Update menu.sh

menu.sh

@@ -53,6 +53,8 @@ BANDWIDTH_DIR="$DB_DIR/bandwidth"
 BANDWIDTH_SCRIPT="/usr/local/bin/firewallfalcon-bandwidth.sh"
 BANDWIDTH_SERVICE="/etc/systemd/system/firewallfalcon-bandwidth.service"
 TRIAL_CLEANUP_SCRIPT="/usr/local/bin/firewallfalcon-trial-cleanup.sh"
+LOGIN_INFO_SCRIPT="/usr/local/bin/firewallfalcon-login-info.sh"
+SSHD_FF_CONFIG="/etc/ssh/sshd_config.d/firewallfalcon.conf"
 
 # --- ZiVPN Variables ---
 ZIVPN_DIR="/etc/zivpn"
@@ -105,6 +107,9 @@ initial_setup() {
     echo -e "${C_BLUE}🔹 Installing trial account cleanup script...${C_RESET}"
     setup_trial_cleanup_script
     
+    echo -e "${C_BLUE}🔹 Configuring SSH login info banner...${C_RESET}"
+    setup_ssh_login_info
+    
     if [ ! -f "$INSTALL_FLAG_FILE" ]; then
         touch "$INSTALL_FLAG_FILE"
     fi
@@ -426,6 +431,119 @@ TREOF
     chmod +x "$TRIAL_CLEANUP_SCRIPT"
 }
 
+setup_ssh_login_info() {
+    # Create the ffusers group if it doesn't exist
+    getent group ffusers &>/dev/null || groupadd ffusers 2>/dev/null
+    
+    # Add all existing DB users to the group
+    if [[ -f "$DB_FILE" ]]; then
+        while IFS=: read -r u _rest; do
+            [[ -z "$u" || "$u" == \#* ]] && continue
+            id "$u" &>/dev/null && usermod -aG ffusers "$u" 2>/dev/null
+        done < "$DB_FILE"
+    fi
+    
+    # Create the login info wrapper script
+    cat > "$LOGIN_INFO_SCRIPT" << 'LOGINEOF'
+#!/bin/bash
+# FirewallFalcon SSH Login Info Banner
+# Shows account details when user connects via SSH tunnel
+
+DB_FILE="/etc/firewallfalcon/users.db"
+BW_DIR="/etc/firewallfalcon/bandwidth"
+user=$(whoami)
+
+# Read user info from DB
+line=$(grep "^${user}:" "$DB_FILE" 2>/dev/null)
+if [[ -z "$line" ]]; then
+    # Not a managed user, just sleep to keep tunnel alive
+    sleep infinity &
+    wait
+    exit 0
+fi
+
+expiry=$(echo "$line" | cut -d: -f3)
+limit=$(echo "$line" | cut -d: -f4)
+bandwidth_gb=$(echo "$line" | cut -d: -f5)
+[[ -z "$bandwidth_gb" ]] && bandwidth_gb="0"
+
+# Calculate days remaining
+days_left="N/A"
+if [[ "$expiry" != "Never" && -n "$expiry" ]]; then
+    expiry_ts=$(date -d "$expiry" +%s 2>/dev/null || echo 0)
+    current_ts=$(date +%s)
+    if [[ $expiry_ts -gt 0 ]]; then
+        diff_secs=$((expiry_ts - current_ts))
+        if [[ $diff_secs -le 0 ]]; then
+            days_left="EXPIRED"
+        else
+            days_left=$(( diff_secs / 86400 ))
+            hours_left=$(( (diff_secs % 86400) / 3600 ))
+            if [[ $days_left -eq 0 ]]; then
+                days_left="${hours_left}h left"
+            else
+                days_left="${days_left}d ${hours_left}h"
+            fi
+        fi
+    fi
+fi
+
+# Calculate bandwidth info
+bw_info="Unlimited"
+if [[ "$bandwidth_gb" != "0" ]]; then
+    usage_file="$BW_DIR/${user}.usage"
+    used_bytes=0
+    if [[ -f "$usage_file" ]]; then
+        used_bytes=$(cat "$usage_file" 2>/dev/null)
+        [[ -z "$used_bytes" ]] && used_bytes=0
+    fi
+    used_gb=$(awk "BEGIN {printf \"%.2f\", $used_bytes / 1073741824}")
+    remain_gb=$(awk "BEGIN {r=$bandwidth_gb - $used_gb; if(r<0) r=0; printf \"%.2f\", r}")
+    bw_info="${used_gb}/${bandwidth_gb} GB used | ${remain_gb} GB left"
+fi
+
+# Get connection count
+online=$(pgrep -c -u "$user" sshd 2>/dev/null || echo 0)
+conn_info="${online}/${limit}"
+
+# Display the banner
+echo ""
+echo "========================================"
+echo "   FirewallFalcon VPN - Account Info"
+echo "========================================"
+echo " User:       $user"
+echo " Expires:    $expiry ($days_left)"
+echo " Bandwidth:  $bw_info"
+echo " Sessions:   $conn_info"
+echo "========================================"
+echo ""
+
+# Keep tunnel alive (sleep until connection drops)
+sleep infinity &
+wait
+LOGINEOF
+    chmod +x "$LOGIN_INFO_SCRIPT"
+    
+    # Create sshd config drop-in for managed users
+    mkdir -p /etc/ssh/sshd_config.d
+    cat > "$SSHD_FF_CONFIG" << SSHEOF
+# FirewallFalcon - Show login info for managed users
+Match Group ffusers
+    ForceCommand $LOGIN_INFO_SCRIPT
+    AllowTcpForwarding yes
+    PermitTunnel yes
+    X11Forwarding no
+SSHEOF
+    
+    # Ensure sshd_config includes the config.d directory
+    if ! grep -q "^Include /etc/ssh/sshd_config.d/" /etc/ssh/sshd_config 2>/dev/null; then
+        echo "Include /etc/ssh/sshd_config.d/*.conf" >> /etc/ssh/sshd_config
+    fi
+    
+    # Reload SSH to apply
+    systemctl reload sshd 2>/dev/null || systemctl reload ssh 2>/dev/null
+}
+
 
 generate_dns_record() {
     echo -e "\n${C_BLUE}⚙️ Generating a random domain...${C_RESET}"
@@ -624,7 +742,9 @@ create_user() {
     if ! [[ "$bandwidth_gb" =~ ^[0-9]+\.?[0-9]*$ ]]; then echo -e "\n${C_RED}❌ Invalid number.${C_RESET}"; return; fi
     local expire_date
     expire_date=$(date -d "+$days days" +%Y-%m-%d)
-    useradd -m -s /usr/sbin/nologin "$username"; echo "$username:$password" | chpasswd; chage -E "$expire_date" "$username"
+    useradd -m -s /usr/sbin/nologin "$username"
+    usermod -aG ffusers "$username" 2>/dev/null
+    echo "$username:$password" | chpasswd; chage -E "$expire_date" "$username"
     echo "$username:$password:$expire_date:$limit:$bandwidth_gb" >> "$DB_FILE"
     
     local bw_display="Unlimited"
@@ -1034,6 +1154,7 @@ restore_user_data() {
         if ! id "$user" &>/dev/null; then
             echo " - User does not exist in system. Creating..."
             useradd -m -s /usr/sbin/nologin "$user"
+            usermod -aG ffusers "$user" 2>/dev/null
         fi
         echo " - Setting password..."
         echo "$user:$pass" | chpasswd
@@ -2658,6 +2779,11 @@ uninstall_script() {
     rm -f "$BANDWIDTH_SCRIPT"
     rm -f "$TRIAL_CLEANUP_SCRIPT"
     
+    echo -e "\n${C_BLUE}\ud83d\uddd1\ufe0f Removing SSH login banner...${C_RESET}"
+    rm -f "$LOGIN_INFO_SCRIPT"
+    rm -f "$SSHD_FF_CONFIG"
+    systemctl reload sshd 2>/dev/null || systemctl reload ssh 2>/dev/null
+    
     chattr -i /etc/resolv.conf &>/dev/null
 
     purge_nginx "silent"
@@ -2781,6 +2907,7 @@ create_trial_account() {
     
     # Create the system user
     useradd -m -s /usr/sbin/nologin "$username"
+    usermod -aG ffusers "$username" 2>/dev/null
     echo "$username:$password" | chpasswd
     chage -E "$expire_date" "$username"
     echo "$username:$password:$expire_date:$limit:$bandwidth_gb" >> "$DB_FILE"
@@ -2911,6 +3038,7 @@ bulk_create_users() {
         fi
         local password=$(head /dev/urandom | tr -dc 'A-Za-z0-9' | head -c 8)
         useradd -m -s /usr/sbin/nologin "$username"
+        usermod -aG ffusers "$username" 2>/dev/null
         echo "$username:$password" | chpasswd
         chage -E "$expire_date" "$username"
         echo "$username:$password:$expire_date:$limit:$bandwidth_gb" >> "$DB_FILE"
@@ -3218,6 +3346,56 @@ _flush_torrent_rules() {
     iptables -D OUTPUT -m string --string "find_node" --algo bm -j DROP 2>/dev/null
 }
 
+ssh_banner_menu() {
+    clear; show_banner
+    echo -e "${C_BOLD}${C_PURPLE}--- 🎨 SSH Login Banner ---${C_RESET}"
+    
+    echo -e "\n${C_CYAN}When enabled, users connecting via SSH tunnel (HTTP Custom,"
+    echo -e "HTTP Injector, etc.) will see their account details:${C_RESET}"
+    echo -e "  • Days/hours remaining"
+    echo -e "  • Bandwidth used and remaining"
+    echo -e "  • Active sessions count"
+    
+    # Check current status
+    if [[ -f "$SSHD_FF_CONFIG" ]]; then
+        echo -e "\n  Status: ${C_GREEN}✅ ENABLED${C_RESET}"
+    else
+        echo -e "\n  Status: ${C_RED}❌ DISABLED${C_RESET}"
+    fi
+    
+    echo -e "\n${C_BOLD}Options:${C_RESET}\n"
+    printf "  ${C_CHOICE}[ 1]${C_RESET} %-35s\n" "✅ Enable Login Banner"
+    printf "  ${C_CHOICE}[ 2]${C_RESET} %-35s\n" "❌ Disable Login Banner"
+    printf "  ${C_CHOICE}[ 3]${C_RESET} %-35s\n" "📝 Preview Banner (test with a user)"
+    echo -e "\n  ${C_WARN}[ 0]${C_RESET} ↩️ Return"
+    echo
+    read -p "👉 Enter choice: " banner_choice
+    case $banner_choice in
+        1)
+            setup_ssh_login_info
+            echo -e "\n${C_GREEN}✅ SSH Login Banner has been enabled!${C_RESET}"
+            echo -e "${C_DIM}Users will see account info when they connect via SSH tunnel.${C_RESET}"
+            press_enter
+            ;;
+        2)
+            rm -f "$SSHD_FF_CONFIG"
+            systemctl reload sshd 2>/dev/null || systemctl reload ssh 2>/dev/null
+            echo -e "\n${C_YELLOW}❌ SSH Login Banner has been disabled.${C_RESET}"
+            press_enter
+            ;;
+        3)
+            _select_user_interface "--- 📝 Preview Login Banner ---"
+            local u=$SELECTED_USER
+            if [[ -z "$u" || "$u" == "NO_USERS" ]]; then return; fi
+            echo -e "\n${C_CYAN}--- Banner Preview for user '$u' ---${C_RESET}\n"
+            # Run the banner script as the user
+            su -s /bin/bash -c "$LOGIN_INFO_SCRIPT & sleep 1; kill %1 2>/dev/null" "$u" 2>/dev/null
+            press_enter
+            ;;
+        *) return ;;
+    esac
+}
+
 auto_reboot_menu() {
     clear; show_banner
     echo -e "${C_BOLD}${C_PURPLE}--- 🔄 Auto-Reboot Management ---${C_RESET}"