From c09cfdfcbf9f0a268b8feb66002c2fdd745b2822 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <jmiller-moko@noreply.git.mokoconsulting.tech>
Date: Sat, 6 Jun 2026 20:22:13 -0500
Subject: [PATCH] fix: update install script heartbeat to use MokoWaaSBase with
 RSA

Replaced old Grafana receiver endpoint with MokoWaaSBase heartbeat API.
Includes RSA signature from monitor plugin's signing_key param.
---
 source/script.php | 84 ++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 64 insertions(+), 20 deletions(-)

diff --git a/source/script.php b/source/script.php
index 5bca126c..764c5b16 100644
--- a/source/script.php
+++ b/source/script.php
@@ -784,42 +784,86 @@ class Pkg_MokowaasInstallerScript
 		try
 		{
 			$db = Factory::getDbo();
+
+			// Get health token from core plugin
 			$query = $db->getQuery(true)
 				->select($db->quoteName('params'))
 				->from($db->quoteName('#__extensions'))
 				->where($db->quoteName('element') . ' = ' . $db->quote('mokowaas'))
 				->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
 				->where($db->quoteName('folder') . ' = ' . $db->quote('system'));
-			$params = json_decode((string) $db->setQuery($query)->loadResult());
-
-			$healthToken = $params->health_api_token ?? '';
+			$coreParams = json_decode((string) $db->setQuery($query)->loadResult());
+			$healthToken = $coreParams->health_api_token ?? '';
 
 			if (empty($healthToken))
 			{
 				return;
 			}
 
-			$siteUrl  = rtrim(\Joomla\CMS\Uri\Uri::root(), '/');
-			$siteName = Factory::getConfig()->get('sitename', 'Joomla');
+			// Get base URL and signing key from monitor plugin
+			$query = $db->getQuery(true)
+				->select($db->quoteName('params'))
+				->from($db->quoteName('#__extensions'))
+				->where($db->quoteName('element') . ' = ' . $db->quote('mokowaas_monitor'))
+				->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+				->where($db->quoteName('folder') . ' = ' . $db->quote('system'));
+			$monitorParams = json_decode((string) $db->setQuery($query)->loadResult());
+			$baseUrl = rtrim($monitorParams->base_url ?? '', '/');
+
+			if (empty($baseUrl))
+			{
+				return;
+			}
+
+			$siteUrl   = rtrim(\Joomla\CMS\Uri\Uri::root(), '/');
+			$domain    = parse_url($siteUrl, PHP_URL_HOST) ?: '';
+			$timestamp = time();
 
 			$payload = json_encode([
-				'site_url'     => $siteUrl,
-				'site_name'    => $siteName,
-				'health_token' => $healthToken,
-				'action'       => 'register',
+				'token'          => $healthToken,
+				'domain'         => $domain,
+				'site_name'      => Factory::getConfig()->get('sitename', 'Joomla'),
+				'site_url'       => $siteUrl,
+				'joomla_version' => (new \Joomla\CMS\Version())->getShortVersion(),
+				'php_version'    => PHP_VERSION,
+				'timestamp'      => $timestamp,
 			], JSON_UNESCAPED_SLASHES);
 
-			$ch = curl_init('https://bench.mokoconsulting.tech/api/waas-heartbeat/register');
-			curl_setopt($ch, CURLOPT_POST, true);
-			curl_setopt($ch, CURLOPT_HTTPHEADER, [
-				'Content-Type: application/json',
-				'X-MokoWaaS-Key: moko-waas-hb-2026-x9k4m',
+			$headers = ['Content-Type: application/json'];
+
+			// RSA sign the request
+			$signingKeyB64 = $monitorParams->signing_key ?? '';
+
+			if (!empty($signingKeyB64))
+			{
+				$privateKeyPem = base64_decode($signingKeyB64);
+				$privateKey    = openssl_pkey_get_private($privateKeyPem);
+
+				if ($privateKey !== false)
+				{
+					$message   = $domain . '|' . $timestamp . '|' . $healthToken;
+					$signature = '';
+
+					if (openssl_sign($message, $signature, $privateKey, OPENSSL_ALGO_SHA256))
+					{
+						$headers[] = 'X-MokoWaaS-Signature: ' . base64_encode($signature);
+						$headers[] = 'X-MokoWaaS-Timestamp: ' . $timestamp;
+					}
+				}
+			}
+
+			$endpoint = $baseUrl . '/api/index.php/v1/mokowaasbase/heartbeat';
+
+			$ch = curl_init($endpoint);
+			curl_setopt_array($ch, [
+				CURLOPT_POST           => true,
+				CURLOPT_HTTPHEADER     => $headers,
+				CURLOPT_POSTFIELDS     => $payload,
+				CURLOPT_RETURNTRANSFER => true,
+				CURLOPT_TIMEOUT        => 15,
+				CURLOPT_FOLLOWLOCATION => true,
+				CURLOPT_SSL_VERIFYPEER => false,
 			]);
-			curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
-			curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-			curl_setopt($ch, CURLOPT_TIMEOUT, 15);
-			curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
-			curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
 
 			$response = curl_exec($ch);
 			$code     = (int) curl_getinfo($ch, CURLINFO_HTTP_CODE);
@@ -827,7 +871,7 @@ class Pkg_MokowaasInstallerScript
 
 			if ($code >= 200 && $code < 300)
 			{
-				Factory::getApplication()->enqueueMessage('Grafana heartbeat: site registered', 'message');
+				Factory::getApplication()->enqueueMessage('MokoWaaSBase heartbeat: site registered', 'message');
 			}
 		}
 		catch (\Throwable $e)