You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

249 lines
6.9 KiB

9 years ago
9 years ago
9 years ago
9 years ago
8 years ago
8 years ago
9 years ago
9 years ago
9 years ago
9 years ago
7 years ago
9 years ago
9 years ago
9 years ago
8 years ago
9 years ago
9 years ago
8 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
  1. #!/usr/bin/env sh
  2. #
  3. #CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
  4. #
  5. #CF_Email="xxxx@sss.com"
  6. #CF_Token="xxxx"
  7. #CF_Account_ID="xxxx"
  8. #CF_Zone_ID="xxxx"
  9. CF_Api="https://api.cloudflare.com/client/v4"
  10. ######## Public functions #####################
  11. #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  12. dns_cf_add() {
  13. fulldomain=$1
  14. txtvalue=$2
  15. CF_Token="${CF_Token:-$(_readaccountconf_mutable CF_Token)}"
  16. CF_Account_ID="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}"
  17. CF_Zone_ID="${CF_Zone_ID:-$(_readaccountconf_mutable CF_Zone_ID)}"
  18. CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
  19. CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
  20. if [ "$CF_Token" ]; then
  21. if [ "$CF_Zone_ID" ]; then
  22. _savedomainconf CF_Token "$CF_Token"
  23. _savedomainconf CF_Account_ID "$CF_Account_ID"
  24. _savedomainconf CF_Zone_ID "$CF_Zone_ID"
  25. else
  26. _saveaccountconf_mutable CF_Token "$CF_Token"
  27. _saveaccountconf_mutable CF_Account_ID "$CF_Account_ID"
  28. _clearaccountconf_mutable CF_Zone_ID
  29. _clearaccountconf CF_Zone_ID
  30. fi
  31. else
  32. if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
  33. CF_Key=""
  34. CF_Email=""
  35. _err "You didn't specify a Cloudflare api key and email yet."
  36. _err "You can get yours from here https://dash.cloudflare.com/profile."
  37. return 1
  38. fi
  39. if ! _contains "$CF_Email" "@"; then
  40. _err "It seems that the CF_Email=$CF_Email is not a valid email address."
  41. _err "Please check and retry."
  42. return 1
  43. fi
  44. #save the api key and email to the account conf file.
  45. _saveaccountconf_mutable CF_Key "$CF_Key"
  46. _saveaccountconf_mutable CF_Email "$CF_Email"
  47. _clearaccountconf_mutable CF_Token
  48. _clearaccountconf_mutable CF_Account_ID
  49. _clearaccountconf_mutable CF_Zone_ID
  50. _clearaccountconf CF_Token
  51. _clearaccountconf CF_Account_ID
  52. _clearaccountconf CF_Zone_ID
  53. fi
  54. _debug "First detect the root zone"
  55. if ! _get_root "$fulldomain"; then
  56. _err "invalid domain"
  57. return 1
  58. fi
  59. _debug _domain_id "$_domain_id"
  60. _debug _sub_domain "$_sub_domain"
  61. _debug _domain "$_domain"
  62. _debug "Getting txt records"
  63. _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain"
  64. if ! echo "$response" | tr -d " " | grep \"success\":true >/dev/null; then
  65. _err "Error"
  66. return 1
  67. fi
  68. # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so
  69. # we can not use updating anymore.
  70. # count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2)
  71. # _debug count "$count"
  72. # if [ "$count" = "0" ]; then
  73. _info "Adding record"
  74. if _cf_rest POST "zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then
  75. if _contains "$response" "$txtvalue"; then
  76. _info "Added, OK"
  77. return 0
  78. elif _contains "$response" "The record already exists"; then
  79. _info "Already exists, OK"
  80. return 0
  81. else
  82. _err "Add txt record error."
  83. return 1
  84. fi
  85. fi
  86. _err "Add txt record error."
  87. return 1
  88. }
  89. #fulldomain txtvalue
  90. dns_cf_rm() {
  91. fulldomain=$1
  92. txtvalue=$2
  93. CF_Token="${CF_Token:-$(_readaccountconf_mutable CF_Token)}"
  94. CF_Account_ID="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}"
  95. CF_Zone_ID="${CF_Zone_ID:-$(_readaccountconf_mutable CF_Zone_ID)}"
  96. CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
  97. CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
  98. _debug "First detect the root zone"
  99. if ! _get_root "$fulldomain"; then
  100. _err "invalid domain"
  101. return 1
  102. fi
  103. _debug _domain_id "$_domain_id"
  104. _debug _sub_domain "$_sub_domain"
  105. _debug _domain "$_domain"
  106. _debug "Getting txt records"
  107. _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain&content=$txtvalue"
  108. if ! echo "$response" | tr -d " " | grep \"success\":true >/dev/null; then
  109. _err "Error: $response"
  110. return 1
  111. fi
  112. count=$(echo "$response" | _egrep_o "\"count\": *[^,]*" | cut -d : -f 2 | tr -d " ")
  113. _debug count "$count"
  114. if [ "$count" = "0" ]; then
  115. _info "Don't need to remove."
  116. else
  117. record_id=$(echo "$response" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ")
  118. _debug "record_id" "$record_id"
  119. if [ -z "$record_id" ]; then
  120. _err "Can not get record id to remove."
  121. return 1
  122. fi
  123. if ! _cf_rest DELETE "zones/$_domain_id/dns_records/$record_id"; then
  124. _err "Delete record error."
  125. return 1
  126. fi
  127. echo "$response" | tr -d " " | grep \"success\":true >/dev/null
  128. fi
  129. }
  130. #################### Private functions below ##################################
  131. #_acme-challenge.www.domain.com
  132. #returns
  133. # _sub_domain=_acme-challenge.www
  134. # _domain=domain.com
  135. # _domain_id=sdjkglgdfewsdfg
  136. _get_root() {
  137. domain=$1
  138. i=1
  139. p=1
  140. # Use Zone ID directly if provided
  141. if [ "$CF_Zone_ID" ]; then
  142. if ! _cf_rest GET "zones/$CF_Zone_ID"; then
  143. return 1
  144. else
  145. if echo "$response" | tr -d " " | grep \"success\":true >/dev/null; then
  146. _domain=$(echo "$response" | _egrep_o "\"name\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ")
  147. if [ "$_domain" ]; then
  148. _cutlength=$((${#domain} - ${#_domain} - 1))
  149. _sub_domain=$(printf "%s" "$domain" | cut -c "1-$_cutlength")
  150. _domain_id=$CF_Zone_ID
  151. return 0
  152. else
  153. return 1
  154. fi
  155. else
  156. return 1
  157. fi
  158. fi
  159. fi
  160. while true; do
  161. h=$(printf "%s" "$domain" | cut -d . -f $i-100)
  162. _debug h "$h"
  163. if [ -z "$h" ]; then
  164. #not valid
  165. return 1
  166. fi
  167. if [ "$CF_Account_ID" ]; then
  168. if ! _cf_rest GET "zones?name=$h&account.id=$CF_Account_ID"; then
  169. return 1
  170. fi
  171. else
  172. if ! _cf_rest GET "zones?name=$h"; then
  173. return 1
  174. fi
  175. fi
  176. if _contains "$response" "\"name\":\"$h\"" || _contains "$response" '"total_count":1'; then
  177. _domain_id=$(echo "$response" | _egrep_o "\[.\"id\": *\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \" | tr -d " ")
  178. if [ "$_domain_id" ]; then
  179. _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
  180. _domain=$h
  181. return 0
  182. fi
  183. return 1
  184. fi
  185. p=$i
  186. i=$(_math "$i" + 1)
  187. done
  188. return 1
  189. }
  190. _cf_rest() {
  191. m=$1
  192. ep="$2"
  193. data="$3"
  194. _debug "$ep"
  195. email_trimmed=$(echo "$CF_Email" | tr -d '"')
  196. key_trimmed=$(echo "$CF_Key" | tr -d '"')
  197. token_trimmed=$(echo "$CF_Token" | tr -d '"')
  198. export _H1="Content-Type: application/json"
  199. if [ "$token_trimmed" ]; then
  200. export _H2="Authorization: Bearer $token_trimmed"
  201. else
  202. export _H2="X-Auth-Email: $email_trimmed"
  203. export _H3="X-Auth-Key: $key_trimmed"
  204. fi
  205. if [ "$m" != "GET" ]; then
  206. _debug data "$data"
  207. response="$(_post "$data" "$CF_Api/$ep" "" "$m")"
  208. else
  209. response="$(_get "$CF_Api/$ep")"
  210. fi
  211. if [ "$?" != "0" ]; then
  212. _err "error $ep"
  213. return 1
  214. fi
  215. _debug2 response "$response"
  216. return 0
  217. }