# Define the time range for the last 1 day
$startTime = (Get-Date).AddHours(-1)
$endTime = Get-Date

# Define the filter hashtable with the time range
$filterHashTable = @{
    LogName = 'Security'
    Id = 4624
    StartTime = $startTime
    EndTime = $endTime
}

# Get all events with ID 4624 from the Security log within the defined time range
$events = Get-WinEvent -FilterHashtable $filterHashTable

# Create a hash table to store the last login event for each user
$userLogins = @{}

# Loop through each event
foreach ($event in $events) {
    $eventDetails = [xml]$event.ToXml()

    # Extract relevant information
    $timeCreated = $event.TimeCreated
    $username = $eventDetails.Event.EventData.Data | Where-Object { $_.Name -eq 'TargetUserName' } | Select-Object -ExpandProperty '#text'
    $ipaddress = Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias Ethernet | Select-Object -ExpandProperty IPAddress
    $logonType = $eventDetails.Event.EventData.Data | Where-Object { $_.Name -eq 'LogonType' } | Select-Object -ExpandProperty '#text'

    # Exclude events not related to remote logins and HealthMailbox
    if ($logonType -ne "10" -or $username -like "DWM*" -or $username -like "*UMFD*") {
        continue
    }

    $formattedTimeCreated = $timeCreated.ToString("yyyy-MM-dd HH:mm:ss")

    # Store the event if it's the latest one for the user
    if (-not $userLogins.ContainsKey($username) -or $userLogins[$username].TimeCreated -lt $timeCreated) {
        $userLogins[$username] = [PSCustomObject]@{
            lastaccess = $formattedTimeCreated
            username = $username
            ipaddress = $ipaddress
            LogonType = $logonType
        }
    }
}

# Define the JSON file path with current date and hour
$dateString = (Get-Date).ToString("yyyyMMdd_HH-mm")
$jsonPath = "C:\Scripte\LastLogins_$dateString.json"

# Output the last login event for each user to the JSON file
$userLoginsArray = $userLogins.GetEnumerator() | ForEach-Object {
    $_.Value
}

$userLoginsArray | ConvertTo-Json | Set-Content -Path $jsonPath -Encoding UTF8

Write-Output "JSON file created at $jsonPath"

# API endpoint URL
$apiUrl = "http://api.stines.de:8001/report"

# Your API key
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Content-Type", "application/json")
$headers.Add("access_token", "^YWUbG7yX*V!tV^KBSd*2c&vdN3wV9a2i7f3hfGFMBYFxi6#mMiJGiaA5KEHE%B*miK%qb7rQ67gmcYP@gqmux8")

# Loop through the collected user logins and send each as a JSON payload to the API
foreach ($userLogin in $userLoginsArray) {
    $userLoginObject = $userLogin | Select-Object username, lastaccess, ipaddress

    # Convert the user login object to JSON
    $jsonPayload = $userLoginObject | ConvertTo-Json -Depth 3

    # Encode JSON payload in UTF-8
    $utf8JsonPayload = [System.Text.Encoding]::UTF8.GetBytes($jsonPayload)

    # Send the JSON payload to the API
    try {
        $response = Invoke-RestMethod -Uri $apiUrl -Method Post -Body $utf8JsonPayload -ContentType 'application/json' -Headers $headers
        Write-Output "Sent login data for user $($userLoginObject.Username) to the API. Response: $response"
    } catch {
        Write-Error "Failed to send login data for user $($userLoginObject.Username). Error: $_"
    }
}

Write-Output "Finished sending login data to the API"