=== Centinel API ===
Contributors: gtcrais
Tags: database backup, application log check, database, logs
Requires at least: 4.4
Tested up to: 4.9
Stable tag: 1.0.0
Requires PHP: 5.6
License: MIT
License URI: http://opensource.org/licenses/MIT

Connect your web with Centinel for automatic database backups and application log checks.

== Description ==

This package provides API for downloading the application log file, and dumping and downloading the database. It ships with authentication middleware which protects the API routes.

Centinel API is designed to work in combination with [**Centinel**](https://centinel.online) - centralized application management system for off-site database backups and application log checks.

== Requirements ==

* PHP 5.6+
* WordPress 4.4+

== Installation ==

* upload the plugin files to the `/wp-content/plugins/centinel-api` directory, or install the plugin through the WordPress plugins screen directly
* activate the plugin through the 'Plugins' screen in WordPress

== Usage ==

**It's highly recommended to use this plugin only on websites that use HTTPS!**

After installing the plugin, go to `Settings > Centinel API Settings` in your WordPress Admin zone. From there, copy `privateKey`, `encryptionKey` and `routePrefix` to [**Centinel**](https://centinel.online), and you're ready to schedule your application log checks and database backups.

== Settings ==

* `Private Key` - random string, used for authentication
* `Encryption Key` - random string, used for additional security layer
* `Route Prefix` - random string, prefixing the API routes
* `Log Routes Enabled` - disable if you do not wish to send logs to Centinel
* `Database Routes Enabled` - disable if you do not wish to send database dumps to Centinel
* `Disable Time Based Authorization` - check this option in case of your server's and Centinel's datetime being out of sync which results in `Request time mismatch` or `Too many API calls` error
* `Zip Password` - password used when zipping the database dump. **Make sure to save the Zip Password so you can restore your database in case of server crash**
* `Dump Folder` - folder where the database dumps are going to be created. All database dumps, along with this folder, are always deleted after being sent to Centinel.
* `MySQL Settings` - various database dump options

All MySQL settings are optional. If you're developing on Windows (WAMP, for example), you may want to set your `Dump Binary Path` to something like `'C:\Progra~1\wamp\bin\mysql\mysql5.7.18\bin'`.

Some MySQL settings will be ignored for PHP 5.6. For more details check [Spatie DB Dumper v1.5.1](https://github.com/spatie/db-dumper/tree/1.5.1)

For details on how to use the dump options check the installed version of the package. For PHP 7 that will be [Spatie DB Dumper v2.9](https://github.com/spatie/db-dumper/tree/2.9.0)

== API Routes ==

* [POST] `/{routePrefix}/create-log`
* [POST] `/{routePrefix}/download-log`
* [POST] `/{routePrefix}/dump-database`
* [POST] `/{routePrefix}/download-database`

For more details check `/app/Controllers/CentinelApiApiController.php` controller.

== Application Logs ==

By default, WordPress does not write any errors to the log file. To change this, you can open up `wp-config.php` and set the following options:
`define('WP_DEBUG', true);`
`define('WP_DEBUG_LOG', true);`
`define('WP_DEBUG_DISPLAY', false);`

You can read more about these options in [**WordPress documentation**](https://codex.wordpress.org/Debugging_in_WordPress)

== Database Backups ==

[Spatie DB Dumper](https://github.com/spatie/db-dumper) is used to make database dumps. **MySQL** is supported, and requires `mysqldump` utility.

Centinel API will try to zip and password protect database dumps before sending them to Centinel. In case you're using PHP 7.2+, it will use PHP's native `ZipArchive` class to zip and encrypt the database. Otherwise, it will look for 7-Zip and Zip libraries to do so. If no option is available, dumps will be sent without being zipped and password protected.

Run `Check Zip Availability` in Centinel API Settings to see which library is available on your server. Note that Zip encryption algorithm is much less secure than that of ZipArchive and 7-Zip. Ultimately it is up to you to decide which level of security is satisfactory. You can always opt out of backing up your database by disabling database backups in Centinel, and additionally, unchecking `Database Routes Enabled` in the settings.

== Authentication ==

For details check `/app/Middleware/CentinelApiAuthorizeRequest.php` middleware.

== Changelog ==

= 1.0.0 =
* Initial release

== License ==

WordPress Centinel API is open-sourced software licensed under the [MIT license](http://opensource.org/licenses/MIT).