Restore

O Operator
Restore

Restore file to captured state

Every captured change carries its SHA-256-addressed content in BLOB_STORE. Restoring writes that content back to the original path — current file gets backed up to <path>.drift_restore_backup_<epoch> before overwrite.

What will change
Preview -- nothing has been written yet.
Target file/var/www/vhosts/3dshawn.com/site1/_alert_dispatch.pl
SiteDriftSense self-monitor on local
Kindlocal
Captured at2026-07-11 18:27:42
Captured SHAf7969a6939d903533ffeb690f6671d7480720a16733ee0fbf7b610eb041b09c1
Current state on disk
Live check just now. If SHAs match, the restore is a no-op.
File presentyes
Size22933 bytes
Current SHAa53566efc691
Same as captured?no -- restore will change it
What restore will change — live diff
Left column shows current on-disk content; right shows what restore will write. +20 additions, -281 deletions, 312 unchanged context lines.
11#!/usr/bin/perl
22#======================================================================
33# DriftSense -- alert dispatcher
44#
55# Cron entry point (NOT a CGI). Walks FILE_CHANGES + SCHEMA_CHANGE rows
66# inserted since the last cursor tick, evaluates every ACTIVE rule
77# against each new row, and POSTs matching payloads to the configured
88# webhook (Slack / Discord / generic HTTP). Every attempt is logged
99# to ALERT_DELIVERIES for the operator's audit trail.
1010#
1111# Config: /etc/drift_sense/drift_sense.conf (via MODS::Config).
1212# Log: /var/log/drift_sense/alert_dispatch.log (via cron redirect).
1313#======================================================================
1414use strict;
1515use warnings;
1616use lib '/var/www/vhosts/3dshawn.com/site1';
1717use POSIX ();
18use Symbol ();
18use LWP::UserAgent;
19use HTTP::Request;
1920use JSON::PP;
2021use MODS::Config;
2122use MODS::DBConnect;
22use MODS::Webhook;
2323
2424$| = 1;
2525my $ts = POSIX::strftime('%Y-%m-%d %H:%M:%S', localtime);
2626
2727my $cfg = MODS::Config->new;
2828my $db = MODS::DBConnect->new;
2929my $dbh = $db->db_connect or die "[$ts] cannot connect to DriftSense storage DB\n";
3030
3131my $public_url = $cfg->settings('public_url') || 'https://watchtower.3dshawn.com';
3232
3333# ---- Fetch active rules ---------------------------------------------
3434my @rules = $db->db_readwrite_multiple($dbh, q~
3535 SELECT alert_rule_id, rule_name, match_kind, match_path_glob,
3636 match_status_list, exclude_ts_only,
3737 delivery_kind, delivery_url, delivery_email,
38 rate_limit_per_min, coalesce_window_s,
39 frequency_threshold, frequency_window_min,
40 UNIX_TIMESTAMP(last_frequency_fire_at) AS last_freq_fire_epoch
38 rate_limit_per_min, coalesce_window_s
4139 FROM ALERT_RULES
4240 WHERE is_active = 1
4341~, __FILE__, __LINE__);
4442
4543unless (@rules) {
4644 print "[$ts] no active alert rules, exiting\n";
4745 $db->db_disconnect($dbh);
4846 exit 0;
4947}
5048
5149# ---- Fetch cursor ---------------------------------------------------
5250my %cursor;
5351foreach my $r ($db->db_readwrite_multiple($dbh, q~
5452 SELECT source_kind, last_seen_id FROM ALERT_CURSOR
5553~, __FILE__, __LINE__)) {
5654 $cursor{$r->{source_kind}} = $r->{last_seen_id};
5755}
5856$cursor{file} //= 0;
5957$cursor{schema} //= 0;
6058
6159# ---- Pull new FILE_CHANGES since cursor ------------------------------
6260my $file_max = $cursor{file};
6361my @file_new = $db->db_readwrite_multiple($dbh, qq~
6462 SELECT fc.file_changes_id AS id, fc.file_name, fc.status, fc.blob_sha,
6563 fc.is_ts_only, fc.date_time,
6664 UNIX_TIMESTAMP(fc.date_time) AS ts_epoch,
6765 s.server_name
6866 FROM FILE_CHANGES fc
6967 LEFT JOIN SERVERS s ON s.server_id = fc.server_id
7068 WHERE fc.file_changes_id > $cursor{file}
7169 ORDER BY fc.file_changes_id ASC
7270 LIMIT 500
7371~, __FILE__, __LINE__);
7472foreach my $r (@file_new) {
7573 $file_max = $r->{id} if $r->{id} > $file_max;
7674}
7775
7876# ---- Pull new SCHEMA_CHANGE since cursor -----------------------------
7977my $schema_max = $cursor{schema};
8078my @schema_new = $db->db_readwrite_multiple($dbh, qq~
8179 SELECT sc.schema_change_id AS id, sc.database_name, sc.table_name,
8280 sc.changes, sc.is_ts_only, sc.change_datetime,
8381 UNIX_TIMESTAMP(sc.change_datetime) AS ts_epoch,
8482 s.server_name
8583 FROM SCHEMA_CHANGE sc
8684 LEFT JOIN SERVERS s ON s.server_id = sc.server_id
8785 WHERE sc.schema_change_id > $cursor{schema}
8886 ORDER BY sc.schema_change_id ASC
8987 LIMIT 500
9088~, __FILE__, __LINE__);
9189foreach my $r (@schema_new) {
9290 $schema_max = $r->{id} if $r->{id} > $schema_max;
9391}
9492
9593my $total_new = scalar(@file_new) + scalar(@schema_new);
9694if ($total_new == 0) {
9795 print "[$ts] no new changes since cursor (file=$cursor{file} schema=$cursor{schema})\n";
9896 $db->db_disconnect($dbh);
9997 exit 0;
10098}
10199
102100# ---- Evaluate + deliver ---------------------------------------------
103# HTTP transport is MODS::Webhook (shells out to /usr/bin/curl) so we
104# don't need LWP::Protocol::https / IO::Socket::SSL as CPAN installs.
101my $ua = LWP::UserAgent->new(
102 timeout => 8,
103 agent => 'DriftSense/1.0 (alert-dispatch)',
104);
105$ua->ssl_opts(verify_hostname => 0); # allow self-signed test endpoints
105106
106107my $delivered = 0;
107108my $skipped = 0;
108109my $failed = 0;
109110
110111foreach my $row (@file_new) { _process_row($row, 'file'); }
111112foreach my $row (@schema_new) { _process_row($row, 'schema'); }
112
113# ---- Frequency-mode rules ------------------------------------------
114# For any rule where frequency_threshold > 0, we ignore the per-row loop
115# above and instead: query how many file changes matching the rule's
116# path glob happened in the last window_min minutes. If it crosses the
117# threshold and we haven't fired within the same window, fire once with
118# the top offender.
119foreach my $rule (@rules) {
120 next unless ($rule->{frequency_threshold} || 0) > 0;
121 my $win = int($rule->{frequency_window_min} || 60);
122 my $thr = int($rule->{frequency_threshold});
123
124 # Re-fire cooldown: don't fire more than once per window
125 my $last = int($rule->{last_freq_fire_epoch} || 0);
126 if ($last && (time - $last) < $win * 60) {
127 next;
128 }
129
130 # Find files whose match_path_glob-hit change count > threshold
131 my $glob = $rule->{match_path_glob} // '';
132 my $glob_sql = '';
133 if (length $glob) {
134 # Approx: SQL LIKE. Convert glob wildcards to SQL % / _.
135 my $like = $glob;
136 $like =~ s/\*\*/%/g;
137 $like =~ s/\*/%/g;
138 $like =~ s/\?/_/g;
139 my $q_like = $dbh->quote($like);
140 $glob_sql = " AND fc.file_name LIKE $q_like";
141 }
142 my @hot = $db->db_readwrite_multiple($dbh, qq~
143 SELECT fc.file_name,
144 COUNT(*) AS ct,
145 MAX(fc.file_changes_id) AS latest_id,
146 s.server_name
147 FROM FILE_CHANGES fc
148 LEFT JOIN SERVERS s ON s.server_id = fc.server_id
149 WHERE fc.date_time >= DATE_SUB(NOW(), INTERVAL $win MINUTE)
150 $glob_sql
151 GROUP BY fc.file_name
152 HAVING ct >= $thr
153 ORDER BY ct DESC
154 LIMIT 5
155 ~, __FILE__, __LINE__);
156 next unless @hot;
157
158 # Fire once with the top offender's info
159 my $top = $hot[0];
160 my $fake_row = {
161 id => $top->{latest_id},
162 file_name => $top->{file_name},
163 server_name => $top->{server_name} // 'local',
164 date_time => POSIX::strftime('%Y-%m-%d %H:%M:%S', localtime),
165 ts_epoch => time,
166 status => 'frequency_alert',
167 };
168 my $payload = _build_payload($rule, $fake_row, 'file');
169 # Enrich summary with count + threshold
170 my $extra = "frequency alert: $top->{file_name} changed $top->{ct} times in the last $win min (threshold: $thr)";
171 if (ref($payload->{generic_webhook}) eq 'HASH') {
172 $payload->{generic_webhook}{frequency_summary} = $extra;
173 $payload->{generic_webhook}{frequency_count} = $top->{ct};
174 $payload->{generic_webhook}{frequency_window} = $win;
175 $payload->{generic_webhook}{summary} = $extra;
176 }
177 my ($status, $http_code, $body, $err) = _deliver($rule, $payload);
178 _log_delivery($rule, $fake_row, 'file', $status, $http_code, $body, $err);
179 if ($status eq 'sent') {
180 $delivered++;
181 $db->db_readwrite($dbh, qq~
182 UPDATE ALERT_RULES
183 SET fire_count = fire_count + 1,
184 last_fired_at = NOW(),
185 last_frequency_fire_at = NOW()
186 WHERE alert_rule_id = $rule->{alert_rule_id}
187 ~, __FILE__, __LINE__);
188 } else {
189 $failed++;
190 }
191}
192113
193114# ---- Advance cursor atomically --------------------------------------
194115if ($file_max > $cursor{file}) {
195116 $db->db_readwrite($dbh,
196117 "UPDATE ALERT_CURSOR SET last_seen_id = $file_max WHERE source_kind = 'file'",
197118 __FILE__, __LINE__);
198119}
199120if ($schema_max > $cursor{schema}) {
200121 $db->db_readwrite($dbh,
201122 "UPDATE ALERT_CURSOR SET last_seen_id = $schema_max WHERE source_kind = 'schema'",
202123 __FILE__, __LINE__);
203}
204
205# ---- Pin-drift alerts (Feature 5 wave 4) ---------------------------
206# For each Named Release with alert_delivery_url set, check whether any
207# pin's current-latest SHA differs from the pinned SHA. Log the drift
208# to PIN_DRIFT_LOG (with notified=0) and, if not yet notified, POST an
209# alert to the release's delivery URL, then set notified=1.
210foreach my $rel ($db->db_readwrite_multiple($dbh, q~
211 SELECT named_release_id, name, alert_delivery_kind, alert_delivery_url
212 FROM NAMED_RELEASES
213 WHERE alert_delivery_kind IS NOT NULL
214 AND alert_delivery_kind != 'none'
215 AND alert_delivery_url IS NOT NULL
216 AND alert_delivery_url != ''
217~, __FILE__, __LINE__)) {
218
219 my $rid = $rel->{named_release_id};
220 my @drifts;
221 foreach my $pin ($db->db_readwrite_multiple($dbh, qq~
222 SELECT p.pin_id, p.file_name, p.blob_sha AS pinned_sha,
223 fc.server_id
224 FROM NAMED_RELEASE_PINS p
225 LEFT JOIN FILE_CHANGES fc ON fc.file_changes_id = p.file_changes_id
226 WHERE p.named_release_id = $rid
227 ~, __FILE__, __LINE__)) {
228 my $q_file = $dbh->quote($pin->{file_name});
229 my $sid = int($pin->{server_id} || 0);
230 my $cur = $db->db_readwrite($dbh, qq~
231 SELECT blob_sha, file_changes_id FROM FILE_CHANGES
232 WHERE server_id = $sid AND file_name = $q_file
233 ORDER BY file_changes_id DESC LIMIT 1
234 ~, __FILE__, __LINE__);
235 my $cur_sha = $cur ? $cur->{blob_sha} : '';
236 next unless $cur_sha && $cur_sha ne $pin->{pinned_sha};
237
238 # Have we already logged + notified this (pin, current_sha) tuple?
239 my $q_pinned = $dbh->quote($pin->{pinned_sha});
240 my $q_current = $dbh->quote($cur_sha);
241 my $seen = $db->db_readwrite($dbh, qq~
242 SELECT drift_id, notified FROM PIN_DRIFT_LOG
243 WHERE pin_id = $pin->{pin_id}
244 AND current_sha = $q_current
245 ORDER BY drift_id DESC LIMIT 1
246 ~, __FILE__, __LINE__);
247 if ($seen && $seen->{notified}) {
248 next; # already notified for this exact drift state
249 }
250
251 # Log the drift
252 my $q_fname = $dbh->quote($pin->{file_name});
253 my $cid = int($cur->{file_changes_id} || 0);
254 $db->db_readwrite($dbh, qq~
255 INSERT INTO PIN_DRIFT_LOG
256 (named_release_id, pin_id, file_name, pinned_sha, current_sha, file_changes_id, notified)
257 VALUES
258 ($rid, $pin->{pin_id}, $q_fname, $q_pinned, $q_current, $cid, 0)
259 ~, __FILE__, __LINE__);
260 push @drifts, {
261 file_name => $pin->{file_name},
262 pinned_sha => $pin->{pinned_sha},
263 current_sha => $cur_sha,
264 change_id => $cid,
265 };
266 }
267
268 next unless @drifts;
269
270 # Build a summary payload
271 my $summary = sprintf('Named release "%s" -- %d pinned file(s) have drifted', $rel->{name}, scalar @drifts);
272 my $public_url = $cfg->settings('public_url') || 'https://watchtower.3dshawn.com';
273 my $files_list = join("\n", map {
274 " * $_->{file_name} (pinned: " . substr($_->{pinned_sha}, 0, 12) .
275 " -> current: " . substr($_->{current_sha}, 0, 12) . ")"
276 } @drifts);
277 my $link = "$public_url/restore_release.cgi?release_id=$rid";
278
279 my $slack_body = {
280 text => "*DriftSense pin drift*: $summary",
281 attachments => [{
282 color => '#f43f5e',
283 fields => [
284 { title => 'Release', value => $rel->{name}, short => 1 },
285 { title => 'Drifted files', value => scalar(@drifts), short => 1 },
286 { title => 'Details', value => $files_list, short => 0 },
287 ],
288 actions => [{ type => 'button', text => 'Restore all pinned', url => $link }],
289 }],
290 };
291 my $discord_body = {
292 content => "**DriftSense pin drift**: $summary",
293 embeds => [{
294 title => $rel->{name},
295 url => $link,
296 color => 16005694,
297 description => $files_list,
298 }],
299 };
300 my $generic_body = {
301 source => 'drift_sense',
302 alert_type => 'pin_drift',
303 release_id => $rid,
304 release_name => $rel->{name},
305 drifted_count=> scalar @drifts,
306 summary => $summary,
307 files => \@drifts,
308 restore_url => $link,
309 };
310
311 my $body_ref = $rel->{alert_delivery_kind} eq 'slack' ? $slack_body
312 : $rel->{alert_delivery_kind} eq 'discord' ? $discord_body
313 : $generic_body;
314
315 my ($code, $rbody, $err) = MODS::Webhook::post_json(
316 $rel->{alert_delivery_url}, $body_ref,
317 timeout => 8,
318 user_agent => 'DriftSense/1.0 (pin-drift)',
319 );
320
321 if (!$err && $code >= 200 && $code < 400) {
322 # Mark all just-logged rows as notified
323 foreach my $d (@drifts) {
324 my $q_current = $dbh->quote($d->{current_sha});
325 $db->db_readwrite($dbh, qq~
326 UPDATE PIN_DRIFT_LOG SET notified = 1
327 WHERE named_release_id = $rid
328 AND file_name = @{[ $dbh->quote($d->{file_name}) ]}
329 AND current_sha = $q_current
330 AND notified = 0
331 ~, __FILE__, __LINE__);
332 }
333 $delivered++;
334 print "[$ts] pin-drift alert delivered for release '$rel->{name}' (" . scalar(@drifts) . " drifted)\n";
335 } else {
336 $failed++;
337 print "[$ts] pin-drift alert FAILED for release '$rel->{name}': " . ($err // "HTTP $code") . "\n";
338 }
339
340 # Bookkeep the check timestamp
341 $db->db_readwrite($dbh, qq~
342 UPDATE NAMED_RELEASES SET last_pin_drift_check_at = NOW()
343 WHERE named_release_id = $rid
344 ~, __FILE__, __LINE__);
345124}
346125
347126$db->db_disconnect($dbh);
348127print "[$ts] processed +$total_new new changes: $delivered delivered, $skipped skipped, $failed failed\n";
349128exit 0;
350129
351130#---------------------------------------------------------------------
352131sub _process_row {
353132 my ($row, $kind) = @_;
354133 foreach my $rule (@rules) {
355134 next unless _rule_matches($rule, $row, $kind);
356135
357136 # Rate limit check
358137 if ($rule->{rate_limit_per_min} > 0) {
359138 my $rlq = $db->db_readwrite($dbh, qq~
360139 SELECT COUNT(*) AS n FROM ALERT_DELIVERIES
361140 WHERE alert_rule_id = $rule->{alert_rule_id}
362141 AND fired_at >= DATE_SUB(NOW(), INTERVAL 1 MINUTE)
363142 AND delivery_status IN ('sent','pending')
364143 ~, __FILE__, __LINE__);
365144 if ($rlq && $rlq->{n} >= $rule->{rate_limit_per_min}) {
366145 _log_delivery($rule, $row, $kind, 'skipped', undef, undef,
367146 "rate limit ($rule->{rate_limit_per_min}/min) reached");
368147 $skipped++;
369148 next;
370149 }
371150 }
372151
373152 # Build payload + POST
374153 my $payload = _build_payload($rule, $row, $kind);
375154 my ($status, $http_code, $body, $err) = _deliver($rule, $payload);
376155 _log_delivery($rule, $row, $kind, $status, $http_code, $body, $err);
377156
378157 if ($status eq 'sent') { $delivered++; }
379158 elsif ($status eq 'skipped') { $skipped++; }
380159 else { $failed++; }
381160
382161 # Bump the rule's fire_count + last_fired_at
383162 if ($status eq 'sent') {
384163 $db->db_readwrite($dbh, qq~
385164 UPDATE ALERT_RULES
386165 SET fire_count = fire_count + 1,
387166 last_fired_at = NOW()
388167 WHERE alert_rule_id = $rule->{alert_rule_id}
389168 ~, __FILE__, __LINE__);
390169 }
391170 }
392171}
393172
394173#---------------------------------------------------------------------
395174sub _rule_matches {
396175 my ($rule, $row, $kind) = @_;
397176
398177 # Kind filter
399178 return 0 if $rule->{match_kind} ne 'either' && $rule->{match_kind} ne $kind;
400179
401180 # ts-only exclusion (files only)
402181 return 0 if $kind eq 'file' && $rule->{exclude_ts_only} && $row->{is_ts_only};
403182
404183 # Path glob
405184 my $glob = $rule->{match_path_glob} // '';
406185 if (length $glob) {
407186 my $target = $kind eq 'file'
408187 ? ($row->{file_name} // '')
409188 : (($row->{database_name} // '') . '.' . ($row->{table_name} // ''));
410189 my $re = _glob_to_regex($glob);
411190 return 0 unless $target =~ $re;
412191 }
413192
414193 # Status filter (files only)
415194 if ($kind eq 'file' && $rule->{match_status_list}) {
416195 my %allowed = map { s/^\s+|\s+$//g; $_ => 1 }
417196 split /,/, $rule->{match_status_list};
418197 return 0 unless $allowed{ $row->{status} // '' };
419198 }
420199
421200 return 1;
422201}
423202
424203sub _glob_to_regex {
425204 my $g = shift;
426205 my $re = quotemeta $g;
427206 # Handle glob patterns: escaped meta chars back to regex meaning
428207 $re =~ s{\\\*\\\*}{.*}g; # ** -> .*
429208 $re =~ s{\\\*}{[^/]*}g; # * -> [^/]*
430209 $re =~ s{\\\?}{.}g; # ? -> .
431210 return qr/^$re$/;
432211}
433212
434213#---------------------------------------------------------------------
435214sub _build_payload {
436215 my ($rule, $row, $kind) = @_;
437216
438217 my $where = $kind eq 'file'
439218 ? ($row->{file_name} // '(unknown file)')
440219 : (($row->{database_name} // '?') . '.' . ($row->{table_name} // '?'));
441220 my $when_utc = $row->{date_time} || $row->{change_datetime} || '';
442221 my $server = $row->{server_name} || 'local';
443222 my $status_h = $kind eq 'file' ? ($row->{status} // '') : 'DDL change';
444223 my $link_id = $row->{id};
445224 my $link = "$public_url/diff.cgi?kind=$kind&id=$link_id";
446225
447226 my $summary = $kind eq 'file'
448227 ? "$status_h: $where on $server"
449228 : "$where changed on $server";
450229
451230 my $slack = {
452231 text => "*DriftSense*: $summary",
453232 attachments => [{
454233 color => $kind eq 'schema' ? '#f59e0b' : '#14b8a6',
455234 fields => [
456235 { title => 'What', value => $where, short => 0 },
457236 { title => 'When', value => $when_utc, short => 1 },
458237 { title => 'Server', value => $server, short => 1 },
459238 ],
460239 actions => [{
461240 type => 'button', text => 'View diff', url => $link,
462241 }],
463242 }],
464243 };
465244 my $discord = {
466245 content => "**DriftSense**: $summary",
467246 embeds => [{
468247 title => $where,
469248 url => $link,
470249 color => $kind eq 'schema' ? 16101915 : 1349286, # amber, teal
471250 fields => [
472251 { name => 'When', value => $when_utc || '?', inline => \1 },
473252 { name => 'Server', value => $server, inline => \1 },
474253 ],
475254 }],
476255 };
477256 my $generic = {
478257 source => 'drift_sense',
479258 rule_id => $rule->{alert_rule_id},
480259 rule_name => $rule->{rule_name},
481260 kind => $kind,
482261 summary => $summary,
483262 target => $where,
484263 server => $server,
485264 when_utc => $when_utc,
486265 ts_epoch => $row->{ts_epoch},
487266 diff_url => $link,
488267 status => $status_h,
489268 };
490269
491270 return {
492271 slack => $slack,
493272 discord => $discord,
494273 generic_webhook => $generic,
495274 summary => $summary,
496275 };
497276}
498277
499278#---------------------------------------------------------------------
500279sub _deliver {
501280 my ($rule, $payload) = @_;
502281 my $kind = $rule->{delivery_kind};
503282 my $url = $rule->{delivery_url};
504283
505284 if ($kind eq 'email') {
506 my $to = $rule->{delivery_email} || '';
507 return ('failed', undef, undef, 'no delivery_email configured') unless length $to;
508 my $summary = $payload->{summary} // 'DriftSense alert';
509 my $target = ($payload->{generic_webhook} && $payload->{generic_webhook}{target}) // '(unknown)';
510 my $server = ($payload->{generic_webhook} && $payload->{generic_webhook}{server}) // 'local';
511 my $link = ($payload->{generic_webhook} && $payload->{generic_webhook}{diff_url}) // '';
512
513 my $mail_body = "DriftSense captured a change matching alert rule: $rule->{rule_name}\n\n"
514 . "Target : $target\n"
515 . "Server : $server\n"
516 . "Summary: $summary\n"
517 . ($link ? "Diff : $link\n" : '')
518 . "\n(Automated notification from DriftSense.)\n";
519
520 my $from = $cfg->settings('alert_from_email') || 'drift_sense@localhost';
521 my $subj = "[DriftSense] " . substr($summary, 0, 120);
522
523 my $sendmail = '/usr/sbin/sendmail';
524 $sendmail = '/usr/lib/sendmail' unless -x $sendmail;
525 return ('failed', undef, undef, "no sendmail binary") unless -x $sendmail;
526
527 require IPC::Open3;
528 my ($wtr, $rdr, $err_fh);
529 $err_fh = Symbol::gensym();
530 my $pid = eval { IPC::Open3::open3($wtr, $rdr, $err_fh, $sendmail, '-t', '-i') };
531 return ('failed', undef, undef, "spawn: $@") if $@ || !$pid;
532 binmode $wtr;
533 print {$wtr} "From: $from\r\n";
534 print {$wtr} "To: $to\r\n";
535 print {$wtr} "Subject: $subj\r\n";
536 print {$wtr} "Content-Type: text/plain; charset=utf-8\r\n";
537 print {$wtr} "\r\n";
538 print {$wtr} $mail_body;
539 close $wtr;
540 do { local $/; <$rdr> // ''; };
541 do { local $/; <$err_fh> // ''; };
542 close $rdr; close $err_fh;
543 waitpid $pid, 0;
544 my $rc = $? >> 8;
545 return $rc == 0
546 ? ('sent', 0, "delivered to $to", undef)
547 : ('failed', $rc, undef, "sendmail exit $rc");
285 return ('skipped', undef, undef, 'email delivery not yet implemented');
548286 }
549287 unless (length($url // '')) {
550288 return ('failed', undef, undef, "no delivery URL configured");
551289 }
552290
553291 my $body_ref = $kind eq 'slack' ? $payload->{slack}
554292 : $kind eq 'discord' ? $payload->{discord}
555293 : $payload->{generic_webhook};
294 my $json = eval { encode_json($body_ref) };
295 if ($@) { return ('failed', undef, undef, "encode_json: $@"); }
556296
557 # MODS::Webhook handles JSON encoding + curl transport; returns
558 # (http_code, response_body, error_message).
559 my ($code, $rbody, $err) = MODS::Webhook::post_json(
560 $url, $body_ref,
561 timeout => 8,
562 user_agent => 'DriftSense/1.0 (alert-dispatch)',
563 );
564 $rbody //= '';
297 my $req = HTTP::Request->new(POST => $url);
298 $req->header('Content-Type' => 'application/json');
299 $req->content($json);
300
301 my $resp = $ua->request($req);
302 my $code = $resp->code;
303 my $rbody = $resp->decoded_content // '';
565304 $rbody = substr($rbody, 0, 500) if length($rbody) > 500;
566305
567 if (!$err && $code >= 200 && $code < 400) {
306 if ($resp->is_success) {
568307 return ('sent', $code, $rbody, undef);
569308 }
570 return ('failed', $code, $rbody, $err || "HTTP $code");
309 return ('failed', $code, $rbody, $resp->status_line);
571310}
572311
573312#---------------------------------------------------------------------
574313sub _log_delivery {
575314 my ($rule, $row, $kind, $status, $http_code, $body, $err) = @_;
576315 my $summary = substr(($rule->{rule_name} // '') . ' :: ' . ($row->{file_name}
577316 || ($row->{database_name} . '.' . $row->{table_name})
578317 || '?'), 0, 490);
579318 my $q_summary = $dbh->quote($summary);
580319 my $q_status = $dbh->quote($status);
581320 my $q_body = $dbh->quote($body // '');
582321 my $q_err = $dbh->quote($err // '');
583322 my $q_code = defined($http_code) ? int($http_code) : 'NULL';
584323
585324 $db->db_readwrite($dbh, qq~
586325 INSERT INTO ALERT_DELIVERIES
587326 (alert_rule_id, source_kind, source_id, match_summary,
588327 delivery_status, http_status, http_response, error_message)
589328 VALUES
590329 ($rule->{alert_rule_id}, '$kind', $row->{id}, $q_summary,
591330 $q_status, $q_code, $q_body, $q_err)
592331 ~, __FILE__, __LINE__);
593332}
Confirm restore
Backs current content to <target>.drift_restore_backup_<epoch>, writes the captured content, verifies SHA post-write.
Cancel Logged to RESTORE_LOG regardless of outcome.