "magic": "str", "message": "str" } }'
        ;;
        call)
                case "$2" in
                        add)
                                # read the arguments
                                read -r input;
                                json_load "$input"
                                json_get_var message "message"
                                json_get_var magic "magic"
                                json_cleanup

                                [[ "${magic}" != "${AUTH_TOKEN}" ]] && echo '{"opencanary":"denied"}' && exit 0
                                [[ -z "${message}" ]] && echo '{"opencanary":"invalid message"}' && exit 0

                                logger -t "opencanary" "$message"

                                json_load "$message"
                                json_get_var ip "src_host"
                                json_cleanup

                                [[ -z "${ip}" ]] && exit 0

                                mac=$(cat /proc/net/arp | grep "${ip} " | head -n1 | awk '{ print $4 }')

                                [[ -z "${mac}" ]] && echo '{"opencanary":"invalid mac"}' && exit 0

                                # log the call
                                logger -t "opencanary quarantine" "$ip" "$mac"

                                # quarantine the mac
                                for iface in default_radio0 default_radio1 # List all affected wifi-ifaces here
                                do
                                        uci add_list wireless."$iface".maclist="$mac"
                                done

                                uci commit wireless
                                wifi
                        ;;
                esac
        ;;
esac