vixns
4 years ago
45 changed files with 4281 additions and 377 deletions
-
249.github/workflows/DNS.yml
-
52.github/workflows/LetsEncrypt.yml
-
12.github/workflows/dockerhub.yml
-
2Dockerfile
-
45README.md
-
283acme.sh
-
92deploy/cleverreach.sh
-
1deploy/docker.sh
-
14deploy/fritzbox.sh
-
13deploy/gcore_cdn.sh
-
25deploy/mailcow.sh
-
123deploy/peplink.sh
-
34deploy/synology_dsm.sh
-
220deploy/unifi.sh
-
67deploy/vault.sh
-
10deploy/vault_cli.sh
-
84dnsapi/dns_1984hosting.sh
-
150dnsapi/dns_anx.sh
-
47dnsapi/dns_arvan.sh
-
171dnsapi/dns_aurora.sh
-
61dnsapi/dns_constellix.sh
-
4dnsapi/dns_desec.sh
-
2dnsapi/dns_dp.sh
-
16dnsapi/dns_dpi.sh
-
13dnsapi/dns_duckdns.sh
-
466dnsapi/dns_edgedns.sh
-
275dnsapi/dns_huaweicloud.sh
-
199dnsapi/dns_infomaniak.sh
-
162dnsapi/dns_ionos.sh
-
26dnsapi/dns_ispconfig.sh
-
3dnsapi/dns_linode_v4.sh
-
10dnsapi/dns_namecheap.sh
-
56dnsapi/dns_one.sh
-
2dnsapi/dns_ovh.sh
-
4dnsapi/dns_pdns.sh
-
157dnsapi/dns_porkbun.sh
-
156dnsapi/dns_rackcorp.sh
-
176dnsapi/dns_scaleway.sh
-
42dnsapi/dns_servercow.sh
-
261dnsapi/dns_simply.sh
-
207dnsapi/dns_websupport.sh
-
210dnsapi/dns_world4you.sh
-
2notify/mail.sh
-
402notify/smtp.sh
-
52notify/telegram.sh
@ -0,0 +1,249 @@ |
|||||
|
name: DNS |
||||
|
on: |
||||
|
push: |
||||
|
paths: |
||||
|
- 'dnsapi/*.sh' |
||||
|
- '.github/workflows/DNS.yml' |
||||
|
pull_request: |
||||
|
branches: |
||||
|
- 'dev' |
||||
|
paths: |
||||
|
- 'dnsapi/*.sh' |
||||
|
- '.github/workflows/DNS.yml' |
||||
|
|
||||
|
|
||||
|
jobs: |
||||
|
CheckToken: |
||||
|
runs-on: ubuntu-latest |
||||
|
outputs: |
||||
|
hasToken: ${{ steps.step_one.outputs.hasToken }} |
||||
|
steps: |
||||
|
- name: Set the value |
||||
|
id: step_one |
||||
|
run: | |
||||
|
if [ "${{secrets.TokenName1}}" ] ; then |
||||
|
echo "::set-output name=hasToken::true" |
||||
|
else |
||||
|
echo "::set-output name=hasToken::false" |
||||
|
fi |
||||
|
- name: Check the value |
||||
|
run: echo ${{ steps.step_one.outputs.hasToken }} |
||||
|
|
||||
|
Fail: |
||||
|
runs-on: ubuntu-latest |
||||
|
needs: CheckToken |
||||
|
if: "contains(needs.CheckToken.outputs.hasToken, 'false')" |
||||
|
steps: |
||||
|
- name: "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test" |
||||
|
run: | |
||||
|
echo "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test" |
||||
|
if [ "${{github.actor}}" != "Neilpang" ]; then |
||||
|
false |
||||
|
fi |
||||
|
|
||||
|
Docker: |
||||
|
runs-on: ubuntu-latest |
||||
|
needs: CheckToken |
||||
|
if: "contains(needs.CheckToken.outputs.hasToken, 'true')" |
||||
|
env: |
||||
|
TEST_DNS : ${{ secrets.TEST_DNS }} |
||||
|
TestingDomain: ${{ secrets.TestingDomain }} |
||||
|
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
||||
|
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
||||
|
CASE: le_test_dnsapi |
||||
|
TEST_LOCAL: 1 |
||||
|
DEBUG: 1 |
||||
|
steps: |
||||
|
- uses: actions/checkout@v2 |
||||
|
- name: Clone acmetest |
||||
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
||||
|
- name: Set env file |
||||
|
run: | |
||||
|
cd ../acmetest |
||||
|
if [ "${{ secrets.TokenName1}}" ] ; then |
||||
|
echo "${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}" >> env.list |
||||
|
fi |
||||
|
if [ "${{ secrets.TokenName2}}" ] ; then |
||||
|
echo "${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}" >> env.list |
||||
|
fi |
||||
|
if [ "${{ secrets.TokenName3}}" ] ; then |
||||
|
echo "${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}" >> env.list |
||||
|
fi |
||||
|
if [ "${{ secrets.TokenName4}}" ] ; then |
||||
|
echo "${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}" >> env.list |
||||
|
fi |
||||
|
if [ "${{ secrets.TokenName5}}" ] ; then |
||||
|
echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> env.list |
||||
|
fi |
||||
|
echo "TEST_DNS_NO_WILDCARD" >> env.list |
||||
|
echo "TEST_DNS_SLEEP" >> env.list |
||||
|
- name: Run acmetest |
||||
|
run: cd ../acmetest && ./rundocker.sh testall |
||||
|
|
||||
|
MacOS: |
||||
|
runs-on: macos-latest |
||||
|
needs: Docker |
||||
|
env: |
||||
|
TEST_DNS : ${{ secrets.TEST_DNS }} |
||||
|
TestingDomain: ${{ secrets.TestingDomain }} |
||||
|
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
||||
|
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
||||
|
CASE: le_test_dnsapi |
||||
|
TEST_LOCAL: 1 |
||||
|
DEBUG: 1 |
||||
|
steps: |
||||
|
- uses: actions/checkout@v2 |
||||
|
- name: Install tools |
||||
|
run: brew install socat |
||||
|
- name: Clone acmetest |
||||
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
||||
|
- name: Run acmetest |
||||
|
run: | |
||||
|
if [ "${{ secrets.TokenName1}}" ] ; then |
||||
|
export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} |
||||
|
fi |
||||
|
if [ "${{ secrets.TokenName2}}" ] ; then |
||||
|
export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} |
||||
|
fi |
||||
|
if [ "${{ secrets.TokenName3}}" ] ; then |
||||
|
export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} |
||||
|
fi |
||||
|
if [ "${{ secrets.TokenName4}}" ] ; then |
||||
|
export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} |
||||
|
fi |
||||
|
if [ "${{ secrets.TokenName5}}" ] ; then |
||||
|
export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} |
||||
|
fi |
||||
|
cd ../acmetest |
||||
|
./letest.sh |
||||
|
|
||||
|
Windows: |
||||
|
runs-on: windows-latest |
||||
|
needs: MacOS |
||||
|
env: |
||||
|
TEST_DNS : ${{ secrets.TEST_DNS }} |
||||
|
TestingDomain: ${{ secrets.TestingDomain }} |
||||
|
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
||||
|
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
||||
|
CASE: le_test_dnsapi |
||||
|
TEST_LOCAL: 1 |
||||
|
DEBUG: 1 |
||||
|
steps: |
||||
|
- name: Set git to use LF |
||||
|
run: | |
||||
|
git config --global core.autocrlf false |
||||
|
- uses: actions/checkout@v2 |
||||
|
- name: Install cygwin base packages with chocolatey |
||||
|
run: | |
||||
|
choco config get cacheLocation |
||||
|
choco install --no-progress cygwin |
||||
|
shell: cmd |
||||
|
- name: Install cygwin additional packages |
||||
|
run: | |
||||
|
C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git |
||||
|
shell: cmd |
||||
|
- name: Set ENV |
||||
|
shell: cmd |
||||
|
run: | |
||||
|
echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV% |
||||
|
- name: Clone acmetest |
||||
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
||||
|
- name: Run acmetest |
||||
|
shell: bash |
||||
|
run: | |
||||
|
if [ "${{ secrets.TokenName1}}" ] ; then |
||||
|
export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} |
||||
|
fi |
||||
|
if [ "${{ secrets.TokenName2}}" ] ; then |
||||
|
export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} |
||||
|
fi |
||||
|
if [ "${{ secrets.TokenName3}}" ] ; then |
||||
|
export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} |
||||
|
fi |
||||
|
if [ "${{ secrets.TokenName4}}" ] ; then |
||||
|
export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} |
||||
|
fi |
||||
|
if [ "${{ secrets.TokenName5}}" ] ; then |
||||
|
export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} |
||||
|
fi |
||||
|
cd ../acmetest |
||||
|
./letest.sh |
||||
|
|
||||
|
FreeBSD: |
||||
|
runs-on: macos-latest |
||||
|
needs: Windows |
||||
|
env: |
||||
|
TEST_DNS : ${{ secrets.TEST_DNS }} |
||||
|
TestingDomain: ${{ secrets.TestingDomain }} |
||||
|
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
||||
|
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
||||
|
CASE: le_test_dnsapi |
||||
|
TEST_LOCAL: 1 |
||||
|
DEBUG: 1 |
||||
|
steps: |
||||
|
- uses: actions/checkout@v2 |
||||
|
- name: Clone acmetest |
||||
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
||||
|
- uses: vmactions/freebsd-vm@v0.1.4 |
||||
|
with: |
||||
|
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' |
||||
|
prepare: pkg install -y socat curl |
||||
|
usesh: true |
||||
|
run: | |
||||
|
if [ "${{ secrets.TokenName1}}" ] ; then |
||||
|
export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} |
||||
|
fi |
||||
|
if [ "${{ secrets.TokenName2}}" ] ; then |
||||
|
export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} |
||||
|
fi |
||||
|
if [ "${{ secrets.TokenName3}}" ] ; then |
||||
|
export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} |
||||
|
fi |
||||
|
if [ "${{ secrets.TokenName4}}" ] ; then |
||||
|
export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} |
||||
|
fi |
||||
|
if [ "${{ secrets.TokenName5}}" ] ; then |
||||
|
export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} |
||||
|
fi |
||||
|
cd ../acmetest |
||||
|
./letest.sh |
||||
|
|
||||
|
Solaris: |
||||
|
runs-on: macos-latest |
||||
|
needs: FreeBSD |
||||
|
env: |
||||
|
TEST_DNS : ${{ secrets.TEST_DNS }} |
||||
|
TestingDomain: ${{ secrets.TestingDomain }} |
||||
|
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} |
||||
|
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} |
||||
|
CASE: le_test_dnsapi |
||||
|
TEST_LOCAL: 1 |
||||
|
DEBUG: 1 |
||||
|
steps: |
||||
|
- uses: actions/checkout@v2 |
||||
|
- name: Clone acmetest |
||||
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
||||
|
- uses: vmactions/solaris-vm@v0.0.3 |
||||
|
with: |
||||
|
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' |
||||
|
prepare: pkgutil -y -i socat curl |
||||
|
run: | |
||||
|
if [ "${{ secrets.TokenName1}}" ] ; then |
||||
|
export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} |
||||
|
fi |
||||
|
if [ "${{ secrets.TokenName2}}" ] ; then |
||||
|
export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} |
||||
|
fi |
||||
|
if [ "${{ secrets.TokenName3}}" ] ; then |
||||
|
export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} |
||||
|
fi |
||||
|
if [ "${{ secrets.TokenName4}}" ] ; then |
||||
|
export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} |
||||
|
fi |
||||
|
if [ "${{ secrets.TokenName5}}" ] ; then |
||||
|
export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} |
||||
|
fi |
||||
|
cd ../acmetest |
||||
|
./letest.sh |
||||
|
|
||||
|
|
@ -0,0 +1,92 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
# Here is the script to deploy the cert to your CleverReach Account using the CleverReach REST API. |
||||
|
# Your OAuth needs the right scope, please contact CleverReach support for that. |
||||
|
# |
||||
|
# Written by Jan-Philipp Benecke <github@bnck.me> |
||||
|
# Public domain, 2020 |
||||
|
# |
||||
|
# Following environment variables must be set: |
||||
|
# |
||||
|
#export DEPLOY_CLEVERREACH_CLIENT_ID=myid |
||||
|
#export DEPLOY_CLEVERREACH_CLIENT_SECRET=mysecret |
||||
|
|
||||
|
cleverreach_deploy() { |
||||
|
_cdomain="$1" |
||||
|
_ckey="$2" |
||||
|
_ccert="$3" |
||||
|
_cca="$4" |
||||
|
_cfullchain="$5" |
||||
|
|
||||
|
_rest_endpoint="https://rest.cleverreach.com" |
||||
|
|
||||
|
_debug _cdomain "$_cdomain" |
||||
|
_debug _ckey "$_ckey" |
||||
|
_debug _ccert "$_ccert" |
||||
|
_debug _cca "$_cca" |
||||
|
_debug _cfullchain "$_cfullchain" |
||||
|
|
||||
|
_getdeployconf DEPLOY_CLEVERREACH_CLIENT_ID |
||||
|
_getdeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET |
||||
|
_getdeployconf DEPLOY_CLEVERREACH_SUBCLIENT_ID |
||||
|
|
||||
|
if [ -z "${DEPLOY_CLEVERREACH_CLIENT_ID}" ]; then |
||||
|
_err "CleverReach Client ID is not found, please define DEPLOY_CLEVERREACH_CLIENT_ID." |
||||
|
return 1 |
||||
|
fi |
||||
|
if [ -z "${DEPLOY_CLEVERREACH_CLIENT_SECRET}" ]; then |
||||
|
_err "CleverReach client secret is not found, please define DEPLOY_CLEVERREACH_CLIENT_SECRET." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_savedeployconf DEPLOY_CLEVERREACH_CLIENT_ID "${DEPLOY_CLEVERREACH_CLIENT_ID}" |
||||
|
_savedeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET "${DEPLOY_CLEVERREACH_CLIENT_SECRET}" |
||||
|
_savedeployconf DEPLOY_CLEVERREACH_SUBCLIENT_ID "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" |
||||
|
|
||||
|
_info "Obtaining a CleverReach access token" |
||||
|
|
||||
|
_data="{\"grant_type\": \"client_credentials\", \"client_id\": \"${DEPLOY_CLEVERREACH_CLIENT_ID}\", \"client_secret\": \"${DEPLOY_CLEVERREACH_CLIENT_SECRET}\"}" |
||||
|
_auth_result="$(_post "$_data" "$_rest_endpoint/oauth/token.php" "" "POST" "application/json")" |
||||
|
|
||||
|
_debug _data "$_data" |
||||
|
_debug _auth_result "$_auth_result" |
||||
|
|
||||
|
_regex=".*\"access_token\":\"\([-._0-9A-Za-z]*\)\".*$" |
||||
|
_debug _regex "$_regex" |
||||
|
_access_token=$(echo "$_auth_result" | _json_decode | sed -n "s/$_regex/\1/p") |
||||
|
|
||||
|
_debug _subclient "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" |
||||
|
|
||||
|
if [ -n "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" ]; then |
||||
|
_info "Obtaining token for sub-client ${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" |
||||
|
export _H1="Authorization: Bearer ${_access_token}" |
||||
|
_subclient_token_result="$(_get "$_rest_endpoint/v3/clients/$DEPLOY_CLEVERREACH_SUBCLIENT_ID/token")" |
||||
|
_access_token=$(echo "$_subclient_token_result" | sed -n "s/\"//p") |
||||
|
|
||||
|
_debug _subclient_token_result "$_access_token" |
||||
|
|
||||
|
_info "Destroying parent token at CleverReach, as it not needed anymore" |
||||
|
_destroy_result="$(_post "" "$_rest_endpoint/v3/oauth/token.json" "" "DELETE" "application/json")" |
||||
|
_debug _destroy_result "$_destroy_result" |
||||
|
fi |
||||
|
|
||||
|
_info "Uploading certificate and key to CleverReach" |
||||
|
|
||||
|
_certData="{\"cert\":\"$(_json_encode <"$_cfullchain")\", \"key\":\"$(_json_encode <"$_ckey")\"}" |
||||
|
export _H1="Authorization: Bearer ${_access_token}" |
||||
|
_add_cert_result="$(_post "$_certData" "$_rest_endpoint/v3/ssl" "" "POST" "application/json")" |
||||
|
|
||||
|
if [ -z "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" ]; then |
||||
|
_info "Destroying token at CleverReach, as it not needed anymore" |
||||
|
_destroy_result="$(_post "" "$_rest_endpoint/v3/oauth/token.json" "" "DELETE" "application/json")" |
||||
|
_debug _destroy_result "$_destroy_result" |
||||
|
fi |
||||
|
|
||||
|
if ! echo "$_add_cert_result" | grep '"error":' >/dev/null; then |
||||
|
_info "Uploaded certificate successfully" |
||||
|
return 0 |
||||
|
else |
||||
|
_debug _add_cert_result "$_add_cert_result" |
||||
|
_err "Unable to update certificate" |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
@ -0,0 +1,123 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Script to deploy cert to Peplink Routers |
||||
|
# |
||||
|
# The following environment variables must be set: |
||||
|
# |
||||
|
# PEPLINK_Hostname - Peplink hostname |
||||
|
# PEPLINK_Username - Peplink username to login |
||||
|
# PEPLINK_Password - Peplink password to login |
||||
|
# |
||||
|
# The following environmental variables may be set if you don't like their |
||||
|
# default values: |
||||
|
# |
||||
|
# PEPLINK_Certtype - Certificate type to target for replacement |
||||
|
# defaults to "webadmin", can be one of: |
||||
|
# * "chub" (ContentHub) |
||||
|
# * "openvpn" (OpenVPN CA) |
||||
|
# * "portal" (Captive Portal SSL) |
||||
|
# * "webadmin" (Web Admin SSL) |
||||
|
# * "webproxy" (Proxy Root CA) |
||||
|
# * "wwan_ca" (Wi-Fi WAN CA) |
||||
|
# * "wwan_client" (Wi-Fi WAN Client) |
||||
|
# PEPLINK_Scheme - defaults to "https" |
||||
|
# PEPLINK_Port - defaults to "443" |
||||
|
# |
||||
|
#returns 0 means success, otherwise error. |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
_peplink_get_cookie_data() { |
||||
|
grep -i "\W$1=" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';' |
||||
|
} |
||||
|
|
||||
|
#domain keyfile certfile cafile fullchain |
||||
|
peplink_deploy() { |
||||
|
|
||||
|
_cdomain="$1" |
||||
|
_ckey="$2" |
||||
|
_cfullchain="$5" |
||||
|
|
||||
|
_debug _cdomain "$_cdomain" |
||||
|
_debug _cfullchain "$_cfullchain" |
||||
|
_debug _ckey "$_ckey" |
||||
|
|
||||
|
# Get Hostname, Username and Password, but don't save until we successfully authenticate |
||||
|
_getdeployconf PEPLINK_Hostname |
||||
|
_getdeployconf PEPLINK_Username |
||||
|
_getdeployconf PEPLINK_Password |
||||
|
if [ -z "${PEPLINK_Hostname:-}" ] || [ -z "${PEPLINK_Username:-}" ] || [ -z "${PEPLINK_Password:-}" ]; then |
||||
|
_err "PEPLINK_Hostname & PEPLINK_Username & PEPLINK_Password must be set" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 PEPLINK_Hostname "$PEPLINK_Hostname" |
||||
|
_debug2 PEPLINK_Username "$PEPLINK_Username" |
||||
|
_secure_debug2 PEPLINK_Password "$PEPLINK_Password" |
||||
|
|
||||
|
# Optional certificate type, scheme, and port for Peplink |
||||
|
_getdeployconf PEPLINK_Certtype |
||||
|
_getdeployconf PEPLINK_Scheme |
||||
|
_getdeployconf PEPLINK_Port |
||||
|
|
||||
|
# Don't save the certificate type until we verify it exists and is supported |
||||
|
_savedeployconf PEPLINK_Scheme "$PEPLINK_Scheme" |
||||
|
_savedeployconf PEPLINK_Port "$PEPLINK_Port" |
||||
|
|
||||
|
# Default vaules for certificate type, scheme, and port |
||||
|
[ -n "${PEPLINK_Certtype}" ] || PEPLINK_Certtype="webadmin" |
||||
|
[ -n "${PEPLINK_Scheme}" ] || PEPLINK_Scheme="https" |
||||
|
[ -n "${PEPLINK_Port}" ] || PEPLINK_Port="443" |
||||
|
|
||||
|
_debug2 PEPLINK_Certtype "$PEPLINK_Certtype" |
||||
|
_debug2 PEPLINK_Scheme "$PEPLINK_Scheme" |
||||
|
_debug2 PEPLINK_Port "$PEPLINK_Port" |
||||
|
|
||||
|
_base_url="$PEPLINK_Scheme://$PEPLINK_Hostname:$PEPLINK_Port" |
||||
|
_debug _base_url "$_base_url" |
||||
|
|
||||
|
# Login, get the auth token from the cookie |
||||
|
_info "Logging into $PEPLINK_Hostname:$PEPLINK_Port" |
||||
|
encoded_username="$(printf "%s" "$PEPLINK_Username" | _url_encode)" |
||||
|
encoded_password="$(printf "%s" "$PEPLINK_Password" | _url_encode)" |
||||
|
response=$(_post "func=login&username=$encoded_username&password=$encoded_password" "$_base_url/cgi-bin/MANGA/api.cgi") |
||||
|
auth_token=$(_peplink_get_cookie_data "bauth" <"$HTTP_HEADER") |
||||
|
_debug3 response "$response" |
||||
|
_debug auth_token "$auth_token" |
||||
|
|
||||
|
if [ -z "$auth_token" ]; then |
||||
|
_err "Unable to authenticate to $PEPLINK_Hostname:$PEPLINK_Port using $PEPLINK_Scheme." |
||||
|
_err "Check your username and password." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_H1="Cookie: $auth_token" |
||||
|
export _H1 |
||||
|
_debug2 H1 "${_H1}" |
||||
|
|
||||
|
# Now that we know the hostnameusername and password are good, save them |
||||
|
_savedeployconf PEPLINK_Hostname "$PEPLINK_Hostname" |
||||
|
_savedeployconf PEPLINK_Username "$PEPLINK_Username" |
||||
|
_savedeployconf PEPLINK_Password "$PEPLINK_Password" |
||||
|
|
||||
|
_info "Generate form POST request" |
||||
|
|
||||
|
encoded_key="$(_url_encode <"$_ckey")" |
||||
|
encoded_fullchain="$(_url_encode <"$_cfullchain")" |
||||
|
body="cert_type=$PEPLINK_Certtype&cert_uid=§ion=CERT_modify&key_pem=$encoded_key&key_pem_passphrase=&key_pem_passphrase_confirm=&cert_pem=$encoded_fullchain" |
||||
|
_debug3 body "$body" |
||||
|
|
||||
|
_info "Upload $PEPLINK_Certtype certificate to the Peplink" |
||||
|
|
||||
|
response=$(_post "$body" "$_base_url/cgi-bin/MANGA/admin.cgi") |
||||
|
_debug3 response "$response" |
||||
|
|
||||
|
if echo "$response" | grep 'Success' >/dev/null; then |
||||
|
# We've verified this certificate type is valid, so save it |
||||
|
_savedeployconf PEPLINK_Certtype "$PEPLINK_Certtype" |
||||
|
_info "Certificate was updated" |
||||
|
return 0 |
||||
|
else |
||||
|
_err "Unable to update certificate, error code $response" |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
@ -0,0 +1,67 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Here is a script to deploy cert to hashicorp vault using curl |
||||
|
# (https://www.vaultproject.io/) |
||||
|
# |
||||
|
# it requires following environment variables: |
||||
|
# |
||||
|
# VAULT_PREFIX - this contains the prefix path in vault |
||||
|
# VAULT_ADDR - vault requires this to find your vault server |
||||
|
# |
||||
|
# additionally, you need to ensure that VAULT_TOKEN is avialable |
||||
|
# to access the vault server |
||||
|
|
||||
|
#returns 0 means success, otherwise error. |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#domain keyfile certfile cafile fullchain |
||||
|
vault_deploy() { |
||||
|
|
||||
|
_cdomain="$1" |
||||
|
_ckey="$2" |
||||
|
_ccert="$3" |
||||
|
_cca="$4" |
||||
|
_cfullchain="$5" |
||||
|
|
||||
|
_debug _cdomain "$_cdomain" |
||||
|
_debug _ckey "$_ckey" |
||||
|
_debug _ccert "$_ccert" |
||||
|
_debug _cca "$_cca" |
||||
|
_debug _cfullchain "$_cfullchain" |
||||
|
|
||||
|
# validate required env vars |
||||
|
_getdeployconf VAULT_PREFIX |
||||
|
if [ -z "$VAULT_PREFIX" ]; then |
||||
|
_err "VAULT_PREFIX needs to be defined (contains prefix path in vault)" |
||||
|
return 1 |
||||
|
fi |
||||
|
_savedeployconf VAULT_PREFIX "$VAULT_PREFIX" |
||||
|
|
||||
|
_getdeployconf VAULT_ADDR |
||||
|
if [ -z "$VAULT_ADDR" ]; then |
||||
|
_err "VAULT_ADDR needs to be defined (contains vault connection address)" |
||||
|
return 1 |
||||
|
fi |
||||
|
_savedeployconf VAULT_ADDR "$VAULT_ADDR" |
||||
|
|
||||
|
# JSON does not allow multiline strings. |
||||
|
# So replacing new-lines with "\n" here |
||||
|
_ckey=$(sed -z 's/\n/\\n/g' <"$2") |
||||
|
_ccert=$(sed -z 's/\n/\\n/g' <"$3") |
||||
|
_cca=$(sed -z 's/\n/\\n/g' <"$4") |
||||
|
_cfullchain=$(sed -z 's/\n/\\n/g' <"$5") |
||||
|
|
||||
|
URL="$VAULT_ADDR/v1/$VAULT_PREFIX/$_cdomain" |
||||
|
export _H1="X-Vault-Token: $VAULT_TOKEN" |
||||
|
|
||||
|
if [ -n "$FABIO" ]; then |
||||
|
_post "{\"cert\": \"$_cfullchain\", \"key\": \"$_ckey\"}" "$URL" |
||||
|
else |
||||
|
_post "{\"value\": \"$_ccert\"}" "$URL/cert.pem" |
||||
|
_post "{\"value\": \"$_ckey\"}" "$URL/cert.key" |
||||
|
_post "{\"value\": \"$_cca\"}" "$URL/chain.pem" |
||||
|
_post "{\"value\": \"$_cfullchain\"}" "$URL/fullchain.pem" |
||||
|
fi |
||||
|
|
||||
|
} |
@ -0,0 +1,150 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Anexia CloudDNS acme.sh hook |
||||
|
# Author: MA |
||||
|
|
||||
|
#ANX_Token="xxxx" |
||||
|
|
||||
|
ANX_API='https://engine.anexia-it.com/api/clouddns/v1' |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
dns_anx_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_info "Using ANX CDNS API" |
||||
|
|
||||
|
ANX_Token="${ANX_Token:-$(_readaccountconf_mutable ANX_Token)}" |
||||
|
_debug fulldomain "$fulldomain" |
||||
|
_debug txtvalue "$txtvalue" |
||||
|
|
||||
|
if [ "$ANX_Token" ]; then |
||||
|
_saveaccountconf_mutable ANX_Token "$ANX_Token" |
||||
|
else |
||||
|
_err "You didn't specify a ANEXIA Engine API token." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
# Always add records, wildcard need two records with the same name |
||||
|
_anx_rest POST "zone.json/${_domain}/records" "{\"name\":\"$_sub_domain\",\"type\":\"TXT\",\"rdata\":\"$txtvalue\"}" |
||||
|
if _contains "$response" "$txtvalue"; then |
||||
|
return 0 |
||||
|
else |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
dns_anx_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_info "Using ANX CDNS API" |
||||
|
|
||||
|
ANX_Token="${ANX_Token:-$(_readaccountconf_mutable ANX_Token)}" |
||||
|
|
||||
|
_debug fulldomain "$fulldomain" |
||||
|
_debug txtvalue "$txtvalue" |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_get_record_id |
||||
|
|
||||
|
if _is_uuid "$_record_id"; then |
||||
|
if ! _anx_rest DELETE "zone.json/${_domain}/records/$_record_id"; then |
||||
|
_err "Delete record" |
||||
|
return 1 |
||||
|
fi |
||||
|
else |
||||
|
_info "No record found." |
||||
|
fi |
||||
|
echo "$response" | tr -d " " | grep \"status\":\"OK\" >/dev/null |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
|
||||
|
_is_uuid() { |
||||
|
pattern='^\{?[A-Z0-9a-z]{8}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{12}\}?$' |
||||
|
if echo "$1" | _egrep_o "$pattern" >/dev/null; then |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_get_record_id() { |
||||
|
_debug subdomain "$_sub_domain" |
||||
|
_debug domain "$_domain" |
||||
|
|
||||
|
if _anx_rest GET "zone.json/${_domain}/records?name=$_sub_domain&type=TXT"; then |
||||
|
_debug response "$response" |
||||
|
if _contains "$response" "\"name\":\"$_sub_domain\"" >/dev/null; then |
||||
|
_record_id=$(printf "%s\n" "$response" | _egrep_o "\[.\"identifier\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \") |
||||
|
else |
||||
|
_record_id='' |
||||
|
fi |
||||
|
else |
||||
|
_err "Search existing record" |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
_anx_rest() { |
||||
|
m=$1 |
||||
|
ep="$2" |
||||
|
data="$3" |
||||
|
_debug "$ep" |
||||
|
|
||||
|
export _H1="Content-Type: application/json" |
||||
|
export _H2="Authorization: Token $ANX_Token" |
||||
|
|
||||
|
if [ "$m" != "GET" ]; then |
||||
|
_debug data "$data" |
||||
|
response="$(_post "$data" "${ANX_API}/$ep" "" "$m")" |
||||
|
else |
||||
|
response="$(_get "${ANX_API}/$ep")" |
||||
|
fi |
||||
|
|
||||
|
# shellcheck disable=SC2181 |
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "error $ep" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug response "$response" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
p=1 |
||||
|
|
||||
|
_anx_rest GET "zone.json" |
||||
|
|
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug h "$h" |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _contains "$response" "\"name\":\"$h\""; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain=$h |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
return 1 |
||||
|
} |
@ -0,0 +1,171 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# |
||||
|
#AURORA_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" |
||||
|
# |
||||
|
#AURORA_Secret="sdfsdfsdfljlbjkljlkjsdfoiwje" |
||||
|
|
||||
|
AURORA_Api="https://api.auroradns.eu" |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_aurora_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
AURORA_Key="${AURORA_Key:-$(_readaccountconf_mutable AURORA_Key)}" |
||||
|
AURORA_Secret="${AURORA_Secret:-$(_readaccountconf_mutable AURORA_Secret)}" |
||||
|
|
||||
|
if [ -z "$AURORA_Key" ] || [ -z "$AURORA_Secret" ]; then |
||||
|
AURORA_Key="" |
||||
|
AURORA_Secret="" |
||||
|
_err "You didn't specify an Aurora api key and secret yet." |
||||
|
_err "You can get yours from here https://cp.pcextreme.nl/auroradns/users." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
#save the api key and secret to the account conf file. |
||||
|
_saveaccountconf_mutable AURORA_Key "$AURORA_Key" |
||||
|
_saveaccountconf_mutable AURORA_Secret "$AURORA_Secret" |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_info "Adding record" |
||||
|
if _aurora_rest POST "zones/$_domain_id/records" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":300}"; then |
||||
|
if _contains "$response" "$txtvalue"; then |
||||
|
_info "Added, OK" |
||||
|
return 0 |
||||
|
elif _contains "$response" "RecordExistsError"; then |
||||
|
_info "Already exists, OK" |
||||
|
return 0 |
||||
|
else |
||||
|
_err "Add txt record error." |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
_err "Add txt record error." |
||||
|
return 1 |
||||
|
|
||||
|
} |
||||
|
|
||||
|
#fulldomain txtvalue |
||||
|
dns_aurora_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
AURORA_Key="${AURORA_Key:-$(_readaccountconf_mutable AURORA_Key)}" |
||||
|
AURORA_Secret="${AURORA_Secret:-$(_readaccountconf_mutable AURORA_Secret)}" |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_debug "Getting records" |
||||
|
_aurora_rest GET "zones/${_domain_id}/records" |
||||
|
|
||||
|
if ! _contains "$response" "$txtvalue"; then |
||||
|
_info "Don't need to remove." |
||||
|
else |
||||
|
records=$(echo "$response" | _normalizeJson | tr -d "[]" | sed "s/},{/}|{/g" | tr "|" "\n") |
||||
|
if [ "$(echo "$records" | wc -l)" -le 2 ]; then |
||||
|
_err "Can not parse records." |
||||
|
return 1 |
||||
|
fi |
||||
|
record_id=$(echo "$records" | grep "\"type\": *\"TXT\"" | grep "\"name\": *\"$_sub_domain\"" | grep "\"content\": *\"$txtvalue\"" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ") |
||||
|
_debug "record_id" "$record_id" |
||||
|
if [ -z "$record_id" ]; then |
||||
|
_err "Can not get record id to remove." |
||||
|
return 1 |
||||
|
fi |
||||
|
if ! _aurora_rest DELETE "zones/$_domain_id/records/$record_id"; then |
||||
|
_err "Delete record error." |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
return 0 |
||||
|
|
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
#_acme-challenge.www.domain.com |
||||
|
#returns |
||||
|
# _sub_domain=_acme-challenge.www |
||||
|
# _domain=domain.com |
||||
|
# _domain_id=sdjkglgdfewsdfg |
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
p=1 |
||||
|
|
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug h "$h" |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _aurora_rest GET "zones/$h"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _contains "$response" "\"name\": \"$h\""; then |
||||
|
_domain_id=$(echo "$response" | _normalizeJson | tr -d "{}" | tr "," "\n" | grep "\"id\": *\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ") |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
if [ "$_domain_id" ]; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain=$h |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
fi |
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_aurora_rest() { |
||||
|
m=$1 |
||||
|
ep="$2" |
||||
|
data="$3" |
||||
|
_debug "$ep" |
||||
|
|
||||
|
key_trimmed=$(echo "$AURORA_Key" | tr -d '"') |
||||
|
secret_trimmed=$(echo "$AURORA_Secret" | tr -d '"') |
||||
|
|
||||
|
timestamp=$(date -u +"%Y%m%dT%H%M%SZ") |
||||
|
signature=$(printf "%s/%s%s" "$m" "$ep" "$timestamp" | _hmac sha256 "$(printf "%s" "$secret_trimmed" | _hex_dump | tr -d " ")" | _base64) |
||||
|
authorization=$(printf "AuroraDNSv1 %s" "$(printf "%s:%s" "$key_trimmed" "$signature" | _base64)") |
||||
|
|
||||
|
export _H1="Content-Type: application/json; charset=UTF-8" |
||||
|
export _H2="X-AuroraDNS-Date: $timestamp" |
||||
|
export _H3="Authorization: $authorization" |
||||
|
|
||||
|
if [ "$m" != "GET" ]; then |
||||
|
_debug data "$data" |
||||
|
response="$(_post "$data" "$AURORA_Api/$ep" "" "$m")" |
||||
|
else |
||||
|
response="$(_get "$AURORA_Api/$ep")" |
||||
|
fi |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "error $ep" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 response "$response" |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,466 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Akamai Edge DNS v2 API |
||||
|
# User must provide Open Edgegrid API credentials to the EdgeDNS installation. The remote user in EdgeDNS must have CRUD access to |
||||
|
# Edge DNS Zones and Recordsets, e.g. DNS—Zone Record Management authorization |
||||
|
|
||||
|
# Report bugs to https://control.akamai.com/apps/support-ui/#/contact-support |
||||
|
|
||||
|
# Values to export: |
||||
|
# --EITHER-- |
||||
|
# *** TBD. NOT IMPLEMENTED YET *** |
||||
|
# specify Edgegrid credentials file and section |
||||
|
# AKAMAI_EDGERC=<full file path> |
||||
|
# AKAMAI_EDGERC_SECTION="default" |
||||
|
## --OR-- |
||||
|
# specify indiviual credentials |
||||
|
# export AKAMAI_HOST = <host> |
||||
|
# export AKAMAI_ACCESS_TOKEN = <access token> |
||||
|
# export AKAMAI_CLIENT_TOKEN = <client token> |
||||
|
# export AKAMAI_CLIENT_SECRET = <client secret> |
||||
|
|
||||
|
ACME_EDGEDNS_VERSION="0.1.0" |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
# Usage: dns_edgedns_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
# Used to add txt record |
||||
|
# |
||||
|
dns_edgedns_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
_debug "ENTERING DNS_EDGEDNS_ADD" |
||||
|
_debug2 "fulldomain" "$fulldomain" |
||||
|
_debug2 "txtvalue" "$txtvalue" |
||||
|
|
||||
|
if ! _EDGEDNS_credentials; then |
||||
|
_err "$@" |
||||
|
return 1 |
||||
|
fi |
||||
|
if ! _EDGEDNS_getZoneInfo "$fulldomain"; then |
||||
|
_err "Invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug2 "Add: zone" "$zone" |
||||
|
acmeRecordURI=$(printf "%s/%s/names/%s/types/TXT" "$edge_endpoint" "$zone" "$fulldomain") |
||||
|
_debug3 "Add URL" "$acmeRecordURI" |
||||
|
# Get existing TXT record |
||||
|
_edge_result=$(_edgedns_rest GET "$acmeRecordURI") |
||||
|
_api_status="$?" |
||||
|
_debug3 "_edge_result" "$_edge_result" |
||||
|
if [ "$_api_status" -ne 0 ]; then |
||||
|
if [ "$curResult" = "FATAL" ]; then |
||||
|
_err "$(printf "Fatal error: acme API function call : %s" "$retVal")" |
||||
|
fi |
||||
|
if [ "$_edge_result" != "404" ]; then |
||||
|
_err "$(printf "Failure accessing Akamai Edge DNS API Server. Error: %s" "$_edge_result")" |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
rdata="\"${txtvalue}\"" |
||||
|
record_op="POST" |
||||
|
if [ "$_api_status" -eq 0 ]; then |
||||
|
# record already exists. Get existing record data and update |
||||
|
record_op="PUT" |
||||
|
rdlist="${_edge_result#*\"rdata\":[}" |
||||
|
rdlist="${rdlist%%]*}" |
||||
|
rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\\\") |
||||
|
_debug3 "existing TXT found" |
||||
|
_debug3 "record data" "$rdlist" |
||||
|
# value already there? |
||||
|
if _contains "$rdlist" "$txtvalue"; then |
||||
|
return 0 |
||||
|
fi |
||||
|
_txt_val="" |
||||
|
while [ "$_txt_val" != "$rdlist" ] && [ "${rdlist}" ]; do |
||||
|
_txt_val="${rdlist%%,*}" |
||||
|
rdlist="${rdlist#*,}" |
||||
|
rdata="${rdata},\"${_txt_val}\"" |
||||
|
done |
||||
|
fi |
||||
|
# Add the txtvalue TXT Record |
||||
|
body="{\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":600, \"rdata\":"[${rdata}]"}" |
||||
|
_debug3 "Add body '${body}'" |
||||
|
_edge_result=$(_edgedns_rest "$record_op" "$acmeRecordURI" "$body") |
||||
|
_api_status="$?" |
||||
|
if [ "$_api_status" -eq 0 ]; then |
||||
|
_log "$(printf "Text value %s added to recordset %s" "$txtvalue" "$fulldomain")" |
||||
|
return 0 |
||||
|
else |
||||
|
_err "$(printf "error adding TXT record for validation. Error: %s" "$_edge_result")" |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
# Usage: dns_edgedns_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
# Used to delete txt record |
||||
|
# |
||||
|
dns_edgedns_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
_debug "ENTERING DNS_EDGEDNS_RM" |
||||
|
_debug2 "fulldomain" "$fulldomain" |
||||
|
_debug2 "txtvalue" "$txtvalue" |
||||
|
|
||||
|
if ! _EDGEDNS_credentials; then |
||||
|
_err "$@" |
||||
|
return 1 |
||||
|
fi |
||||
|
if ! _EDGEDNS_getZoneInfo "$fulldomain"; then |
||||
|
_err "Invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 "RM: zone" "${zone}" |
||||
|
acmeRecordURI=$(printf "%s/%s/names/%s/types/TXT" "${edge_endpoint}" "$zone" "$fulldomain") |
||||
|
_debug3 "RM URL" "$acmeRecordURI" |
||||
|
# Get existing TXT record |
||||
|
_edge_result=$(_edgedns_rest GET "$acmeRecordURI") |
||||
|
_api_status="$?" |
||||
|
if [ "$_api_status" -ne 0 ]; then |
||||
|
if [ "$curResult" = "FATAL" ]; then |
||||
|
_err "$(printf "Fatal error: acme API function call : %s" "$retVal")" |
||||
|
fi |
||||
|
if [ "$_edge_result" != "404" ]; then |
||||
|
_err "$(printf "Failure accessing Akamai Edge DNS API Server. Error: %s" "$_edge_result")" |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
_debug3 "_edge_result" "$_edge_result" |
||||
|
record_op="DELETE" |
||||
|
body="" |
||||
|
if [ "$_api_status" -eq 0 ]; then |
||||
|
# record already exists. Get existing record data and update |
||||
|
rdlist="${_edge_result#*\"rdata\":[}" |
||||
|
rdlist="${rdlist%%]*}" |
||||
|
rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\\\") |
||||
|
_debug3 "rdlist" "$rdlist" |
||||
|
if [ -n "$rdlist" ]; then |
||||
|
record_op="PUT" |
||||
|
comma="" |
||||
|
rdata="" |
||||
|
_txt_val="" |
||||
|
while [ "$_txt_val" != "$rdlist" ] && [ "$rdlist" ]; do |
||||
|
_txt_val="${rdlist%%,*}" |
||||
|
rdlist="${rdlist#*,}" |
||||
|
_debug3 "_txt_val" "$_txt_val" |
||||
|
_debug3 "txtvalue" "$txtvalue" |
||||
|
if ! _contains "$_txt_val" "$txtvalue"; then |
||||
|
rdata="${rdata}${comma}\"${_txt_val}\"" |
||||
|
comma="," |
||||
|
fi |
||||
|
done |
||||
|
if [ -z "$rdata" ]; then |
||||
|
record_op="DELETE" |
||||
|
else |
||||
|
# Recreate the txtvalue TXT Record |
||||
|
body="{\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":600, \"rdata\":"[${rdata}]"}" |
||||
|
_debug3 "body" "$body" |
||||
|
fi |
||||
|
fi |
||||
|
fi |
||||
|
_edge_result=$(_edgedns_rest "$record_op" "$acmeRecordURI" "$body") |
||||
|
_api_status="$?" |
||||
|
if [ "$_api_status" -eq 0 ]; then |
||||
|
_log "$(printf "Text value %s removed from recordset %s" "$txtvalue" "$fulldomain")" |
||||
|
return 0 |
||||
|
else |
||||
|
_err "$(printf "error removing TXT record for validation. Error: %s" "$_edge_result")" |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
|
||||
|
_EDGEDNS_credentials() { |
||||
|
_debug "GettingEdge DNS credentials" |
||||
|
_log "$(printf "ACME DNSAPI Edge DNS version %s" ${ACME_EDGEDNS_VERSION})" |
||||
|
args_missing=0 |
||||
|
if [ -z "$AKAMAI_ACCESS_TOKEN" ]; then |
||||
|
AKAMAI_ACCESS_TOKEN="" |
||||
|
AKAMAI_CLIENT_TOKEN="" |
||||
|
AKAMAI_HOST="" |
||||
|
AKAMAI_CLIENT_SECRET="" |
||||
|
_err "AKAMAI_ACCESS_TOKEN is missing" |
||||
|
args_missing=1 |
||||
|
fi |
||||
|
if [ -z "$AKAMAI_CLIENT_TOKEN" ]; then |
||||
|
AKAMAI_ACCESS_TOKEN="" |
||||
|
AKAMAI_CLIENT_TOKEN="" |
||||
|
AKAMAI_HOST="" |
||||
|
AKAMAI_CLIENT_SECRET="" |
||||
|
_err "AKAMAI_CLIENT_TOKEN is missing" |
||||
|
args_missing=1 |
||||
|
fi |
||||
|
if [ -z "$AKAMAI_HOST" ]; then |
||||
|
AKAMAI_ACCESS_TOKEN="" |
||||
|
AKAMAI_CLIENT_TOKEN="" |
||||
|
AKAMAI_HOST="" |
||||
|
AKAMAI_CLIENT_SECRET="" |
||||
|
_err "AKAMAI_HOST is missing" |
||||
|
args_missing=1 |
||||
|
fi |
||||
|
if [ -z "$AKAMAI_CLIENT_SECRET" ]; then |
||||
|
AKAMAI_ACCESS_TOKEN="" |
||||
|
AKAMAI_CLIENT_TOKEN="" |
||||
|
AKAMAI_HOST="" |
||||
|
AKAMAI_CLIENT_SECRET="" |
||||
|
_err "AKAMAI_CLIENT_SECRET is missing" |
||||
|
args_missing=1 |
||||
|
fi |
||||
|
|
||||
|
if [ "$args_missing" = 1 ]; then |
||||
|
_err "You have not properly specified the EdgeDNS Open Edgegrid API credentials. Please try again." |
||||
|
return 1 |
||||
|
else |
||||
|
_saveaccountconf_mutable AKAMAI_ACCESS_TOKEN "$AKAMAI_ACCESS_TOKEN" |
||||
|
_saveaccountconf_mutable AKAMAI_CLIENT_TOKEN "$AKAMAI_CLIENT_TOKEN" |
||||
|
_saveaccountconf_mutable AKAMAI_HOST "$AKAMAI_HOST" |
||||
|
_saveaccountconf_mutable AKAMAI_CLIENT_SECRET "$AKAMAI_CLIENT_SECRET" |
||||
|
# Set whether curl should use secure or insecure mode |
||||
|
fi |
||||
|
export HTTPS_INSECURE=0 # All Edgegrid API calls are secure |
||||
|
edge_endpoint=$(printf "https://%s/config-dns/v2/zones" "$AKAMAI_HOST") |
||||
|
_debug3 "Edge API Endpoint:" "$edge_endpoint" |
||||
|
|
||||
|
} |
||||
|
|
||||
|
_EDGEDNS_getZoneInfo() { |
||||
|
_debug "Getting Zoneinfo" |
||||
|
zoneEnd=false |
||||
|
curZone=$1 |
||||
|
while [ -n "$zoneEnd" ]; do |
||||
|
# we can strip the first part of the fulldomain, since its just the _acme-challenge string |
||||
|
curZone="${curZone#*.}" |
||||
|
# suffix . needed for zone -> domain.tld. |
||||
|
# create zone get url |
||||
|
get_zone_url=$(printf "%s/%s" "$edge_endpoint" "$curZone") |
||||
|
_debug3 "Zone Get: " "${get_zone_url}" |
||||
|
curResult=$(_edgedns_rest GET "$get_zone_url") |
||||
|
retVal=$? |
||||
|
if [ "$retVal" -ne 0 ]; then |
||||
|
if [ "$curResult" = "FATAL" ]; then |
||||
|
_err "$(printf "Fatal error: acme API function call : %s" "$retVal")" |
||||
|
fi |
||||
|
if [ "$curResult" != "404" ]; then |
||||
|
_err "$(printf "Managed zone validation failed. Error response: %s" "$retVal")" |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
if _contains "$curResult" "\"zone\":"; then |
||||
|
_debug2 "Zone data" "${curResult}" |
||||
|
zone=$(echo "${curResult}" | _egrep_o "\"zone\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"") |
||||
|
_debug3 "Zone" "${zone}" |
||||
|
zoneEnd="" |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
if [ "${curZone#*.}" != "$curZone" ]; then |
||||
|
_debug3 "$(printf "%s still contains a '.' - so we can check next higher level" "$curZone")" |
||||
|
else |
||||
|
zoneEnd=true |
||||
|
_err "Couldn't retrieve zone data." |
||||
|
return 1 |
||||
|
fi |
||||
|
done |
||||
|
_err "Failed to retrieve zone data." |
||||
|
return 2 |
||||
|
} |
||||
|
|
||||
|
_edgedns_headers="" |
||||
|
|
||||
|
_edgedns_rest() { |
||||
|
_debug "Handling API Request" |
||||
|
m=$1 |
||||
|
# Assume endpoint is complete path, including query args if applicable |
||||
|
ep=$2 |
||||
|
body_data=$3 |
||||
|
_edgedns_content_type="" |
||||
|
_request_url_path="$ep" |
||||
|
_request_body="$body_data" |
||||
|
_request_method="$m" |
||||
|
_edgedns_headers="" |
||||
|
tab="" |
||||
|
_edgedns_headers="${_edgedns_headers}${tab}Host: ${AKAMAI_HOST}" |
||||
|
tab="\t" |
||||
|
# Set in acme.sh _post/_get |
||||
|
#_edgedns_headers="${_edgedns_headers}${tab}User-Agent:ACME DNSAPI Edge DNS version ${ACME_EDGEDNS_VERSION}" |
||||
|
_edgedns_headers="${_edgedns_headers}${tab}Accept: application/json,*/*" |
||||
|
if [ "$m" != "GET" ] && [ "$m" != "DELETE" ]; then |
||||
|
_edgedns_content_type="application/json" |
||||
|
_debug3 "_request_body" "$_request_body" |
||||
|
_body_len=$(echo "$_request_body" | tr -d "\n\r" | awk '{print length}') |
||||
|
_edgedns_headers="${_edgedns_headers}${tab}Content-Length: ${_body_len}" |
||||
|
fi |
||||
|
_edgedns_make_auth_header |
||||
|
_edgedns_headers="${_edgedns_headers}${tab}Authorization: ${_signed_auth_header}" |
||||
|
_secure_debug2 "Made Auth Header" "$_signed_auth_header" |
||||
|
hdr_indx=1 |
||||
|
work_header="${_edgedns_headers}${tab}" |
||||
|
_debug3 "work_header" "$work_header" |
||||
|
while [ "$work_header" ]; do |
||||
|
entry="${work_header%%\\t*}" |
||||
|
work_header="${work_header#*\\t}" |
||||
|
export "$(printf "_H%s=%s" "$hdr_indx" "$entry")" |
||||
|
_debug2 "Request Header " "$entry" |
||||
|
hdr_indx=$((hdr_indx + 1)) |
||||
|
done |
||||
|
|
||||
|
# clear headers from previous request to avoid getting wrong http code on timeouts |
||||
|
: >"$HTTP_HEADER" |
||||
|
_debug2 "$ep" |
||||
|
if [ "$m" != "GET" ]; then |
||||
|
_debug3 "Method data" "$data" |
||||
|
# body url [needbase64] [POST|PUT|DELETE] [ContentType] |
||||
|
response=$(_post "$_request_body" "$ep" false "$m" "$_edgedns_content_type") |
||||
|
else |
||||
|
response=$(_get "$ep") |
||||
|
fi |
||||
|
_ret="$?" |
||||
|
if [ "$_ret" -ne 0 ]; then |
||||
|
_err "$(printf "acme.sh API function call failed. Error: %s" "$_ret")" |
||||
|
echo "FATAL" |
||||
|
return "$_ret" |
||||
|
fi |
||||
|
_debug2 "response" "${response}" |
||||
|
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" |
||||
|
_debug2 "http response code" "$_code" |
||||
|
if [ "$_code" = "200" ] || [ "$_code" = "201" ]; then |
||||
|
# All good |
||||
|
response="$(echo "${response}" | _normalizeJson)" |
||||
|
echo "$response" |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
if [ "$_code" = "204" ]; then |
||||
|
# Success, no body |
||||
|
echo "$_code" |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
if [ "$_code" = "400" ]; then |
||||
|
_err "Bad request presented" |
||||
|
_log "$(printf "Headers: %s" "$_edgedns_headers")" |
||||
|
_log "$(printf "Method: %s" "$_request_method")" |
||||
|
_log "$(printf "URL: %s" "$ep")" |
||||
|
_log "$(printf "Data: %s" "$data")" |
||||
|
fi |
||||
|
|
||||
|
if [ "$_code" = "403" ]; then |
||||
|
_err "access denied make sure your Edgegrid cedentials are correct." |
||||
|
fi |
||||
|
|
||||
|
echo "$_code" |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_edgedns_eg_timestamp() { |
||||
|
_debug "Generating signature Timestamp" |
||||
|
_debug3 "Retriving ntp time" |
||||
|
_timeheaders="$(_get "https://www.ntp.org" "onlyheader")" |
||||
|
_debug3 "_timeheaders" "$_timeheaders" |
||||
|
_ntpdate="$(echo "$_timeheaders" | grep -i "Date:" | _head_n 1 | cut -d ':' -f 2- | tr -d "\r\n")" |
||||
|
_debug3 "_ntpdate" "$_ntpdate" |
||||
|
_ntpdate="$(echo "${_ntpdate}" | sed -e 's/^[[:space:]]*//')" |
||||
|
_debug3 "_NTPDATE" "$_ntpdate" |
||||
|
_ntptime="$(echo "${_ntpdate}" | _head_n 1 | cut -d " " -f 5 | tr -d "\r\n")" |
||||
|
_debug3 "_ntptime" "$_ntptime" |
||||
|
_eg_timestamp=$(date -u "+%Y%m%dT") |
||||
|
_eg_timestamp="$(printf "%s%s+0000" "$_eg_timestamp" "$_ntptime")" |
||||
|
_debug "_eg_timestamp" "$_eg_timestamp" |
||||
|
} |
||||
|
|
||||
|
_edgedns_new_nonce() { |
||||
|
_debug "Generating Nonce" |
||||
|
_nonce=$(echo "EDGEDNS$(_time)" | _digest sha1 hex | cut -c 1-32) |
||||
|
_debug3 "_nonce" "$_nonce" |
||||
|
} |
||||
|
|
||||
|
_edgedns_make_auth_header() { |
||||
|
_debug "Constructing Auth Header" |
||||
|
_edgedns_new_nonce |
||||
|
_edgedns_eg_timestamp |
||||
|
# "Unsigned authorization header: 'EG1-HMAC-SHA256 client_token=block;access_token=block;timestamp=20200806T14:16:33+0000;nonce=72cde72c-82d9-4721-9854-2ba057929d67;'" |
||||
|
_auth_header="$(printf "EG1-HMAC-SHA256 client_token=%s;access_token=%s;timestamp=%s;nonce=%s;" "$AKAMAI_CLIENT_TOKEN" "$AKAMAI_ACCESS_TOKEN" "$_eg_timestamp" "$_nonce")" |
||||
|
_secure_debug2 "Unsigned Auth Header: " "$_auth_header" |
||||
|
|
||||
|
_edgedns_sign_request |
||||
|
_signed_auth_header="$(printf "%ssignature=%s" "$_auth_header" "$_signed_req")" |
||||
|
_secure_debug2 "Signed Auth Header: " "${_signed_auth_header}" |
||||
|
} |
||||
|
|
||||
|
_edgedns_sign_request() { |
||||
|
_debug2 "Signing http request" |
||||
|
_edgedns_make_data_to_sign "$_auth_header" |
||||
|
_secure_debug2 "Returned signed data" "$_mdata" |
||||
|
_edgedns_make_signing_key "$_eg_timestamp" |
||||
|
_edgedns_base64_hmac_sha256 "$_mdata" "$_signing_key" |
||||
|
_signed_req="$_hmac_out" |
||||
|
_secure_debug2 "Signed Request" "$_signed_req" |
||||
|
} |
||||
|
|
||||
|
_edgedns_make_signing_key() { |
||||
|
_debug2 "Creating sigining key" |
||||
|
ts=$1 |
||||
|
_edgedns_base64_hmac_sha256 "$ts" "$AKAMAI_CLIENT_SECRET" |
||||
|
_signing_key="$_hmac_out" |
||||
|
_secure_debug2 "Signing Key" "$_signing_key" |
||||
|
|
||||
|
} |
||||
|
|
||||
|
_edgedns_make_data_to_sign() { |
||||
|
_debug2 "Processing data to sign" |
||||
|
hdr=$1 |
||||
|
_secure_debug2 "hdr" "$hdr" |
||||
|
_edgedns_make_content_hash |
||||
|
path="$(echo "$_request_url_path" | tr -d "\n\r" | sed 's/https\?:\/\///')" |
||||
|
path="${path#*$AKAMAI_HOST}" |
||||
|
_debug "hier path" "$path" |
||||
|
# dont expose headers to sign so use MT string |
||||
|
_mdata="$(printf "%s\thttps\t%s\t%s\t%s\t%s\t%s" "$_request_method" "$AKAMAI_HOST" "$path" "" "$_hash" "$hdr")" |
||||
|
_secure_debug2 "Data to Sign" "$_mdata" |
||||
|
} |
||||
|
|
||||
|
_edgedns_make_content_hash() { |
||||
|
_debug2 "Generating content hash" |
||||
|
_hash="" |
||||
|
_debug2 "Request method" "${_request_method}" |
||||
|
if [ "$_request_method" != "POST" ] || [ -z "$_request_body" ]; then |
||||
|
return 0 |
||||
|
fi |
||||
|
_debug2 "Req body" "$_request_body" |
||||
|
_edgedns_base64_sha256 "$_request_body" |
||||
|
_hash="$_sha256_out" |
||||
|
_debug2 "Content hash" "$_hash" |
||||
|
} |
||||
|
|
||||
|
_edgedns_base64_hmac_sha256() { |
||||
|
_debug2 "Generating hmac" |
||||
|
data=$1 |
||||
|
key=$2 |
||||
|
encoded_data="$(echo "$data" | iconv -t utf-8)" |
||||
|
encoded_key="$(echo "$key" | iconv -t utf-8)" |
||||
|
_secure_debug2 "encoded data" "$encoded_data" |
||||
|
_secure_debug2 "encoded key" "$encoded_key" |
||||
|
|
||||
|
encoded_key_hex=$(printf "%s" "$encoded_key" | _hex_dump | tr -d ' ') |
||||
|
data_sig="$(echo "$encoded_data" | tr -d "\n\r" | _hmac sha256 "$encoded_key_hex" | _base64)" |
||||
|
|
||||
|
_secure_debug2 "data_sig:" "$data_sig" |
||||
|
_hmac_out="$(echo "$data_sig" | tr -d "\n\r" | iconv -f utf-8)" |
||||
|
_secure_debug2 "hmac" "$_hmac_out" |
||||
|
} |
||||
|
|
||||
|
_edgedns_base64_sha256() { |
||||
|
_debug2 "Creating sha256 digest" |
||||
|
trg=$1 |
||||
|
_secure_debug2 "digest data" "$trg" |
||||
|
digest="$(echo "$trg" | tr -d "\n\r" | _digest "sha256")" |
||||
|
_sha256_out="$(echo "$digest" | tr -d "\n\r" | iconv -f utf-8)" |
||||
|
_secure_debug2 "digest decode" "$_sha256_out" |
||||
|
} |
||||
|
|
||||
|
#_edgedns_parse_edgerc() { |
||||
|
# filepath=$1 |
||||
|
# section=$2 |
||||
|
#} |
@ -0,0 +1,275 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# HUAWEICLOUD_Username |
||||
|
# HUAWEICLOUD_Password |
||||
|
# HUAWEICLOUD_ProjectID |
||||
|
|
||||
|
iam_api="https://iam.myhuaweicloud.com" |
||||
|
dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" # Should work |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
# Used to add txt record |
||||
|
# |
||||
|
# Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/zh-cn_topic_0132421999.html |
||||
|
# |
||||
|
|
||||
|
dns_huaweicloud_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}" |
||||
|
HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}" |
||||
|
HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}" |
||||
|
|
||||
|
# Check information |
||||
|
if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_ProjectID}" ]; then |
||||
|
_err "Not enough information provided to dns_huaweicloud!" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
unset token # Clear token |
||||
|
token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")" |
||||
|
if [ -z "${token}" ]; then # Check token |
||||
|
_err "dns_api(dns_huaweicloud): Error getting token." |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug "Access token is: ${token}" |
||||
|
|
||||
|
unset zoneid |
||||
|
zoneid="$(_get_zoneid "${token}" "${fulldomain}")" |
||||
|
if [ -z "${zoneid}" ]; then |
||||
|
_err "dns_api(dns_huaweicloud): Error getting zone id." |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug "Zone ID is: ${zoneid}" |
||||
|
|
||||
|
_debug "Adding Record" |
||||
|
_add_record "${token}" "${fulldomain}" "${txtvalue}" |
||||
|
ret="$?" |
||||
|
if [ "${ret}" != "0" ]; then |
||||
|
_err "dns_api(dns_huaweicloud): Error adding record." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
# Do saving work if all succeeded |
||||
|
_saveaccountconf_mutable HUAWEICLOUD_Username "${HUAWEICLOUD_Username}" |
||||
|
_saveaccountconf_mutable HUAWEICLOUD_Password "${HUAWEICLOUD_Password}" |
||||
|
_saveaccountconf_mutable HUAWEICLOUD_ProjectID "${HUAWEICLOUD_ProjectID}" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
# Usage: fulldomain txtvalue |
||||
|
# Used to remove the txt record after validation |
||||
|
# |
||||
|
# Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/dns_api_64005.html |
||||
|
# |
||||
|
|
||||
|
dns_huaweicloud_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}" |
||||
|
HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}" |
||||
|
HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}" |
||||
|
|
||||
|
# Check information |
||||
|
if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_ProjectID}" ]; then |
||||
|
_err "Not enough information provided to dns_huaweicloud!" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
unset token # Clear token |
||||
|
token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")" |
||||
|
if [ -z "${token}" ]; then # Check token |
||||
|
_err "dns_api(dns_huaweicloud): Error getting token." |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug "Access token is: ${token}" |
||||
|
|
||||
|
unset zoneid |
||||
|
zoneid="$(_get_zoneid "${token}" "${fulldomain}")" |
||||
|
if [ -z "${zoneid}" ]; then |
||||
|
_err "dns_api(dns_huaweicloud): Error getting zone id." |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug "Zone ID is: ${zoneid}" |
||||
|
|
||||
|
# Remove all records |
||||
|
# Therotically HuaweiCloud does not allow more than one record set |
||||
|
# But remove them recurringly to increase robusty |
||||
|
while [ "${record_id}" != "0" ]; do |
||||
|
_debug "Removing Record" |
||||
|
_rm_record "${token}" "${zoneid}" "${record_id}" |
||||
|
record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")" |
||||
|
done |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
################### Private functions below ################################## |
||||
|
|
||||
|
# _get_zoneid |
||||
|
# |
||||
|
# _token=$1 |
||||
|
# _domain_string=$2 |
||||
|
# |
||||
|
# printf "%s" "${_zoneid}" |
||||
|
_get_zoneid() { |
||||
|
_token=$1 |
||||
|
_domain_string=$2 |
||||
|
export _H1="X-Auth-Token: ${_token}" |
||||
|
|
||||
|
i=1 |
||||
|
while true; do |
||||
|
h=$(printf "%s" "${_domain_string}" | cut -d . -f $i-100) |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug "$h" |
||||
|
response=$(_get "${dns_api}/v2/zones?name=${h}") |
||||
|
|
||||
|
if _contains "${response}" "id"; then |
||||
|
_debug "Get Zone ID Success." |
||||
|
_zoneid=$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ") |
||||
|
printf "%s" "${_zoneid}" |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_get_recordset_id() { |
||||
|
_token=$1 |
||||
|
_domain=$2 |
||||
|
_zoneid=$3 |
||||
|
export _H1="X-Auth-Token: ${_token}" |
||||
|
|
||||
|
response=$(_get "${dns_api}/v2/zones/${_zoneid}/recordsets?name=${_domain}") |
||||
|
if _contains "${response}" "id"; then |
||||
|
_id="$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ")" |
||||
|
printf "%s" "${_id}" |
||||
|
return 0 |
||||
|
fi |
||||
|
printf "%s" "0" |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_add_record() { |
||||
|
_token=$1 |
||||
|
_domain=$2 |
||||
|
_txtvalue=$3 |
||||
|
|
||||
|
# Get Existing Records |
||||
|
export _H1="X-Auth-Token: ${_token}" |
||||
|
response=$(_get "${dns_api}/v2/zones/${zoneid}/recordsets?name=${_domain}") |
||||
|
|
||||
|
_debug2 "${response}" |
||||
|
_exist_record=$(echo "${response}" | _egrep_o '"records":[^]]*' | sed 's/\"records\"\:\[//g') |
||||
|
_debug "${_exist_record}" |
||||
|
|
||||
|
# Check if record exist |
||||
|
# Generate body data |
||||
|
if [ -z "${_exist_record}" ]; then |
||||
|
_post_body="{ |
||||
|
\"name\": \"${_domain}.\", |
||||
|
\"description\": \"ACME Challenge\", |
||||
|
\"type\": \"TXT\", |
||||
|
\"ttl\": 1, |
||||
|
\"records\": [ |
||||
|
\"\\\"${_txtvalue}\\\"\" |
||||
|
] |
||||
|
}" |
||||
|
else |
||||
|
_post_body="{ |
||||
|
\"name\": \"${_domain}.\", |
||||
|
\"description\": \"ACME Challenge\", |
||||
|
\"type\": \"TXT\", |
||||
|
\"ttl\": 1, |
||||
|
\"records\": [ |
||||
|
${_exist_record}, |
||||
|
\"\\\"${_txtvalue}\\\"\" |
||||
|
] |
||||
|
}" |
||||
|
fi |
||||
|
|
||||
|
_record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")" |
||||
|
_debug "Record Set ID is: ${_record_id}" |
||||
|
|
||||
|
# Remove all records |
||||
|
while [ "${_record_id}" != "0" ]; do |
||||
|
_debug "Removing Record" |
||||
|
_rm_record "${_token}" "${zoneid}" "${_record_id}" |
||||
|
_record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")" |
||||
|
done |
||||
|
|
||||
|
# Add brand new records with all old and new records |
||||
|
export _H2="Content-Type: application/json" |
||||
|
export _H1="X-Auth-Token: ${_token}" |
||||
|
|
||||
|
_debug2 "${_post_body}" |
||||
|
_post "${_post_body}" "${dns_api}/v2/zones/${zoneid}/recordsets" >/dev/null |
||||
|
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" |
||||
|
if [ "$_code" != "202" ]; then |
||||
|
_err "dns_huaweicloud: http code ${_code}" |
||||
|
return 1 |
||||
|
fi |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
# _rm_record $token $zoneid $recordid |
||||
|
# assume ${dns_api} exist |
||||
|
# no output |
||||
|
# return 0 |
||||
|
_rm_record() { |
||||
|
_token=$1 |
||||
|
_zone_id=$2 |
||||
|
_record_id=$3 |
||||
|
|
||||
|
export _H2="Content-Type: application/json" |
||||
|
export _H1="X-Auth-Token: ${_token}" |
||||
|
|
||||
|
_post "" "${dns_api}/v2/zones/${_zone_id}/recordsets/${_record_id}" false "DELETE" >/dev/null |
||||
|
return $? |
||||
|
} |
||||
|
|
||||
|
_get_token() { |
||||
|
_username=$1 |
||||
|
_password=$2 |
||||
|
_project=$3 |
||||
|
|
||||
|
_debug "Getting Token" |
||||
|
body="{ |
||||
|
\"auth\": { |
||||
|
\"identity\": { |
||||
|
\"methods\": [ |
||||
|
\"password\" |
||||
|
], |
||||
|
\"password\": { |
||||
|
\"user\": { |
||||
|
\"name\": \"${_username}\", |
||||
|
\"password\": \"${_password}\", |
||||
|
\"domain\": { |
||||
|
\"name\": \"${_username}\" |
||||
|
} |
||||
|
} |
||||
|
} |
||||
|
}, |
||||
|
\"scope\": { |
||||
|
\"project\": { |
||||
|
\"id\": \"${_project}\" |
||||
|
} |
||||
|
} |
||||
|
} |
||||
|
}" |
||||
|
export _H1="Content-Type: application/json;charset=utf8" |
||||
|
_post "${body}" "${iam_api}/v3/auth/tokens" >/dev/null |
||||
|
_code=$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n") |
||||
|
_token=$(grep "^X-Subject-Token" "$HTTP_HEADER" | cut -d " " -f 2-) |
||||
|
_debug2 "${_code}" |
||||
|
printf "%s" "${_token}" |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,199 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
############################################################################### |
||||
|
# Infomaniak API integration |
||||
|
# |
||||
|
# To use this API you need visit the API dashboard of your account |
||||
|
# once logged into https://manager.infomaniak.com add /api/dashboard to the URL |
||||
|
# |
||||
|
# Please report bugs to |
||||
|
# https://github.com/acmesh-official/acme.sh/issues/3188 |
||||
|
# |
||||
|
# Note: the URL looks like this: |
||||
|
# https://manager.infomaniak.com/v3/<account_id>/api/dashboard |
||||
|
# Then generate a token with the scope Domain |
||||
|
# this is given as an environment variable INFOMANIAK_API_TOKEN |
||||
|
############################################################################### |
||||
|
|
||||
|
# base variables |
||||
|
|
||||
|
DEFAULT_INFOMANIAK_API_URL="https://api.infomaniak.com" |
||||
|
DEFAULT_INFOMANIAK_TTL=300 |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#Usage: dns_infomaniak_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_infomaniak_add() { |
||||
|
|
||||
|
INFOMANIAK_API_TOKEN="${INFOMANIAK_API_TOKEN:-$(_readaccountconf_mutable INFOMANIAK_API_TOKEN)}" |
||||
|
INFOMANIAK_API_URL="${INFOMANIAK_API_URL:-$(_readaccountconf_mutable INFOMANIAK_API_URL)}" |
||||
|
INFOMANIAK_TTL="${INFOMANIAK_TTL:-$(_readaccountconf_mutable INFOMANIAK_TTL)}" |
||||
|
|
||||
|
if [ -z "$INFOMANIAK_API_TOKEN" ]; then |
||||
|
INFOMANIAK_API_TOKEN="" |
||||
|
_err "Please provide a valid Infomaniak API token in variable INFOMANIAK_API_TOKEN" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if [ -z "$INFOMANIAK_API_URL" ]; then |
||||
|
INFOMANIAK_API_URL="$DEFAULT_INFOMANIAK_API_URL" |
||||
|
fi |
||||
|
|
||||
|
if [ -z "$INFOMANIAK_TTL" ]; then |
||||
|
INFOMANIAK_TTL="$DEFAULT_INFOMANIAK_TTL" |
||||
|
fi |
||||
|
|
||||
|
#save the token to the account conf file. |
||||
|
_saveaccountconf_mutable INFOMANIAK_API_TOKEN "$INFOMANIAK_API_TOKEN" |
||||
|
|
||||
|
if [ "$INFOMANIAK_API_URL" != "$DEFAULT_INFOMANIAK_API_URL" ]; then |
||||
|
_saveaccountconf_mutable INFOMANIAK_API_URL "$INFOMANIAK_API_URL" |
||||
|
fi |
||||
|
|
||||
|
if [ "$INFOMANIAK_TTL" != "$DEFAULT_INFOMANIAK_TTL" ]; then |
||||
|
_saveaccountconf_mutable INFOMANIAK_TTL "$INFOMANIAK_TTL" |
||||
|
fi |
||||
|
|
||||
|
export _H1="Authorization: Bearer $INFOMANIAK_API_TOKEN" |
||||
|
export _H2="Content-Type: application/json" |
||||
|
|
||||
|
fulldomain="$1" |
||||
|
txtvalue="$2" |
||||
|
|
||||
|
_info "Infomaniak DNS API" |
||||
|
_debug fulldomain "$fulldomain" |
||||
|
_debug txtvalue "$txtvalue" |
||||
|
|
||||
|
fqdn=${fulldomain#_acme-challenge.} |
||||
|
|
||||
|
# guess which base domain to add record to |
||||
|
zone_and_id=$(_find_zone "$fqdn") |
||||
|
if [ -z "$zone_and_id" ]; then |
||||
|
_err "cannot find zone to modify" |
||||
|
return 1 |
||||
|
fi |
||||
|
zone=${zone_and_id% *} |
||||
|
domain_id=${zone_and_id#* } |
||||
|
|
||||
|
# extract first part of domain |
||||
|
key=${fulldomain%.$zone} |
||||
|
|
||||
|
_debug "zone:$zone id:$domain_id key:$key" |
||||
|
|
||||
|
# payload |
||||
|
data="{\"type\": \"TXT\", \"source\": \"$key\", \"target\": \"$txtvalue\", \"ttl\": $INFOMANIAK_TTL}" |
||||
|
|
||||
|
# API call |
||||
|
response=$(_post "$data" "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record") |
||||
|
if [ -n "$response" ] && echo "$response" | _contains '"result":"success"'; then |
||||
|
_info "Record added" |
||||
|
_debug "Response: $response" |
||||
|
return 0 |
||||
|
fi |
||||
|
_err "could not create record" |
||||
|
_debug "Response: $response" |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
#Usage: fulldomain txtvalue |
||||
|
#Remove the txt record after validation. |
||||
|
dns_infomaniak_rm() { |
||||
|
|
||||
|
INFOMANIAK_API_TOKEN="${INFOMANIAK_API_TOKEN:-$(_readaccountconf_mutable INFOMANIAK_API_TOKEN)}" |
||||
|
INFOMANIAK_API_URL="${INFOMANIAK_API_URL:-$(_readaccountconf_mutable INFOMANIAK_API_URL)}" |
||||
|
INFOMANIAK_TTL="${INFOMANIAK_TTL:-$(_readaccountconf_mutable INFOMANIAK_TTL)}" |
||||
|
|
||||
|
if [ -z "$INFOMANIAK_API_TOKEN" ]; then |
||||
|
INFOMANIAK_API_TOKEN="" |
||||
|
_err "Please provide a valid Infomaniak API token in variable INFOMANIAK_API_TOKEN" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if [ -z "$INFOMANIAK_API_URL" ]; then |
||||
|
INFOMANIAK_API_URL="$DEFAULT_INFOMANIAK_API_URL" |
||||
|
fi |
||||
|
|
||||
|
if [ -z "$INFOMANIAK_TTL" ]; then |
||||
|
INFOMANIAK_TTL="$DEFAULT_INFOMANIAK_TTL" |
||||
|
fi |
||||
|
|
||||
|
#save the token to the account conf file. |
||||
|
_saveaccountconf_mutable INFOMANIAK_API_TOKEN "$INFOMANIAK_API_TOKEN" |
||||
|
|
||||
|
if [ "$INFOMANIAK_API_URL" != "$DEFAULT_INFOMANIAK_API_URL" ]; then |
||||
|
_saveaccountconf_mutable INFOMANIAK_API_URL "$INFOMANIAK_API_URL" |
||||
|
fi |
||||
|
|
||||
|
if [ "$INFOMANIAK_TTL" != "$DEFAULT_INFOMANIAK_TTL" ]; then |
||||
|
_saveaccountconf_mutable INFOMANIAK_TTL "$INFOMANIAK_TTL" |
||||
|
fi |
||||
|
|
||||
|
export _H1="Authorization: Bearer $INFOMANIAK_API_TOKEN" |
||||
|
export _H2="ContentType: application/json" |
||||
|
|
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
_info "Infomaniak DNS API" |
||||
|
_debug fulldomain "$fulldomain" |
||||
|
_debug txtvalue "$txtvalue" |
||||
|
|
||||
|
fqdn=${fulldomain#_acme-challenge.} |
||||
|
|
||||
|
# guess which base domain to add record to |
||||
|
zone_and_id=$(_find_zone "$fqdn") |
||||
|
if [ -z "$zone_and_id" ]; then |
||||
|
_err "cannot find zone to modify" |
||||
|
return 1 |
||||
|
fi |
||||
|
zone=${zone_and_id% *} |
||||
|
domain_id=${zone_and_id#* } |
||||
|
|
||||
|
# extract first part of domain |
||||
|
key=${fulldomain%.$zone} |
||||
|
|
||||
|
_debug "zone:$zone id:$domain_id key:$key" |
||||
|
|
||||
|
# find previous record |
||||
|
# shellcheck disable=SC1004 |
||||
|
record_id=$(_get "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record" | sed 's/.*"data":\[\(.*\)\]}/\1/; s/},{/}\ |
||||
|
{/g' | sed -n 's/.*"id":"*\([0-9]*\)"*.*"source_idn":"'"$fulldomain"'".*"target_idn":"'"$txtvalue"'".*/\1/p') |
||||
|
if [ -z "$record_id" ]; then |
||||
|
_err "could not find record to delete" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug "record_id: $record_id" |
||||
|
|
||||
|
# API call |
||||
|
response=$(_post "" "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record/$record_id" "" DELETE) |
||||
|
if [ -n "$response" ] && echo "$response" | _contains '"result":"success"'; then |
||||
|
_info "Record deleted" |
||||
|
return 0 |
||||
|
fi |
||||
|
_err "could not delete record" |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
|
||||
|
_get_domain_id() { |
||||
|
domain="$1" |
||||
|
|
||||
|
# shellcheck disable=SC1004 |
||||
|
_get "${INFOMANIAK_API_URL}/1/product?service_name=domain&customer_name=$domain" | sed 's/.*"data":\[{\(.*\)}\]}/\1/; s/,/\ |
||||
|
/g' | sed -n 's/^"id":\(.*\)/\1/p' |
||||
|
} |
||||
|
|
||||
|
_find_zone() { |
||||
|
zone="$1" |
||||
|
|
||||
|
# find domain in list, removing . parts sequentialy |
||||
|
while _contains "$zone" '\.'; do |
||||
|
_debug "testing $zone" |
||||
|
id=$(_get_domain_id "$zone") |
||||
|
if [ -n "$id" ]; then |
||||
|
echo "$zone $id" |
||||
|
return |
||||
|
fi |
||||
|
zone=${zone#*.} |
||||
|
done |
||||
|
} |
@ -0,0 +1,162 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Supports IONOS DNS API Beta v1.0.0 |
||||
|
# |
||||
|
# Usage: |
||||
|
# Export IONOS_PREFIX and IONOS_SECRET before calling acme.sh: |
||||
|
# |
||||
|
# $ export IONOS_PREFIX="..." |
||||
|
# $ export IONOS_SECRET="..." |
||||
|
# |
||||
|
# $ acme.sh --issue --dns dns_ionos ... |
||||
|
|
||||
|
IONOS_API="https://api.hosting.ionos.com/dns" |
||||
|
IONOS_ROUTE_ZONES="/v1/zones" |
||||
|
|
||||
|
IONOS_TXT_TTL=60 # minimum accepted by API |
||||
|
IONOS_TXT_PRIO=10 |
||||
|
|
||||
|
dns_ionos_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
if ! _ionos_init; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_body="[{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}]" |
||||
|
|
||||
|
if _ionos_rest POST "$IONOS_ROUTE_ZONES/$_zone_id/records" "$_body" && [ -z "$response" ]; then |
||||
|
_info "TXT record has been created successfully." |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
dns_ionos_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
if ! _ionos_init; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _ionos_get_record "$fulldomain" "$_zone_id" "$txtvalue"; then |
||||
|
_err "Could not find _acme-challenge TXT record." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _ionos_rest DELETE "$IONOS_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ -z "$response" ]; then |
||||
|
_info "TXT record has been deleted successfully." |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_ionos_init() { |
||||
|
IONOS_PREFIX="${IONOS_PREFIX:-$(_readaccountconf_mutable IONOS_PREFIX)}" |
||||
|
IONOS_SECRET="${IONOS_SECRET:-$(_readaccountconf_mutable IONOS_SECRET)}" |
||||
|
|
||||
|
if [ -z "$IONOS_PREFIX" ] || [ -z "$IONOS_SECRET" ]; then |
||||
|
_err "You didn't specify an IONOS api prefix and secret yet." |
||||
|
_err "Read https://beta.developer.hosting.ionos.de/docs/getstarted to learn how to get a prefix and secret." |
||||
|
_err "" |
||||
|
_err "Then set them before calling acme.sh:" |
||||
|
_err "\$ export IONOS_PREFIX=\"...\"" |
||||
|
_err "\$ export IONOS_SECRET=\"...\"" |
||||
|
_err "\$ acme.sh --issue -d ... --dns dns_ionos" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_saveaccountconf_mutable IONOS_PREFIX "$IONOS_PREFIX" |
||||
|
_saveaccountconf_mutable IONOS_SECRET "$IONOS_SECRET" |
||||
|
|
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "Cannot find this domain in your IONOS account." |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
p=1 |
||||
|
|
||||
|
if _ionos_rest GET "$IONOS_ROUTE_ZONES"; then |
||||
|
response="$(echo "$response" | tr -d "\n")" |
||||
|
|
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
if [ -z "$h" ]; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_zone="$(echo "$response" | _egrep_o "\"name\":\"$h\".*\}")" |
||||
|
if [ "$_zone" ]; then |
||||
|
_zone_id=$(printf "%s\n" "$_zone" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') |
||||
|
if [ "$_zone_id" ]; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain=$h |
||||
|
|
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
fi |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_ionos_get_record() { |
||||
|
fulldomain=$1 |
||||
|
zone_id=$2 |
||||
|
txtrecord=$3 |
||||
|
|
||||
|
if _ionos_rest GET "$IONOS_ROUTE_ZONES/$zone_id?recordName=$fulldomain&recordType=TXT"; then |
||||
|
response="$(echo "$response" | tr -d "\n")" |
||||
|
|
||||
|
_record="$(echo "$response" | _egrep_o "\"name\":\"$fulldomain\"[^\}]*\"type\":\"TXT\"[^\}]*\"content\":\"\\\\\"$txtrecord\\\\\"\".*\}")" |
||||
|
if [ "$_record" ]; then |
||||
|
_record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') |
||||
|
|
||||
|
return 0 |
||||
|
fi |
||||
|
fi |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_ionos_rest() { |
||||
|
method="$1" |
||||
|
route="$2" |
||||
|
data="$3" |
||||
|
|
||||
|
IONOS_API_KEY="$(printf "%s.%s" "$IONOS_PREFIX" "$IONOS_SECRET")" |
||||
|
|
||||
|
export _H1="X-API-Key: $IONOS_API_KEY" |
||||
|
|
||||
|
if [ "$method" != "GET" ]; then |
||||
|
export _H2="Accept: application/json" |
||||
|
export _H3="Content-Type: application/json" |
||||
|
|
||||
|
response="$(_post "$data" "$IONOS_API$route" "" "$method" "application/json")" |
||||
|
else |
||||
|
export _H2="Accept: */*" |
||||
|
|
||||
|
response="$(_get "$IONOS_API$route")" |
||||
|
fi |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "Error $route" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,157 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# |
||||
|
#PORKBUN_API_KEY="pk1_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" |
||||
|
#PORKBUN_SECRET_API_KEY="sk1_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" |
||||
|
|
||||
|
PORKBUN_Api="https://porkbun.com/api/json/v3" |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_porkbun_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
PORKBUN_API_KEY="${PORKBUN_API_KEY:-$(_readaccountconf_mutable PORKBUN_API_KEY)}" |
||||
|
PORKBUN_SECRET_API_KEY="${PORKBUN_SECRET_API_KEY:-$(_readaccountconf_mutable PORKBUN_SECRET_API_KEY)}" |
||||
|
|
||||
|
if [ -z "$PORKBUN_API_KEY" ] || [ -z "$PORKBUN_SECRET_API_KEY" ]; then |
||||
|
PORKBUN_API_KEY='' |
||||
|
PORKBUN_SECRET_API_KEY='' |
||||
|
_err "You didn't specify a Porkbun api key and secret api key yet." |
||||
|
_err "You can get yours from here https://porkbun.com/account/api." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
#save the credentials to the account conf file. |
||||
|
_saveaccountconf_mutable PORKBUN_API_KEY "$PORKBUN_API_KEY" |
||||
|
_saveaccountconf_mutable PORKBUN_SECRET_API_KEY "$PORKBUN_SECRET_API_KEY" |
||||
|
|
||||
|
_debug 'First detect the root zone' |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
# For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so |
||||
|
# we can not use updating anymore. |
||||
|
# count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2) |
||||
|
# _debug count "$count" |
||||
|
# if [ "$count" = "0" ]; then |
||||
|
_info "Adding record" |
||||
|
if _porkbun_rest POST "dns/create/$_domain" "{\"name\":\"$_sub_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":120}"; then |
||||
|
if _contains "$response" '\"status\":"SUCCESS"'; then |
||||
|
_info "Added, OK" |
||||
|
return 0 |
||||
|
elif _contains "$response" "The record already exists"; then |
||||
|
_info "Already exists, OK" |
||||
|
return 0 |
||||
|
else |
||||
|
_err "Add txt record error. ($response)" |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
_err "Add txt record error." |
||||
|
return 1 |
||||
|
|
||||
|
} |
||||
|
|
||||
|
#fulldomain txtvalue |
||||
|
dns_porkbun_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
PORKBUN_API_KEY="${PORKBUN_API_KEY:-$(_readaccountconf_mutable PORKBUN_API_KEY)}" |
||||
|
PORKBUN_SECRET_API_KEY="${PORKBUN_SECRET_API_KEY:-$(_readaccountconf_mutable PORKBUN_SECRET_API_KEY)}" |
||||
|
|
||||
|
_debug 'First detect the root zone' |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
count=$(echo "$response" | _egrep_o "\"count\": *[^,]*" | cut -d : -f 2 | tr -d " ") |
||||
|
_debug count "$count" |
||||
|
if [ "$count" = "0" ]; then |
||||
|
_info "Don't need to remove." |
||||
|
else |
||||
|
record_id=$(echo "$response" | tr '{' '\n' | grep "$txtvalue" | cut -d, -f1 | cut -d: -f2 | tr -d \") |
||||
|
_debug "record_id" "$record_id" |
||||
|
if [ -z "$record_id" ]; then |
||||
|
_err "Can not get record id to remove." |
||||
|
return 1 |
||||
|
fi |
||||
|
if ! _porkbun_rest POST "dns/delete/$_domain/$record_id"; then |
||||
|
_err "Delete record error." |
||||
|
return 1 |
||||
|
fi |
||||
|
echo "$response" | tr -d " " | grep '\"status\":"SUCCESS"' >/dev/null |
||||
|
fi |
||||
|
|
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
#_acme-challenge.www.domain.com |
||||
|
#returns |
||||
|
# _sub_domain=_acme-challenge.www |
||||
|
# _domain=domain.com |
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug h "$h" |
||||
|
if [ -z "$h" ]; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _porkbun_rest POST "dns/retrieve/$h"; then |
||||
|
if _contains "$response" "\"status\":\"SUCCESS\""; then |
||||
|
_sub_domain="$(echo "$fulldomain" | sed "s/\\.$_domain\$//")" |
||||
|
_domain=$h |
||||
|
return 0 |
||||
|
else |
||||
|
_debug "Go to next level of $_domain" |
||||
|
fi |
||||
|
else |
||||
|
_debug "Go to next level of $_domain" |
||||
|
fi |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_porkbun_rest() { |
||||
|
m=$1 |
||||
|
ep="$2" |
||||
|
data="$3" |
||||
|
_debug "$ep" |
||||
|
|
||||
|
api_key_trimmed=$(echo "$PORKBUN_API_KEY" | tr -d '"') |
||||
|
secret_api_key_trimmed=$(echo "$PORKBUN_SECRET_API_KEY" | tr -d '"') |
||||
|
|
||||
|
test -z "$data" && data="{" || data="$(echo $data | cut -d'}' -f1)," |
||||
|
data="$data\"apikey\":\"$api_key_trimmed\",\"secretapikey\":\"$secret_api_key_trimmed\"}" |
||||
|
|
||||
|
export _H1="Content-Type: application/json" |
||||
|
|
||||
|
if [ "$m" != "GET" ]; then |
||||
|
_debug data "$data" |
||||
|
response="$(_post "$data" "$PORKBUN_Api/$ep" "" "$m")" |
||||
|
else |
||||
|
response="$(_get "$PORKBUN_Api/$ep")" |
||||
|
fi |
||||
|
|
||||
|
_sleep 3 # prevent rate limit |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "error $ep" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 response "$response" |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,156 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Provider: RackCorp (www.rackcorp.com) |
||||
|
# Author: Stephen Dendtler (sdendtler@rackcorp.com) |
||||
|
# Report Bugs here: https://github.com/senjoo/acme.sh |
||||
|
# Alternate email contact: support@rackcorp.com |
||||
|
# |
||||
|
# You'll need an API key (Portal: ADMINISTRATION -> API) |
||||
|
# Set the environment variables as below: |
||||
|
# |
||||
|
# export RACKCORP_APIUUID="UUIDHERE" |
||||
|
# export RACKCORP_APISECRET="SECRETHERE" |
||||
|
# |
||||
|
|
||||
|
RACKCORP_API_ENDPOINT="https://api.rackcorp.net/api/rest/v2.4/json.php" |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
dns_rackcorp_add() { |
||||
|
fulldomain="$1" |
||||
|
txtvalue="$2" |
||||
|
|
||||
|
_debug fulldomain="$fulldomain" |
||||
|
_debug txtvalue="$txtvalue" |
||||
|
|
||||
|
if ! _rackcorp_validate; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug "Searching for root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _lookup "$_lookup" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_info "Creating TXT record." |
||||
|
|
||||
|
if ! _rackcorp_api dns.record.create "\"name\":\"$_domain\",\"type\":\"TXT\",\"lookup\":\"$_lookup\",\"data\":\"$txtvalue\",\"ttl\":300"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#Usage: fulldomain txtvalue |
||||
|
#Remove the txt record after validation. |
||||
|
dns_rackcorp_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_debug fulldomain="$fulldomain" |
||||
|
_debug txtvalue="$txtvalue" |
||||
|
|
||||
|
if ! _rackcorp_validate; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug "Searching for root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _lookup "$_lookup" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_info "Creating TXT record." |
||||
|
|
||||
|
if ! _rackcorp_api dns.record.delete "\"name\":\"$_domain\",\"type\":\"TXT\",\"lookup\":\"$_lookup\",\"data\":\"$txtvalue\""; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
#_acme-challenge.domain.com |
||||
|
#returns |
||||
|
# _lookup=_acme-challenge |
||||
|
# _domain=domain.com |
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
p=1 |
||||
|
if ! _rackcorp_api dns.domain.getall "\"name\":\"$domain\""; then |
||||
|
return 1 |
||||
|
fi |
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug searchhost "$h" |
||||
|
if [ -z "$h" ]; then |
||||
|
_err "Could not find domain for record $domain in RackCorp using the provided credentials" |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_rackcorp_api dns.domain.getall "\"exactName\":\"$h\"" |
||||
|
|
||||
|
if _contains "$response" "\"matches\":1"; then |
||||
|
if _contains "$response" "\"name\":\"$h\""; then |
||||
|
_lookup=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain="$h" |
||||
|
return 0 |
||||
|
fi |
||||
|
fi |
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_rackcorp_validate() { |
||||
|
RACKCORP_APIUUID="${RACKCORP_APIUUID:-$(_readaccountconf_mutable RACKCORP_APIUUID)}" |
||||
|
if [ -z "$RACKCORP_APIUUID" ]; then |
||||
|
RACKCORP_APIUUID="" |
||||
|
_err "You require a RackCorp API UUID (export RACKCORP_APIUUID=\"<api uuid>\")" |
||||
|
_err "Please login to the portal and create an API key and try again." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_saveaccountconf_mutable RACKCORP_APIUUID "$RACKCORP_APIUUID" |
||||
|
|
||||
|
RACKCORP_APISECRET="${RACKCORP_APISECRET:-$(_readaccountconf_mutable RACKCORP_APISECRET)}" |
||||
|
if [ -z "$RACKCORP_APISECRET" ]; then |
||||
|
RACKCORP_APISECRET="" |
||||
|
_err "You require a RackCorp API secret (export RACKCORP_APISECRET=\"<api secret>\")" |
||||
|
_err "Please login to the portal and create an API key and try again." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_saveaccountconf_mutable RACKCORP_APISECRET "$RACKCORP_APISECRET" |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
_rackcorp_api() { |
||||
|
_rackcorpcmd=$1 |
||||
|
_rackcorpinputdata=$2 |
||||
|
_debug cmd "$_rackcorpcmd $_rackcorpinputdata" |
||||
|
|
||||
|
export _H1="Accept: application/json" |
||||
|
response="$(_post "{\"APIUUID\":\"$RACKCORP_APIUUID\",\"APISECRET\":\"$RACKCORP_APISECRET\",\"cmd\":\"$_rackcorpcmd\",$_rackcorpinputdata}" "$RACKCORP_API_ENDPOINT" "" "POST")" |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "error $response" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 response "$response" |
||||
|
if _contains "$response" "\"code\":\"OK\""; then |
||||
|
_debug code "OK" |
||||
|
else |
||||
|
_debug code "FAILED" |
||||
|
response="" |
||||
|
return 1 |
||||
|
fi |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,176 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Scaleway API |
||||
|
# https://developers.scaleway.com/en/products/domain/dns/api/ |
||||
|
# |
||||
|
# Requires Scaleway API token set in SCALEWAY_API_TOKEN |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
SCALEWAY_API="https://api.scaleway.com/domain/v2beta1" |
||||
|
|
||||
|
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_scaleway_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
if ! _scaleway_check_config; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_info "Adding record" |
||||
|
_scaleway_create_TXT_record "$_domain" "$_sub_domain" "$txtvalue" |
||||
|
if _contains "$response" "records"; then |
||||
|
return 0 |
||||
|
else |
||||
|
_err error "$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
_info "Record added." |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
dns_scaleway_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
if ! _scaleway_check_config; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_info "Deleting record" |
||||
|
_scaleway_delete_TXT_record "$_domain" "$_sub_domain" "$txtvalue" |
||||
|
if _contains "$response" "records"; then |
||||
|
return 0 |
||||
|
else |
||||
|
_err error "$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
_info "Record deleted." |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
|
||||
|
_scaleway_check_config() { |
||||
|
SCALEWAY_API_TOKEN="${SCALEWAY_API_TOKEN:-$(_readaccountconf_mutable SCALEWAY_API_TOKEN)}" |
||||
|
if [ -z "$SCALEWAY_API_TOKEN" ]; then |
||||
|
_err "No API key specified for Scaleway API." |
||||
|
_err "Create your key and export it as SCALEWAY_API_TOKEN" |
||||
|
return 1 |
||||
|
fi |
||||
|
if ! _scaleway_rest GET "dns-zones"; then |
||||
|
_err "Invalid API key specified for Scaleway API." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_saveaccountconf_mutable SCALEWAY_API_TOKEN "$SCALEWAY_API_TOKEN" |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#_acme-challenge.www.domain.com |
||||
|
#returns |
||||
|
# _sub_domain=_acme-challenge.www |
||||
|
# _domain=domain.com |
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
p=1 |
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_scaleway_rest GET "dns-zones/$h/records" |
||||
|
|
||||
|
if ! _contains "$response" "subdomain not found" >/dev/null; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain="$h" |
||||
|
return 0 |
||||
|
fi |
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
_err "Unable to retrive DNS zone matching this domain" |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
# this function add a TXT record |
||||
|
_scaleway_create_TXT_record() { |
||||
|
txt_zone=$1 |
||||
|
txt_name=$2 |
||||
|
txt_value=$3 |
||||
|
|
||||
|
_scaleway_rest PATCH "dns-zones/$txt_zone/records" "{\"return_all_records\":false,\"changes\":[{\"add\":{\"records\":[{\"name\":\"$txt_name\",\"data\":\"$txt_value\",\"type\":\"TXT\",\"ttl\":60}]}}]}" |
||||
|
|
||||
|
if _contains "$response" "records"; then |
||||
|
return 0 |
||||
|
else |
||||
|
_err "error1 $response" |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
# this function delete a TXT record based on name and content |
||||
|
_scaleway_delete_TXT_record() { |
||||
|
txt_zone=$1 |
||||
|
txt_name=$2 |
||||
|
txt_value=$3 |
||||
|
|
||||
|
_scaleway_rest PATCH "dns-zones/$txt_zone/records" "{\"return_all_records\":false,\"changes\":[{\"delete\":{\"id_fields\":{\"name\":\"$txt_name\",\"data\":\"$txt_value\",\"type\":\"TXT\"}}}]}" |
||||
|
|
||||
|
if _contains "$response" "records"; then |
||||
|
return 0 |
||||
|
else |
||||
|
_err "error2 $response" |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
_scaleway_rest() { |
||||
|
m=$1 |
||||
|
ep="$2" |
||||
|
data="$3" |
||||
|
_debug "$ep" |
||||
|
_scaleway_url="$SCALEWAY_API/$ep" |
||||
|
_debug2 _scaleway_url "$_scaleway_url" |
||||
|
export _H1="x-auth-token: $SCALEWAY_API_TOKEN" |
||||
|
export _H2="Accept: application/json" |
||||
|
export _H3="Content-Type: application/json" |
||||
|
|
||||
|
if [ "$data" ] || [ "$m" != "GET" ]; then |
||||
|
_debug data "$data" |
||||
|
response="$(_post "$data" "$_scaleway_url" "" "$m")" |
||||
|
else |
||||
|
response="$(_get "$_scaleway_url")" |
||||
|
fi |
||||
|
if [ "$?" != "0" ] || _contains "$response" "denied_authentication" || _contains "$response" "Method not allowed" || _contains "$response" "json parse error: unexpected EOF"; then |
||||
|
_err "error $response" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 response "$response" |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,261 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# |
||||
|
#SIMPLY_AccountName="accountname" |
||||
|
# |
||||
|
#SIMPLY_ApiKey="apikey" |
||||
|
# |
||||
|
#SIMPLY_Api="https://api.simply.com/1/[ACCOUNTNAME]/[APIKEY]" |
||||
|
SIMPLY_Api_Default="https://api.simply.com/1" |
||||
|
|
||||
|
#This is used for determining success of REST call |
||||
|
SIMPLY_SUCCESS_CODE='"status": 200' |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_simply_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
if ! _simply_load_config; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_simply_save_config |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_info "Adding record" |
||||
|
|
||||
|
if ! _simply_add_record "$_domain" "$_sub_domain" "$txtvalue"; then |
||||
|
_err "Could not add DNS record" |
||||
|
return 1 |
||||
|
fi |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
dns_simply_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
if ! _simply_load_config; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_simply_save_config |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
|
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
_debug txtvalue "$txtvalue" |
||||
|
|
||||
|
_info "Getting all existing records" |
||||
|
|
||||
|
if ! _simply_get_all_records "$_domain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
records=$(echo "$response" | tr '{' "\n" | grep 'record_id\|type\|data\|\name' | sed 's/\"record_id/;\"record_id/' | tr "\n" ' ' | tr -d ' ' | tr ';' ' ') |
||||
|
|
||||
|
nr_of_deleted_records=0 |
||||
|
_info "Fetching txt record" |
||||
|
|
||||
|
for record in $records; do |
||||
|
_debug record "$record" |
||||
|
|
||||
|
record_data=$(echo "$record" | cut -d "," -f 3 | sed 's/"//g' | grep "data" | cut -d ":" -f 2) |
||||
|
record_type=$(echo "$record" | cut -d "," -f 4 | sed 's/"//g' | grep "type" | cut -d ":" -f 2) |
||||
|
|
||||
|
_debug2 record_data "$record_data" |
||||
|
_debug2 record_type "$record_type" |
||||
|
|
||||
|
if [ "$record_data" = "$txtvalue" ] && [ "$record_type" = "TXT" ]; then |
||||
|
|
||||
|
record_id=$(echo "$record" | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2) |
||||
|
|
||||
|
_info "Deleting record $record" |
||||
|
_debug2 record_id "$record_id" |
||||
|
|
||||
|
if [ "$record_id" -gt 0 ]; then |
||||
|
|
||||
|
if ! _simply_delete_record "$_domain" "$_sub_domain" "$record_id"; then |
||||
|
_err "Record with id $record_id could not be deleted" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
nr_of_deleted_records=1 |
||||
|
break |
||||
|
else |
||||
|
_err "Fetching record_id could not be done, this should not happen, exiting function. Failing record is $record" |
||||
|
break |
||||
|
fi |
||||
|
fi |
||||
|
|
||||
|
done |
||||
|
|
||||
|
if [ "$nr_of_deleted_records" -eq 0 ]; then |
||||
|
_err "No record deleted, the DNS record needs to be removed manually." |
||||
|
else |
||||
|
_info "Deleted $nr_of_deleted_records record" |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
|
||||
|
_simply_load_config() { |
||||
|
SIMPLY_Api="${SIMPLY_Api:-$(_readaccountconf_mutable SIMPLY_Api)}" |
||||
|
SIMPLY_AccountName="${SIMPLY_AccountName:-$(_readaccountconf_mutable SIMPLY_AccountName)}" |
||||
|
SIMPLY_ApiKey="${SIMPLY_ApiKey:-$(_readaccountconf_mutable SIMPLY_ApiKey)}" |
||||
|
|
||||
|
if [ -z "$SIMPLY_Api" ]; then |
||||
|
SIMPLY_Api="$SIMPLY_Api_Default" |
||||
|
fi |
||||
|
|
||||
|
if [ -z "$SIMPLY_AccountName" ] || [ -z "$SIMPLY_ApiKey" ]; then |
||||
|
SIMPLY_AccountName="" |
||||
|
SIMPLY_ApiKey="" |
||||
|
|
||||
|
_err "A valid Simply API account and apikey not provided." |
||||
|
_err "Please provide a valid API user and try again." |
||||
|
|
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
_simply_save_config() { |
||||
|
if [ "$SIMPLY_Api" != "$SIMPLY_Api_Default" ]; then |
||||
|
_saveaccountconf_mutable SIMPLY_Api "$SIMPLY_Api" |
||||
|
fi |
||||
|
_saveaccountconf_mutable SIMPLY_AccountName "$SIMPLY_AccountName" |
||||
|
_saveaccountconf_mutable SIMPLY_ApiKey "$SIMPLY_ApiKey" |
||||
|
} |
||||
|
|
||||
|
_simply_get_all_records() { |
||||
|
domain=$1 |
||||
|
|
||||
|
if ! _simply_rest GET "my/products/$domain/dns/records"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=2 |
||||
|
p=1 |
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _simply_rest GET "my/products/$h/dns"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _contains "$response" "$SIMPLY_SUCCESS_CODE"; then |
||||
|
_debug "$h not found" |
||||
|
else |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain="$h" |
||||
|
return 0 |
||||
|
fi |
||||
|
p="$i" |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_simply_add_record() { |
||||
|
domain=$1 |
||||
|
sub_domain=$2 |
||||
|
txtval=$3 |
||||
|
|
||||
|
data="{\"name\": \"$sub_domain\", \"type\":\"TXT\", \"data\": \"$txtval\", \"priority\":0, \"ttl\": 3600}" |
||||
|
|
||||
|
if ! _simply_rest POST "my/products/$domain/dns/records" "$data"; then |
||||
|
_err "Adding record not successfull!" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _contains "$response" "$SIMPLY_SUCCESS_CODE"; then |
||||
|
_err "Call to API not sucessfull, see below message for more details" |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
_simply_delete_record() { |
||||
|
domain=$1 |
||||
|
sub_domain=$2 |
||||
|
record_id=$3 |
||||
|
|
||||
|
_debug record_id "Delete record with id $record_id" |
||||
|
|
||||
|
if ! _simply_rest DELETE "my/products/$domain/dns/records/$record_id"; then |
||||
|
_err "Deleting record not successfull!" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _contains "$response" "$SIMPLY_SUCCESS_CODE"; then |
||||
|
_err "Call to API not sucessfull, see below message for more details" |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
_simply_rest() { |
||||
|
m=$1 |
||||
|
ep="$2" |
||||
|
data="$3" |
||||
|
|
||||
|
_debug2 data "$data" |
||||
|
_debug2 ep "$ep" |
||||
|
_debug2 m "$m" |
||||
|
|
||||
|
export _H1="Content-Type: application/json" |
||||
|
|
||||
|
if [ "$m" != "GET" ]; then |
||||
|
response="$(_post "$data" "$SIMPLY_Api/$SIMPLY_AccountName/$SIMPLY_ApiKey/$ep" "" "$m")" |
||||
|
else |
||||
|
response="$(_get "$SIMPLY_Api/$SIMPLY_AccountName/$SIMPLY_ApiKey/$ep")" |
||||
|
fi |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "error $ep" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug2 response "$response" |
||||
|
|
||||
|
if _contains "$response" "Invalid account authorization"; then |
||||
|
_err "It seems that your api key or accountnumber is not correct." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,207 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Acme.sh DNS API wrapper for websupport.sk |
||||
|
# |
||||
|
# Original author: trgo.sk (https://github.com/trgosk) |
||||
|
# Tweaks by: akulumbeg (https://github.com/akulumbeg) |
||||
|
# Report Bugs here: https://github.com/akulumbeg/acme.sh |
||||
|
|
||||
|
# Requirements: API Key and Secret from https://admin.websupport.sk/en/auth/apiKey |
||||
|
# |
||||
|
# WS_ApiKey="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" |
||||
|
# (called "Identifier" in the WS Admin) |
||||
|
# |
||||
|
# WS_ApiSecret="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" |
||||
|
# (called "Secret key" in the WS Admin) |
||||
|
|
||||
|
WS_Api="https://rest.websupport.sk" |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
dns_websupport_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
WS_ApiKey="${WS_ApiKey:-$(_readaccountconf_mutable WS_ApiKey)}" |
||||
|
WS_ApiSecret="${WS_ApiSecret:-$(_readaccountconf_mutable WS_ApiSecret)}" |
||||
|
|
||||
|
if [ "$WS_ApiKey" ] && [ "$WS_ApiSecret" ]; then |
||||
|
_saveaccountconf_mutable WS_ApiKey "$WS_ApiKey" |
||||
|
_saveaccountconf_mutable WS_ApiSecret "$WS_ApiSecret" |
||||
|
else |
||||
|
WS_ApiKey="" |
||||
|
WS_ApiSecret="" |
||||
|
_err "You did not specify the API Key and/or API Secret" |
||||
|
_err "You can get the API login credentials from https://admin.websupport.sk/en/auth/apiKey" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
# For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so |
||||
|
# we can not use updating anymore. |
||||
|
# count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2) |
||||
|
# _debug count "$count" |
||||
|
# if [ "$count" = "0" ]; then |
||||
|
_info "Adding record" |
||||
|
if _ws_rest POST "/v1/user/self/zone/$_domain/record" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then |
||||
|
if _contains "$response" "$txtvalue"; then |
||||
|
_info "Added, OK" |
||||
|
return 0 |
||||
|
elif _contains "$response" "The record already exists"; then |
||||
|
_info "Already exists, OK" |
||||
|
return 0 |
||||
|
else |
||||
|
_err "Add txt record error." |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
_err "Add txt record error." |
||||
|
return 1 |
||||
|
|
||||
|
} |
||||
|
|
||||
|
dns_websupport_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_debug2 fulldomain "$fulldomain" |
||||
|
_debug2 txtvalue "$txtvalue" |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_debug "Getting txt records" |
||||
|
_ws_rest GET "/v1/user/self/zone/$_domain/record" |
||||
|
|
||||
|
if [ "$(printf "%s" "$response" | tr -d " " | grep -c \"items\")" -lt "1" ]; then |
||||
|
_err "Error: $response" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
record_line="$(_get_from_array "$response" "$txtvalue")" |
||||
|
_debug record_line "$record_line" |
||||
|
if [ -z "$record_line" ]; then |
||||
|
_info "Don't need to remove." |
||||
|
else |
||||
|
record_id=$(echo "$record_line" | _egrep_o "\"id\": *[^,]*" | _head_n 1 | cut -d : -f 2 | tr -d \" | tr -d " ") |
||||
|
_debug "record_id" "$record_id" |
||||
|
if [ -z "$record_id" ]; then |
||||
|
_err "Can not get record id to remove." |
||||
|
return 1 |
||||
|
fi |
||||
|
if ! _ws_rest DELETE "/v1/user/self/zone/$_domain/record/$record_id"; then |
||||
|
_err "Delete record error." |
||||
|
return 1 |
||||
|
fi |
||||
|
if [ "$(printf "%s" "$response" | tr -d " " | grep -c \"success\")" -lt "1" ]; then |
||||
|
return 1 |
||||
|
else |
||||
|
return 0 |
||||
|
fi |
||||
|
fi |
||||
|
|
||||
|
} |
||||
|
|
||||
|
#################### Private Functions ################################## |
||||
|
|
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=1 |
||||
|
p=1 |
||||
|
|
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug h "$h" |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _ws_rest GET "/v1/user/self/zone"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _contains "$response" "\"name\":\"$h\""; then |
||||
|
_domain_id=$(echo "$response" | _egrep_o "\[.\"id\": *[^,]*" | _head_n 1 | cut -d : -f 2 | tr -d \" | tr -d " ") |
||||
|
if [ "$_domain_id" ]; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain=$h |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
fi |
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_ws_rest() { |
||||
|
me=$1 |
||||
|
pa="$2" |
||||
|
da="$3" |
||||
|
|
||||
|
_debug2 api_key "$WS_ApiKey" |
||||
|
_debug2 api_secret "$WS_ApiSecret" |
||||
|
|
||||
|
timestamp=$(_time) |
||||
|
datez="$(_utc_date | sed "s/ /T/" | sed "s/$/+0000/")" |
||||
|
canonical_request="${me} ${pa} ${timestamp}" |
||||
|
signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$(printf "%s" "$WS_ApiSecret" | _hex_dump | tr -d " ")" hex) |
||||
|
basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" |
||||
|
|
||||
|
_debug2 method "$me" |
||||
|
_debug2 path "$pa" |
||||
|
_debug2 data "$da" |
||||
|
_debug2 timestamp "$timestamp" |
||||
|
_debug2 datez "$datez" |
||||
|
_debug2 canonical_request "$canonical_request" |
||||
|
_debug2 signature_hash "$signature_hash" |
||||
|
_debug2 basicauth "$basicauth" |
||||
|
|
||||
|
export _H1="Accept: application/json" |
||||
|
export _H2="Content-Type: application/json" |
||||
|
export _H3="Authorization: Basic ${basicauth}" |
||||
|
export _H4="Date: ${datez}" |
||||
|
|
||||
|
_debug2 H1 "$_H1" |
||||
|
_debug2 H2 "$_H2" |
||||
|
_debug2 H3 "$_H3" |
||||
|
_debug2 H4 "$_H4" |
||||
|
|
||||
|
if [ "$me" != "GET" ]; then |
||||
|
_debug2 "${me} $WS_Api${pa}" |
||||
|
_debug data "$da" |
||||
|
response="$(_post "$da" "${WS_Api}${pa}" "" "$me")" |
||||
|
else |
||||
|
_debug2 "GET $WS_Api${pa}" |
||||
|
response="$(_get "$WS_Api${pa}")" |
||||
|
fi |
||||
|
|
||||
|
_debug2 response "$response" |
||||
|
return "$?" |
||||
|
} |
||||
|
|
||||
|
_get_from_array() { |
||||
|
va="$1" |
||||
|
fi="$2" |
||||
|
for i in $(echo "$va" | sed "s/{/ /g"); do |
||||
|
if _contains "$i" "$fi"; then |
||||
|
echo "$i" |
||||
|
break |
||||
|
fi |
||||
|
done |
||||
|
} |
@ -0,0 +1,210 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# World4You - www.world4you.com |
||||
|
# Lorenz Stechauner, 2020 - https://www.github.com/NerLOR |
||||
|
|
||||
|
WORLD4YOU_API="https://my.world4you.com/en" |
||||
|
PAKETNR='' |
||||
|
TLD='' |
||||
|
RECORD='' |
||||
|
|
||||
|
################ Public functions ################ |
||||
|
|
||||
|
# Usage: dns_world4you_add <fqdn> <value> |
||||
|
dns_world4you_add() { |
||||
|
fqdn="$1" |
||||
|
value="$2" |
||||
|
_info "Using world4you to add record" |
||||
|
_debug fulldomain "$fqdn" |
||||
|
_debug txtvalue "$value" |
||||
|
|
||||
|
_login |
||||
|
if [ "$?" != 0 ]; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
export _H1="Cookie: W4YSESSID=$sessid" |
||||
|
form=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht") |
||||
|
_get_paketnr "$fqdn" "$form" |
||||
|
paketnr="$PAKETNR" |
||||
|
if [ -z "$paketnr" ]; then |
||||
|
_err "Unable to parse paketnr" |
||||
|
return 3 |
||||
|
fi |
||||
|
_debug paketnr "$paketnr" |
||||
|
|
||||
|
export _H1="Cookie: W4YSESSID=$sessid" |
||||
|
form=$(_get "$WORLD4YOU_API/$paketnr/dns") |
||||
|
formiddp=$(echo "$form" | grep 'AddDnsRecordForm\[uniqueFormIdDP\]' | sed 's/^.*name="AddDnsRecordForm\[uniqueFormIdDP\]" value="\([^"]*\)".*$/\1/') |
||||
|
formidttl=$(echo "$form" | grep 'AddDnsRecordForm\[uniqueFormIdTTL\]' | sed 's/^.*name="AddDnsRecordForm\[uniqueFormIdTTL\]" value="\([^"]*\)".*$/\1/') |
||||
|
form_token=$(echo "$form" | grep 'AddDnsRecordForm\[_token\]' | sed 's/^.*name="AddDnsRecordForm\[_token\]" value="\([^"]*\)".*$/\1/') |
||||
|
if [ -z "$formiddp" ]; then |
||||
|
_err "Unable to parse form" |
||||
|
return 3 |
||||
|
fi |
||||
|
|
||||
|
_resethttp |
||||
|
export ACME_HTTP_NO_REDIRECTS=1 |
||||
|
body="AddDnsRecordForm[name]=$RECORD&AddDnsRecordForm[dnsType][type]=TXT&\ |
||||
|
AddDnsRecordForm[value]=$value&AddDnsRecordForm[aktivPaket]=$paketnr&AddDnsRecordForm[uniqueFormIdDP]=$formiddp&\ |
||||
|
AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_token" |
||||
|
_info "Adding record..." |
||||
|
ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/dns" '' POST 'application/x-www-form-urlencoded') |
||||
|
_resethttp |
||||
|
|
||||
|
if _contains "$(_head_n 3 <"$HTTP_HEADER")" '302'; then |
||||
|
res=$(_get "$WORLD4YOU_API/$paketnr/dns") |
||||
|
if _contains "$res" "successfully"; then |
||||
|
return 0 |
||||
|
else |
||||
|
msg=$(echo "$res" | tr '\n' '\t' | sed 's/.*<h3 class="mb-5">[^\t]*\t *\([^\t]*\)\t.*/\1/') |
||||
|
if _contains "$msg" '^<\!DOCTYPE html>'; then |
||||
|
msg='Unknown error' |
||||
|
fi |
||||
|
_err "Unable to add record: $msg" |
||||
|
if _contains "$msg" '^<\!DOCTYPE html>'; then |
||||
|
echo "$ret" >'error-01.html' |
||||
|
echo "$res" >'error-02.html' |
||||
|
_err "View error-01.html and error-02.html for debugging" |
||||
|
fi |
||||
|
return 1 |
||||
|
fi |
||||
|
else |
||||
|
_err "$(_head_n 3 <"$HTTP_HEADER")" |
||||
|
_err "View $HTTP_HEADER for debugging" |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
# Usage: dns_world4you_rm <fqdn> <value> |
||||
|
dns_world4you_rm() { |
||||
|
fqdn="$1" |
||||
|
value="$2" |
||||
|
_info "Using world4you to remove record" |
||||
|
_debug fulldomain "$fqdn" |
||||
|
_debug txtvalue "$value" |
||||
|
|
||||
|
_login |
||||
|
if [ "$?" != 0 ]; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
export _H1="Cookie: W4YSESSID=$sessid" |
||||
|
form=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht") |
||||
|
_get_paketnr "$fqdn" "$form" |
||||
|
paketnr="$PAKETNR" |
||||
|
if [ -z "$paketnr" ]; then |
||||
|
_err "Unable to parse paketnr" |
||||
|
return 3 |
||||
|
fi |
||||
|
_debug paketnr "$paketnr" |
||||
|
|
||||
|
form=$(_get "$WORLD4YOU_API/$paketnr/dns") |
||||
|
formiddp=$(echo "$form" | grep 'DeleteDnsRecordForm\[uniqueFormIdDP\]' | sed 's/^.*name="DeleteDnsRecordForm\[uniqueFormIdDP\]" value="\([^"]*\)".*$/\1/') |
||||
|
formidttl=$(echo "$form" | grep 'DeleteDnsRecordForm\[uniqueFormIdTTL\]' | sed 's/^.*name="DeleteDnsRecordForm\[uniqueFormIdTTL\]" value="\([^"]*\)".*$/\1/') |
||||
|
form_token=$(echo "$form" | grep 'DeleteDnsRecordForm\[_token\]' | sed 's/^.*name="DeleteDnsRecordForm\[_token\]" value="\([^"]*\)".*$/\1/') |
||||
|
if [ -z "$formiddp" ]; then |
||||
|
_err "Unable to parse form" |
||||
|
return 3 |
||||
|
fi |
||||
|
|
||||
|
recordid=$(printf "TXT:%s.:\"%s\"" "$fqdn" "$value" | _base64) |
||||
|
_debug recordid "$recordid" |
||||
|
|
||||
|
_resethttp |
||||
|
export ACME_HTTP_NO_REDIRECTS=1 |
||||
|
body="DeleteDnsRecordForm[recordId]=$recordid&DeleteDnsRecordForm[aktivPaket]=$paketnr&\ |
||||
|
DeleteDnsRecordForm[uniqueFormIdDP]=$formiddp&DeleteDnsRecordForm[uniqueFormIdTTL]=$formidttl&\ |
||||
|
DeleteDnsRecordForm[_token]=$form_token" |
||||
|
_info "Removing record..." |
||||
|
ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/deleteRecord" '' POST 'application/x-www-form-urlencoded') |
||||
|
_resethttp |
||||
|
|
||||
|
if _contains "$(_head_n 3 <"$HTTP_HEADER")" '302'; then |
||||
|
res=$(_get "$WORLD4YOU_API/$paketnr/dns") |
||||
|
if _contains "$res" "successfully"; then |
||||
|
return 0 |
||||
|
else |
||||
|
msg=$(echo "$res" | tr '\n' '\t' | sed 's/.*<h3 class="mb-5">[^\t]*\t *\([^\t]*\)\t.*/\1/') |
||||
|
if _contains "$msg" '^<\!DOCTYPE html>'; then |
||||
|
msg='Unknown error' |
||||
|
fi |
||||
|
_err "Unable to remove record: $msg" |
||||
|
if _contains "$msg" '^<\!DOCTYPE html>'; then |
||||
|
echo "$ret" >'error-01.html' |
||||
|
echo "$res" >'error-02.html' |
||||
|
_err "View error-01.html and error-02.html for debugging" |
||||
|
fi |
||||
|
return 1 |
||||
|
fi |
||||
|
else |
||||
|
_err "$(_head_n 3 <"$HTTP_HEADER")" |
||||
|
_err "View $HTTP_HEADER for debugging" |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
################ Private functions ################ |
||||
|
|
||||
|
# Usage: _login |
||||
|
_login() { |
||||
|
WORLD4YOU_USERNAME="${WORLD4YOU_USERNAME:-$(_readaccountconf_mutable WORLD4YOU_USERNAME)}" |
||||
|
WORLD4YOU_PASSWORD="${WORLD4YOU_PASSWORD:-$(_readaccountconf_mutable WORLD4YOU_PASSWORD)}" |
||||
|
|
||||
|
if [ -z "$WORLD4YOU_USERNAME" ] || [ -z "$WORLD4YOU_PASSWORD" ]; then |
||||
|
WORLD4YOU_USERNAME="" |
||||
|
WORLD4YOU_PASSWORD="" |
||||
|
_err "You didn't specify world4you username and password yet." |
||||
|
_err "Usage: export WORLD4YOU_USERNAME=<name>" |
||||
|
_err "Usage: export WORLD4YOU_PASSWORD=<password>" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_saveaccountconf_mutable WORLD4YOU_USERNAME "$WORLD4YOU_USERNAME" |
||||
|
_saveaccountconf_mutable WORLD4YOU_PASSWORD "$WORLD4YOU_PASSWORD" |
||||
|
|
||||
|
_info "Logging in..." |
||||
|
|
||||
|
username="$WORLD4YOU_USERNAME" |
||||
|
password="$WORLD4YOU_PASSWORD" |
||||
|
csrf_token=$(_get "$WORLD4YOU_API/login" | grep '_csrf_token' | sed 's/^.*<input[^>]*value=\"\([^"]*\)\".*$/\1/') |
||||
|
sessid=$(grep 'W4YSESSID' <"$HTTP_HEADER" | sed 's/^.*W4YSESSID=\([^;]*\);.*$/\1/') |
||||
|
|
||||
|
export _H1="Cookie: W4YSESSID=$sessid" |
||||
|
export _H2="X-Requested-With: XMLHttpRequest" |
||||
|
body="_username=$username&_password=$password&_csrf_token=$csrf_token" |
||||
|
ret=$(_post "$body" "$WORLD4YOU_API/login" '' POST 'application/x-www-form-urlencoded') |
||||
|
unset _H2 |
||||
|
_debug ret "$ret" |
||||
|
if _contains "$ret" "\"success\":true"; then |
||||
|
_info "Successfully logged in" |
||||
|
sessid=$(grep 'W4YSESSID' <"$HTTP_HEADER" | sed 's/^.*W4YSESSID=\([^;]*\);.*$/\1/') |
||||
|
else |
||||
|
_err "Unable to log in: $(echo "$ret" | sed 's/^.*"message":"\([^\"]*\)".*$/\1/')" |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
# Usage _get_paketnr <fqdn> <form> |
||||
|
_get_paketnr() { |
||||
|
fqdn="$1" |
||||
|
form="$2" |
||||
|
|
||||
|
domains=$(echo "$form" | grep '^ *[A-Za-z0-9_\.-]*\.[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') |
||||
|
domain='' |
||||
|
for domain in $domains; do |
||||
|
if _contains "$fqdn" "$domain\$"; then |
||||
|
break |
||||
|
fi |
||||
|
domain='' |
||||
|
done |
||||
|
if [ -z "$domain" ]; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
TLD="$domain" |
||||
|
_debug domain "$domain" |
||||
|
RECORD=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#TLD} - 1))") |
||||
|
PAKETNR=$(echo "$form" | grep "data-textfilter=\".* $domain " | _head_n 1 | sed 's/^.* \([0-9]*\) .*$/\1/') |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,52 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
#Support Telegram Bots |
||||
|
|
||||
|
#TELEGRAM_BOT_APITOKEN="" |
||||
|
#TELEGRAM_BOT_CHATID="" |
||||
|
|
||||
|
telegram_send() { |
||||
|
_subject="$1" |
||||
|
_content="$2" |
||||
|
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped |
||||
|
_debug "_statusCode" "$_statusCode" |
||||
|
|
||||
|
TELEGRAM_BOT_APITOKEN="${TELEGRAM_BOT_APITOKEN:-$(_readaccountconf_mutable TELEGRAM_BOT_APITOKEN)}" |
||||
|
if [ -z "$TELEGRAM_BOT_APITOKEN" ]; then |
||||
|
TELEGRAM_BOT_APITOKEN="" |
||||
|
_err "You didn't specify a Telegram BOT API Token TELEGRAM_BOT_APITOKEN yet." |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable TELEGRAM_BOT_APITOKEN "$TELEGRAM_BOT_APITOKEN" |
||||
|
|
||||
|
TELEGRAM_BOT_CHATID="${TELEGRAM_BOT_CHATID:-$(_readaccountconf_mutable TELEGRAM_BOT_CHATID)}" |
||||
|
if [ -z "$TELEGRAM_BOT_CHATID" ]; then |
||||
|
TELEGRAM_BOT_CHATID="" |
||||
|
_err "You didn't specify a Telegram Chat id TELEGRAM_BOT_CHATID yet." |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable TELEGRAM_BOT_CHATID "$TELEGRAM_BOT_CHATID" |
||||
|
|
||||
|
_content="$(printf "%s" "$_content" | sed -e 's/*/\\\\*/')" |
||||
|
_content="$(printf "*%s*\n%s" "$_subject" "$_content" | _json_encode)" |
||||
|
_data="{\"text\": \"$_content\", " |
||||
|
_data="$_data\"chat_id\": \"$TELEGRAM_BOT_CHATID\", " |
||||
|
_data="$_data\"parse_mode\": \"markdown\", " |
||||
|
_data="$_data\"disable_web_page_preview\": \"1\"}" |
||||
|
|
||||
|
_debug "$_data" |
||||
|
|
||||
|
export _H1="Content-Type: application/json" |
||||
|
_telegram_bot_url="https://api.telegram.org/bot${TELEGRAM_BOT_APITOKEN}/sendMessage" |
||||
|
if _post "$_data" "$_telegram_bot_url" >/dev/null; then |
||||
|
# shellcheck disable=SC2154 |
||||
|
_message=$(printf "%s\n" "$response" | sed -n 's/.*"ok":\([^,]*\).*/\1/p') |
||||
|
if [ "$_message" = "true" ]; then |
||||
|
_info "telegram send success." |
||||
|
return 0 |
||||
|
fi |
||||
|
fi |
||||
|
_err "telegram send error." |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue