You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

165 lines
4.3 KiB

4 years ago
4 years ago
4 years ago
4 years ago
3 months ago
3 months ago
4 years ago
4 years ago
  1. #!/usr/bin/env sh
  2. # shellcheck disable=SC2034
  3. dns_netlify_info='Netlify.com
  4. Site: Netlify.com
  5. Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_netlify
  6. Options:
  7. NETLIFY_ACCESS_TOKEN API Token
  8. Issues: github.com/acmesh-official/acme.sh/issues/3088
  9. '
  10. NETLIFY_HOST="api.netlify.com/api/v1/"
  11. NETLIFY_URL="https://$NETLIFY_HOST"
  12. ######## Public functions #####################
  13. #Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  14. dns_netlify_add() {
  15. fulldomain=$1
  16. txtvalue=$2
  17. NETLIFY_ACCESS_TOKEN="${NETLIFY_ACCESS_TOKEN:-$(_readaccountconf_mutable NETLIFY_ACCESS_TOKEN)}"
  18. if [ -z "$NETLIFY_ACCESS_TOKEN" ]; then
  19. NETLIFY_ACCESS_TOKEN=""
  20. _err "Please specify your Netlify Access Token and try again."
  21. return 1
  22. else
  23. _saveaccountconf_mutable NETLIFY_ACCESS_TOKEN "$NETLIFY_ACCESS_TOKEN"
  24. fi
  25. _info "Using Netlify"
  26. _debug fulldomain "$fulldomain"
  27. _debug txtvalue "$txtvalue"
  28. if ! _get_root "$fulldomain"; then
  29. _err "invalid domain"
  30. return 1
  31. fi
  32. _debug _domain_id "$_domain_id"
  33. _debug _sub_domain "$_sub_domain"
  34. _debug _domain "$_domain"
  35. dnsRecordURI="dns_zones/$_domain_id/dns_records"
  36. body="{\"type\":\"TXT\", \"hostname\":\"$_sub_domain\", \"value\":\"$txtvalue\", \"ttl\":\"10\"}"
  37. _netlify_rest POST "$dnsRecordURI" "$body" "$NETLIFY_ACCESS_TOKEN"
  38. _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
  39. if [ "$_code" = "200" ] || [ "$_code" = '201' ]; then
  40. _info "validation value added"
  41. return 0
  42. else
  43. _err "error adding validation value ($_code)"
  44. return 1
  45. fi
  46. }
  47. #Usage: dns_myapi_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  48. #Remove the txt record after validation.
  49. dns_netlify_rm() {
  50. _info "Using Netlify"
  51. txtdomain="$1"
  52. txt="$2"
  53. _debug txtdomain "$txtdomain"
  54. _debug txt "$txt"
  55. NETLIFY_ACCESS_TOKEN="${NETLIFY_ACCESS_TOKEN:-$(_readaccountconf_mutable NETLIFY_ACCESS_TOKEN)}"
  56. if ! _get_root "$txtdomain"; then
  57. _err "invalid domain"
  58. return 1
  59. fi
  60. _debug _domain_id "$_domain_id"
  61. _debug _sub_domain "$_sub_domain"
  62. _debug _domain "$_domain"
  63. dnsRecordURI="dns_zones/$_domain_id/dns_records"
  64. _netlify_rest GET "$dnsRecordURI" "" "$NETLIFY_ACCESS_TOKEN"
  65. _record_id=$(echo "$response" | _egrep_o "\"type\":\"TXT\",[^\}]*\"value\":\"$txt\"" | head -n 1 | _egrep_o "\"id\":\"[^\"\}]*\"" | cut -d : -f 2 | tr -d \")
  66. _debug _record_id "$_record_id"
  67. if [ "$_record_id" ]; then
  68. _netlify_rest DELETE "$dnsRecordURI/$_record_id" "" "$NETLIFY_ACCESS_TOKEN"
  69. _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
  70. if [ "$_code" = "200" ] || [ "$_code" = '204' ]; then
  71. _info "validation value removed"
  72. return 0
  73. else
  74. _err "error removing validation value ($_code)"
  75. return 1
  76. fi
  77. fi
  78. return 1
  79. }
  80. #################### Private functions below ##################################
  81. _get_root() {
  82. domain=$1
  83. accesstoken=$2
  84. i=1
  85. p=1
  86. _netlify_rest GET "dns_zones" "" "$accesstoken"
  87. while true; do
  88. h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
  89. _debug2 "Checking domain: $h"
  90. if [ -z "$h" ]; then
  91. #not valid
  92. _err "Invalid domain"
  93. return 1
  94. fi
  95. if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
  96. _domain_id=$(echo "$response" | _egrep_o "\"[^\"]*\",\"name\":\"$h\"" | cut -d , -f 1 | tr -d \")
  97. if [ "$_domain_id" ]; then
  98. if [ "$i" = 1 ]; then
  99. #create the record at the domain apex (@) if only the domain name was provided as --domain-alias
  100. _sub_domain="@"
  101. else
  102. _sub_domain=$(echo "$domain" | cut -d . -f 1-"$p")
  103. fi
  104. _domain=$h
  105. return 0
  106. fi
  107. return 1
  108. fi
  109. p=$i
  110. i=$(_math "$i" + 1)
  111. done
  112. return 1
  113. }
  114. _netlify_rest() {
  115. m=$1
  116. ep="$2"
  117. data="$3"
  118. _debug "$ep"
  119. token_trimmed=$(echo "$NETLIFY_ACCESS_TOKEN" | tr -d '"')
  120. export _H1="Content-Type: application/json"
  121. export _H2="Authorization: Bearer $token_trimmed"
  122. : >"$HTTP_HEADER"
  123. if [ "$m" != "GET" ]; then
  124. _debug data "$data"
  125. response="$(_post "$data" "$NETLIFY_URL$ep" "" "$m")"
  126. else
  127. response="$(_get "$NETLIFY_URL$ep")"
  128. fi
  129. if [ "$?" != "0" ]; then
  130. _err "error $ep"
  131. return 1
  132. fi
  133. _debug2 response "$response"
  134. return 0
  135. }