# Script de Configuração MikroTik - HOTSPOT TOTALMENTE CORRIGIDO
# Criado para: Ivan - Empreendedor
# Data: 14/08/2025

# ===== CONFIGURAÇÃO INICIAL =====
/system identity set name="MikroTik-LoadBalance-Hotspot"

# ===== CONFIGURAÇÃO DAS INTERFACES =====
/interface ethernet set [ find default-name=ether1 ] name=wan1-pppoe
/interface ethernet set [ find default-name=ether2 ] name=wan2-dhcp
/interface ethernet set [ find default-name=ether3 ] name=wan3-dhcp
/interface ethernet set [ find default-name=ether4 ] name=lan-interna
/interface ethernet set [ find default-name=ether5 ] name=hotspot-eth

# ===== CONFIGURAÇÃO WAN1 - PPPoE =====
/interface pppoe-client
add name=pppoe-wan1 interface=wan1-pppoe user="SEU_USUARIO_PPPOE" password="SUA_SENHA_PPPOE" \
    add-default-route=no use-peer-dns=no disabled=no

# ===== CONFIGURAÇÃO WAN2 e WAN3 - DHCP Client =====
/ip dhcp-client
add interface=wan2-dhcp add-default-route=no use-peer-dns=no disabled=no comment="WAN2-DHCP"
add interface=wan3-dhcp add-default-route=no use-peer-dns=no disabled=no comment="WAN3-DHCP"

# ===== CONFIGURAÇÃO LAN INTERNA =====
/ip address add address=10.0.0.1/24 interface=lan-interna

# ===== LIMPEZA COMPLETA DO HOTSPOT ANTERIOR =====
/ip hotspot remove [find]
/ip hotspot profile remove [find]
/ip hotspot user remove [find]
/ip hotspot ip-binding remove [find]

# ===== CONFIGURAÇÃO HOTSPOT =====
# IP para interface hotspot
/ip address add address=192.168.100.1/24 interface=hotspot-eth

# Pool de IPs para hotspot
/ip pool add name=hotspot-pool ranges=192.168.100.10-192.168.100.200

# ===== LIMPEZA DE REGRAS EXISTENTES =====
/ip firewall mangle remove [find]
/ip firewall nat remove [find]
/ip firewall filter remove [find]

# ===== CONFIGURAÇÃO DE ROTEAMENTO E LOAD BALANCE =====
/ip firewall mangle
add chain=input in-interface=pppoe-wan1 action=mark-connection new-connection-mark=wan1_conn passthrough=yes
add chain=input in-interface=wan2-dhcp action=mark-connection new-connection-mark=wan2_conn passthrough=yes
add chain=input in-interface=wan3-dhcp action=mark-connection new-connection-mark=wan3_conn passthrough=yes

# Load balance para LAN interna
add chain=prerouting src-address=10.0.0.0/24 dst-address-type=!local \
    per-connection-classifier=both-addresses-and-ports:3/0 \
    action=mark-connection new-connection-mark=wan1_conn passthrough=yes
add chain=prerouting src-address=10.0.0.0/24 dst-address-type=!local \
    per-connection-classifier=both-addresses-and-ports:3/1 \
    action=mark-connection new-connection-mark=wan2_conn passthrough=yes
add chain=prerouting src-address=10.0.0.0/24 dst-address-type=!local \
    per-connection-classifier=both-addresses-and-ports:3/2 \
    action=mark-connection new-connection-mark=wan3_conn passthrough=yes

# Load balance para hotspot (APENAS USUÁRIOS AUTENTICADOS)
add chain=prerouting src-address=192.168.100.0/24 dst-address-type=!local \
    hotspot=auth per-connection-classifier=both-addresses-and-ports:3/0 \
    action=mark-connection new-connection-mark=wan1_conn passthrough=yes
add chain=prerouting src-address=192.168.100.0/24 dst-address-type=!local \
    hotspot=auth per-connection-classifier=both-addresses-and-ports:3/1 \
    action=mark-connection new-connection-mark=wan2_conn passthrough=yes
add chain=prerouting src-address=192.168.100.0/24 dst-address-type=!local \
    hotspot=auth per-connection-classifier=both-addresses-and-ports:3/2 \
    action=mark-connection new-connection-mark=wan3_conn passthrough=yes

# Marcação de rotas
add chain=prerouting connection-mark=wan1_conn action=mark-routing \
    new-routing-mark=to_wan1 passthrough=yes
add chain=prerouting connection-mark=wan2_conn action=mark-routing \
    new-routing-mark=to_wan2 passthrough=yes
add chain=prerouting connection-mark=wan3_conn action=mark-routing \
    new-routing-mark=to_wan3 passthrough=yes

# ===== CONFIGURAÇÃO DE ROTAS =====
/ip route
add dst-address=0.0.0.0/0 gateway=pppoe-wan1 routing-mark=to_wan1 check-gateway=ping distance=1
add dst-address=0.0.0.0/0 gateway=wan2-dhcp routing-mark=to_wan2 check-gateway=ping distance=1
add dst-address=0.0.0.0/0 gateway=wan3-dhcp routing-mark=to_wan3 check-gateway=ping distance=1

# Rotas de failover
add dst-address=0.0.0.0/0 gateway=pppoe-wan1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=wan2-dhcp distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=wan3-dhcp distance=3 check-gateway=ping

# ===== CONFIGURAÇÃO DE FIREWALL (ANTES DO HOTSPOT) =====
# NAT
/ip firewall nat
add chain=srcnat out-interface=pppoe-wan1 action=masquerade
add chain=srcnat out-interface=wan2-dhcp action=masquerade
add chain=srcnat out-interface=wan3-dhcp action=masquerade

# FILTER - Regras básicas (o hotspot adicionará suas próprias regras)
/ip firewall filter
add chain=input action=accept connection-state=established,related
add chain=input action=accept protocol=icmp
add chain=input action=accept in-interface=lan-interna
add chain=input action=accept in-interface=lo
add chain=input action=drop

add chain=forward action=accept connection-state=established,related
add chain=forward action=accept in-interface=lan-interna
add chain=forward action=drop

# ===== CONFIGURAÇÃO DNS =====
/ip dns set servers=8.8.8.8,8.8.4.4 allow-remote-requests=yes

# ===== CONFIGURAÇÃO DHCP SERVER LAN INTERNA =====
/ip pool add name=lan-pool ranges=10.0.0.10-10.0.0.200
/ip dhcp-server network add address=10.0.0.0/24 gateway=10.0.0.1 dns-server=8.8.8.8,8.8.4.4
/ip dhcp-server add name=lan-dhcp interface=lan-interna address-pool=lan-pool disabled=no

# ===== CONFIGURAÇÃO DHCP SERVER HOTSPOT =====
/ip dhcp-server network add address=192.168.100.0/24 gateway=192.168.100.1 dns-server=192.168.100.1
/ip dhcp-server add name=hotspot-dhcp interface=hotspot-eth address-pool=hotspot-pool disabled=no

# ===== CONFIGURAÇÃO DO HOTSPOT (MÉTODO SETUP) =====
# Usar o comando setup para configuração automática
/ip hotspot setup
hotspot-address=192.168.100.1
local-address=192.168.100.1
masquerade-network=yes
address-pool=hotspot-pool
select-certificate=none
ssl-certificate=none
hotspot-interface=hotspot-eth
dhcp-server=hotspot-dhcp

# ===== CONFIGURAÇÃO MANUAL ADICIONAL DO HOTSPOT =====
# Aguardar criação automática
:delay 5s

# Configurar perfil do hotspot
/ip hotspot profile set [find] \
    hotspot-address=192.168.100.1 \
    dns-name="hotspot.local" \
    html-directory=hotspot \
    http-proxy=0.0.0.0:0 \
    login-by=cookie,http-chap,http-pap \
    use-radius=no \
    rate-limit="" \
    session-timeout=1d \
    idle-timeout=none \
    keepalive-timeout=2m \
    status-autorefresh=1m \
    shared-users=unlimited

# Criar usuários do hotspot
/ip hotspot user
add name="admin" password="admin123" profile=default disabled=no
add name="guest" password="guest123" profile=default disabled=no
add name="teste" password="123" profile=default disabled=no

# ===== CONFIGURAÇÃO DE WALLED GARDEN =====
# Permitir acesso a alguns sites sem autenticação (opcional)
/ip hotspot walled-garden
add dst-host="*.google.com" action=allow
add dst-host="*.facebook.com" action=allow
add dst-host="captive.apple.com" action=allow
add dst-host="*.msftconnecttest.com" action=allow

# ===== CRIAÇÃO DE LISTA DE INTERFACES WAN =====
/interface list add name=WAN
/interface list member add list=WAN interface=pppoe-wan1
/interface list member add list=WAN interface=wan2-dhcp
/interface list member add list=WAN interface=wan3-dhcp

# ===== CONFIGURAÇÃO DE EMAIL =====
/tool e-mail set server=smtp.gmail.com port=587 start-tls=yes \
    user=maulertech@gmail.com password=ynbm-skmv-wvkp-eurt from=maulertech@gmail.com

# ===== SCRIPT DE MONITORAMENTO =====
/system script
add name="check-wan-status" source={
    :local wanStatus ""
    :local emailBody ""
    :local shouldSendEmail false
    
    :if ([/interface get pppoe-wan1 running] = false) do={
        :set wanStatus ($wanStatus . "WAN1 (PPPoE): OFFLINE\n")
        :set shouldSendEmail true
    } else={
        :set wanStatus ($wanStatus . "WAN1 (PPPoE): ONLINE\n")
    }
    
    :if ([/interface get wan2-dhcp running] = false) do={
        :set wanStatus ($wanStatus . "WAN2 (DHCP): OFFLINE\n")
        :set shouldSendEmail true
    } else={
        :set wanStatus ($wanStatus . "WAN2 (DHCP): ONLINE\n")
    }
    
    :if ([/interface get wan3-dhcp running] = false) do={
        :set wanStatus ($wanStatus . "WAN3 (DHCP): OFFLINE\n")
        :set shouldSendEmail true
    } else={
        :set wanStatus ($wanStatus . "WAN3 (DHCP): ONLINE\n")
    }
    
    :if ($shouldSendEmail = true) do={
        :set emailBody ("ALERTA: Link(s) offline detectado(s)!\n\nStatus dos Links:\n" . $wanStatus . "\n\nData/Hora: " . [/system clock get date] . " " . [/system clock get time] . "\nRoteador: " . [/system identity get name])
        /tool e-mail send to="maulertech@gmail.com" subject="ALERTA: Link Offline - MikroTik" body=$emailBody
        :log warning ("Email de alerta enviado - Links offline detectados")
    }
}

/system scheduler
add name="monitor-wan" interval=2m on-event="check-wan-status" start-time=startup

# ===== CONFIGURAÇÃO NTP =====
/system ntp client set enabled=yes primary-ntp=pool.ntp.org

# ===== CONFIGURAÇÕES FINAIS =====
/ip service set telnet disabled=yes
/ip service set ftp disabled=yes
/ip service set www disabled=no port=80
/ip service set ssh disabled=no
/ip service set api disabled=yes
/ip service set winbox disabled=no
/ip service set api-ssl disabled=yes

# ===== PERSONALIZAÇÃO DA PÁGINA DE LOGIN =====
:delay 3s

# Criar página de login personalizada
/file remove [find name="hotspot/login.html"]
/file add name="hotspot/login.html" contents="<!DOCTYPE html>
<html>
<head>
    <title>WiFi Login</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <meta http-equiv="pragma" content="no-cache" />
    <meta http-equiv="expires" content="-1" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <style>
        body { font-family: Arial; background: #f0f2f5; margin: 0; padding: 20px; }
        .container { max-width: 400px; margin: 50px auto; background: white; padding: 30px; border-radius: 10px; box-shadow: 0 2px 10px rgba(0,0,0,0.1); }
        h1 { text-align: center; color: #1877f2; margin-bottom: 20px; }
        input { width: 100%; padding: 12px; margin: 8px 0; border: 1px solid #ddd; border-radius: 6px; box-sizing: border-box; }
        button { width: 100%; background: #1877f2; color: white; padding: 12px; border: none; border-radius: 6px; font-size: 16px; cursor: pointer; }
        button:hover { background: #166fe5; }
        .info { background: #e3f2fd; padding: 15px; border-radius: 6px; margin-top: 20px; font-size: 14px; }
        .error { color: #d32f2f; text-align: center; margin: 10px 0; }
    </style>
</head>
<body>
    <div class="container">
        <h1>🌐 WiFi Access</h1>
        \$(if error)
        <div class="error">\$(error)</div>
        \$(endif)
        <form name="login" action="\$(link-login-only)" method="post">
            <input type="hidden" name="dst" value="\$(link-orig)" />
            <input type="hidden" name="popup" value="true" />
            <input type="text" name="username" placeholder="Username" value="\$(username)" required />
            <input type="password" name="password" placeholder="Password" required />
            <button type="submit">Connect</button>
        </form>
        <div class="info">
            <strong>Test Credentials:</strong><br>
            admin / admin123<br>
            guest / guest123<br>
            teste / 123
        </div>
    </div>
</body>
</html>"

# Configuração de backup automático
/system backup save name=("backup-" . [/system clock get date])

:log info "Configuração MikroTik Load Balance + Hotspot concluída!"
:put "=== CONFIGURAÇÃO CONCLUÍDA ==="
:put "CREDENCIAIS DE TESTE DO HOTSPOT:"
:put "admin / admin123"
:put "guest / guest123"
:put "teste / 123"
:put ""
:put "IMPORTANTE: Ajuste os seguintes itens:"
:put "1. Usuário e senha PPPoE"
:put "2. Configurações de email"
:put "3. Teste conectando na ETH5"