Phil Porada
8 months ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
46 changed files with 2545 additions and 846 deletions
-
89.github/workflows/DNS.yml
-
14.github/workflows/DragonFlyBSD.yml
-
6.github/workflows/FreeBSD.yml
-
2.github/workflows/Linux.yml
-
2.github/workflows/MacOS.yml
-
12.github/workflows/NetBSD.yml
-
75.github/workflows/Omnios.yml
-
8.github/workflows/OpenBSD.yml
-
4.github/workflows/PebbleStrict.yml
-
13.github/workflows/Solaris.yml
-
2.github/workflows/Ubuntu.yml
-
2.github/workflows/Windows.yml
-
2.github/workflows/dockerhub.yml
-
6.github/workflows/pr_dns.yml
-
2.github/workflows/pr_notify.yml
-
4.github/workflows/shellcheck.yml
-
39README.md
-
228acme.sh
-
15deploy/docker.sh
-
125deploy/haproxy.sh
-
171deploy/panos.sh
-
8deploy/proxmoxve.sh
-
6deploy/routeros.sh
-
443deploy/synology_dsm.sh
-
154dnsapi/dns_1984hosting.sh
-
2dnsapi/dns_ali.sh
-
180dnsapi/dns_artfiles.sh
-
33dnsapi/dns_aws.sh
-
89dnsapi/dns_bookmyname.sh
-
185dnsapi/dns_dnsexit.sh
-
148dnsapi/dns_do.sh
-
33dnsapi/dns_gandi_livedns.sh
-
2dnsapi/dns_gcloud.sh
-
4dnsapi/dns_gcore.sh
-
2dnsapi/dns_inwx.sh
-
19dnsapi/dns_kappernet.sh
-
94dnsapi/dns_limacity.sh
-
2dnsapi/dns_loopia.sh
-
4dnsapi/dns_opnsense.sh
-
17dnsapi/dns_ovh.sh
-
60dnsapi/dns_pleskxml.sh
-
211dnsapi/dns_tencent.sh
-
17dnsapi/dns_variomedia.sh
-
105dnsapi/dns_west_cn.sh
-
226notify/aws_ses.sh
-
52notify/mattermost.sh
@ -0,0 +1,75 @@ |
|||
name: Omnios |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/Omnios.yml' |
|||
|
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/Omnios.yml' |
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
|
|||
|
|||
jobs: |
|||
Omnios: |
|||
strategy: |
|||
matrix: |
|||
include: |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
|||
ACME_USE_WGET: 1 |
|||
#- TEST_ACME_Server: "ZeroSSL.com" |
|||
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
|||
# CA: "ZeroSSL RSA Domain Secure Site CA" |
|||
# CA_EMAIL: "githubtest@acme.sh" |
|||
# TEST_PREFERRED_CHAIN: "" |
|||
runs-on: ubuntu-latest |
|||
env: |
|||
TEST_LOCAL: 1 |
|||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
|||
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
|||
CA: ${{ matrix.CA }} |
|||
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
|||
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
|||
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} |
|||
steps: |
|||
- uses: actions/checkout@v4 |
|||
- uses: vmactions/cf-tunnel@v0 |
|||
id: tunnel |
|||
with: |
|||
protocol: http |
|||
port: 8080 |
|||
- name: Set envs |
|||
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/omnios-vm@v1 |
|||
with: |
|||
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' |
|||
nat: | |
|||
"8080": "80" |
|||
prepare: pkg install socat wget |
|||
copyback: false |
|||
run: | |
|||
cd ../acmetest \ |
|||
&& ./letest.sh |
|||
|
|||
|
@ -0,0 +1,180 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
################################################################################ |
|||
# ACME.sh 3rd party DNS API plugin for ArtFiles.de |
|||
################################################################################ |
|||
# Author: Martin Arndt, https://troublezone.net/ |
|||
# Released: 2022-02-27 |
|||
# Issues: https://github.com/acmesh-official/acme.sh/issues/4718 |
|||
################################################################################ |
|||
# Usage: |
|||
# 1. export AF_API_USERNAME='api12345678' |
|||
# 2. export AF_API_PASSWORD='apiPassword' |
|||
# 3. acme.sh --issue -d example.com --dns dns_artfiles |
|||
################################################################################ |
|||
|
|||
########## API configuration ################################################### |
|||
|
|||
AF_API_SUCCESS='status":"OK' |
|||
AF_URL_DCP='https://dcp.c.artfiles.de/api/' |
|||
AF_URL_DNS=${AF_URL_DCP}'dns/{*}_dns.html?domain=' |
|||
AF_URL_DOMAINS=${AF_URL_DCP}'domain/get_domains.html' |
|||
|
|||
########## Public functions #################################################### |
|||
|
|||
# Adds a new TXT record for given ACME challenge value & domain. |
|||
# Usage: dns_artfiles_add _acme-challenge.www.example.com "ACME challenge value" |
|||
dns_artfiles_add() { |
|||
domain="$1" |
|||
txtValue="$2" |
|||
_info 'Using ArtFiles.de DNS addition API…' |
|||
_debug 'Domain' "$domain" |
|||
_debug 'txtValue' "$txtValue" |
|||
|
|||
_set_credentials |
|||
_saveaccountconf_mutable 'AF_API_USERNAME' "$AF_API_USERNAME" |
|||
_saveaccountconf_mutable 'AF_API_PASSWORD' "$AF_API_PASSWORD" |
|||
|
|||
_set_headers |
|||
_get_zone "$domain" |
|||
_dns 'GET' |
|||
if ! _contains "$response" 'TXT'; then |
|||
_err 'Retrieving TXT records failed.' |
|||
|
|||
return 1 |
|||
fi |
|||
|
|||
_clean_records |
|||
_dns 'SET' "$(printf -- '%s\n_acme-challenge "%s"' "$response" "$txtValue")" |
|||
if ! _contains "$response" "$AF_API_SUCCESS"; then |
|||
_err 'Adding ACME challenge value failed.' |
|||
|
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
# Removes the existing TXT record for given ACME challenge value & domain. |
|||
# Usage: dns_artfiles_rm _acme-challenge.www.example.com "ACME challenge value" |
|||
dns_artfiles_rm() { |
|||
domain="$1" |
|||
txtValue="$2" |
|||
_info 'Using ArtFiles.de DNS removal API…' |
|||
_debug 'Domain' "$domain" |
|||
_debug 'txtValue' "$txtValue" |
|||
|
|||
_set_credentials |
|||
_set_headers |
|||
_get_zone "$domain" |
|||
if ! _dns 'GET'; then |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _contains "$response" "$txtValue"; then |
|||
_err 'Retrieved TXT records are missing given ACME challenge value.' |
|||
|
|||
return 1 |
|||
fi |
|||
|
|||
_clean_records |
|||
response="$(printf -- '%s' "$response" | sed '/_acme-challenge "'"$txtValue"'"/d')" |
|||
_dns 'SET' "$response" |
|||
if ! _contains "$response" "$AF_API_SUCCESS"; then |
|||
_err 'Removing ACME challenge value failed.' |
|||
|
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
########## Private functions ################################################### |
|||
|
|||
# Cleans awful TXT records response of ArtFiles's API & pretty prints it. |
|||
# Usage: _clean_records |
|||
_clean_records() { |
|||
_info 'Cleaning TXT records…' |
|||
# Extract TXT part, strip trailing quote sign (ACME.sh API guidelines forbid |
|||
# usage of SED's GNU extensions, hence couldn't omit it via regex), strip '\' |
|||
# from '\"' & turn '\n' into real LF characters. |
|||
# Yup, awful API to use - but that's all we got to get this working, so… ;) |
|||
_debug2 'Raw ' "$response" |
|||
response="$(printf -- '%s' "$response" | sed 's/^.*TXT":"\([^}]*\).*$/\1/;s/,".*$//;s/.$//;s/\\"/"/g;s/\\n/\n/g')" |
|||
_debug2 'Clean' "$response" |
|||
} |
|||
|
|||
# Executes an HTTP GET or POST request for getting or setting DNS records, |
|||
# containing given payload upon POST. |
|||
# Usage: _dns [GET | SET] [payload] |
|||
_dns() { |
|||
_info 'Executing HTTP request…' |
|||
action="$1" |
|||
payload="$(printf -- '%s' "$2" | _url_encode)" |
|||
url="$(printf -- '%s%s' "$AF_URL_DNS" "$domain" | sed 's/{\*}/'"$(printf -- '%s' "$action" | _lower_case)"'/')" |
|||
|
|||
if [ "$action" = 'SET' ]; then |
|||
_debug2 'Payload' "$payload" |
|||
response="$(_post '' "$url&TXT=$payload" '' 'POST' 'application/x-www-form-urlencoded')" |
|||
else |
|||
response="$(_get "$url" '' 10)" |
|||
fi |
|||
|
|||
if ! _contains "$response" "$AF_API_SUCCESS"; then |
|||
_err "DNS API error: $response" |
|||
|
|||
return 1 |
|||
fi |
|||
|
|||
_debug 'Response' "$response" |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
# Gets the root domain zone for given domain. |
|||
# Usage: _get_zone _acme-challenge.www.example.com |
|||
_get_zone() { |
|||
fqdn="$1" |
|||
domains="$(_get "$AF_URL_DOMAINS" '' 10)" |
|||
_info 'Getting domain zone…' |
|||
_debug2 'FQDN' "$fqdn" |
|||
_debug2 'Domains' "$domains" |
|||
|
|||
while _contains "$fqdn" "."; do |
|||
if _contains "$domains" "$fqdn"; then |
|||
domain="$fqdn" |
|||
_info "Found root domain zone: $domain" |
|||
break |
|||
else |
|||
fqdn="${fqdn#*.}" |
|||
_debug2 'FQDN' "$fqdn" |
|||
fi |
|||
done |
|||
|
|||
if [ "$domain" = "$fqdn" ]; then |
|||
return 0 |
|||
fi |
|||
|
|||
_err 'Couldn'\''t find root domain zone.' |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
# Sets the credentials for accessing ArtFiles's API |
|||
# Usage: _set_credentials |
|||
_set_credentials() { |
|||
_info 'Setting credentials…' |
|||
AF_API_USERNAME="${AF_API_USERNAME:-$(_readaccountconf_mutable AF_API_USERNAME)}" |
|||
AF_API_PASSWORD="${AF_API_PASSWORD:-$(_readaccountconf_mutable AF_API_PASSWORD)}" |
|||
if [ -z "$AF_API_USERNAME" ] || [ -z "$AF_API_PASSWORD" ]; then |
|||
_err 'Missing ArtFiles.de username and/or password.' |
|||
_err 'Please ensure both are set via export command & try again.' |
|||
|
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
# Adds the HTTP Authorization & Content-Type headers to a follow-up request. |
|||
# Usage: _set_headers |
|||
_set_headers() { |
|||
_info 'Setting headers…' |
|||
encoded="$(printf -- '%s:%s' "$AF_API_USERNAME" "$AF_API_PASSWORD" | _base64)" |
|||
export _H1="Authorization: Basic $encoded" |
|||
export _H2='Content-Type: application/json' |
|||
} |
@ -0,0 +1,89 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#Here is a sample custom api script. |
|||
#This file name is "dns_bookmyname.sh" |
|||
#So, here must be a method dns_bookmyname_add() |
|||
#Which will be called by acme.sh to add the txt record to your api system. |
|||
#returns 0 means success, otherwise error. |
|||
# |
|||
#Author: Neilpang |
|||
#Report Bugs here: https://github.com/acmesh-official/acme.sh |
|||
# |
|||
######## Public functions ##################### |
|||
|
|||
# Please Read this guide first: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide |
|||
|
|||
# BookMyName urls: |
|||
# https://BOOKMYNAME_USERNAME:BOOKMYNAME_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=add&value="XXXXXXXX"' |
|||
# https://BOOKMYNAME_USERNAME:BOOKMYNAME_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=remove&value="XXXXXXXX"' |
|||
|
|||
# Output: |
|||
#good: update done, cid 123456, domain id 456789, type txt, ip XXXXXXXX |
|||
#good: remove done 1, cid 123456, domain id 456789, ttl 300, type txt, ip XXXXXXXX |
|||
|
|||
# Be careful, BMN DNS servers can be slow to pick up changes; using dnssleep is thus advised. |
|||
|
|||
# Usage: |
|||
# export BOOKMYNAME_USERNAME="ABCDE-FREE" |
|||
# export BOOKMYNAME_PASSWORD="MyPassword" |
|||
# /usr/local/ssl/acme.sh/acme.sh --dns dns_bookmyname --dnssleep 600 --issue -d domain.tld |
|||
|
|||
#Usage: dns_bookmyname_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_bookmyname_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using bookmyname" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
BOOKMYNAME_USERNAME="${BOOKMYNAME_USERNAME:-$(_readaccountconf_mutable BOOKMYNAME_USERNAME)}" |
|||
BOOKMYNAME_PASSWORD="${BOOKMYNAME_PASSWORD:-$(_readaccountconf_mutable BOOKMYNAME_PASSWORD)}" |
|||
|
|||
if [ -z "$BOOKMYNAME_USERNAME" ] || [ -z "$BOOKMYNAME_PASSWORD" ]; then |
|||
BOOKMYNAME_USERNAME="" |
|||
BOOKMYNAME_PASSWORD="" |
|||
_err "You didn't specify BookMyName username and password yet." |
|||
_err "Please specify them and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the credentials to the account conf file. |
|||
_saveaccountconf_mutable BOOKMYNAME_USERNAME "$BOOKMYNAME_USERNAME" |
|||
_saveaccountconf_mutable BOOKMYNAME_PASSWORD "$BOOKMYNAME_PASSWORD" |
|||
|
|||
uri="https://${BOOKMYNAME_USERNAME}:${BOOKMYNAME_PASSWORD}@www.bookmyname.com/dyndns/" |
|||
data="?hostname=${fulldomain}&type=TXT&ttl=300&do=add&value=${txtvalue}" |
|||
result="$(_get "${uri}${data}")" |
|||
_debug "Result: $result" |
|||
|
|||
if ! _startswith "$result" 'good: update done, cid '; then |
|||
_err "Can't add $fulldomain" |
|||
return 1 |
|||
fi |
|||
|
|||
} |
|||
|
|||
#Usage: fulldomain txtvalue |
|||
#Remove the txt record after validation. |
|||
dns_bookmyname_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using bookmyname" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
BOOKMYNAME_USERNAME="${BOOKMYNAME_USERNAME:-$(_readaccountconf_mutable BOOKMYNAME_USERNAME)}" |
|||
BOOKMYNAME_PASSWORD="${BOOKMYNAME_PASSWORD:-$(_readaccountconf_mutable BOOKMYNAME_PASSWORD)}" |
|||
|
|||
uri="https://${BOOKMYNAME_USERNAME}:${BOOKMYNAME_PASSWORD}@www.bookmyname.com/dyndns/" |
|||
data="?hostname=${fulldomain}&type=TXT&ttl=300&do=remove&value=${txtvalue}" |
|||
result="$(_get "${uri}${data}")" |
|||
_debug "Result: $result" |
|||
|
|||
if ! _startswith "$result" 'good: remove done 1, cid '; then |
|||
_info "Can't remove $fulldomain" |
|||
fi |
|||
|
|||
} |
|||
|
|||
#################### Private functions below ################################## |
@ -0,0 +1,185 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#use dns-01 at DNSExit.com |
|||
|
|||
#Author: Samuel Jimenez |
|||
#Report Bugs here: https://github.com/acmesh-official/acme.sh |
|||
|
|||
#DNSEXIT_API_KEY=ABCDEFGHIJ0123456789abcdefghij |
|||
#DNSEXIT_AUTH_USER=login@email.address |
|||
#DNSEXIT_AUTH_PASS=aStrongPassword |
|||
DNSEXIT_API_URL="https://api.dnsexit.com/dns/" |
|||
DNSEXIT_HOSTS_URL="https://update.dnsexit.com/ipupdate/hosts.jsp" |
|||
|
|||
######## Public functions ##################### |
|||
#Usage: dns_dnsexit_add _acme-challenge.*.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_dnsexit_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using DNSExit.com" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
_debug 'Load account auth' |
|||
if ! get_account_info; then |
|||
return 1 |
|||
fi |
|||
|
|||
_debug 'First detect the root zone' |
|||
if ! _get_root "$fulldomain"; then |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
if ! _dnsexit_rest "{\"domain\":\"$_domain\",\"add\":{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":0,\"overwrite\":false}}"; then |
|||
_err "$response" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 _response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
#Usage: fulldomain txtvalue |
|||
#Remove the txt record after validation. |
|||
dns_dnsexit_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using DNSExit.com" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
_debug 'Load account auth' |
|||
if ! get_account_info; then |
|||
return 1 |
|||
fi |
|||
|
|||
_debug 'First detect the root zone' |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "$response" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
if ! _dnsexit_rest "{\"domain\":\"$_domain\",\"delete\":{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\"}}"; then |
|||
_err "$response" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 _response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
while true; do |
|||
_domain=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug h "$_domain" |
|||
if [ -z "$_domain" ]; then |
|||
return 1 |
|||
fi |
|||
|
|||
_debug login "$DNSEXIT_AUTH_USER" |
|||
_debug password "$DNSEXIT_AUTH_PASS" |
|||
_debug domain "$_domain" |
|||
|
|||
_dnsexit_http "login=$DNSEXIT_AUTH_USER&password=$DNSEXIT_AUTH_PASS&domain=$_domain" |
|||
|
|||
if _contains "$response" "0=$_domain"; then |
|||
_sub_domain="$(echo "$fulldomain" | sed "s/\\.$_domain\$//")" |
|||
return 0 |
|||
else |
|||
_debug "Go to next level of $_domain" |
|||
fi |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
_dnsexit_rest() { |
|||
m=POST |
|||
ep="" |
|||
data="$1" |
|||
_debug _dnsexit_rest "$ep" |
|||
_debug data "$data" |
|||
|
|||
api_key_trimmed=$(echo "$DNSEXIT_API_KEY" | tr -d '"') |
|||
|
|||
export _H1="apikey: $api_key_trimmed" |
|||
export _H2='Content-Type: application/json' |
|||
|
|||
if [ "$m" != "GET" ]; then |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$DNSEXIT_API_URL/$ep" "" "$m")" |
|||
else |
|||
response="$(_get "$DNSEXIT_API_URL/$ep")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "Error $ep" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
_dnsexit_http() { |
|||
m=GET |
|||
param="$1" |
|||
_debug param "$param" |
|||
_debug get "$DNSEXIT_HOSTS_URL?$param" |
|||
|
|||
response="$(_get "$DNSEXIT_HOSTS_URL?$param")" |
|||
|
|||
_debug response "$response" |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "Error $param" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
get_account_info() { |
|||
|
|||
DNSEXIT_API_KEY="${DNSEXIT_API_KEY:-$(_readaccountconf_mutable DNSEXIT_API_KEY)}" |
|||
if test -z "$DNSEXIT_API_KEY"; then |
|||
DNSEXIT_API_KEY='' |
|||
_err 'DNSEXIT_API_KEY was not exported' |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable DNSEXIT_API_KEY "$DNSEXIT_API_KEY" |
|||
|
|||
DNSEXIT_AUTH_USER="${DNSEXIT_AUTH_USER:-$(_readaccountconf_mutable DNSEXIT_AUTH_USER)}" |
|||
if test -z "$DNSEXIT_AUTH_USER"; then |
|||
DNSEXIT_AUTH_USER="" |
|||
_err 'DNSEXIT_AUTH_USER was not exported' |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable DNSEXIT_AUTH_USER "$DNSEXIT_AUTH_USER" |
|||
|
|||
DNSEXIT_AUTH_PASS="${DNSEXIT_AUTH_PASS:-$(_readaccountconf_mutable DNSEXIT_AUTH_PASS)}" |
|||
if test -z "$DNSEXIT_AUTH_PASS"; then |
|||
DNSEXIT_AUTH_PASS="" |
|||
_err 'DNSEXIT_AUTH_PASS was not exported' |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable DNSEXIT_AUTH_PASS "$DNSEXIT_AUTH_PASS" |
|||
|
|||
return 0 |
|||
} |
@ -1,148 +0,0 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# DNS API for Domain-Offensive / Resellerinterface / Domainrobot |
|||
|
|||
# Report bugs at https://github.com/seidler2547/acme.sh/issues |
|||
|
|||
# set these environment variables to match your customer ID and password: |
|||
# DO_PID="KD-1234567" |
|||
# DO_PW="cdfkjl3n2" |
|||
|
|||
DO_URL="https://soap.resellerinterface.de/" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_do_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
if _dns_do_authenticate; then |
|||
_info "Adding TXT record to ${_domain} as ${fulldomain}" |
|||
_dns_do_soap createRR origin "${_domain}" name "${fulldomain}" type TXT data "${txtvalue}" ttl 300 |
|||
if _contains "${response}" '>success<'; then |
|||
return 0 |
|||
fi |
|||
_err "Could not create resource record, check logs" |
|||
fi |
|||
return 1 |
|||
} |
|||
|
|||
#fulldomain |
|||
dns_do_rm() { |
|||
fulldomain=$1 |
|||
if _dns_do_authenticate; then |
|||
if _dns_do_list_rrs; then |
|||
_dns_do_had_error=0 |
|||
for _rrid in ${_rr_list}; do |
|||
_info "Deleting resource record $_rrid for $_domain" |
|||
_dns_do_soap deleteRR origin "${_domain}" rrid "${_rrid}" |
|||
if ! _contains "${response}" '>success<'; then |
|||
_dns_do_had_error=1 |
|||
_err "Could not delete resource record for ${_domain}, id ${_rrid}" |
|||
fi |
|||
done |
|||
return $_dns_do_had_error |
|||
fi |
|||
fi |
|||
return 1 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
_dns_do_authenticate() { |
|||
_info "Authenticating as ${DO_PID}" |
|||
_dns_do_soap authPartner partner "${DO_PID}" password "${DO_PW}" |
|||
if _contains "${response}" '>success<'; then |
|||
_get_root "$fulldomain" |
|||
_debug "_domain $_domain" |
|||
return 0 |
|||
else |
|||
_err "Authentication failed, are DO_PID and DO_PW set correctly?" |
|||
fi |
|||
return 1 |
|||
} |
|||
|
|||
_dns_do_list_rrs() { |
|||
_dns_do_soap getRRList origin "${_domain}" |
|||
if ! _contains "${response}" 'SOAP-ENC:Array'; then |
|||
_err "getRRList origin ${_domain} failed" |
|||
return 1 |
|||
fi |
|||
_rr_list="$(echo "${response}" | |
|||
tr -d "\n\r\t" | |
|||
sed -e 's/<item xsi:type="ns2:Map">/\n/g' | |
|||
grep ">$(_regexcape "$fulldomain")</value>" | |
|||
sed -e 's/<\/item>/\n/g' | |
|||
grep '>id</key><value' | |
|||
_egrep_o '>[0-9]{1,16}<' | |
|||
tr -d '><')" |
|||
[ "${_rr_list}" ] |
|||
} |
|||
|
|||
_dns_do_soap() { |
|||
func="$1" |
|||
shift |
|||
# put the parameters to xml |
|||
body="<tns:${func} xmlns:tns=\"${DO_URL}\">" |
|||
while [ "$1" ]; do |
|||
_k="$1" |
|||
shift |
|||
_v="$1" |
|||
shift |
|||
body="$body<$_k>$_v</$_k>" |
|||
done |
|||
body="$body</tns:${func}>" |
|||
_debug2 "SOAP request ${body}" |
|||
|
|||
# build SOAP XML |
|||
_xml='<?xml version="1.0" encoding="UTF-8"?> |
|||
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"> |
|||
<env:Body>'"$body"'</env:Body> |
|||
</env:Envelope>' |
|||
|
|||
# set SOAP headers |
|||
export _H1="SOAPAction: ${DO_URL}#${func}" |
|||
|
|||
if ! response="$(_post "${_xml}" "${DO_URL}")"; then |
|||
_err "Error <$1>" |
|||
return 1 |
|||
fi |
|||
_debug2 "SOAP response $response" |
|||
|
|||
# retrieve cookie header |
|||
_H2="$(_egrep_o 'Cookie: [^;]+' <"$HTTP_HEADER" | _head_n 1)" |
|||
export _H2 |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
|
|||
_dns_do_soap getDomainList |
|||
_all_domains="$(echo "${response}" | |
|||
tr -d "\n\r\t " | |
|||
_egrep_o 'domain</key><value[^>]+>[^<]+' | |
|||
sed -e 's/^domain<\/key><value[^>]*>//g')" |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
if [ -z "$h" ]; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "${_all_domains}" "^$(_regexcape "$h")\$"; then |
|||
_domain="$h" |
|||
return 0 |
|||
fi |
|||
|
|||
i=$(_math $i + 1) |
|||
done |
|||
_debug "$domain not found" |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
_regexcape() { |
|||
echo "$1" | sed -e 's/\([]\.$*^[]\)/\\\1/g' |
|||
} |
@ -0,0 +1,94 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Created by Laraveluser |
|||
# |
|||
# Pass credentials before "acme.sh --issue --dns dns_limacity ..." |
|||
# -- |
|||
# export LIMACITY_APIKEY="<API-KEY>" |
|||
# -- |
|||
# |
|||
# Pleas note: APIKEY must have following roles: dns.admin, domains.reader |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
LIMACITY_APIKEY="${LIMACITY_APIKEY:-$(_readaccountconf_mutable LIMACITY_APIKEY)}" |
|||
AUTH=$(printf "%s" "api:$LIMACITY_APIKEY" | _base64 -w 0) |
|||
export _H1="Authorization: Basic $AUTH" |
|||
export _H2="Content-Type: application/json" |
|||
APIBASE=https://www.lima-city.de/usercp |
|||
|
|||
#Usage: dns_limacity_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_limacity_add() { |
|||
_debug LIMACITY_APIKEY "$LIMACITY_APIKEY" |
|||
if [ "$LIMACITY_APIKEY" = "" ]; then |
|||
_err "No Credentials given" |
|||
return 1 |
|||
fi |
|||
|
|||
# save the dns server and key to the account conf file. |
|||
_saveaccountconf_mutable LIMACITY_APIKEY "${LIMACITY_APIKEY}" |
|||
|
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
if ! _lima_get_domain_id "$fulldomain"; then return 1; fi |
|||
|
|||
msg=$(_post "{\"nameserver_record\":{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"${txtvalue}\",\"ttl\":60}}" "${APIBASE}/domains/${LIMACITY_DOMAINID}/records.json" "" "POST") |
|||
_debug "$msg" |
|||
|
|||
if [ "$(echo "$msg" | _egrep_o "\"status\":\"ok\"")" = "" ]; then |
|||
_err "$msg" |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
#Usage: dns_limacity_rm _acme-challenge.www.domain.com |
|||
dns_limacity_rm() { |
|||
|
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
if ! _lima_get_domain_id "$fulldomain"; then return 1; fi |
|||
|
|||
for recordId in $(_get "${APIBASE}/domains/${LIMACITY_DOMAINID}/records.json" | _egrep_o "{\"id\":[0-9]*[^}]*,\"name\":\"${fulldomain}\"" | _egrep_o "[0-9]*"); do |
|||
_post "" "${APIBASE}/domains/${LIMACITY_DOMAINID}/records/${recordId}" "" "DELETE" |
|||
done |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
_lima_get_domain_id() { |
|||
domain="$1" |
|||
_debug "$domain" |
|||
i=2 |
|||
p=1 |
|||
|
|||
domains=$(_get "${APIBASE}/domains.json") |
|||
if [ "$(echo "$domains" | _egrep_o "\{.*""domains""")" ]; then |
|||
response="$(echo "$domains" | tr -d "\n" | tr '{' "|" | sed 's/|/&{/g' | tr "|" "\n")" |
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
hostedzone="$(echo "$response" | _egrep_o "\{.*""unicode_fqdn""[^,]+""$h"".*\}")" |
|||
if [ "$hostedzone" ]; then |
|||
LIMACITY_DOMAINID=$(printf "%s\n" "$hostedzone" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ ) |
|||
if [ "$LIMACITY_DOMAINID" ]; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain=$h |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
fi |
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
fi |
|||
return 1 |
|||
} |
@ -0,0 +1,211 @@ |
|||
#!/usr/bin/env sh |
|||
Tencent_API="https://dnspod.tencentcloudapi.com" |
|||
|
|||
#Tencent_SecretId="AKIDz81d2cd22cdcdc2dcd1cc1d1A" |
|||
#Tencent_SecretKey="Gu5t9abcabcaabcbabcbbbcbcbbccbbcb" |
|||
|
|||
#Usage: dns_tencent_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_tencent_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
Tencent_SecretId="${Tencent_SecretId:-$(_readaccountconf_mutable Tencent_SecretId)}" |
|||
Tencent_SecretKey="${Tencent_SecretKey:-$(_readaccountconf_mutable Tencent_SecretKey)}" |
|||
if [ -z "$Tencent_SecretId" ] || [ -z "$Tencent_SecretKey" ]; then |
|||
Tencent_SecretId="" |
|||
Tencent_SecretKey="" |
|||
_err "You don't specify tencent api SecretId and SecretKey yet." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the api SecretId and SecretKey to the account conf file. |
|||
_saveaccountconf_mutable Tencent_SecretId "$Tencent_SecretId" |
|||
_saveaccountconf_mutable Tencent_SecretKey "$Tencent_SecretKey" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "Add record" |
|||
_add_record_query "$_domain" "$_sub_domain" "$txtvalue" && _tencent_rest "CreateRecord" |
|||
} |
|||
|
|||
dns_tencent_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
Tencent_SecretId="${Tencent_SecretId:-$(_readaccountconf_mutable Tencent_SecretId)}" |
|||
Tencent_SecretKey="${Tencent_SecretKey:-$(_readaccountconf_mutable Tencent_SecretKey)}" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "Get record list" |
|||
attempt=1 |
|||
max_attempts=5 |
|||
while [ -z "$record_id" ] && [ "$attempt" -le $max_attempts ]; do |
|||
_check_exist_query "$_domain" "$_sub_domain" "$txtvalue" && _tencent_rest "DescribeRecordFilterList" |
|||
record_id="$(echo "$response" | _egrep_o "\"RecordId\":\s*[0-9]+" | _egrep_o "[0-9]+")" |
|||
_debug2 record_id "$record_id" |
|||
if [ -z "$record_id" ]; then |
|||
_debug "Due to TencentCloud API synchronization delay, record not found, waiting 10 seconds and retrying" |
|||
_sleep 10 |
|||
attempt=$(_math "$attempt + 1") |
|||
fi |
|||
done |
|||
|
|||
record_id="$(echo "$response" | _egrep_o "\"RecordId\":\s*[0-9]+" | _egrep_o "[0-9]+")" |
|||
_debug2 record_id "$record_id" |
|||
|
|||
if [ -z "$record_id" ]; then |
|||
_debug "record not found after $max_attempts attempts, skip" |
|||
else |
|||
_debug "Delete record" |
|||
_delete_record_query "$record_id" && _tencent_rest "DeleteRecord" |
|||
fi |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
p=1 |
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
_describe_records_query "$h" "@" |
|||
if ! _tencent_rest "DescribeRecordList" "ignore"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"TotalCount\":"; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") |
|||
_debug _sub_domain "$_sub_domain" |
|||
_domain="$h" |
|||
_debug _domain "$_domain" |
|||
return 0 |
|||
fi |
|||
p="$i" |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_tencent_rest() { |
|||
action=$1 |
|||
service="dnspod" |
|||
payload="${query}" |
|||
timestamp=$(date -u +%s) |
|||
|
|||
token=$(tencent_signature_v3 $service "$action" "$payload" "$timestamp") |
|||
version="2021-03-23" |
|||
|
|||
if ! response="$(tencent_api_request $service $version "$action" "$payload" "$timestamp")"; then |
|||
_err "Error <$1>" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 response "$response" |
|||
if [ -z "$2" ]; then |
|||
message="$(echo "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")" |
|||
if [ "$message" ]; then |
|||
_err "$message" |
|||
return 1 |
|||
fi |
|||
fi |
|||
} |
|||
|
|||
_add_record_query() { |
|||
query="{\"Domain\":\"$1\",\"SubDomain\":\"$2\",\"RecordType\":\"TXT\",\"RecordLineId\":\"0\",\"RecordLine\":\"0\",\"Value\":\"$3\",\"TTL\":600}" |
|||
} |
|||
|
|||
_describe_records_query() { |
|||
query="{\"Domain\":\"$1\",\"Limit\":3000}" |
|||
} |
|||
|
|||
_delete_record_query() { |
|||
query="{\"Domain\":\"$_domain\",\"RecordId\":$1}" |
|||
} |
|||
|
|||
_check_exist_query() { |
|||
_domain="$1" |
|||
_subdomain="$2" |
|||
_value="$3" |
|||
query="{\"Domain\":\"$_domain\",\"SubDomain\":\"$_subdomain\",\"RecordValue\":\"$_value\"}" |
|||
} |
|||
|
|||
# shell client for tencent cloud api v3 | @author: rehiy |
|||
|
|||
tencent_sha256() { |
|||
printf %b "$@" | _digest sha256 hex |
|||
} |
|||
|
|||
tencent_hmac_sha256() { |
|||
k=$1 |
|||
shift |
|||
hex_key=$(printf %b "$k" | _hex_dump | tr -d ' ') |
|||
printf %b "$@" | _hmac sha256 "$hex_key" hex |
|||
} |
|||
|
|||
tencent_hmac_sha256_hexkey() { |
|||
k=$1 |
|||
shift |
|||
printf %b "$@" | _hmac sha256 "$k" hex |
|||
} |
|||
|
|||
tencent_signature_v3() { |
|||
service=$1 |
|||
action=$(echo "$2" | _lower_case) |
|||
payload=${3:-'{}'} |
|||
timestamp=${4:-$(date +%s)} |
|||
|
|||
domain="$service.tencentcloudapi.com" |
|||
secretId=${Tencent_SecretId:-'tencent-cloud-secret-id'} |
|||
secretKey=${Tencent_SecretKey:-'tencent-cloud-secret-key'} |
|||
|
|||
algorithm='TC3-HMAC-SHA256' |
|||
date=$(date -u -d "@$timestamp" +%Y-%m-%d 2>/dev/null) |
|||
[ -z "$date" ] && date=$(date -u -r "$timestamp" +%Y-%m-%d) |
|||
|
|||
canonicalUri='/' |
|||
canonicalQuery='' |
|||
canonicalHeaders="content-type:application/json\nhost:$domain\nx-tc-action:$action\n" |
|||
|
|||
signedHeaders='content-type;host;x-tc-action' |
|||
canonicalRequest="POST\n$canonicalUri\n$canonicalQuery\n$canonicalHeaders\n$signedHeaders\n$(tencent_sha256 "$payload")" |
|||
|
|||
credentialScope="$date/$service/tc3_request" |
|||
stringToSign="$algorithm\n$timestamp\n$credentialScope\n$(tencent_sha256 "$canonicalRequest")" |
|||
|
|||
secretDate=$(tencent_hmac_sha256 "TC3$secretKey" "$date") |
|||
secretService=$(tencent_hmac_sha256_hexkey "$secretDate" "$service") |
|||
secretSigning=$(tencent_hmac_sha256_hexkey "$secretService" 'tc3_request') |
|||
signature=$(tencent_hmac_sha256_hexkey "$secretSigning" "$stringToSign") |
|||
|
|||
echo "$algorithm Credential=$secretId/$credentialScope, SignedHeaders=$signedHeaders, Signature=$signature" |
|||
} |
|||
|
|||
tencent_api_request() { |
|||
service=$1 |
|||
version=$2 |
|||
action=$3 |
|||
payload=${4:-'{}'} |
|||
timestamp=${5:-$(date +%s)} |
|||
|
|||
token=$(tencent_signature_v3 "$service" "$action" "$payload" "$timestamp") |
|||
|
|||
_H1="Content-Type: application/json" |
|||
_H2="Authorization: $token" |
|||
_H3="X-TC-Version: $version" |
|||
_H4="X-TC-Timestamp: $timestamp" |
|||
_H5="X-TC-Action: $action" |
|||
|
|||
_post "$payload" "$Tencent_API" "" "POST" "application/json" |
|||
} |
@ -0,0 +1,105 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# West.cn Domain api |
|||
#WEST_Username="username" |
|||
#WEST_Key="sADDsdasdgdsf" |
|||
#Set key at https://www.west.cn/manager/API/APIconfig.asp |
|||
|
|||
REST_API="https://api.west.cn/API/v2" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_west_cn_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
WEST_Username="${WEST_Username:-$(_readaccountconf_mutable WEST_Username)}" |
|||
WEST_Key="${WEST_Key:-$(_readaccountconf_mutable WEST_Key)}" |
|||
if [ -z "$WEST_Username" ] || [ -z "$WEST_Key" ]; then |
|||
WEST_Username="" |
|||
WEST_Key="" |
|||
_err "You don't specify west api key and username yet." |
|||
_err "Please set you key and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the api key and email to the account conf file. |
|||
_saveaccountconf_mutable WEST_Username "$WEST_Username" |
|||
_saveaccountconf_mutable WEST_Key "$WEST_Key" |
|||
|
|||
add_record "$fulldomain" "$txtvalue" |
|||
} |
|||
|
|||
#Usage: rm _acme-challenge.www.domain.com |
|||
dns_west_cn_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
WEST_Username="${WEST_Username:-$(_readaccountconf_mutable WEST_Username)}" |
|||
WEST_Key="${WEST_Key:-$(_readaccountconf_mutable WEST_Key)}" |
|||
|
|||
if ! _rest POST "domain/dns/" "act=dnsrec.list&username=$WEST_Username&apikey=$WEST_Key&domain=$fulldomain&hostname=$fulldomain&record_type=TXT"; then |
|||
_err "dnsrec.list error." |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" 'no records'; then |
|||
_info "Don't need to remove." |
|||
return 0 |
|||
fi |
|||
|
|||
record_id=$(echo "$response" | tr "{" "\n" | grep -- "$txtvalue" | grep '^"record_id"' | cut -d : -f 2 | cut -d ',' -f 1) |
|||
_debug record_id "$record_id" |
|||
if [ -z "$record_id" ]; then |
|||
_err "Can not get record id." |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _rest POST "domain/dns/" "act=dnsrec.remove&username=$WEST_Username&apikey=$WEST_Key&domain=$fulldomain&hostname=$fulldomain&record_id=$record_id"; then |
|||
_err "dnsrec.remove error." |
|||
return 1 |
|||
fi |
|||
|
|||
_contains "$response" "success" |
|||
} |
|||
|
|||
#add the txt record. |
|||
#usage: add fulldomain txtvalue |
|||
add_record() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_info "Adding record" |
|||
|
|||
if ! _rest POST "domain/dns/" "act=dnsrec.add&username=$WEST_Username&apikey=$WEST_Key&domain=$fulldomain&hostname=$fulldomain&record_type=TXT&record_value=$txtvalue"; then |
|||
return 1 |
|||
fi |
|||
|
|||
_contains "$response" "success" |
|||
} |
|||
|
|||
#Usage: method URI data |
|||
_rest() { |
|||
m="$1" |
|||
ep="$2" |
|||
data="$3" |
|||
_debug "$ep" |
|||
url="$REST_API/$ep" |
|||
|
|||
_debug url "$url" |
|||
|
|||
if [ "$m" = "GET" ]; then |
|||
response="$(_get "$url" | tr -d '\r')" |
|||
else |
|||
_debug2 data "$data" |
|||
response="$(_post "$data" "$url" | tr -d '\r')" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $ep" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
@ -0,0 +1,226 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# |
|||
#AWS_ACCESS_KEY_ID="sdfsdfsdfljlbjkljlkjsdfoiwje" |
|||
# |
|||
#AWS_SECRET_ACCESS_KEY="xxxxxxx" |
|||
# |
|||
#AWS_SES_REGION="us-east-1" |
|||
# |
|||
#AWS_SES_TO="xxxx@xxx.com" |
|||
# |
|||
#AWS_SES_FROM="xxxx@cccc.com" |
|||
# |
|||
#AWS_SES_FROM_NAME="Something something" |
|||
#This is the Amazon SES api wrapper for acme.sh |
|||
AWS_WIKI="https://docs.aws.amazon.com/ses/latest/dg/send-email-api.html" |
|||
|
|||
aws_ses_send() { |
|||
_subject="$1" |
|||
_content="$2" |
|||
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped |
|||
_debug "_statusCode" "$_statusCode" |
|||
|
|||
AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-$(_readaccountconf_mutable AWS_ACCESS_KEY_ID)}" |
|||
AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-$(_readaccountconf_mutable AWS_SECRET_ACCESS_KEY)}" |
|||
AWS_SES_REGION="${AWS_SES_REGION:-$(_readaccountconf_mutable AWS_SES_REGION)}" |
|||
|
|||
if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then |
|||
_use_container_role || _use_instance_role |
|||
fi |
|||
|
|||
if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then |
|||
AWS_ACCESS_KEY_ID="" |
|||
AWS_SECRET_ACCESS_KEY="" |
|||
_err "You haven't specified the aws SES api key id and and api key secret yet." |
|||
_err "Please create your key and try again. see $(__green $AWS_WIKI)" |
|||
return 1 |
|||
fi |
|||
|
|||
if [ -z "$AWS_SES_REGION" ]; then |
|||
AWS_SES_REGION="" |
|||
_err "You haven't specified the aws SES api region yet." |
|||
_err "Please specify your region and try again. see https://docs.aws.amazon.com/general/latest/gr/ses.html" |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable AWS_SES_REGION "$AWS_SES_REGION" |
|||
|
|||
#save for future use, unless using a role which will be fetched as needed |
|||
if [ -z "$_using_role" ]; then |
|||
_saveaccountconf_mutable AWS_ACCESS_KEY_ID "$AWS_ACCESS_KEY_ID" |
|||
_saveaccountconf_mutable AWS_SECRET_ACCESS_KEY "$AWS_SECRET_ACCESS_KEY" |
|||
fi |
|||
|
|||
AWS_SES_TO="${AWS_SES_TO:-$(_readaccountconf_mutable AWS_SES_TO)}" |
|||
if [ -z "$AWS_SES_TO" ]; then |
|||
AWS_SES_TO="" |
|||
_err "You didn't specify an email to AWS_SES_TO receive messages." |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable AWS_SES_TO "$AWS_SES_TO" |
|||
|
|||
AWS_SES_FROM="${AWS_SES_FROM:-$(_readaccountconf_mutable AWS_SES_FROM)}" |
|||
if [ -z "$AWS_SES_FROM" ]; then |
|||
AWS_SES_FROM="" |
|||
_err "You didn't specify an email to AWS_SES_FROM receive messages." |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable AWS_SES_FROM "$AWS_SES_FROM" |
|||
|
|||
AWS_SES_FROM_NAME="${AWS_SES_FROM_NAME:-$(_readaccountconf_mutable AWS_SES_FROM_NAME)}" |
|||
_saveaccountconf_mutable AWS_SES_FROM_NAME "$AWS_SES_FROM_NAME" |
|||
|
|||
AWS_SES_SENDFROM="$AWS_SES_FROM_NAME <$AWS_SES_FROM>" |
|||
|
|||
AWS_SES_ACTION="Action=SendEmail" |
|||
AWS_SES_SOURCE="Source=$AWS_SES_SENDFROM" |
|||
AWS_SES_TO="Destination.ToAddresses.member.1=$AWS_SES_TO" |
|||
AWS_SES_SUBJECT="Message.Subject.Data=$_subject" |
|||
AWS_SES_MESSAGE="Message.Body.Text.Data=$_content" |
|||
|
|||
_data="${AWS_SES_ACTION}&${AWS_SES_SOURCE}&${AWS_SES_TO}&${AWS_SES_SUBJECT}&${AWS_SES_MESSAGE}" |
|||
|
|||
response="$(aws_rest POST "" "" "$_data")" |
|||
} |
|||
|
|||
_use_metadata() { |
|||
_aws_creds="$( |
|||
_get "$1" "" 1 | |
|||
_normalizeJson | |
|||
tr '{,}' '\n' | |
|||
while read -r _line; do |
|||
_key="$(echo "${_line%%:*}" | tr -d '"')" |
|||
_value="${_line#*:}" |
|||
_debug3 "_key" "$_key" |
|||
_secure_debug3 "_value" "$_value" |
|||
case "$_key" in |
|||
AccessKeyId) echo "AWS_ACCESS_KEY_ID=$_value" ;; |
|||
SecretAccessKey) echo "AWS_SECRET_ACCESS_KEY=$_value" ;; |
|||
Token) echo "AWS_SESSION_TOKEN=$_value" ;; |
|||
esac |
|||
done | |
|||
paste -sd' ' - |
|||
)" |
|||
_secure_debug "_aws_creds" "$_aws_creds" |
|||
|
|||
if [ -z "$_aws_creds" ]; then |
|||
return 1 |
|||
fi |
|||
|
|||
eval "$_aws_creds" |
|||
_using_role=true |
|||
} |
|||
|
|||
#method uri qstr data |
|||
aws_rest() { |
|||
mtd="$1" |
|||
ep="$2" |
|||
qsr="$3" |
|||
data="$4" |
|||
|
|||
_debug mtd "$mtd" |
|||
_debug ep "$ep" |
|||
_debug qsr "$qsr" |
|||
_debug data "$data" |
|||
|
|||
CanonicalURI="/$ep" |
|||
_debug2 CanonicalURI "$CanonicalURI" |
|||
|
|||
CanonicalQueryString="$qsr" |
|||
_debug2 CanonicalQueryString "$CanonicalQueryString" |
|||
|
|||
RequestDate="$(date -u +"%Y%m%dT%H%M%SZ")" |
|||
_debug2 RequestDate "$RequestDate" |
|||
|
|||
#RequestDate="20161120T141056Z" ############## |
|||
|
|||
export _H1="x-amz-date: $RequestDate" |
|||
|
|||
aws_host="email.$AWS_SES_REGION.amazonaws.com" |
|||
CanonicalHeaders="host:$aws_host\nx-amz-date:$RequestDate\n" |
|||
SignedHeaders="host;x-amz-date" |
|||
if [ -n "$AWS_SESSION_TOKEN" ]; then |
|||
export _H3="x-amz-security-token: $AWS_SESSION_TOKEN" |
|||
CanonicalHeaders="${CanonicalHeaders}x-amz-security-token:$AWS_SESSION_TOKEN\n" |
|||
SignedHeaders="${SignedHeaders};x-amz-security-token" |
|||
fi |
|||
_debug2 CanonicalHeaders "$CanonicalHeaders" |
|||
_debug2 SignedHeaders "$SignedHeaders" |
|||
|
|||
RequestPayload="$data" |
|||
_debug2 RequestPayload "$RequestPayload" |
|||
|
|||
Hash="sha256" |
|||
|
|||
CanonicalRequest="$mtd\n$CanonicalURI\n$CanonicalQueryString\n$CanonicalHeaders\n$SignedHeaders\n$(printf "%s" "$RequestPayload" | _digest "$Hash" hex)" |
|||
_debug2 CanonicalRequest "$CanonicalRequest" |
|||
|
|||
HashedCanonicalRequest="$(printf "$CanonicalRequest%s" | _digest "$Hash" hex)" |
|||
_debug2 HashedCanonicalRequest "$HashedCanonicalRequest" |
|||
|
|||
Algorithm="AWS4-HMAC-SHA256" |
|||
_debug2 Algorithm "$Algorithm" |
|||
|
|||
RequestDateOnly="$(echo "$RequestDate" | cut -c 1-8)" |
|||
_debug2 RequestDateOnly "$RequestDateOnly" |
|||
|
|||
Region="$AWS_SES_REGION" |
|||
Service="ses" |
|||
|
|||
CredentialScope="$RequestDateOnly/$Region/$Service/aws4_request" |
|||
_debug2 CredentialScope "$CredentialScope" |
|||
|
|||
StringToSign="$Algorithm\n$RequestDate\n$CredentialScope\n$HashedCanonicalRequest" |
|||
|
|||
_debug2 StringToSign "$StringToSign" |
|||
|
|||
kSecret="AWS4$AWS_SECRET_ACCESS_KEY" |
|||
|
|||
#kSecret="wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY" ############################ |
|||
|
|||
_secure_debug2 kSecret "$kSecret" |
|||
|
|||
kSecretH="$(printf "%s" "$kSecret" | _hex_dump | tr -d " ")" |
|||
_secure_debug2 kSecretH "$kSecretH" |
|||
|
|||
kDateH="$(printf "$RequestDateOnly%s" | _hmac "$Hash" "$kSecretH" hex)" |
|||
_debug2 kDateH "$kDateH" |
|||
|
|||
kRegionH="$(printf "$Region%s" | _hmac "$Hash" "$kDateH" hex)" |
|||
_debug2 kRegionH "$kRegionH" |
|||
|
|||
kServiceH="$(printf "$Service%s" | _hmac "$Hash" "$kRegionH" hex)" |
|||
_debug2 kServiceH "$kServiceH" |
|||
|
|||
kSigningH="$(printf "%s" "aws4_request" | _hmac "$Hash" "$kServiceH" hex)" |
|||
_debug2 kSigningH "$kSigningH" |
|||
|
|||
signature="$(printf "$StringToSign%s" | _hmac "$Hash" "$kSigningH" hex)" |
|||
_debug2 signature "$signature" |
|||
|
|||
Authorization="$Algorithm Credential=$AWS_ACCESS_KEY_ID/$CredentialScope, SignedHeaders=$SignedHeaders, Signature=$signature" |
|||
_debug2 Authorization "$Authorization" |
|||
|
|||
_H2="Authorization: $Authorization" |
|||
_debug _H2 "$_H2" |
|||
|
|||
url="https://$aws_host/$ep" |
|||
if [ "$qsr" ]; then |
|||
url="https://$aws_host/$ep?$qsr" |
|||
fi |
|||
|
|||
if [ "$mtd" = "GET" ]; then |
|||
response="$(_get "$url")" |
|||
else |
|||
response="$(_post "$data" "$url")" |
|||
fi |
|||
|
|||
_ret="$?" |
|||
_debug2 response "$response" |
|||
if [ "$_ret" = "0" ]; then |
|||
if _contains "$response" "<ErrorResponse"; then |
|||
_err "Response error:$response" |
|||
return 1 |
|||
fi |
|||
fi |
|||
} |
@ -0,0 +1,52 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Support mattermost bots |
|||
|
|||
#MATTERMOST_API_URL="" |
|||
#MATTERMOST_CHANNEL_ID="" |
|||
#MATTERMOST_BOT_TOKEN="" |
|||
|
|||
mattermost_send() { |
|||
_subject="$1" |
|||
_content="$2" |
|||
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped |
|||
_debug "_statusCode" "$_statusCode" |
|||
|
|||
MATTERMOST_API_URL="${MATTERMOST_API_URL:-$(_readaccountconf_mutable MATTERMOST_API_URL)}" |
|||
if [ -z "$MATTERMOST_API_URL" ]; then |
|||
_err "You didn't specify a Mattermost API URL MATTERMOST_API_URL yet." |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable MATTERMOST_API_URL "$MATTERMOST_API_URL" |
|||
|
|||
MATTERMOST_CHANNEL_ID="${MATTERMOST_CHANNEL_ID:-$(_readaccountconf_mutable MATTERMOST_CHANNEL_ID)}" |
|||
if [ -z "$MATTERMOST_CHANNEL_ID" ]; then |
|||
_err "You didn't specify a Mattermost channel id MATTERMOST_CHANNEL_ID yet." |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable MATTERMOST_CHANNEL_ID "$MATTERMOST_CHANNEL_ID" |
|||
|
|||
MATTERMOST_BOT_TOKEN="${MATTERMOST_BOT_TOKEN:-$(_readaccountconf_mutable MATTERMOST_BOT_TOKEN)}" |
|||
if [ -z "$MATTERMOST_BOT_TOKEN" ]; then |
|||
_err "You didn't specify a Mattermost bot API token MATTERMOST_BOT_TOKEN yet." |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable MATTERMOST_BOT_TOKEN "$MATTERMOST_BOT_TOKEN" |
|||
|
|||
_content="$(printf "*%s*\n%s" "$_subject" "$_content" | _json_encode)" |
|||
_data="{\"channel_id\": \"$MATTERMOST_CHANNEL_ID\", " |
|||
_data="$_data\"message\": \"$_content\"}" |
|||
|
|||
export _H1="Authorization: Bearer $MATTERMOST_BOT_TOKEN" |
|||
response="" |
|||
if _post "$_data" "$MATTERMOST_API_URL" "" "POST" "application/json; charset=utf-8"; then |
|||
MATTERMOST_RESULT_OK=$(echo "$response" | _egrep_o 'create_at') |
|||
if [ "$?" = "0" ] && [ "$MATTERMOST_RESULT_OK" ]; then |
|||
_info "mattermost send success." |
|||
return 0 |
|||
fi |
|||
fi |
|||
_err "mattermost send error." |
|||
_err "$response" |
|||
return 1 |
|||
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue