You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

233 lines
6.3 KiB

9 years ago
9 years ago
9 years ago
9 years ago
8 years ago
8 years ago
9 years ago
9 years ago
9 years ago
9 years ago
7 years ago
9 years ago
9 years ago
9 years ago
8 years ago
9 years ago
9 years ago
8 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
  1. #!/usr/bin/env sh
  2. #
  3. #CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
  4. #
  5. #CF_Email="xxxx@sss.com"
  6. #CF_Token="xxxx"
  7. #CF_Account_ID="xxxx"
  8. #CF_Zone_ID="xxxx"
  9. CF_Api="https://api.cloudflare.com/client/v4"
  10. ######## Public functions #####################
  11. #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  12. dns_cf_add() {
  13. fulldomain=$1
  14. txtvalue=$2
  15. CF_Token="${CF_Token:-$(_readaccountconf_mutable CF_Token)}"
  16. CF_Account_ID="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}"
  17. CF_Zone_ID="${CF_Zone_ID:-$(_readaccountconf_mutable CF_Zone_ID)}"
  18. CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
  19. CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
  20. if [ "$CF_Token" ]; then
  21. _saveaccountconf_mutable CF_Token "$CF_Token"
  22. _saveaccountconf_mutable CF_Account_ID "$CF_Account_ID"
  23. _saveaccountconf_mutable CF_Zone_ID "$CF_Zone_ID"
  24. else
  25. if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
  26. CF_Key=""
  27. CF_Email=""
  28. _err "You didn't specify a Cloudflare api key and email yet."
  29. _err "You can get yours from here https://dash.cloudflare.com/profile."
  30. return 1
  31. fi
  32. if ! _contains "$CF_Email" "@"; then
  33. _err "It seems that the CF_Email=$CF_Email is not a valid email address."
  34. _err "Please check and retry."
  35. return 1
  36. fi
  37. #save the api key and email to the account conf file.
  38. _saveaccountconf_mutable CF_Key "$CF_Key"
  39. _saveaccountconf_mutable CF_Email "$CF_Email"
  40. fi
  41. _debug "First detect the root zone"
  42. if ! _get_root "$fulldomain"; then
  43. _err "invalid domain"
  44. return 1
  45. fi
  46. _debug _domain_id "$_domain_id"
  47. _debug _sub_domain "$_sub_domain"
  48. _debug _domain "$_domain"
  49. _debug "Getting txt records"
  50. _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain"
  51. if ! printf "%s" "$response" | grep \"success\":true >/dev/null; then
  52. _err "Error"
  53. return 1
  54. fi
  55. # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so
  56. # we can not use updating anymore.
  57. # count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2)
  58. # _debug count "$count"
  59. # if [ "$count" = "0" ]; then
  60. _info "Adding record"
  61. if _cf_rest POST "zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then
  62. if _contains "$response" "$txtvalue"; then
  63. _info "Added, OK"
  64. return 0
  65. elif _contains "$response" "The record already exists"; then
  66. _info "Already exists, OK"
  67. return 0
  68. else
  69. _err "Add txt record error."
  70. return 1
  71. fi
  72. fi
  73. _err "Add txt record error."
  74. return 1
  75. }
  76. #fulldomain txtvalue
  77. dns_cf_rm() {
  78. fulldomain=$1
  79. txtvalue=$2
  80. CF_Token="${CF_Token:-$(_readaccountconf_mutable CF_Token)}"
  81. CF_Account_ID="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}"
  82. CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
  83. CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
  84. _debug "First detect the root zone"
  85. if ! _get_root "$fulldomain"; then
  86. _err "invalid domain"
  87. return 1
  88. fi
  89. _debug _domain_id "$_domain_id"
  90. _debug _sub_domain "$_sub_domain"
  91. _debug _domain "$_domain"
  92. _debug "Getting txt records"
  93. _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain&content=$txtvalue"
  94. if ! printf "%s" "$response" | grep \"success\":true >/dev/null; then
  95. _err "Error"
  96. return 1
  97. fi
  98. count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2)
  99. _debug count "$count"
  100. if [ "$count" = "0" ]; then
  101. _info "Don't need to remove."
  102. else
  103. record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1)
  104. _debug "record_id" "$record_id"
  105. if [ -z "$record_id" ]; then
  106. _err "Can not get record id to remove."
  107. return 1
  108. fi
  109. if ! _cf_rest DELETE "zones/$_domain_id/dns_records/$record_id"; then
  110. _err "Delete record error."
  111. return 1
  112. fi
  113. _contains "$response" '"success":true'
  114. fi
  115. }
  116. #################### Private functions below ##################################
  117. #_acme-challenge.www.domain.com
  118. #returns
  119. # _sub_domain=_acme-challenge.www
  120. # _domain=domain.com
  121. # _domain_id=sdjkglgdfewsdfg
  122. _get_root() {
  123. domain=$1
  124. i=1
  125. p=1
  126. # Use Zone ID directly if provided
  127. if [ "$CF_Zone_ID" ]; then
  128. if ! _cf_rest GET "zones/$CF_Zone_ID"; then
  129. return 1
  130. else
  131. if _contains "$response" '"success":true'; then
  132. _domain=$(printf "%s\n" "$response" | _egrep_o "\"name\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1)
  133. if [ "$_domain" ]; then
  134. _cutlength=$((${#domain} - ${#_domain} - 1))
  135. _sub_domain=$(printf "%s" "$domain" | cut -c "1-$_cutlength")
  136. _domain_id=$CF_Zone_ID
  137. return 0
  138. else
  139. return 1
  140. fi
  141. else
  142. return 1
  143. fi
  144. fi
  145. fi
  146. while true; do
  147. h=$(printf "%s" "$domain" | cut -d . -f $i-100)
  148. _debug h "$h"
  149. if [ -z "$h" ]; then
  150. #not valid
  151. return 1
  152. fi
  153. if [ "$CF_Account_ID" ]; then
  154. if ! _cf_rest GET "zones?name=$h&account.id=$CF_Account_ID"; then
  155. return 1
  156. fi
  157. else
  158. if ! _cf_rest GET "zones?name=$h"; then
  159. return 1
  160. fi
  161. fi
  162. if _contains "$response" "\"name\":\"$h\"" || _contains "$response" '"total_count":1'; then
  163. _domain_id=$(echo "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
  164. if [ "$_domain_id" ]; then
  165. _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
  166. _domain=$h
  167. return 0
  168. fi
  169. return 1
  170. fi
  171. p=$i
  172. i=$(_math "$i" + 1)
  173. done
  174. return 1
  175. }
  176. _cf_rest() {
  177. m=$1
  178. ep="$2"
  179. data="$3"
  180. _debug "$ep"
  181. email_trimmed=$(echo "$CF_Email" | tr -d '"')
  182. key_trimmed=$(echo "$CF_Key" | tr -d '"')
  183. token_trimmed=$(echo "$CF_Token" | tr -d '"')
  184. export _H1="Content-Type: application/json"
  185. if [ "$token_trimmed" ]; then
  186. export _H2="Authorization: Bearer $token_trimmed"
  187. else
  188. export _H2="X-Auth-Email: $email_trimmed"
  189. export _H3="X-Auth-Key: $key_trimmed"
  190. fi
  191. if [ "$m" != "GET" ]; then
  192. _debug data "$data"
  193. response="$(_post "$data" "$CF_Api/$ep" "" "$m")"
  194. else
  195. response="$(_get "$CF_Api/$ep")"
  196. fi
  197. if [ "$?" != "0" ]; then
  198. _err "error $ep"
  199. return 1
  200. fi
  201. _debug2 response "$response"
  202. return 0
  203. }