#!/bin/bash

INPUT_FILE="domains.txt"
OUTPUT_FILE="certs.html"
BOT_TOKEN="6702352380:AAEfcIiEi3_kjAIqkpf95xpfjnOSlgGGyo8" # Replace with your actual bot token
TELEGRAM_USER_ID="158024537" # Replace with your actual Telegram user ID
NOW=$(date '+%Y-%m-%d %H:%M')

send_alert() {
  local domain_full="$1"
  local msg="⚠️ Your domain '$domain_full' is about to expire in less than 5 days. Please renew it immediately to avoid service disruption."
  curl -s -X POST "https://api.telegram.org/bot$BOT_TOKEN/sendMessage" \
    -d chat_id="$TELEGRAM_USER_ID" \
    -d text="$msg"
}

echo "<!DOCTYPE html>
<html lang='fa'>
<head>
<meta charset='UTF-8'>
<title>گزارش SSL</title>
<style>
  body { font-family: sans-serif; direction: rtl; background: #f5f5f5; padding: 20px; }
  table { width: 100%; border-collapse: collapse; background: white; }
  th, td { padding: 12px; border: 1px solid #ccc; text-align: center; }
  thead { background: #4caf50; color: white; }
  .green { background: #c8e6c9; color: #1b5e20; }
  .yellow { background: #fff9c4; color: #f57f17; }
  .red { background: #ffcdd2; color: #b71c1c; }
  .error { background: #ffebee; color: #d32f2f; font-style: italic; }
</style>
</head>
<body>
<h2>وضعیت SSL دامنه‌ها</h2>
<div class=\"timestamp\">آخرین به‌روزرسانی: $NOW</div>
<br> </br>
<table>
<thead><tr><th>دامنه/URL</th><th>تاریخ انقضا</th><th>روز باقی‌مانده</th></tr></thead>
<tbody>" > "$OUTPUT_FILE"

while read -r line; do
  [[ -z "$line" ]] && continue

  # Determine if it's a full URL or just a domain
  if [[ "$line" =~ ^https?:// ]]; then
    # Extract domain and port from the URL
    domain_full="$line"
    # Remove protocol (http/https)
    host_port_path="${line#*://}"
    # Extract host and port part (before the first '/')
    host_port="${host_port_path%%/*}"

    # Separate host and port
    if [[ "$host_port" =~ :([0-9]+)$ ]]; then
      domain="${host_port%:*}"
      port="${BASH_REMATCH[1]}"
    else
      domain="$host_port"
      port="443" # Default HTTPS port
    fi
  else
    domain="$line"
    port="443" # Default HTTPS port for plain domains
    domain_full="$domain" # For consistent alert messages
  fi

  enddate=$(openssl s_client -connect "$domain:$port" -servername "$domain" </dev/null 2>/dev/null | openssl x509 -noout -enddate 2>/dev/null)

  if [[ $? -ne 0 || -z "$enddate" ]]; then
    echo "<tr class=\"error\"><td>$domain_full</td><td>خطا</td><td>-</td></tr>" >> "$OUTPUT_FILE"
    continue
  fi

  enddate_val=${enddate#notAfter=}
  end_ts=$(date -d "$enddate_val" +%s)
  now_ts=$(date +%s)
  diff_days=$(( (end_ts - now_ts) / 86400 ))

  if (( diff_days <= 5 )); then # Changed from 6 to 5 to match alert message
    class="red"
    send_alert "$domain_full"  # Send Telegram alert
  elif (( diff_days <= 15 )); then
    class="yellow"
  else
    class="green"
  fi

  echo "<tr class=\"$class\"><td>$domain_full</td><td>$enddate_val</td><td>$diff_days</td></tr>" >> "$OUTPUT_FILE"
done < "$INPUT_FILE"

echo "</tbody></table></body></html>" >> "$OUTPUT_FILE"

echo "✅ فایل HTML ساخته شد و هشدارها برای دامنه‌های خطرناک ارسال شد."