1 files changed, 39 insertions, 6 deletions

diff --git a/modules/private/websites/tools/tools/dmarc_reports/api.php b/modules/private/websites/tools/tools/dmarc_reports/api.php
index 9b7f0c0..5d4657e 100644
--- a/modules/private/websites/tools/tools/dmarc_reports/api.php
+++ b/modules/private/websites/tools/tools/dmarc_reports/api.php
@@ -18,6 +18,28 @@ function error_die($text, $number) {
   die(json_encode($message));
 }
 
+$anonymous = isset($_GET['anonymous']) && $_GET['anonymous'];
+function maybe_anonymize($string, $long = false) {
+  global $anonymous_key;
+  global $anonymous;
+  if ($anonymous) {
+    if ($long) {
+      return md5($anonymous_key . ":" . $string);
+    } else {
+      return substr(md5($anonymous_key . ":" . $string), 0, 6);
+    }
+  } else {
+    return $string;
+  }
+}
+
+if (!$anonymous && (!isset($_SERVER['HTTP_AUTHORIZATION']) || $_SERVER['HTTP_AUTHORIZATION'] === "")) {
+  header('WWW-Authenticate: Basic realm="Immae"');
+  header('HTTP/1.0 401 Unauthorized');
+  echo "You need to be authenticated to access private information";
+  exit;
+}
+
 if ($mysqli->connect_errno) {
   error_die($mysqli->connect_error, $mysqli->connect_errno);
 }
@@ -27,14 +49,14 @@ if (!isset($_GET['serial'])) {
   $query = $mysqli->query("SELECT DISTINCT domain FROM `report` ORDER BY domain");
   if ($mysqli->error) { error_die($mysqli->error, $mysqli->errno); }
   while($row = $query->fetch_assoc()) {
-    $response["domains"][] = $row['domain'];
+    $response["domains"][] = maybe_anonymize($row['domain']);
   }
 
   $response["orgs"] = array();
   $query = $mysqli->query("SELECT DISTINCT org FROM `report` ORDER BY org");
   if ($mysqli->error) { error_die($mysqli->error, $mysqli->errno); }
   while($row = $query->fetch_assoc()) {
-    $response["orgs"][] = $row['org'];
+    $response["orgs"][] = maybe_anonymize($row['org']);
   }
 
   $response["dates"] = array();
@@ -55,7 +77,13 @@ if (!isset($_GET['serial'])) {
   $query = $mysqli->query($sql);
   if ($mysqli->error) { error_die($mysqli->error, $mysqli->errno); }
   while($row = $query->fetch_assoc()) {
-    unset($row["raw_xml"]);
+    $wanted_keys = array(
+      'domain', 'org', 'reportid', 'mindate', 'maxdate', 'rcount', 'serial', 'policy_adkim', 'policy_aspf', 'policy_none', 'policy_sp', 'policy_pct', 'spfresult', 'dkimresult'
+    );
+    $row = array_intersect_key($row, array_fill_keys($wanted_keys, '1'));
+    $row["domain"] = maybe_anonymize($row["domain"]);
+    $row["org"] = maybe_anonymize($row["org"]);
+    $row["reportid"] = maybe_anonymize($row["reportid"], true);
     $response["summaries"][] = $row;
   }
 } else {
@@ -76,9 +104,14 @@ if (!isset($_GET['serial'])) {
       $ip = "-";
       $host = "-";
     }
-    $row['ip'] = $ip;
-    $row['host'] = $host;
-    unset($row['ip6']);
+    $wanted_keys = array(
+      'ip', 'host', 'rcount', 'disposition', 'reason', 'dkimdomain', 'dkimresult', 'spfdomain', 'spfresult'
+    );
+    $row = array_intersect_key($row, array_fill_keys($wanted_keys, '1'));
+    $row['ip'] = maybe_anonymize($ip);
+    $row['host'] = maybe_anonymize($host);
+    $row['dkimdomain'] = maybe_anonymize($row['dkimdomain']);
+    $row['spfdomain'] = maybe_anonymize($row['spfdomain']);
     $response["rptrecord"][] = $row;
   }
 }