laraveluser
10 months ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
36 changed files with 1358 additions and 378 deletions
-
89.github/workflows/DNS.yml
-
12.github/workflows/DragonFlyBSD.yml
-
6.github/workflows/FreeBSD.yml
-
2.github/workflows/Linux.yml
-
2.github/workflows/MacOS.yml
-
8.github/workflows/NetBSD.yml
-
75.github/workflows/Omnios.yml
-
6.github/workflows/OpenBSD.yml
-
4.github/workflows/PebbleStrict.yml
-
13.github/workflows/Solaris.yml
-
2.github/workflows/Ubuntu.yml
-
2.github/workflows/Windows.yml
-
2.github/workflows/dockerhub.yml
-
3.github/workflows/pr_dns.yml
-
2.github/workflows/pr_notify.yml
-
4.github/workflows/shellcheck.yml
-
35README.md
-
53acme.sh
-
2deploy/haproxy.sh
-
152deploy/panos.sh
-
8deploy/proxmoxve.sh
-
13deploy/synology_dsm.sh
-
4dnsapi/dns_1984hosting.sh
-
2dnsapi/dns_ali.sh
-
180dnsapi/dns_artfiles.sh
-
2dnsapi/dns_aws.sh
-
185dnsapi/dns_dnsexit.sh
-
21dnsapi/dns_gandi_livedns.sh
-
2dnsapi/dns_gcloud.sh
-
4dnsapi/dns_gcore.sh
-
2dnsapi/dns_inwx.sh
-
38dnsapi/dns_pleskxml.sh
-
211dnsapi/dns_tencent.sh
-
17dnsapi/dns_variomedia.sh
-
105dnsapi/dns_west_cn.sh
-
52notify/mattermost.sh
@ -0,0 +1,75 @@ |
|||
name: Omnios |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/Omnios.yml' |
|||
|
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/Omnios.yml' |
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
|
|||
|
|||
jobs: |
|||
Omnios: |
|||
strategy: |
|||
matrix: |
|||
include: |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
|||
ACME_USE_WGET: 1 |
|||
#- TEST_ACME_Server: "ZeroSSL.com" |
|||
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
|||
# CA: "ZeroSSL RSA Domain Secure Site CA" |
|||
# CA_EMAIL: "githubtest@acme.sh" |
|||
# TEST_PREFERRED_CHAIN: "" |
|||
runs-on: ubuntu-latest |
|||
env: |
|||
TEST_LOCAL: 1 |
|||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
|||
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
|||
CA: ${{ matrix.CA }} |
|||
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
|||
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
|||
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} |
|||
steps: |
|||
- uses: actions/checkout@v4 |
|||
- uses: vmactions/cf-tunnel@v0 |
|||
id: tunnel |
|||
with: |
|||
protocol: http |
|||
port: 8080 |
|||
- name: Set envs |
|||
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/omnios-vm@v1 |
|||
with: |
|||
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' |
|||
nat: | |
|||
"8080": "80" |
|||
prepare: pkg install socat wget |
|||
copyback: false |
|||
run: | |
|||
cd ../acmetest \ |
|||
&& ./letest.sh |
|||
|
|||
|
@ -0,0 +1,180 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
################################################################################ |
|||
# ACME.sh 3rd party DNS API plugin for ArtFiles.de |
|||
################################################################################ |
|||
# Author: Martin Arndt, https://troublezone.net/ |
|||
# Released: 2022-02-27 |
|||
# Issues: https://github.com/acmesh-official/acme.sh/issues/4718 |
|||
################################################################################ |
|||
# Usage: |
|||
# 1. export AF_API_USERNAME='api12345678' |
|||
# 2. export AF_API_PASSWORD='apiPassword' |
|||
# 3. acme.sh --issue -d example.com --dns dns_artfiles |
|||
################################################################################ |
|||
|
|||
########## API configuration ################################################### |
|||
|
|||
AF_API_SUCCESS='status":"OK' |
|||
AF_URL_DCP='https://dcp.c.artfiles.de/api/' |
|||
AF_URL_DNS=${AF_URL_DCP}'dns/{*}_dns.html?domain=' |
|||
AF_URL_DOMAINS=${AF_URL_DCP}'domain/get_domains.html' |
|||
|
|||
########## Public functions #################################################### |
|||
|
|||
# Adds a new TXT record for given ACME challenge value & domain. |
|||
# Usage: dns_artfiles_add _acme-challenge.www.example.com "ACME challenge value" |
|||
dns_artfiles_add() { |
|||
domain="$1" |
|||
txtValue="$2" |
|||
_info 'Using ArtFiles.de DNS addition API…' |
|||
_debug 'Domain' "$domain" |
|||
_debug 'txtValue' "$txtValue" |
|||
|
|||
_set_credentials |
|||
_saveaccountconf_mutable 'AF_API_USERNAME' "$AF_API_USERNAME" |
|||
_saveaccountconf_mutable 'AF_API_PASSWORD' "$AF_API_PASSWORD" |
|||
|
|||
_set_headers |
|||
_get_zone "$domain" |
|||
_dns 'GET' |
|||
if ! _contains "$response" 'TXT'; then |
|||
_err 'Retrieving TXT records failed.' |
|||
|
|||
return 1 |
|||
fi |
|||
|
|||
_clean_records |
|||
_dns 'SET' "$(printf -- '%s\n_acme-challenge "%s"' "$response" "$txtValue")" |
|||
if ! _contains "$response" "$AF_API_SUCCESS"; then |
|||
_err 'Adding ACME challenge value failed.' |
|||
|
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
# Removes the existing TXT record for given ACME challenge value & domain. |
|||
# Usage: dns_artfiles_rm _acme-challenge.www.example.com "ACME challenge value" |
|||
dns_artfiles_rm() { |
|||
domain="$1" |
|||
txtValue="$2" |
|||
_info 'Using ArtFiles.de DNS removal API…' |
|||
_debug 'Domain' "$domain" |
|||
_debug 'txtValue' "$txtValue" |
|||
|
|||
_set_credentials |
|||
_set_headers |
|||
_get_zone "$domain" |
|||
if ! _dns 'GET'; then |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _contains "$response" "$txtValue"; then |
|||
_err 'Retrieved TXT records are missing given ACME challenge value.' |
|||
|
|||
return 1 |
|||
fi |
|||
|
|||
_clean_records |
|||
response="$(printf -- '%s' "$response" | sed '/_acme-challenge "'"$txtValue"'"/d')" |
|||
_dns 'SET' "$response" |
|||
if ! _contains "$response" "$AF_API_SUCCESS"; then |
|||
_err 'Removing ACME challenge value failed.' |
|||
|
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
########## Private functions ################################################### |
|||
|
|||
# Cleans awful TXT records response of ArtFiles's API & pretty prints it. |
|||
# Usage: _clean_records |
|||
_clean_records() { |
|||
_info 'Cleaning TXT records…' |
|||
# Extract TXT part, strip trailing quote sign (ACME.sh API guidelines forbid |
|||
# usage of SED's GNU extensions, hence couldn't omit it via regex), strip '\' |
|||
# from '\"' & turn '\n' into real LF characters. |
|||
# Yup, awful API to use - but that's all we got to get this working, so… ;) |
|||
_debug2 'Raw ' "$response" |
|||
response="$(printf -- '%s' "$response" | sed 's/^.*TXT":"\([^}]*\).*$/\1/;s/,".*$//;s/.$//;s/\\"/"/g;s/\\n/\n/g')" |
|||
_debug2 'Clean' "$response" |
|||
} |
|||
|
|||
# Executes an HTTP GET or POST request for getting or setting DNS records, |
|||
# containing given payload upon POST. |
|||
# Usage: _dns [GET | SET] [payload] |
|||
_dns() { |
|||
_info 'Executing HTTP request…' |
|||
action="$1" |
|||
payload="$(printf -- '%s' "$2" | _url_encode)" |
|||
url="$(printf -- '%s%s' "$AF_URL_DNS" "$domain" | sed 's/{\*}/'"$(printf -- '%s' "$action" | _lower_case)"'/')" |
|||
|
|||
if [ "$action" = 'SET' ]; then |
|||
_debug2 'Payload' "$payload" |
|||
response="$(_post '' "$url&TXT=$payload" '' 'POST' 'application/x-www-form-urlencoded')" |
|||
else |
|||
response="$(_get "$url" '' 10)" |
|||
fi |
|||
|
|||
if ! _contains "$response" "$AF_API_SUCCESS"; then |
|||
_err "DNS API error: $response" |
|||
|
|||
return 1 |
|||
fi |
|||
|
|||
_debug 'Response' "$response" |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
# Gets the root domain zone for given domain. |
|||
# Usage: _get_zone _acme-challenge.www.example.com |
|||
_get_zone() { |
|||
fqdn="$1" |
|||
domains="$(_get "$AF_URL_DOMAINS" '' 10)" |
|||
_info 'Getting domain zone…' |
|||
_debug2 'FQDN' "$fqdn" |
|||
_debug2 'Domains' "$domains" |
|||
|
|||
while _contains "$fqdn" "."; do |
|||
if _contains "$domains" "$fqdn"; then |
|||
domain="$fqdn" |
|||
_info "Found root domain zone: $domain" |
|||
break |
|||
else |
|||
fqdn="${fqdn#*.}" |
|||
_debug2 'FQDN' "$fqdn" |
|||
fi |
|||
done |
|||
|
|||
if [ "$domain" = "$fqdn" ]; then |
|||
return 0 |
|||
fi |
|||
|
|||
_err 'Couldn'\''t find root domain zone.' |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
# Sets the credentials for accessing ArtFiles's API |
|||
# Usage: _set_credentials |
|||
_set_credentials() { |
|||
_info 'Setting credentials…' |
|||
AF_API_USERNAME="${AF_API_USERNAME:-$(_readaccountconf_mutable AF_API_USERNAME)}" |
|||
AF_API_PASSWORD="${AF_API_PASSWORD:-$(_readaccountconf_mutable AF_API_PASSWORD)}" |
|||
if [ -z "$AF_API_USERNAME" ] || [ -z "$AF_API_PASSWORD" ]; then |
|||
_err 'Missing ArtFiles.de username and/or password.' |
|||
_err 'Please ensure both are set via export command & try again.' |
|||
|
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
# Adds the HTTP Authorization & Content-Type headers to a follow-up request. |
|||
# Usage: _set_headers |
|||
_set_headers() { |
|||
_info 'Setting headers…' |
|||
encoded="$(printf -- '%s:%s' "$AF_API_USERNAME" "$AF_API_PASSWORD" | _base64)" |
|||
export _H1="Authorization: Basic $encoded" |
|||
export _H2='Content-Type: application/json' |
|||
} |
@ -0,0 +1,185 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#use dns-01 at DNSExit.com |
|||
|
|||
#Author: Samuel Jimenez |
|||
#Report Bugs here: https://github.com/acmesh-official/acme.sh |
|||
|
|||
#DNSEXIT_API_KEY=ABCDEFGHIJ0123456789abcdefghij |
|||
#DNSEXIT_AUTH_USER=login@email.address |
|||
#DNSEXIT_AUTH_PASS=aStrongPassword |
|||
DNSEXIT_API_URL="https://api.dnsexit.com/dns/" |
|||
DNSEXIT_HOSTS_URL="https://update.dnsexit.com/ipupdate/hosts.jsp" |
|||
|
|||
######## Public functions ##################### |
|||
#Usage: dns_dnsexit_add _acme-challenge.*.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_dnsexit_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using DNSExit.com" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
_debug 'Load account auth' |
|||
if ! get_account_info; then |
|||
return 1 |
|||
fi |
|||
|
|||
_debug 'First detect the root zone' |
|||
if ! _get_root "$fulldomain"; then |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
if ! _dnsexit_rest "{\"domain\":\"$_domain\",\"add\":{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":0,\"overwrite\":false}}"; then |
|||
_err "$response" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 _response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
#Usage: fulldomain txtvalue |
|||
#Remove the txt record after validation. |
|||
dns_dnsexit_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using DNSExit.com" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
_debug 'Load account auth' |
|||
if ! get_account_info; then |
|||
return 1 |
|||
fi |
|||
|
|||
_debug 'First detect the root zone' |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "$response" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
if ! _dnsexit_rest "{\"domain\":\"$_domain\",\"delete\":{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\"}}"; then |
|||
_err "$response" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 _response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
while true; do |
|||
_domain=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug h "$_domain" |
|||
if [ -z "$_domain" ]; then |
|||
return 1 |
|||
fi |
|||
|
|||
_debug login "$DNSEXIT_AUTH_USER" |
|||
_debug password "$DNSEXIT_AUTH_PASS" |
|||
_debug domain "$_domain" |
|||
|
|||
_dnsexit_http "login=$DNSEXIT_AUTH_USER&password=$DNSEXIT_AUTH_PASS&domain=$_domain" |
|||
|
|||
if _contains "$response" "0=$_domain"; then |
|||
_sub_domain="$(echo "$fulldomain" | sed "s/\\.$_domain\$//")" |
|||
return 0 |
|||
else |
|||
_debug "Go to next level of $_domain" |
|||
fi |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
_dnsexit_rest() { |
|||
m=POST |
|||
ep="" |
|||
data="$1" |
|||
_debug _dnsexit_rest "$ep" |
|||
_debug data "$data" |
|||
|
|||
api_key_trimmed=$(echo "$DNSEXIT_API_KEY" | tr -d '"') |
|||
|
|||
export _H1="apikey: $api_key_trimmed" |
|||
export _H2='Content-Type: application/json' |
|||
|
|||
if [ "$m" != "GET" ]; then |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$DNSEXIT_API_URL/$ep" "" "$m")" |
|||
else |
|||
response="$(_get "$DNSEXIT_API_URL/$ep")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "Error $ep" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
_dnsexit_http() { |
|||
m=GET |
|||
param="$1" |
|||
_debug param "$param" |
|||
_debug get "$DNSEXIT_HOSTS_URL?$param" |
|||
|
|||
response="$(_get "$DNSEXIT_HOSTS_URL?$param")" |
|||
|
|||
_debug response "$response" |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "Error $param" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
get_account_info() { |
|||
|
|||
DNSEXIT_API_KEY="${DNSEXIT_API_KEY:-$(_readaccountconf_mutable DNSEXIT_API_KEY)}" |
|||
if test -z "$DNSEXIT_API_KEY"; then |
|||
DNSEXIT_API_KEY='' |
|||
_err 'DNSEXIT_API_KEY was not exported' |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable DNSEXIT_API_KEY "$DNSEXIT_API_KEY" |
|||
|
|||
DNSEXIT_AUTH_USER="${DNSEXIT_AUTH_USER:-$(_readaccountconf_mutable DNSEXIT_AUTH_USER)}" |
|||
if test -z "$DNSEXIT_AUTH_USER"; then |
|||
DNSEXIT_AUTH_USER="" |
|||
_err 'DNSEXIT_AUTH_USER was not exported' |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable DNSEXIT_AUTH_USER "$DNSEXIT_AUTH_USER" |
|||
|
|||
DNSEXIT_AUTH_PASS="${DNSEXIT_AUTH_PASS:-$(_readaccountconf_mutable DNSEXIT_AUTH_PASS)}" |
|||
if test -z "$DNSEXIT_AUTH_PASS"; then |
|||
DNSEXIT_AUTH_PASS="" |
|||
_err 'DNSEXIT_AUTH_PASS was not exported' |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable DNSEXIT_AUTH_PASS "$DNSEXIT_AUTH_PASS" |
|||
|
|||
return 0 |
|||
} |
@ -0,0 +1,211 @@ |
|||
#!/usr/bin/env sh |
|||
Tencent_API="https://dnspod.tencentcloudapi.com" |
|||
|
|||
#Tencent_SecretId="AKIDz81d2cd22cdcdc2dcd1cc1d1A" |
|||
#Tencent_SecretKey="Gu5t9abcabcaabcbabcbbbcbcbbccbbcb" |
|||
|
|||
#Usage: dns_tencent_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_tencent_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
Tencent_SecretId="${Tencent_SecretId:-$(_readaccountconf_mutable Tencent_SecretId)}" |
|||
Tencent_SecretKey="${Tencent_SecretKey:-$(_readaccountconf_mutable Tencent_SecretKey)}" |
|||
if [ -z "$Tencent_SecretId" ] || [ -z "$Tencent_SecretKey" ]; then |
|||
Tencent_SecretId="" |
|||
Tencent_SecretKey="" |
|||
_err "You don't specify tencent api SecretId and SecretKey yet." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the api SecretId and SecretKey to the account conf file. |
|||
_saveaccountconf_mutable Tencent_SecretId "$Tencent_SecretId" |
|||
_saveaccountconf_mutable Tencent_SecretKey "$Tencent_SecretKey" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "Add record" |
|||
_add_record_query "$_domain" "$_sub_domain" "$txtvalue" && _tencent_rest "CreateRecord" |
|||
} |
|||
|
|||
dns_tencent_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
Tencent_SecretId="${Tencent_SecretId:-$(_readaccountconf_mutable Tencent_SecretId)}" |
|||
Tencent_SecretKey="${Tencent_SecretKey:-$(_readaccountconf_mutable Tencent_SecretKey)}" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "Get record list" |
|||
attempt=1 |
|||
max_attempts=5 |
|||
while [ -z "$record_id" ] && [ "$attempt" -le $max_attempts ]; do |
|||
_check_exist_query "$_domain" "$_sub_domain" "$txtvalue" && _tencent_rest "DescribeRecordFilterList" |
|||
record_id="$(echo "$response" | _egrep_o "\"RecordId\":\s*[0-9]+" | _egrep_o "[0-9]+")" |
|||
_debug2 record_id "$record_id" |
|||
if [ -z "$record_id" ]; then |
|||
_debug "Due to TencentCloud API synchronization delay, record not found, waiting 10 seconds and retrying" |
|||
_sleep 10 |
|||
attempt=$(_math "$attempt + 1") |
|||
fi |
|||
done |
|||
|
|||
record_id="$(echo "$response" | _egrep_o "\"RecordId\":\s*[0-9]+" | _egrep_o "[0-9]+")" |
|||
_debug2 record_id "$record_id" |
|||
|
|||
if [ -z "$record_id" ]; then |
|||
_debug "record not found after $max_attempts attempts, skip" |
|||
else |
|||
_debug "Delete record" |
|||
_delete_record_query "$record_id" && _tencent_rest "DeleteRecord" |
|||
fi |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
p=1 |
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
_describe_records_query "$h" "@" |
|||
if ! _tencent_rest "DescribeRecordList" "ignore"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"TotalCount\":"; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") |
|||
_debug _sub_domain "$_sub_domain" |
|||
_domain="$h" |
|||
_debug _domain "$_domain" |
|||
return 0 |
|||
fi |
|||
p="$i" |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_tencent_rest() { |
|||
action=$1 |
|||
service="dnspod" |
|||
payload="${query}" |
|||
timestamp=$(date -u +%s) |
|||
|
|||
token=$(tencent_signature_v3 $service "$action" "$payload" "$timestamp") |
|||
version="2021-03-23" |
|||
|
|||
if ! response="$(tencent_api_request $service $version "$action" "$payload" "$timestamp")"; then |
|||
_err "Error <$1>" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 response "$response" |
|||
if [ -z "$2" ]; then |
|||
message="$(echo "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")" |
|||
if [ "$message" ]; then |
|||
_err "$message" |
|||
return 1 |
|||
fi |
|||
fi |
|||
} |
|||
|
|||
_add_record_query() { |
|||
query="{\"Domain\":\"$1\",\"SubDomain\":\"$2\",\"RecordType\":\"TXT\",\"RecordLineId\":\"0\",\"RecordLine\":\"0\",\"Value\":\"$3\",\"TTL\":600}" |
|||
} |
|||
|
|||
_describe_records_query() { |
|||
query="{\"Domain\":\"$1\",\"Limit\":3000}" |
|||
} |
|||
|
|||
_delete_record_query() { |
|||
query="{\"Domain\":\"$_domain\",\"RecordId\":$1}" |
|||
} |
|||
|
|||
_check_exist_query() { |
|||
_domain="$1" |
|||
_subdomain="$2" |
|||
_value="$3" |
|||
query="{\"Domain\":\"$_domain\",\"SubDomain\":\"$_subdomain\",\"RecordValue\":\"$_value\"}" |
|||
} |
|||
|
|||
# shell client for tencent cloud api v3 | @author: rehiy |
|||
|
|||
tencent_sha256() { |
|||
printf %b "$@" | _digest sha256 hex |
|||
} |
|||
|
|||
tencent_hmac_sha256() { |
|||
k=$1 |
|||
shift |
|||
hex_key=$(printf %b "$k" | _hex_dump | tr -d ' ') |
|||
printf %b "$@" | _hmac sha256 "$hex_key" hex |
|||
} |
|||
|
|||
tencent_hmac_sha256_hexkey() { |
|||
k=$1 |
|||
shift |
|||
printf %b "$@" | _hmac sha256 "$k" hex |
|||
} |
|||
|
|||
tencent_signature_v3() { |
|||
service=$1 |
|||
action=$(echo "$2" | _lower_case) |
|||
payload=${3:-'{}'} |
|||
timestamp=${4:-$(date +%s)} |
|||
|
|||
domain="$service.tencentcloudapi.com" |
|||
secretId=${Tencent_SecretId:-'tencent-cloud-secret-id'} |
|||
secretKey=${Tencent_SecretKey:-'tencent-cloud-secret-key'} |
|||
|
|||
algorithm='TC3-HMAC-SHA256' |
|||
date=$(date -u -d "@$timestamp" +%Y-%m-%d 2>/dev/null) |
|||
[ -z "$date" ] && date=$(date -u -r "$timestamp" +%Y-%m-%d) |
|||
|
|||
canonicalUri='/' |
|||
canonicalQuery='' |
|||
canonicalHeaders="content-type:application/json\nhost:$domain\nx-tc-action:$action\n" |
|||
|
|||
signedHeaders='content-type;host;x-tc-action' |
|||
canonicalRequest="POST\n$canonicalUri\n$canonicalQuery\n$canonicalHeaders\n$signedHeaders\n$(tencent_sha256 "$payload")" |
|||
|
|||
credentialScope="$date/$service/tc3_request" |
|||
stringToSign="$algorithm\n$timestamp\n$credentialScope\n$(tencent_sha256 "$canonicalRequest")" |
|||
|
|||
secretDate=$(tencent_hmac_sha256 "TC3$secretKey" "$date") |
|||
secretService=$(tencent_hmac_sha256_hexkey "$secretDate" "$service") |
|||
secretSigning=$(tencent_hmac_sha256_hexkey "$secretService" 'tc3_request') |
|||
signature=$(tencent_hmac_sha256_hexkey "$secretSigning" "$stringToSign") |
|||
|
|||
echo "$algorithm Credential=$secretId/$credentialScope, SignedHeaders=$signedHeaders, Signature=$signature" |
|||
} |
|||
|
|||
tencent_api_request() { |
|||
service=$1 |
|||
version=$2 |
|||
action=$3 |
|||
payload=${4:-'{}'} |
|||
timestamp=${5:-$(date +%s)} |
|||
|
|||
token=$(tencent_signature_v3 "$service" "$action" "$payload" "$timestamp") |
|||
|
|||
_H1="Content-Type: application/json" |
|||
_H2="Authorization: $token" |
|||
_H3="X-TC-Version: $version" |
|||
_H4="X-TC-Timestamp: $timestamp" |
|||
_H5="X-TC-Action: $action" |
|||
|
|||
_post "$payload" "$Tencent_API" "" "POST" "application/json" |
|||
} |
@ -0,0 +1,105 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# West.cn Domain api |
|||
#WEST_Username="username" |
|||
#WEST_Key="sADDsdasdgdsf" |
|||
#Set key at https://www.west.cn/manager/API/APIconfig.asp |
|||
|
|||
REST_API="https://api.west.cn/API/v2" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_west_cn_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
WEST_Username="${WEST_Username:-$(_readaccountconf_mutable WEST_Username)}" |
|||
WEST_Key="${WEST_Key:-$(_readaccountconf_mutable WEST_Key)}" |
|||
if [ -z "$WEST_Username" ] || [ -z "$WEST_Key" ]; then |
|||
WEST_Username="" |
|||
WEST_Key="" |
|||
_err "You don't specify west api key and username yet." |
|||
_err "Please set you key and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the api key and email to the account conf file. |
|||
_saveaccountconf_mutable WEST_Username "$WEST_Username" |
|||
_saveaccountconf_mutable WEST_Key "$WEST_Key" |
|||
|
|||
add_record "$fulldomain" "$txtvalue" |
|||
} |
|||
|
|||
#Usage: rm _acme-challenge.www.domain.com |
|||
dns_west_cn_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
WEST_Username="${WEST_Username:-$(_readaccountconf_mutable WEST_Username)}" |
|||
WEST_Key="${WEST_Key:-$(_readaccountconf_mutable WEST_Key)}" |
|||
|
|||
if ! _rest POST "domain/dns/" "act=dnsrec.list&username=$WEST_Username&apikey=$WEST_Key&domain=$fulldomain&hostname=$fulldomain&record_type=TXT"; then |
|||
_err "dnsrec.list error." |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" 'no records'; then |
|||
_info "Don't need to remove." |
|||
return 0 |
|||
fi |
|||
|
|||
record_id=$(echo "$response" | tr "{" "\n" | grep -- "$txtvalue" | grep '^"record_id"' | cut -d : -f 2 | cut -d ',' -f 1) |
|||
_debug record_id "$record_id" |
|||
if [ -z "$record_id" ]; then |
|||
_err "Can not get record id." |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _rest POST "domain/dns/" "act=dnsrec.remove&username=$WEST_Username&apikey=$WEST_Key&domain=$fulldomain&hostname=$fulldomain&record_id=$record_id"; then |
|||
_err "dnsrec.remove error." |
|||
return 1 |
|||
fi |
|||
|
|||
_contains "$response" "success" |
|||
} |
|||
|
|||
#add the txt record. |
|||
#usage: add fulldomain txtvalue |
|||
add_record() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_info "Adding record" |
|||
|
|||
if ! _rest POST "domain/dns/" "act=dnsrec.add&username=$WEST_Username&apikey=$WEST_Key&domain=$fulldomain&hostname=$fulldomain&record_type=TXT&record_value=$txtvalue"; then |
|||
return 1 |
|||
fi |
|||
|
|||
_contains "$response" "success" |
|||
} |
|||
|
|||
#Usage: method URI data |
|||
_rest() { |
|||
m="$1" |
|||
ep="$2" |
|||
data="$3" |
|||
_debug "$ep" |
|||
url="$REST_API/$ep" |
|||
|
|||
_debug url "$url" |
|||
|
|||
if [ "$m" = "GET" ]; then |
|||
response="$(_get "$url" | tr -d '\r')" |
|||
else |
|||
_debug2 data "$data" |
|||
response="$(_post "$data" "$url" | tr -d '\r')" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $ep" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
@ -0,0 +1,52 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Support mattermost bots |
|||
|
|||
#MATTERMOST_API_URL="" |
|||
#MATTERMOST_CHANNEL_ID="" |
|||
#MATTERMOST_BOT_TOKEN="" |
|||
|
|||
mattermost_send() { |
|||
_subject="$1" |
|||
_content="$2" |
|||
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped |
|||
_debug "_statusCode" "$_statusCode" |
|||
|
|||
MATTERMOST_API_URL="${MATTERMOST_API_URL:-$(_readaccountconf_mutable MATTERMOST_API_URL)}" |
|||
if [ -z "$MATTERMOST_API_URL" ]; then |
|||
_err "You didn't specify a Mattermost API URL MATTERMOST_API_URL yet." |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable MATTERMOST_API_URL "$MATTERMOST_API_URL" |
|||
|
|||
MATTERMOST_CHANNEL_ID="${MATTERMOST_CHANNEL_ID:-$(_readaccountconf_mutable MATTERMOST_CHANNEL_ID)}" |
|||
if [ -z "$MATTERMOST_CHANNEL_ID" ]; then |
|||
_err "You didn't specify a Mattermost channel id MATTERMOST_CHANNEL_ID yet." |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable MATTERMOST_CHANNEL_ID "$MATTERMOST_CHANNEL_ID" |
|||
|
|||
MATTERMOST_BOT_TOKEN="${MATTERMOST_BOT_TOKEN:-$(_readaccountconf_mutable MATTERMOST_BOT_TOKEN)}" |
|||
if [ -z "$MATTERMOST_BOT_TOKEN" ]; then |
|||
_err "You didn't specify a Mattermost bot API token MATTERMOST_BOT_TOKEN yet." |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable MATTERMOST_BOT_TOKEN "$MATTERMOST_BOT_TOKEN" |
|||
|
|||
_content="$(printf "*%s*\n%s" "$_subject" "$_content" | _json_encode)" |
|||
_data="{\"channel_id\": \"$MATTERMOST_CHANNEL_ID\", " |
|||
_data="$_data\"message\": \"$_content\"}" |
|||
|
|||
export _H1="Authorization: Bearer $MATTERMOST_BOT_TOKEN" |
|||
response="" |
|||
if _post "$_data" "$MATTERMOST_API_URL" "" "POST" "application/json; charset=utf-8"; then |
|||
MATTERMOST_RESULT_OK=$(echo "$response" | _egrep_o 'create_at') |
|||
if [ "$?" = "0" ] && [ "$MATTERMOST_RESULT_OK" ]; then |
|||
_info "mattermost send success." |
|||
return 0 |
|||
fi |
|||
fi |
|||
_err "mattermost send error." |
|||
_err "$response" |
|||
return 1 |
|||
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue