Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5531 Commits
8 Branches
43 Tags
26 MiB
Tree: 2f1ca949f0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2f1ca949f0'
${ noResults }
acme.sh/dnsapi/dns_yandex360.sh

334 lines
10 KiB
Raw Normal View History

Support for the Yandex 360 for Business DNS API
4 months ago
Optimizing debug output
3 months ago
Support for the Yandex 360 for Business DNS API
4 months ago
Optimizing debug output
3 months ago
Support for the Yandex 360 for Business DNS API
4 months ago
Fix: Make record_id extraction independent of JSON key order
3 months ago
Support for the Yandex 360 for Business DNS API
4 months ago
Optimizing debug output
3 months ago
Support for the Yandex 360 for Business DNS API
4 months ago
Fixed incorrect links in informational messages
4 months ago
Support for the Yandex 360 for Business DNS API
4 months ago
Fixed incorrect links in informational messages
4 months ago
Support for the Yandex 360 for Business DNS API
4 months ago
Fixed incorrect links in informational messages
4 months ago
Support for the Yandex 360 for Business DNS API
4 months ago
Optimizing debug output
3 months ago
Support for the Yandex 360 for Business DNS API
4 months ago
Optimizing debug output
3 months ago
Support for the Yandex 360 for Business DNS API
4 months ago
Optimizing debug output
3 months ago
Support for the Yandex 360 for Business DNS API
4 months ago
  1. #!/usr/bin/env sh
  2. # shellcheck disable=SC2034
  3. dns_yandex360_info='Yandex 360 for Business DNS API.
  4. Yandex 360 for Business is a digital environment for effective collaboration.
  5. Site: https://360.yandex.com/
  6. Docs: https://github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_yandex360
  7. Options:
  8. YANDEX360_CLIENT_ID OAuth 2.0 ClientID
  9. YANDEX360_CLIENT_SECRET OAuth 2.0 Client secret
  10. YANDEX360_ORG_ID Organization ID
  11. OptionsAlt:
  12. YANDEX360_ACCESS_TOKEN OAuth 2.0 Access token. Optional.
  13. Issues: https://github.com/acmesh-official/acme.sh/issues/5213
  14. Author: <Als@admin.ru.net>
  15. '
  17. YANDEX360_API_BASE='https://api360.yandex.net/directory/v1/org'
  18. YANDEX360_OAUTH_BASE='https://oauth.yandex.ru'
  20. ######## Public functions #####################
  22. dns_yandex360_add() {
  23. fulldomain=$1
  24. txtvalue=$2
  25. _info 'Using Yandex 360 DNS API'
  27. if ! _check_yandex360_variables; then
  28. return 1
  29. fi
  31. if ! _get_root "$fulldomain"; then
  32. return 1
  33. fi
  35. sub_domain=$(echo "$fulldomain" | sed "s/\.$root_domain$//")
  37. _debug 'Adding Yandex 360 DNS record for subdomain' "$sub_domain"
  38. dns_api_url="${YANDEX360_API_BASE}/${YANDEX360_ORG_ID}/domains/${root_domain}/dns"
  39. data='{"name":"'"$sub_domain"'","type":"TXT","ttl":60,"text":"'"$txtvalue"'"}'
  41. response="$(_post "$data" "$dns_api_url" '' 'POST' 'application/json')"
  42. response="$(echo "$response" | _normalizeJson)"
  44. if _contains "$response" 'recordId'; then
  45. return 0
  46. else
  47. _debug 'Response' "$response"
  48. return 1
  49. fi
  50. }
  52. dns_yandex360_rm() {
  53. fulldomain=$1
  54. txtvalue=$2
  55. _info 'Using Yandex 360 DNS API'
  57. if ! _check_yandex360_variables; then
  58. return 1
  59. fi
  61. if ! _get_root "$fulldomain"; then
  62. return 1
  63. fi
  65. _debug 'Retrieving 100 records from Yandex 360 DNS'
  66. dns_api_url="${YANDEX360_API_BASE}/${YANDEX360_ORG_ID}/domains/${root_domain}/dns?perPage=100"
  67. response="$(_get "$dns_api_url" '' '')"
  68. response="$(echo "$response" | _normalizeJson)"
  70. if ! _contains "$response" "$txtvalue"; then
  71. _info 'DNS record not found. Nothing to remove.'
  72. _debug 'Response' "$response"
  73. return 1
  74. fi
  76. record_id=$(
  77. echo "$response" |
  78. _egrep_o '\{[^}]*'"${txtvalue}"'[^}]*\}' |
  79. _egrep_o '"recordId":[0-9]*' |
  80. cut -d':' -f2
  81. )
  83. if [ -z "$record_id" ]; then
  84. _err 'Unable to get record ID to remove'
  85. return 1
  86. fi
  88. _debug 'Removing DNS record' "$record_id"
  89. delete_url="${YANDEX360_API_BASE}/${YANDEX360_ORG_ID}/domains/${root_domain}/dns/${record_id}"
  91. response="$(_post '' "$delete_url" '' 'DELETE')"
  92. response="$(echo "$response" | _normalizeJson)"
  94. if _contains "$response" '{}'; then
  95. return 0
  96. else
  97. _debug 'Response' "$response"
  98. return 1
  99. fi
  100. }
  102. #################### Private functions below ##################################
  104. _check_yandex360_variables() {
  105. YANDEX360_CLIENT_ID="${YANDEX360_CLIENT_ID:-$(_readaccountconf_mutable YANDEX360_CLIENT_ID)}"
  106. YANDEX360_CLIENT_SECRET="${YANDEX360_CLIENT_SECRET:-$(_readaccountconf_mutable YANDEX360_CLIENT_SECRET)}"
  107. YANDEX360_ORG_ID="${YANDEX360_ORG_ID:-$(_readaccountconf_mutable YANDEX360_ORG_ID)}"
  108. YANDEX360_ACCESS_TOKEN="${YANDEX360_ACCESS_TOKEN:-$(_readaccountconf_mutable YANDEX360_ACCESS_TOKEN)}"
  109. YANDEX360_REFRESH_TOKEN="${YANDEX360_REFRESH_TOKEN:-$(_readaccountconf_mutable YANDEX360_REFRESH_TOKEN)}"
  111. if [ -z "$YANDEX360_ORG_ID" ]; then
  112. _err '========================================='
  113. _err ' ERROR'
  114. _err '========================================='
  115. _err "A required environment variable YANDEX360_ORG_ID is not set"
  116. _err 'For more details, please visit: https://github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_yandex360'
  117. _err '========================================='
  118. return 1
  119. fi
  121. _saveaccountconf_mutable YANDEX360_ORG_ID "$YANDEX360_ORG_ID"
  123. if [ -n "$YANDEX360_ACCESS_TOKEN" ]; then
  124. _info '========================================='
  125. _info ' ATTENTION'
  126. _info '========================================='
  127. _info 'A manually provided Yandex 360 access token has been detected, which is not recommended.'
  128. _info 'Please note that this token is valid for a limited time after issuance.'
  129. _info 'It is recommended to obtain the token interactively using acme.sh for one-time setup.'
  130. _info 'Subsequent token renewals will be handled automatically.'
  131. _info 'For more details, please visit: https://github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_yandex360'
  132. _info '========================================='
  134. _saveaccountconf_mutable YANDEX360_ACCESS_TOKEN "$YANDEX360_ACCESS_TOKEN"
  135. export _H1="Authorization: OAuth $YANDEX360_ACCESS_TOKEN"
  136. return 0
  137. fi
  139. if [ -z "$YANDEX360_CLIENT_ID" ] || [ -z "$YANDEX360_CLIENT_SECRET" ]; then
  140. _err '========================================='
  141. _err ' ERROR'
  142. _err '========================================='
  143. _err 'The preferred environment variables YANDEX360_CLIENT_ID, YANDEX360_CLIENT_SECRET, and YANDEX360_ORG_ID, or alternatively YANDEX360_ACCESS_TOKEN, is not set.'
  144. _err 'It is recommended to export the first three variables over the latter before running acme.sh.'
  145. _err 'For more details, please visit: https://github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_yandex360'
  146. _err '========================================='
  147. return 1
  148. fi
  150. _saveaccountconf_mutable YANDEX360_CLIENT_ID "$YANDEX360_CLIENT_ID"
  151. _saveaccountconf_mutable YANDEX360_CLIENT_SECRET "$YANDEX360_CLIENT_SECRET"
  153. if [ -n "$YANDEX360_REFRESH_TOKEN" ]; then
  154. _debug 'Refresh token found. Attempting to refresh access token.'
  155. if _refresh_token; then
  156. return 0
  157. fi
  158. fi
  160. if ! _get_token; then
  161. return 1
  162. fi
  164. return 0
  165. }
  167. _get_token() {
  168. _info "$(_red '=========================================')"
  169. _info "$(_red ' NOTICE')"
  170. _info "$(_red '=========================================')"
  171. _info "$(_red 'Before using the Yandex 360 API, you need to complete an authorization procedure.')"
  172. _info "$(_red 'The initial access token is obtained interactively and is a one-time operation.')"
  173. _info "$(_red 'Subsequent API requests will be handled automatically.')"
  174. _info "$(_red '=========================================')"
  176. _info 'Initiating device authorization flow'
  177. device_code_url="${YANDEX360_OAUTH_BASE}/device/code"
  179. hostname=$(uname -n)
  180. data="client_id=$YANDEX360_CLIENT_ID&device_id=acme.sh ${hostname}&device_name=acme.sh ${hostname}"
  182. response="$(_post "$data" "$device_code_url" '' 'POST')"
  183. response="$(echo "$response" | _normalizeJson)"
  185. if ! _contains "$response" 'device_code'; then
  186. _err 'Failed to get device code'
  187. _debug 'Response' "$response"
  188. return 1
  189. fi
  191. device_code=$(
  192. echo "$response" |
  193. _egrep_o '"device_code":"[^"]*"' |
  194. cut -d: -f2 |
  195. tr -d '"'
  196. )
  197. _debug 'Device code' "$device_code"
  199. user_code=$(
  200. echo "$response" |
  201. _egrep_o '"user_code":"[^"]*"' |
  202. cut -d: -f2 |
  203. tr -d '"'
  204. )
  205. _debug 'User code' "$user_code"
  207. verification_url=$(
  208. echo "$response" |
  209. _egrep_o '"verification_url":"[^"]*"' |
  210. cut -d: -f2- |
  211. tr -d '"'
  212. )
  213. _debug 'Verification URL' "$verification_url"
  215. interval=$(
  216. echo "$response" |
  217. _egrep_o '"interval":[[:space:]]*[0-9]+' |
  218. cut -d: -f2
  219. )
  220. _debug 'Polling interval' "$interval"
  222. _info "$(__red 'Please visit '"$verification_url"' and log in as an organization administrator')"
  223. _info "$(__red 'Once logged in, enter the code: '"$user_code"' on the page from the previous step')"
  224. _info "$(__red 'Waiting for authorization...')"
  226. _debug 'Polling for token'
  227. token_url="${YANDEX360_OAUTH_BASE}/token"
  229. while true; do
  230. data="grant_type=device_code&code=$device_code&client_id=$YANDEX360_CLIENT_ID&client_secret=$YANDEX360_CLIENT_SECRET"
  232. response="$(_post "$data" "$token_url" '' 'POST')"
  233. response="$(echo "$response" | _normalizeJson)"
  235. if _contains "$response" 'access_token'; then
  236. YANDEX360_ACCESS_TOKEN=$(
  237. echo "$response" |
  238. _egrep_o '"access_token":"[^"]*"' |
  239. cut -d: -f2- |
  240. tr -d '"'
  241. )
  242. YANDEX360_REFRESH_TOKEN=$(
  243. echo "$response" |
  244. _egrep_o '"refresh_token":"[^"]*"' |
  245. cut -d: -f2- |
  246. tr -d '"'
  247. )
  249. _secure_debug 'Obtained access token' "$YANDEX360_ACCESS_TOKEN"
  250. _secure_debug 'Obtained refresh token' "$YANDEX360_REFRESH_TOKEN"
  252. _saveaccountconf_mutable YANDEX360_REFRESH_TOKEN "$YANDEX360_REFRESH_TOKEN"
  254. export _H1="Authorization: OAuth $YANDEX360_ACCESS_TOKEN"
  256. _info 'Access token obtained successfully'
  257. return 0
  258. elif _contains "$response" 'authorization_pending'; then
  259. _debug 'Response' "$response"
  260. _debug "Authorization pending. Waiting $interval seconds before next attempt."
  261. _sleep "$interval"
  262. else
  263. _debug 'Response' "$response"
  264. _err 'Failed to get access token'
  265. return 1
  266. fi
  267. done
  268. }
  270. _refresh_token() {
  271. token_url="${YANDEX360_OAUTH_BASE}/token"
  273. data="grant_type=refresh_token&refresh_token=$YANDEX360_REFRESH_TOKEN&client_id=$YANDEX360_CLIENT_ID&client_secret=$YANDEX360_CLIENT_SECRET"
  275. response="$(_post "$data" "$token_url" '' 'POST')"
  276. response="$(echo "$response" | _normalizeJson)"
  278. if _contains "$response" 'access_token'; then
  279. YANDEX360_ACCESS_TOKEN=$(
  280. echo "$response" |
  281. _egrep_o '"access_token":"[^"]*"' |
  282. cut -d: -f2 |
  283. tr -d '"'
  284. )
  285. YANDEX360_REFRESH_TOKEN=$(
  286. echo "$response" |
  287. _egrep_o '"refresh_token":"[^"]*"' |
  288. cut -d: -f2- |
  289. tr -d '"'
  290. )
  292. _secure_debug 'Received access token' "$YANDEX360_ACCESS_TOKEN"
  293. _secure_debug 'Received refresh token' "$YANDEX360_REFRESH_TOKEN"
  295. _saveaccountconf_mutable YANDEX360_REFRESH_TOKEN "$YANDEX360_REFRESH_TOKEN"
  297. export _H1="Authorization: OAuth $YANDEX360_ACCESS_TOKEN"
  299. _info 'Access token refreshed successfully'
  300. return 0
  301. else
  302. _info 'Failed to refresh token. Will attempt to obtain a new one.'
  303. _debug 'Response' "$response"
  304. return 1
  305. fi
  306. }
  308. _get_root() {
  309. domain="$1"
  310. i=1
  311. while true; do
  312. h=$(echo "$domain" | cut -d . -f "$i"-)
  313. _debug "Checking domain: $h"
  315. if [ -z "$h" ]; then
  316. _err "Could not determine root domain"
  317. return 1
  318. fi
  320. dns_api_url="${YANDEX360_API_BASE}/${YANDEX360_ORG_ID}/domains/${h}/dns"
  322. response="$(_get "$dns_api_url" '' '')"
  323. response="$(echo "$response" | _normalizeJson)"
  324. _debug 'Response' "$response"
  326. if _contains "$response" '"total":'; then
  327. root_domain="$h"
  328. _debug 'Root domain found' "$root_domain"
  329. return 0
  330. fi
  332. i=$(_math "$i" + 1)
  333. done
  334. }