#!rsc
# RouterOS script: daily-psk
# Copyright (c) 2013-2018 Christian Hesse <mail@eworm.de>
#
# update daily PSK (pre shared key)

:global "identity";
:global "daily-psk-match-comment";

:global SendNotification;

:local seen [ :toarray "" ];

# return pseudo-random string for PSK
:local GeneratePSK do={
  :local date $1;

  :global "daily-psk-secrets";

  :local months {
    "jan"; "feb"; "mar"; "apr"; "may"; "jun";
    "jul"; "aug"; "sep"; "oct"; "nov"; "dec"
  }
  :local monthtbl {
    0; 3; 3; 6; 1; 4; 6; 2; 5; 0; 3; 5
  }

  :local monthstr [ :pick $date 0 3 ];
  :local month;
  :local day [ :pick $date 4 6 ];
  :local century [ :pick $date 7 9 ];
  :local year [ :pick $date 9 11 ];

  # get numeric value for month
  :for mindex from=0 to=[ :len $months ] do={
    :if ([ :pick $months $mindex ] = $monthstr) do={
      :set month $mindex;
    }
  }

  # calculate day of week
  :local sum 0;
  :set sum ($sum + (2 * (3 - ($century - (($century / 4) * 4)))));
  :set sum ($sum + ($year / 4));
  :set sum ($sum + $year + $day);
  :set sum ($sum + $month);
  :set sum ($sum - (($sum / 7) * 7));

  :local return ([ :pick [ :pick $"daily-psk-secrets" 0 ] ($day - 1) ] . \
    [ :pick [ :pick $"daily-psk-secrets" 1 ] $month ] . \
    [ :pick [ :pick $"daily-psk-secrets" 2 ] $sum ]);

  :return $return;
}

:local date [ / system clock get date ];
:local newpsk [ $GeneratePSK $date ];

:foreach acclist in=[ / interface wireless access-list find where comment~$"daily-psk-match-comment" ] do={
  :local intname [ / interface wireless access-list get $acclist interface ];
  :local interface [ / interface wireless find where name=$intname disabled=no ];
  :local ssid [ / interface wireless get $intname ssid ];
  :local oldpsk [ / interface wireless access-list get $acclist private-pre-shared-key ];
  :local skip 0;

  :if ($newpsk != $oldpsk) do={
    :log info ("Updating daily PSK for " . $intname . " to " . $newpsk . " (was " . $oldpsk . ")");
    / interface wireless access-list set $acclist private-pre-shared-key=$newpsk;

    :if ([ :len $interface ] = 1) do={
      :foreach "seen-ssid" in=$seen do={
        :if ($"seen-ssid" = $ssid) do={
          :log debug ("Already sent a mail for SSID " . $ssid . ", skipping.");
          :set skip 1;
        }
      }

      :if ($skip = 0) do={
        :set $seen ( $seen, $ssid );

        :local host "www.eworm.de"
        :local srcpath ("/cgi-bin/cqrlogo-wifi.cgi" . \
          "?scale=8" . \
          "&level=1" . \
          "&ssid=" . $ssid . \
          "&pass=" . $newpsk);

        / tool fetch mode=https check-certificate=yes-without-crl address=$host host=$host \
          src-path=$srcpath dst-path=qrcode-daily.png;

        $SendNotification ("[" . $identity . "] daily PSK " . $ssid) \
          ("This is the daily PSK on " . $identity . ":\n\n" . \
            "SSID: " . $ssid . "\n" . \
            "PSK:  " . $newpsk . "\n" . \
            "Date: " . [ / system clock get date ] . "\n\n" . \
            "https://" . $host . $srcpath) \
          "qrcode-daily.png";
      }
    } else={
      :log debug ("Missing active interface " . $intname . " for access list entry.");
    }
  }
}