Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5635 Commits
8 Branches
42 Tags
22 MiB
Tree: 2ea37e6a0d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2ea37e6a0d'
${ noResults }
acme.sh/dnsapi/dns_mythic_beasts.sh

270 lines
6.8 KiB
Raw Normal View History

feat: Mythic Beasts DNS API script
3 years ago
DNS provider API: structured description Instead of using comments declare info in a special variable. Then the variable can be used to print the DNS API provider usage. The usage can be parsed on UI and show all needed inputs for options. The info is stored in plain string that it's both human-readable and easy to parse: dns_example_info='API name An extended description. Multiline. Domains: list of alternative domains to find Site: the dns provider website e.g. example.com Docs: Link to ACME.sh wiki for the provider Options: VARIABLE1 Title for the option1. VARIABLE2 Title for the option2. Default "default value". VARIABLE3 Title for the option3. Description to show on UI. Optional. Issues: Link to a support ticket on https://github.com/acmesh-official/acme.sh Author: First Lastname <authoremail@example.com>, Another Author <https://github.com/example>; ' Here: VARIABLE1 will be required. VARIABLE2 will be required too but will be populated with a "default value". VARIABLE3 is optional and can be empty. A DNS provider may have alternative options like CloudFlare may use API KEY or API Token. You can use a second section OptionsAlt: section. Some providers may have alternative names or domains e.g. Aliyun and AlibabaCloud. Add them to Domains: section. Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
10 months ago
feat: Mythic Beasts DNS API script
3 years ago
fix: floating token for github
3 years ago
fix: Neilpang review
3 years ago
fix: floating token for github
3 years ago
feat: Mythic Beasts DNS API script
3 years ago
fix: Neilpang review
3 years ago
fix: correct return value
3 years ago
fix: Neilpang review
3 years ago
fix: floating token for github
3 years ago
fix: correct return value
3 years ago
fix: floating token for github
3 years ago
feat: Mythic Beasts DNS API script
3 years ago
fix: floating token for github
3 years ago
fix: token request body quoting
3 years ago
fix: floating token for github
3 years ago
fix: debugging
3 years ago
fix: floating token for github
3 years ago
feat: Mythic Beasts DNS API script
3 years ago
  1. #!/usr/bin/env sh
  2. # shellcheck disable=SC2034
  3. dns_mythic_beasts_info='Mythic-Beasts.com
  4. Site: Mythic-Beasts.com
  5. Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_mythic_beasts
  6. Options:
  7. MB_AK API Key
  8. MB_AS API Secret
  9. Issues: github.com/acmesh-official/acme.sh/issues/3848
  10. '
  11. # Mythic Beasts is a long-standing UK service provider using standards-based OAuth2 authentication
  12. # To test: ./acme.sh --dns dns_mythic_beasts --test --debug 1 --output-insecure --issue --domain domain.com
  13. # Cannot retest once cert is issued
  14. # OAuth2 tokens only valid for 300 seconds so we do not store
  15. # NOTE: This will remove all TXT records matching the fulldomain, not just the added ones (_acme-challenge.www.domain.com)
  17. # Test OAuth2 credentials
  18. #MB_AK="aaaaaaaaaaaaaaaa"
  19. #MB_AS="bbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"
  21. # URLs
  22. MB_API='https://api.mythic-beasts.com/dns/v2/zones'
  23. MB_AUTH='https://auth.mythic-beasts.com/login'
  25. ######## Public functions #####################
  27. #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  28. dns_mythic_beasts_add() {
  29. fulldomain=$1
  30. txtvalue=$2
  32. _info "MYTHIC BEASTS Adding record $fulldomain = $txtvalue"
  33. if ! _initAuth; then
  34. return 1
  35. fi
  37. if ! _get_root "$fulldomain"; then
  38. return 1
  39. fi
  41. # method path body_data
  42. if _mb_rest POST "$_domain/records/$_sub_domain/TXT" "$txtvalue"; then
  44. if _contains "$response" "1 records added"; then
  45. _info "Added, verifying..."
  46. # Max 120 seconds to publish
  47. for i in $(seq 1 6); do
  48. # Retry on error
  49. if ! _mb_rest GET "$_domain/records/$_sub_domain/TXT?verify"; then
  50. _sleep 20
  51. else
  52. _info "Record published!"
  53. return 0
  54. fi
  55. done
  57. else
  58. _err "\n$response"
  59. fi
  61. fi
  62. _err "Add txt record error."
  63. return 1
  64. }
  66. #Usage: rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  67. dns_mythic_beasts_rm() {
  68. fulldomain=$1
  69. txtvalue=$2
  71. _info "MYTHIC BEASTS Removing record $fulldomain = $txtvalue"
  72. if ! _initAuth; then
  73. return 1
  74. fi
  76. if ! _get_root "$fulldomain"; then
  77. return 1
  78. fi
  80. # method path body_data
  81. if _mb_rest DELETE "$_domain/records/$_sub_domain/TXT" "$txtvalue"; then
  82. _info "Record removed"
  83. return 0
  84. fi
  85. _err "Remove txt record error."
  86. return 1
  87. }
  89. #################### Private functions below ##################################
  91. #Possible formats:
  92. # _acme-challenge.www.example.com
  93. # _acme-challenge.example.com
  94. # _acme-challenge.example.co.uk
  95. # _acme-challenge.www.example.co.uk
  96. # _acme-challenge.sub1.sub2.www.example.co.uk
  97. # sub1.sub2.example.co.uk
  98. # example.com
  99. # example.co.uk
  100. #returns
  101. # _sub_domain=_acme-challenge.www
  102. # _domain=domain.com
  103. _get_root() {
  104. domain=$1
  105. i=1
  106. p=1
  108. _debug "Detect the root zone"
  109. while true; do
  110. h=$(printf "%s" "$domain" | cut -d . -f $i-100)
  111. if [ -z "$h" ]; then
  112. _err "Domain exhausted"
  113. return 1
  114. fi
  116. # Use the status errors to find the domain, continue on 403 Access denied
  117. # method path body_data
  118. _mb_rest GET "$h/records"
  119. ret="$?"
  120. if [ "$ret" -eq 0 ]; then
  121. _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
  122. _domain="$h"
  123. _debug _sub_domain "$_sub_domain"
  124. _debug _domain "$_domain"
  125. return 0
  126. elif [ "$ret" -eq 1 ]; then
  127. return 1
  128. fi
  130. p=$i
  131. i=$(_math "$i" + 1)
  133. if [ "$i" -gt 50 ]; then
  134. break
  135. fi
  136. done
  137. _err "Domain too long"
  138. return 1
  139. }
  141. _initAuth() {
  142. MB_AK="${MB_AK:-$(_readaccountconf_mutable MB_AK)}"
  143. MB_AS="${MB_AS:-$(_readaccountconf_mutable MB_AS)}"
  145. if [ -z "$MB_AK" ] || [ -z "$MB_AS" ]; then
  146. MB_AK=""
  147. MB_AS=""
  148. _err "Please specify an OAuth2 Key & Secret"
  149. return 1
  150. fi
  152. _saveaccountconf_mutable MB_AK "$MB_AK"
  153. _saveaccountconf_mutable MB_AS "$MB_AS"
  155. if ! _oauth2; then
  156. return 1
  157. fi
  159. _info "Checking authentication"
  160. _secure_debug access_token "$MB_TK"
  161. _sleep 1
  163. # GET a list of zones
  164. # method path body_data
  165. if ! _mb_rest GET ""; then
  166. _err "The token is invalid"
  167. return 1
  168. fi
  169. _info "Token OK"
  170. return 0
  171. }
  173. # Github appears to use an outbound proxy for requests which means subsequent requests may not have the same
  174. # source IP. The standard Mythic Beasts OAuth2 tokens are tied to an IP, meaning github test requests fail
  175. # authentication. This is a work around using an undocumented MB API to obtain a token not tied to an
  176. # IP just for the github tests.
  177. _oauth2() {
  178. if [ "$GITHUB_ACTIONS" = "true" ]; then
  179. _oauth2_github
  180. else
  181. _oauth2_std
  182. fi
  183. return $?
  184. }
  186. _oauth2_std() {
  187. # HTTP Basic Authentication
  188. _H1="Authorization: Basic $(echo "$MB_AK:$MB_AS" | _base64)"
  189. _H2="Accepts: application/json"
  190. export _H1 _H2
  191. body="grant_type=client_credentials"
  193. _info "Getting OAuth2 token..."
  194. # body url [needbase64] [POST|PUT|DELETE] [ContentType]
  195. response="$(_post "$body" "$MB_AUTH" "" "POST" "application/x-www-form-urlencoded")"
  196. if _contains "$response" "\"token_type\":\"bearer\""; then
  197. MB_TK="$(echo "$response" | _egrep_o "access_token\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')"
  198. if [ -z "$MB_TK" ]; then
  199. _err "Unable to get access_token"
  200. _err "\n$response"
  201. return 1
  202. fi
  203. else
  204. _err "OAuth2 token_type not Bearer"
  205. _err "\n$response"
  206. return 1
  207. fi
  208. _debug2 response "$response"
  209. return 0
  210. }
  212. _oauth2_github() {
  213. _H1="Accepts: application/json"
  214. export _H1
  215. body="{\"login\":{\"handle\":\"$MB_AK\",\"pass\":\"$MB_AS\",\"floating\":1}}"
  217. _info "Getting Floating token..."
  218. # body url [needbase64] [POST|PUT|DELETE] [ContentType]
  219. response="$(_post "$body" "$MB_AUTH" "" "POST" "application/json")"
  220. MB_TK="$(echo "$response" | _egrep_o "\"token\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')"
  221. if [ -z "$MB_TK" ]; then
  222. _err "Unable to get token"
  223. _err "\n$response"
  224. return 1
  225. fi
  226. _debug2 response "$response"
  227. return 0
  228. }
  230. # method path body_data
  231. _mb_rest() {
  232. # URL encoded body for single API operations
  233. m="$1"
  234. ep="$2"
  235. data="$3"
  237. if [ -z "$ep" ]; then
  238. _mb_url="$MB_API"
  239. else
  240. _mb_url="$MB_API/$ep"
  241. fi
  243. _H1="Authorization: Bearer $MB_TK"
  244. _H2="Accepts: application/json"
  245. export _H1 _H2
  246. if [ "$data" ] || [ "$m" = "POST" ] || [ "$m" = "PUT" ] || [ "$m" = "DELETE" ]; then
  247. # body url [needbase64] [POST|PUT|DELETE] [ContentType]
  248. response="$(_post "data=$data" "$_mb_url" "" "$m" "application/x-www-form-urlencoded")"
  249. else
  250. response="$(_get "$_mb_url")"
  251. fi
  253. if [ "$?" != "0" ]; then
  254. _err "Request error"
  255. return 1
  256. fi
  258. header="$(cat "$HTTP_HEADER")"
  259. status="$(echo "$header" | _egrep_o "^HTTP[^ ]* .*$" | cut -d " " -f 2-100 | tr -d "\f\n")"
  260. code="$(echo "$status" | _egrep_o "^[0-9]*")"
  261. if [ "$code" -ge 400 ] || _contains "$response" "\"error\"" || _contains "$response" "invalid_client"; then
  262. _err "error $status"
  263. _err "\n$response"
  264. _debug "\n$header"
  265. return 2
  266. fi
  268. _debug2 response "$response"
  269. return 0
  270. }