fix: script.php uses heartbeat receiver instead of Grafana API
The postflight still had the old Grafana API code with obfuscated tokens, causing 403 RBAC errors on install/update. Now uses the heartbeat receiver at bench.mokoconsulting.tech/api/waas-heartbeat/register. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Jonathan Miller
+35
-74
@@ -792,96 +792,57 @@ class plgSystemMokoWaaSInstallerScript implements InstallerScriptInterface
|
||||
$db->execute();
|
||||
}
|
||||
|
||||
// Grafana provisioning — obfuscated credentials
|
||||
$gXor = 'MokoWaaS-Grafana-Provision';
|
||||
$deobfuscate = function ($encoded) use ($gXor) {
|
||||
$data = base64_decode($encoded);
|
||||
$out = '';
|
||||
for ($i = 0, $len = strlen($data); $i < $len; $i++) {
|
||||
$out .= chr(ord($data[$i]) ^ ord($gXor[$i % strlen($gXor)]));
|
||||
}
|
||||
return $out;
|
||||
};
|
||||
$grafanaUrl = $deobfuscate('JRsfHyRbTnxPIhwCDk8DDkY/EQAYGgYFGwcjCEUbMgIJ');
|
||||
$grafanaKey = $deobfuscate('KgMYDggFCSFoLxskMSUsMGoaKAgyXCIjKzh1AhwCYwIqA1pzHz5XVwwCHWdHWg==');
|
||||
// Heartbeat receiver — register with Grafana provisioning
|
||||
$siteUrl = rtrim(\Joomla\CMS\Uri\Uri::root(), '/');
|
||||
$siteName = Factory::getConfig()->get('sitename', 'Joomla');
|
||||
$token = $params->get('health_api_token', '');
|
||||
|
||||
$siteUrl = rtrim(\Joomla\CMS\Uri\Uri::root(), '/');
|
||||
$siteName = Factory::getConfig()->get('sitename', 'Joomla');
|
||||
$dsUid = 'mokowaas-' . md5($siteUrl);
|
||||
$token = $params->get('health_api_token', '');
|
||||
|
||||
// Provision datasource via Grafana REST API (cURL)
|
||||
$dsPayload = json_encode([
|
||||
'uid' => $dsUid,
|
||||
'name' => 'MokoWaaS — ' . $siteName,
|
||||
'type' => 'yesoreyeram-infinity-datasource',
|
||||
'access' => 'proxy',
|
||||
'url' => $siteUrl,
|
||||
'jsonData' => [
|
||||
'auth_method' => 'bearerToken',
|
||||
'global_queries' => [],
|
||||
],
|
||||
'secureJsonData' => [
|
||||
'bearerToken' => $token,
|
||||
],
|
||||
$payload = json_encode([
|
||||
'site_url' => $siteUrl,
|
||||
'site_name' => $siteName,
|
||||
'health_token' => $token,
|
||||
'action' => 'register',
|
||||
], JSON_UNESCAPED_SLASHES);
|
||||
|
||||
$headers = [
|
||||
'Authorization: Bearer ' . $grafanaKey,
|
||||
$ch = curl_init('https://bench.mokoconsulting.tech/api/waas-heartbeat/register');
|
||||
curl_setopt($ch, CURLOPT_POST, true);
|
||||
curl_setopt($ch, CURLOPT_HTTPHEADER, [
|
||||
'Content-Type: application/json',
|
||||
'Accept: application/json',
|
||||
];
|
||||
|
||||
// Try PUT (update), fall back to POST (create)
|
||||
$ch = curl_init($grafanaUrl . '/api/datasources/uid/' . $dsUid);
|
||||
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT');
|
||||
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
|
||||
curl_setopt($ch, CURLOPT_POSTFIELDS, $dsPayload);
|
||||
'X-MokoWaaS-Key: moko-waas-hb-2026-x9k4m',
|
||||
]);
|
||||
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
|
||||
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
|
||||
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
|
||||
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
|
||||
|
||||
$response = curl_exec($ch);
|
||||
$code = (int) curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
||||
$error = curl_error($ch);
|
||||
curl_close($ch);
|
||||
|
||||
Log::add(
|
||||
sprintf('Grafana heartbeat PUT: HTTP %d, error=%s, url=%s, dsUid=%s',
|
||||
$code, $error ?: 'none', $grafanaUrl, $dsUid),
|
||||
Log::INFO,
|
||||
'mokowaas'
|
||||
);
|
||||
$app = Factory::getApplication();
|
||||
$body = json_decode($response, true);
|
||||
|
||||
if ($code === 404)
|
||||
if ($error)
|
||||
{
|
||||
$ch = curl_init($grafanaUrl . '/api/datasources');
|
||||
curl_setopt($ch, CURLOPT_POST, true);
|
||||
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
|
||||
curl_setopt($ch, CURLOPT_POSTFIELDS, $dsPayload);
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
|
||||
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
|
||||
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
|
||||
$response2 = curl_exec($ch);
|
||||
$code2 = (int) curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
||||
$error2 = curl_error($ch);
|
||||
curl_close($ch);
|
||||
|
||||
Log::add(
|
||||
sprintf('Grafana heartbeat POST: HTTP %d, error=%s',
|
||||
$code2, $error2 ?: 'none'),
|
||||
Log::INFO,
|
||||
'mokowaas'
|
||||
$app->enqueueMessage('Grafana heartbeat failed: ' . $error, 'warning');
|
||||
Log::add('Heartbeat failed: ' . $error, Log::WARNING, 'mokowaas');
|
||||
}
|
||||
elseif ($code === 200 && ($body['status'] ?? '') === 'registered')
|
||||
{
|
||||
$app->enqueueMessage(
|
||||
'Grafana heartbeat: site registered (' . ($body['ds_uid'] ?? '') . ')',
|
||||
'message'
|
||||
);
|
||||
}
|
||||
|
||||
Log::add(
|
||||
sprintf('Grafana heartbeat result: %s (site=%s)',
|
||||
$code === 200 ? 'updated' : 'created', $siteUrl),
|
||||
Log::INFO,
|
||||
'mokowaas'
|
||||
);
|
||||
else
|
||||
{
|
||||
$msg = sprintf('Grafana heartbeat failed: HTTP %d — %s',
|
||||
$code, $body['error'] ?? 'Unknown');
|
||||
$app->enqueueMessage($msg, 'warning');
|
||||
Log::add($msg, Log::WARNING, 'mokowaas');
|
||||
}
|
||||
}
|
||||
|
||||
private function registerActionLogExtension()
|
||||
|
||||
Reference in New Issue
Block a user