priv_actions

#!/bin/php
<?php
/**
 * Intercept privilege (sudo) calls to Hestia's bin/ directory and invoke plugin actions/filters
 * before executing the original command.
 *
 * @version 1.0.0
 * @license GPL-3.0
 * @link https://github.com/virtuosoft-dev/hestiacp-pluginable
 *
 */

// Check if we've already filtered the arguments
if ( getenv('HCPPFILTERED') == '1' ) return;

// Remove the first argument, which is the path to the script
array_shift( $argv );

// Obtain the API command and parameters
$cmd = '';
$params = [];
foreach( $argv as $a ) {
    // Isolate the API command name
    if ( strpos( $a, '/usr/local/hestia/bin/' ) !== false ) {
        $cmd = str_replace( '/usr/local/hestia/bin/', '', $a );
        $cmd = str_replace('/', '', $cmd);
        $cmd = str_replace('"', '', $cmd);
    }

    // Gather subsequent arguments
    if ( $cmd != '' && strpos( $a, '/usr/local/hestia/bin/' ) === false ) {
        $params[] = trim($a, '"');
    }
}

// Throw our priv action filter, strip v- prefix, and replace dashes with underscores
require_once( '/usr/local/hestia/web/pluginable.php' );
global $hcpp;
$event = $hcpp->delLeftMost( $cmd, 'v-' );
$event = str_replace( '-', '_', $event );
$event = 'priv_' . $event;
$params = $hcpp->do_action( $event, $params );

// Reconstruct API call with our filtered parameters
$output = [];
foreach( $argv as $a ) {

    // Stop short of old parameters
    $output[] = $a;
    if ( strpos( $a, '/usr/local/hestia/bin/' ) !== false ) {
        break;
    }
}

// Add our filtered parameters
foreach( $params as $p ) {
    $output[] = escapeshellarg( $p );
}

// Re-invoke the command with filter flag to indicate we've already processed actions
if ( strpos( $output[0], 'sudo' ) !== false ) {
    array_shift( $output ); // already sudo
}
$cmd = "export HCPPFILTERED=\"1\"\n";
$cmd .= implode( ' ', $output ) . "\n";
$cmd .= "orig_exit_code=\$?\n";
$cmd .= "export HCPPFILTERED=\"0\"\n";
$cmd .= "exit \$orig_exit_code";
echo $cmd;