hcuEnv.i

<?php
// vim: tabstop=2 expandtab syn=php
/**
 * Definitions used throughout the products
 */
define( "FEATURE_LIMIT_MAX_AMOUNT", 99999999.99 );    // 99,999,999.99
define( "FEATURE_LIMIT_MAX_COUNT", 99999 );           // 99,999

/*
 * Location of the ca-certificates dir, this is used to store common public cert, eg ca files
 */
define ("HOMECU_CACERT_DIR", "/home/homecu/ssl/ca-certficates/");
/*
 * Directory on the container where the cert will be saved
 */
define ("HOMECU_DOCK_CERT_DIR", "/tmp/odyssey/");
/*
 * Directory on file system where the encrypted files are saved
 */
define ("HOMECU_ENC_CERT_DIR", "/home/homecu/ssl/");
/**
 * Example.. If the path of the secret-id is 'test/certs/rdc/Sample.pem'
 *
 * The encrypted file contents should exist at
 *     /home/homecu/ssl/test/certs/rdc/Sample.pem
 *
 * The cert file will be created at
 *     /tmp/odyssey/test/certs/rdc/Sample.pem
 */

/**
 * Functions required to load the current environment
 *
 */

require_once 'logging.i';

/**
 *
 * This function will evaluate if a string exists as a key in the _ENV
 * If it does, then it will return the value from _ENV
 * If it does not, then it will use the value in $default
 *
 * @param string $envkey  This is the key value being sought in _ENV
 * @param mixed  $default (default: NULL) This is the default value to use when the key is not found
 *
 * @return mixed Value to set for the envkey in question
 */
function GetEnvSetting($envkey, $default=NULL) {

  if (array_key_exists($envkey, $_ENV)) {
    $value = $_ENV[$envkey];
    if (is_numeric($value)) {
      $value = (float) $value;
    }
  } else {
    $value = $default;
  }
  return $value;
}


/**
 *
 * Loads the environment settings along with creating the logger class
 *
 * @param string pLoggerName  Name attached to the logger instance
 *
 *
 *
 */
function LoadSystemEnv($pLoggerName) {
  $logger = getLogger($pLoggerName, GetEnvSetting('DEVMODE', 0));

  $retVal = [
              'devmode' => GetEnvSetting('DEVMODE', 0),
              'db' => [
                'host' => GetEnvSetting('DATABASE_HOST', 'localhost'),
                'port' => GetEnvSetting('DATABASE_PORT', 5342),
                'dbname' => GetEnvSetting('DATABASE_NAME', 'homecu_prod1'),
                'user' => GetEnvSetting('DATABASE_USER', 'postgres'),
                'password' => GetEnvSetting('DATABASE_PASSWORD'),
                'connect_timeout' => GetEnvSetting('DATABASE_CONNECT_TIMEOUT'),
                'platform' => GetEnvSetting('DATABASE_PLATFORM', 'postgres')
              ],
              'ticket' => [
                'domain' => GetEnvSetting('TICKET_DOMAIN', 'homecu.net'),
                'expires' => GetEnvSetting('TICKET_EXPIRES', 900),
                'persists' => GetEnvSetting('TICKET_PERSISTS', 94 * 86400),
                'inactive' => GetEnvSetting('TICKET_INACTIVE', 1800)
              ],
              'site_path' => GetEnvSetting('SITE_PATH', '/var/www/site'), // Where the code lives for the webpage
              'file_path' => GetEnvSetting('FILE_PATH', '/home'), // Where the filesystem lives
              'server_host' => GetEnvSetting('SERVER_HOST', 'localhost'),
              'require_encryption' => GetEnvSetting('REQUIRE_ENCRYPTION', 1),
              'admin' => [
                'ip_acl' => GetEnvSetting('ADMIN_IP_ACL', '199.184.207.194;67.42.72.111')
              ],
              'logger' => $logger
            ];

  /*
   * Ticket Domain
   * Should ONLY be the domain e.g. 'homecu.net' 'homecu.io'
   *   ** Remove the sub-domain
   */
  if (substr_count($retVal['ticket']['domain'], '.') > 1) {
    // * If we find more than one '.' then the string looks like
      // * my.homecu.net, alpha.homecu.io or .homecu.net
    // ONLY keep the string after the second to last '.'
      // * homecu.net, homecu.io or homecu.net

    // ** Find Last position of the '.' in the ['ticket']['domain']
      // ** Use this last position as the starting point for the next search for a '.'
      // ** Use the position of the second to last '.' + 1 as the starting point for the sub string
      // ** Idea stolen from php document page for strrpos
      $lastPos = strrpos($retVal['ticket']['domain'], '.');
      if ($lastPos !== false) {
        $secondLastPos = strrpos($retVal['ticket']['domain'], '.', $lastPos - strlen($retVal['ticket']['domain']) - 1);
        if ($secondLastPos !== false) {
          $retVal['ticket']['domain'] = substr($retVal['ticket']['domain'], $secondLastPos + 1);
        }
      }
  }
  return $retVal;
}

// Set up static environmental information. These should not be overridden by anyone later.
function SetEnvStatic( &$pEnv ) {

    $pEnv['defaultScript'] = 'hcuAccounts.prg';

    $pEnv['homebanking_status'] = GetServerStatus();

    $pEnv['secret'] = GetSecretKeyString();
    $pEnv['2factorkey'] = Get2FactorKeyString();
    // ** The following key will be used to hash the account key for use on the URL
    $pEnv['historyHash'] = GetHistoryKeyString();
    $pEnv['hcuViewNoticeKey'] = GetViewNoticeKey();

    $pEnv['livePacketStatusCookie'] = '_hlc';

    $pEnv['cloudfrontDomainName'] = GetCloudFrontDomainName();
    $pEnv['homecuKendoVersion'] = GetHomecuKendoVersion();
    $pEnv['bootstrapVersion'] = GetHomecuBootstrapVersion();
    $pEnv['fontawesomeVersion'] = GetFontawesomeVersion();
} // end SetEnvStatic

// Get the dbh value. Caller needs to verify it is set.
function GetDBH( $dbName ) {
    $dbh = db_pconnect( $dbName ) ;

    return $dbh;
} // end GetDBH

// This sets the Flang value. Assumes "cu" has been set up already.
function SetLanguageEnv( &$pEnv ) {

  // ** SET the language -- FROM THE GET
  // ** At this time, I am going to try and change this so it will only evaluate
  // ** Flang from the cookie for Flang. It will only get value from there
  $cookieName = $pEnv['cu'] . '_lang';
  if ( HCU_array_key_exists( $cookieName, $_COOKIE ) ) {
    $pEnv['Flang'] = $_COOKIE[$cookieName];
  } else {
    $pEnv["Flang"] = "en_US";
  }

} // SetLanguageEnv

/**
 * Return the secret key to be added to hashed values
 *
 * @return string
 */
function GetSecretKeyString() {
    return 'xogich6RFoogeid4';
}

/**
 * Return the 2 factor key used in the cookie
 *
 * @return string
 */
function Get2FactorKeyString(){
    return "Tu0geethSaith7ch";
}

/**
 * Return the string that is hashed and stored
 * in the device cookie.  The key used for hashing
 * contains sensitive member info, so don't store them
 * (even hashed) on the client.
 *
 * @return string
 */
function GetDeviceCookieContentString(){
    return 'HomeCU_Home Banking for Credit Unions';
}

/**
 * Return the History Hash Key
 *
 * @return string
 */
function GetHistoryKeyString() {
    // ** The following key will be used to hash the account key for use on the URL
    return '3I20kOxgojS8XDjyPi2vQXLs3m9m0Us9';
}

  /**
  * Return the View Notice Key
  *
  * @return string
  */
function GetViewNoticeKey() {
  return 'EN!L(2cOYy4U|9o-2]Jc8X=G6h+sr3';
}

function GetServerStatus() {
  /*
  * homebanking_status
  *
  * This flag can be used to turn off an entire home banking server without
  * the need of turning off apache.
  * At this time, the flag must be made by modifying this file
  * Accepted values
  * L - Live
  * O - OFFLINE !Important, By changing to O home banking scripts should report an
  *            error and will NOT try to connect to database
  */
  return "L";
}
/**
 * Return the cloudfront domain that points to our S3 buckets
 *
 * @return string
 */
function GetCloudFrontDomainName() {
  return 'd1kryjpwpzirc7.cloudfront.net';
}
/**
 * Return the Kendo Version Product
 *    -- Currently this assumes that any application that calls this function
 *       will use the same version.  eg Minotaur / Phoenix / Homer
 *       If there is a need to pass back different versions, then an optional
 *       "product" could be passed into the function
 *
 * @param string $pApp - The application making the request.  This will allow the different
 *                      applications to have different versions if need be
 *                      expected values are {banking, admin, monitor}
 * @return string
 */
function GetHomecuKendoVersion ($pApp = "default") {
  $retVal = "";
  switch ($pApp) {
    case "monitor";
      $retVal = "v2018.2.516";
      break;
    default:
      $retVal = "v2017.3.913";
  }

  return $retVal;
}
/**
 * Return the system bootstrap version
 *
 * @return string
 */
function GetHomecuBootstrapVersion () {
  return 'v3.3.7';
}
/**
 * Return the system fontawesome version
 *
 * @return string
 */
function GetFontawesomeVersion () {
  return 'v4.7.0';
}

/**
 * Used for broadcast emails and marketing messages in admin.  Custom Content in monitor and probably a couple of more places.
 */
function GetTinyMCEVersion () {
  return 'v4.7.9';
}

/**
 * Get the default value which is "silver" now.
 * @return string
 */
function GetAdminDefaultKendoStyle() {
  return "silver";
}

/**
 * Get the default value which is "silver" now.
 * @return string
 */
function GetMonitorDefaultKendoStyle() {
  return "silver";
}

/**
 * GetPayloadKey:
 * @uses return a string of random characters for use in  encrypting/decrypting data
 */
function GetOpenSSLKeyBilbo() {

  return "VXVtbYOrbt5avJme6ihbeS9MznYMPe9a";
}

function GetOpenSSLKeyBugs() {
  return "w0ki5QwpYWkM2FpitNEsosG9HGL9uogS";
}

function GetValidationKey() {
  return "obl1vi0u5";
}

function GetPayloadGlue() {
  return "|*|*|*|";
}

/**
 * GetPayloadEncryptionKey
 * Return a 128 bit (16 byte) or 256 bit (32 byte) key for use in 128-bit encryption (AES) in the apps.
 * The default is 16 bits.
 * BIG NOTE: CHANGING THIS KEY WILL BREAK ANYTHING THAT USES IT FOR STORED ENCRYPTED
 *           STRINGS. CHECK FIRST (e.g. Apps).
 *
 * @uses return a string of random characters for apps to use in  encrypting/decrypting data.
 */
function GetPayloadEncryptionKey($pKeySizeBytes = 32) {
  $keyString = "QtjWSJOtd02rKAm6xbxKipsRpXkUCuSf";

  $pKeySizeBytes = intval( $pKeySizeBytes ) < 16 ? 16 : $pKeySizeBytes;
  $pKeySizeBytes = intval( $pKeySizeBytes ) > strlen( $keyString ) ? strlen( $keyString ) : $pKeySizeBytes;
  $appKey = substr( $keyString, 0, $pKeySizeBytes );

  return $appKey;
}

// Used in hcuActivate.prg
// Similar functionality in hcuEnv.pi for perl scripts.
/*
 * Get google Recpatcha Site Key
 *
 * @return string         -- Returns the Google recaptcha site key
 *
 */
function GetCaptchaSiteKey() {

  /**
   *  Registered under phil.homecu.com
   *    https://www.google.com/recaptcha/admin
   */
  $retKey = '6Ld5QyQUAAAAAB-irRU5xGHndWNtB31RDIWQ4nPE';

  return $retKey;
}

/**
 * function GetCreditUnionKey()
 * For getting the key for the credit union.  Used in scripts admLogin.prg and admFunctions.i
 */
function GetCreditUnionKey() {
  return '$¢®3d1tUn10nK3`/';
}

/**
 * function GetCreditUnionCookie()
 * For getting the key for the credit union.  Used in scripts admLogin.prg and admFunctions.i
 */
function GetCreditUnionCookie() {
  return "_userc";
}

/*
 * Get google Recpatcha Secret Key
 *
 * @return string         -- Returns the Google recaptcha secret key
 *
 */
function GetCaptchaSecret($pDomain='') {

  $retKey = "6Ld5QyQUAAAAAKIO8aPwhHSf9T2oAzj7KfyJxjj_";

  return $retKey;

}

/*
 * Get credentials file for google play store service account
 *
 * @return string         -- Returns address/path of credentials file
 *
 */
function GetGPStatsCredentialsPath() {
  return "test/secrets/homecu/google/gpstats/credentials.json";
}

/**
 * GetScriptDir()
 * @return the directory running the processing of the estatement.
 */
function GetScriptDir() {
    return "/opt/odyssey/tools/bin";
}

/**
 * function GetCCConfig($home_path)
 * @return The path for configuration of the credit card.
 */
function GetCCConfig($home_path) {
    return "$home_path/bin/ccardload.cfg";
}

/**
 * function GetCCName()
 * @return The text to use in the front of the credit card periods.
 */
function GetCCName() {
    return "CREDIT CARD";
}

// Build an environment cookie so the system knows what kind of app is being used.
// Returns a cookie string in the form (so different platforms can use it): name|content|expire
function BuildEnvironmentInfoCookie($pHBEnv, $pVersionCode) {

    // the environment depends on the version code
    switch ($pVersionCode) {
        case '2':
            $environment = "Pegasus";
            break;

        case '1':
        default:
            $environment = "Odyssey";
            break;
    }

    $until = time() + $pHBEnv['SYSENV']['ticket']['expires'];
    $hashedValue = sha1( $environment . $until . $pVersionCode . $pHBEnv["secret"] );
    $profileCookie = "env=$environment&version=$pVersionCode&until=$until&check=$hashedValue";

    return "envinfo|$profileCookie|$until";
}

// Verify the environment info cookie content is valid by breaking it up and checking the hash.
// Returns boolean with false = failure.
function VerifyEnvironmentInfoCookie($pHBEnv, $pEnvInfoCookie) {

    if ( strlen( $pEnvInfoCookie ) == 0 ) {
      return false;
    }

    $testArr = array();
    parse_str( $pEnvInfoCookie, $testArr );

    $now = time();
    if ( $testArr['until'] < $now ) {
        // cookie has expired
        return false;
    }

    // same order as original hash creation
    $hashedValue = sha1( $testArr['env'] . $testArr['until'] . $testArr['version'] . $pHBEnv["secret"] );

    if ( $testArr['check'] != $hashedValue ) {
        // cookie has been changed
        return false;
    }

    return true;
}

/**
 * Load the Environment Info into the HB_ENV array. Just need to know if Pegasus.
 *
 * @param   $hb_env     array   Reference to HB_ENV to allow easy changes to values
 * @param   $ticket     string  The session string from the ticket cookie or appcode
 * @return  array               Associative array of results:
 *                               [
 *                                  'result'=>value,  // 1 = ticket is valid, 0 = ticket failed
 *                                  'resdesc'=>value, // failure reason or '' if ticket is valid
 *                               ]
 */
function LoadClientEnvInfo(&$pHBEnv, $pEnvInfoCookieString) {
  if ( VerifyEnvironmentInfoCookie( $pHBEnv, $pEnvInfoCookieString) ) {
    $valueArr = array();
    parse_str( $pEnvInfoCookieString, $valueArr );

    $pHBEnv["envinfo"] = $valueArr["env"];
  } else {
    $pHBEnv["envinfo"] = "Unknown";
  }
}