@ -0,0 +1,70 @@ |
#!/usr/bin/env sh |
# Here is the script to deploy the cert to your CleverReach Account using the CleverReach REST API. |
# Your OAuth needs the right scope, please contact CleverReach support for that. |
# |
# Written by Jan-Philipp Benecke <> |
# Public domain, 2020 |
# |
# Following environment variables must be set: |
# |
cleverreach_deploy() { |
_cdomain="$1" |
_ckey="$2" |
_ccert="$3" |
_cca="$4" |
_cfullchain="$5" |
_debug _cdomain "$_cdomain" |
_debug _ckey "$_ckey" |
_debug _ccert "$_ccert" |
_debug _cca "$_cca" |
_debug _cfullchain "$_cfullchain" |
if [ -z "${DEPLOY_CLEVERREACH_CLIENT_ID}" ]; then |
_err "CleverReach Client ID is not found, please define DEPLOY_CLEVERREACH_CLIENT_ID." |
return 1 |
fi |
_err "CleverReach client secret is not found, please define DEPLOY_CLEVERREACH_CLIENT_SECRET." |
return 1 |
fi |
_info "Obtaining a CleverReach access token" |
_data="{\"grant_type\": \"client_credentials\", \"client_id\": \"${DEPLOY_CLEVERREACH_CLIENT_ID}\", \"client_secret\": \"${DEPLOY_CLEVERREACH_CLIENT_SECRET}\"}" |
_auth_result="$(_post "$_data" "" "" "POST" "application/json")" |
_debug _data "$_data" |
_debug _auth_result "$_auth_result" |
_regex=".*\"access_token\":\"\([-._0-9A-Za-z]*\)\".*$" |
_debug _regex "$_regex" |
_access_token=$(echo "$_auth_result" | _json_decode | sed -n "s/$_regex/\1/p") |
_info "Uploading certificate and key to CleverReach" |
_certData="{\"cert\":\"$(_json_encode <"$_cfullchain")\", \"key\":\"$(_json_encode <"$_ckey")\"}" |
export _H1="Authorization: Bearer ${_access_token}" |
_add_cert_result="$(_post "$_certData" "" "" "POST" "application/json")" |
_debug "Destroying token at CleverReach" |
_post "" "" "" "DELETE" "application/json" |
if ! echo "$_add_cert_result" | grep '"error":' >/dev/null; then |
_info "Uploaded certificate successfully" |
return 0 |
else |
_debug _add_cert_result "$_add_cert_result" |
_err "Unable to update certificate" |
return 1 |
fi |
} |
@ -0,0 +1,67 @@ |
#!/usr/bin/env sh |
# Here is a script to deploy cert to hashicorp vault using curl |
# ( |
# |
# it requires following environment variables: |
# |
# VAULT_PREFIX - this contains the prefix path in vault |
# VAULT_ADDR - vault requires this to find your vault server |
# |
# additionally, you need to ensure that VAULT_TOKEN is avialable |
# to access the vault server |
#returns 0 means success, otherwise error. |
######## Public functions ##################### |
#domain keyfile certfile cafile fullchain |
vault_deploy() { |
_cdomain="$1" |
_ckey="$2" |
_ccert="$3" |
_cca="$4" |
_cfullchain="$5" |
_debug _cdomain "$_cdomain" |
_debug _ckey "$_ckey" |
_debug _ccert "$_ccert" |
_debug _cca "$_cca" |
_debug _cfullchain "$_cfullchain" |
# validate required env vars |
_getdeployconf VAULT_PREFIX |
if [ -z "$VAULT_PREFIX" ]; then |
_err "VAULT_PREFIX needs to be defined (contains prefix path in vault)" |
return 1 |
fi |
_savedeployconf VAULT_PREFIX "$VAULT_PREFIX" |
_getdeployconf VAULT_ADDR |
if [ -z "$VAULT_ADDR" ]; then |
_err "VAULT_ADDR needs to be defined (contains vault connection address)" |
return 1 |
fi |
_savedeployconf VAULT_ADDR "$VAULT_ADDR" |
# JSON does not allow multiline strings. |
# So replacing new-lines with "\n" here |
_ckey=$(sed -z 's/\n/\\n/g' <"$2") |
_ccert=$(sed -z 's/\n/\\n/g' <"$3") |
_cca=$(sed -z 's/\n/\\n/g' <"$4") |
_cfullchain=$(sed -z 's/\n/\\n/g' <"$5") |
URL="$VAULT_ADDR/v1/$VAULT_PREFIX/$_cdomain" |
export _H1="X-Vault-Token: $VAULT_TOKEN" |
if [ -n "$FABIO" ]; then |
_post "{\"cert\": \"$_cfullchain\", \"key\": \"$_ckey\"}" "$URL" |
else |
_post "{\"value\": \"$_ccert\"}" "$URL/cert.pem" |
_post "{\"value\": \"$_ckey\"}" "$URL/cert.key" |
_post "{\"value\": \"$_cca\"}" "$URL/chain.pem" |
_post "{\"value\": \"$_cfullchain\"}" "$URL/fullchain.pem" |
fi |
} |
@ -0,0 +1,150 @@ |
#!/usr/bin/env sh |
# Anexia CloudDNS hook |
# Author: MA |
#ANX_Token="xxxx" |
ANX_API='' |
######## Public functions ##################### |
dns_anx_add() { |
fulldomain=$1 |
txtvalue=$2 |
_info "Using ANX CDNS API" |
ANX_Token="${ANX_Token:-$(_readaccountconf_mutable ANX_Token)}" |
_debug fulldomain "$fulldomain" |
_debug txtvalue "$txtvalue" |
if [ "$ANX_Token" ]; then |
_saveaccountconf_mutable ANX_Token "$ANX_Token" |
else |
_err "You didn't specify a ANEXIA Engine API token." |
return 1 |
fi |
_debug "First detect the root zone" |
if ! _get_root "$fulldomain"; then |
_err "invalid domain" |
return 1 |
fi |
# Always add records, wildcard need two records with the same name |
_anx_rest POST "zone.json/${_domain}/records" "{\"name\":\"$_sub_domain\",\"type\":\"TXT\",\"rdata\":\"$txtvalue\"}" |
if _contains "$response" "$txtvalue"; then |
return 0 |
else |
return 1 |
fi |
} |
dns_anx_rm() { |
fulldomain=$1 |
txtvalue=$2 |
_info "Using ANX CDNS API" |
ANX_Token="${ANX_Token:-$(_readaccountconf_mutable ANX_Token)}" |
_debug fulldomain "$fulldomain" |
_debug txtvalue "$txtvalue" |
_debug "First detect the root zone" |
if ! _get_root "$fulldomain"; then |
_err "invalid domain" |
return 1 |
fi |
_get_record_id |
if _is_uuid "$_record_id"; then |
if ! _anx_rest DELETE "zone.json/${_domain}/records/$_record_id"; then |
_err "Delete record" |
return 1 |
fi |
else |
_info "No record found." |
fi |
echo "$response" | tr -d " " | grep \"status\":\"OK\" >/dev/null |
} |
#################### Private functions below ################################## |
_is_uuid() { |
pattern='^\{?[A-Z0-9a-z]{8}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{12}\}?$' |
if echo "$1" | _egrep_o "$pattern" >/dev/null; then |
return 0 |
fi |
return 1 |
} |
_get_record_id() { |
_debug subdomain "$_sub_domain" |
_debug domain "$_domain" |
if _anx_rest GET "zone.json/${_domain}/records?name=$_sub_domain&type=TXT"; then |
_debug response "$response" |
if _contains "$response" "\"name\":\"$_sub_domain\"" >/dev/null; then |
_record_id=$(printf "%s\n" "$response" | _egrep_o "\[.\"identifier\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \") |
else |
_record_id='' |
fi |
else |
_err "Search existing record" |
fi |
} |
_anx_rest() { |
m=$1 |
ep="$2" |
data="$3" |
_debug "$ep" |
export _H1="Content-Type: application/json" |
export _H2="Authorization: Token $ANX_Token" |
if [ "$m" != "GET" ]; then |
_debug data "$data" |
response="$(_post "$data" "${ANX_API}/$ep" "" "$m")" |
else |
response="$(_get "${ANX_API}/$ep")" |
fi |
# shellcheck disable=SC2181 |
if [ "$?" != "0" ]; then |
_err "error $ep" |
return 1 |
fi |
_debug response "$response" |
return 0 |
} |
_get_root() { |
domain=$1 |
i=1 |
p=1 |
_anx_rest GET "zone.json" |
while true; do |
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
_debug h "$h" |
if [ -z "$h" ]; then |
#not valid |
return 1 |
fi |
if _contains "$response" "\"name\":\"$h\""; then |
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
_domain=$h |
return 0 |
fi |
p=$i |
i=$(_math "$i" + 1) |
done |
return 1 |
} |
@ -0,0 +1,466 @@ |
#!/usr/bin/env sh |
# Akamai Edge DNS v2 API |
# User must provide Open Edgegrid API credentials to the EdgeDNS installation. The remote user in EdgeDNS must have CRUD access to |
# Edge DNS Zones and Recordsets, e.g. DNS—Zone Record Management authorization |
# Report bugs to |
# Values to export: |
# --EITHER-- |
# specify Edgegrid credentials file and section |
# AKAMAI_EDGERC=<full file path> |
## --OR-- |
# specify indiviual credentials |
# export AKAMAI_HOST = <host> |
# export AKAMAI_ACCESS_TOKEN = <access token> |
# export AKAMAI_CLIENT_TOKEN = <client token> |
# export AKAMAI_CLIENT_SECRET = <client secret> |
######## Public functions ##################### |
# Usage: dns_edgedns_add "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
# Used to add txt record |
# |
dns_edgedns_add() { |
fulldomain=$1 |
txtvalue=$2 |
_debug2 "fulldomain" "$fulldomain" |
_debug2 "txtvalue" "$txtvalue" |
if ! _EDGEDNS_credentials; then |
_err "$@" |
return 1 |
fi |
if ! _EDGEDNS_getZoneInfo "$fulldomain"; then |
_err "Invalid domain" |
return 1 |
fi |
_debug2 "Add: zone" "$zone" |
acmeRecordURI=$(printf "%s/%s/names/%s/types/TXT" "$edge_endpoint" "$zone" "$fulldomain") |
_debug3 "Add URL" "$acmeRecordURI" |
# Get existing TXT record |
_edge_result=$(_edgedns_rest GET "$acmeRecordURI") |
_api_status="$?" |
_debug3 "_edge_result" "$_edge_result" |
if [ "$_api_status" -ne 0 ]; then |
if [ "$curResult" = "FATAL" ]; then |
_err "$(printf "Fatal error: acme API function call : %s" "$retVal")" |
fi |
if [ "$_edge_result" != "404" ]; then |
_err "$(printf "Failure accessing Akamai Edge DNS API Server. Error: %s" "$_edge_result")" |
return 1 |
fi |
fi |
rdata="\"${txtvalue}\"" |
record_op="POST" |
if [ "$_api_status" -eq 0 ]; then |
# record already exists. Get existing record data and update |
record_op="PUT" |
rdlist="${_edge_result#*\"rdata\":[}" |
rdlist="${rdlist%%]*}" |
rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\\\") |
_debug3 "existing TXT found" |
_debug3 "record data" "$rdlist" |
# value already there? |
if _contains "$rdlist" "$txtvalue"; then |
return 0 |
fi |
_txt_val="" |
while [ "$_txt_val" != "$rdlist" ] && [ "${rdlist}" ]; do |
_txt_val="${rdlist%%,*}" |
rdlist="${rdlist#*,}" |
rdata="${rdata},\"${_txt_val}\"" |
done |
fi |
# Add the txtvalue TXT Record |
body="{\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":600, \"rdata\":"[${rdata}]"}" |
_debug3 "Add body '${body}'" |
_edge_result=$(_edgedns_rest "$record_op" "$acmeRecordURI" "$body") |
_api_status="$?" |
if [ "$_api_status" -eq 0 ]; then |
_log "$(printf "Text value %s added to recordset %s" "$txtvalue" "$fulldomain")" |
return 0 |
else |
_err "$(printf "error adding TXT record for validation. Error: %s" "$_edge_result")" |
return 1 |
fi |
} |
# Usage: dns_edgedns_rm "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
# Used to delete txt record |
# |
dns_edgedns_rm() { |
fulldomain=$1 |
txtvalue=$2 |
_debug2 "fulldomain" "$fulldomain" |
_debug2 "txtvalue" "$txtvalue" |
if ! _EDGEDNS_credentials; then |
_err "$@" |
return 1 |
fi |
if ! _EDGEDNS_getZoneInfo "$fulldomain"; then |
_err "Invalid domain" |
return 1 |
fi |
_debug2 "RM: zone" "${zone}" |
acmeRecordURI=$(printf "%s/%s/names/%s/types/TXT" "${edge_endpoint}" "$zone" "$fulldomain") |
_debug3 "RM URL" "$acmeRecordURI" |
# Get existing TXT record |
_edge_result=$(_edgedns_rest GET "$acmeRecordURI") |
_api_status="$?" |
if [ "$_api_status" -ne 0 ]; then |
if [ "$curResult" = "FATAL" ]; then |
_err "$(printf "Fatal error: acme API function call : %s" "$retVal")" |
fi |
if [ "$_edge_result" != "404" ]; then |
_err "$(printf "Failure accessing Akamai Edge DNS API Server. Error: %s" "$_edge_result")" |
return 1 |
fi |
fi |
_debug3 "_edge_result" "$_edge_result" |
record_op="DELETE" |
body="" |
if [ "$_api_status" -eq 0 ]; then |
# record already exists. Get existing record data and update |
rdlist="${_edge_result#*\"rdata\":[}" |
rdlist="${rdlist%%]*}" |
rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\\\") |
_debug3 "rdlist" "$rdlist" |
if [ -n "$rdlist" ]; then |
record_op="PUT" |
comma="" |
rdata="" |
_txt_val="" |
while [ "$_txt_val" != "$rdlist" ] && [ "$rdlist" ]; do |
_txt_val="${rdlist%%,*}" |
rdlist="${rdlist#*,}" |
_debug3 "_txt_val" "$_txt_val" |
_debug3 "txtvalue" "$txtvalue" |
if ! _contains "$_txt_val" "$txtvalue"; then |
rdata="${rdata}${comma}\"${_txt_val}\"" |
comma="," |
fi |
done |
if [ -z "$rdata" ]; then |
record_op="DELETE" |
else |
# Recreate the txtvalue TXT Record |
body="{\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":600, \"rdata\":"[${rdata}]"}" |
_debug3 "body" "$body" |
fi |
fi |
fi |
_edge_result=$(_edgedns_rest "$record_op" "$acmeRecordURI" "$body") |
_api_status="$?" |
if [ "$_api_status" -eq 0 ]; then |
_log "$(printf "Text value %s removed from recordset %s" "$txtvalue" "$fulldomain")" |
return 0 |
else |
_err "$(printf "error removing TXT record for validation. Error: %s" "$_edge_result")" |
return 1 |
fi |
} |
#################### Private functions below ################################## |
_EDGEDNS_credentials() { |
_debug "GettingEdge DNS credentials" |
_log "$(printf "ACME DNSAPI Edge DNS version %s" ${ACME_EDGEDNS_VERSION})" |
args_missing=0 |
if [ -z "$AKAMAI_ACCESS_TOKEN" ]; then |
_err "AKAMAI_ACCESS_TOKEN is missing" |
args_missing=1 |
fi |
if [ -z "$AKAMAI_CLIENT_TOKEN" ]; then |
_err "AKAMAI_CLIENT_TOKEN is missing" |
args_missing=1 |
fi |
if [ -z "$AKAMAI_HOST" ]; then |
_err "AKAMAI_HOST is missing" |
args_missing=1 |
fi |
if [ -z "$AKAMAI_CLIENT_SECRET" ]; then |
_err "AKAMAI_CLIENT_SECRET is missing" |
args_missing=1 |
fi |
if [ "$args_missing" = 1 ]; then |
_err "You have not properly specified the EdgeDNS Open Edgegrid API credentials. Please try again." |
return 1 |
else |
_saveaccountconf_mutable AKAMAI_ACCESS_TOKEN "$AKAMAI_ACCESS_TOKEN" |
_saveaccountconf_mutable AKAMAI_CLIENT_TOKEN "$AKAMAI_CLIENT_TOKEN" |
_saveaccountconf_mutable AKAMAI_HOST "$AKAMAI_HOST" |
# Set whether curl should use secure or insecure mode |
fi |
export HTTPS_INSECURE=0 # All Edgegrid API calls are secure |
edge_endpoint=$(printf "https://%s/config-dns/v2/zones" "$AKAMAI_HOST") |
_debug3 "Edge API Endpoint:" "$edge_endpoint" |
} |
_EDGEDNS_getZoneInfo() { |
_debug "Getting Zoneinfo" |
zoneEnd=false |
curZone=$1 |
while [ -n "$zoneEnd" ]; do |
# we can strip the first part of the fulldomain, since its just the _acme-challenge string |
curZone="${curZone#*.}" |
# suffix . needed for zone -> domain.tld. |
# create zone get url |
get_zone_url=$(printf "%s/%s" "$edge_endpoint" "$curZone") |
_debug3 "Zone Get: " "${get_zone_url}" |
curResult=$(_edgedns_rest GET "$get_zone_url") |
retVal=$? |
if [ "$retVal" -ne 0 ]; then |
if [ "$curResult" = "FATAL" ]; then |
_err "$(printf "Fatal error: acme API function call : %s" "$retVal")" |
fi |
if [ "$curResult" != "404" ]; then |
_err "$(printf "Managed zone validation failed. Error response: %s" "$retVal")" |
return 1 |
fi |
fi |
if _contains "$curResult" "\"zone\":"; then |
_debug2 "Zone data" "${curResult}" |
zone=$(echo "${curResult}" | _egrep_o "\"zone\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"") |
_debug3 "Zone" "${zone}" |
zoneEnd="" |
return 0 |
fi |
if [ "${curZone#*.}" != "$curZone" ]; then |
_debug3 "$(printf "%s still contains a '.' - so we can check next higher level" "$curZone")" |
else |
zoneEnd=true |
_err "Couldn't retrieve zone data." |
return 1 |
fi |
done |
_err "Failed to retrieve zone data." |
return 2 |
} |
_edgedns_headers="" |
_edgedns_rest() { |
_debug "Handling API Request" |
m=$1 |
# Assume endpoint is complete path, including query args if applicable |
ep=$2 |
body_data=$3 |
_edgedns_content_type="" |
_request_url_path="$ep" |
_request_body="$body_data" |
_request_method="$m" |
_edgedns_headers="" |
tab="" |
_edgedns_headers="${_edgedns_headers}${tab}Host: ${AKAMAI_HOST}" |
tab="\t" |
# Set in _post/_get |
#_edgedns_headers="${_edgedns_headers}${tab}User-Agent:ACME DNSAPI Edge DNS version ${ACME_EDGEDNS_VERSION}" |
_edgedns_headers="${_edgedns_headers}${tab}Accept: application/json,*/*" |
if [ "$m" != "GET" ] && [ "$m" != "DELETE" ]; then |
_edgedns_content_type="application/json" |
_debug3 "_request_body" "$_request_body" |
_body_len=$(echo "$_request_body" | tr -d "\n\r" | awk '{print length}') |
_edgedns_headers="${_edgedns_headers}${tab}Content-Length: ${_body_len}" |
fi |
_edgedns_make_auth_header |
_edgedns_headers="${_edgedns_headers}${tab}Authorization: ${_signed_auth_header}" |
_secure_debug2 "Made Auth Header" "$_signed_auth_header" |
hdr_indx=1 |
work_header="${_edgedns_headers}${tab}" |
_debug3 "work_header" "$work_header" |
while [ "$work_header" ]; do |
entry="${work_header%%\\t*}" |
work_header="${work_header#*\\t}" |
export "$(printf "_H%s=%s" "$hdr_indx" "$entry")" |
_debug2 "Request Header " "$entry" |
hdr_indx=$((hdr_indx + 1)) |
done |
# clear headers from previous request to avoid getting wrong http code on timeouts |
_debug2 "$ep" |
if [ "$m" != "GET" ]; then |
_debug3 "Method data" "$data" |
# body url [needbase64] [POST|PUT|DELETE] [ContentType] |
response=$(_post "$_request_body" "$ep" false "$m" "$_edgedns_content_type") |
else |
response=$(_get "$ep") |
fi |
_ret="$?" |
if [ "$_ret" -ne 0 ]; then |
_err "$(printf " API function call failed. Error: %s" "$_ret")" |
echo "FATAL" |
return "$_ret" |
fi |
_debug2 "response" "${response}" |
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" |
_debug2 "http response code" "$_code" |
if [ "$_code" = "200" ] || [ "$_code" = "201" ]; then |
# All good |
response="$(echo "${response}" | _normalizeJson)" |
echo "$response" |
return 0 |
fi |
if [ "$_code" = "204" ]; then |
# Success, no body |
echo "$_code" |
return 0 |
fi |
if [ "$_code" = "400" ]; then |
_err "Bad request presented" |
_log "$(printf "Headers: %s" "$_edgedns_headers")" |
_log "$(printf "Method: %s" "$_request_method")" |
_log "$(printf "URL: %s" "$ep")" |
_log "$(printf "Data: %s" "$data")" |
fi |
if [ "$_code" = "403" ]; then |
_err "access denied make sure your Edgegrid cedentials are correct." |
fi |
echo "$_code" |
return 1 |
} |
_edgedns_eg_timestamp() { |
_debug "Generating signature Timestamp" |
_debug3 "Retriving ntp time" |
_timeheaders="$(_get "" "onlyheader")" |
_debug3 "_timeheaders" "$_timeheaders" |
_ntpdate="$(echo "$_timeheaders" | grep -i "Date:" | _head_n 1 | cut -d ':' -f 2- | tr -d "\r\n")" |
_debug3 "_ntpdate" "$_ntpdate" |
_ntpdate="$(echo "${_ntpdate}" | sed -e 's/^[[:space:]]*//')" |
_debug3 "_NTPDATE" "$_ntpdate" |
_ntptime="$(echo "${_ntpdate}" | _head_n 1 | cut -d " " -f 5 | tr -d "\r\n")" |
_debug3 "_ntptime" "$_ntptime" |
_eg_timestamp=$(date -u "+%Y%m%dT") |
_eg_timestamp="$(printf "%s%s+0000" "$_eg_timestamp" "$_ntptime")" |
_debug "_eg_timestamp" "$_eg_timestamp" |
} |
_edgedns_new_nonce() { |
_debug "Generating Nonce" |
_nonce=$(echo "EDGEDNS$(_time)" | _digest sha1 hex | cut -c 1-32) |
_debug3 "_nonce" "$_nonce" |
} |
_edgedns_make_auth_header() { |
_debug "Constructing Auth Header" |
_edgedns_new_nonce |
_edgedns_eg_timestamp |
# "Unsigned authorization header: 'EG1-HMAC-SHA256 client_token=block;access_token=block;timestamp=20200806T14:16:33+0000;nonce=72cde72c-82d9-4721-9854-2ba057929d67;'" |
_auth_header="$(printf "EG1-HMAC-SHA256 client_token=%s;access_token=%s;timestamp=%s;nonce=%s;" "$AKAMAI_CLIENT_TOKEN" "$AKAMAI_ACCESS_TOKEN" "$_eg_timestamp" "$_nonce")" |
_secure_debug2 "Unsigned Auth Header: " "$_auth_header" |
_edgedns_sign_request |
_signed_auth_header="$(printf "%ssignature=%s" "$_auth_header" "$_signed_req")" |
_secure_debug2 "Signed Auth Header: " "${_signed_auth_header}" |
} |
_edgedns_sign_request() { |
_debug2 "Signing http request" |
_edgedns_make_data_to_sign "$_auth_header" |
_secure_debug2 "Returned signed data" "$_mdata" |
_edgedns_make_signing_key "$_eg_timestamp" |
_edgedns_base64_hmac_sha256 "$_mdata" "$_signing_key" |
_signed_req="$_hmac_out" |
_secure_debug2 "Signed Request" "$_signed_req" |
} |
_edgedns_make_signing_key() { |
_debug2 "Creating sigining key" |
ts=$1 |
_edgedns_base64_hmac_sha256 "$ts" "$AKAMAI_CLIENT_SECRET" |
_signing_key="$_hmac_out" |
_secure_debug2 "Signing Key" "$_signing_key" |
} |
_edgedns_make_data_to_sign() { |
_debug2 "Processing data to sign" |
hdr=$1 |
_secure_debug2 "hdr" "$hdr" |
_edgedns_make_content_hash |
path="$(echo "$_request_url_path" | tr -d "\n\r" | sed 's/https\?:\/\///')" |
path="${path#*$AKAMAI_HOST}" |
_debug "hier path" "$path" |
# dont expose headers to sign so use MT string |
_mdata="$(printf "%s\thttps\t%s\t%s\t%s\t%s\t%s" "$_request_method" "$AKAMAI_HOST" "$path" "" "$_hash" "$hdr")" |
_secure_debug2 "Data to Sign" "$_mdata" |
} |
_edgedns_make_content_hash() { |
_debug2 "Generating content hash" |
_hash="" |
_debug2 "Request method" "${_request_method}" |
if [ "$_request_method" != "POST" ] || [ -z "$_request_body" ]; then |
return 0 |
fi |
_debug2 "Req body" "$_request_body" |
_edgedns_base64_sha256 "$_request_body" |
_hash="$_sha256_out" |
_debug2 "Content hash" "$_hash" |
} |
_edgedns_base64_hmac_sha256() { |
_debug2 "Generating hmac" |
data=$1 |
key=$2 |
encoded_data="$(echo "$data" | iconv -t utf-8)" |
encoded_key="$(echo "$key" | iconv -t utf-8)" |
_secure_debug2 "encoded data" "$encoded_data" |
_secure_debug2 "encoded key" "$encoded_key" |
encoded_key_hex=$(printf "%s" "$encoded_key" | _hex_dump | tr -d ' ') |
data_sig="$(echo "$encoded_data" | tr -d "\n\r" | _hmac sha256 "$encoded_key_hex" | _base64)" |
_secure_debug2 "data_sig:" "$data_sig" |
_hmac_out="$(echo "$data_sig" | tr -d "\n\r" | iconv -f utf-8)" |
_secure_debug2 "hmac" "$_hmac_out" |
} |
_edgedns_base64_sha256() { |
_debug2 "Creating sha256 digest" |
trg=$1 |
_secure_debug2 "digest data" "$trg" |
digest="$(echo "$trg" | tr -d "\n\r" | _digest "sha256")" |
_sha256_out="$(echo "$digest" | tr -d "\n\r" | iconv -f utf-8)" |
_secure_debug2 "digest decode" "$_sha256_out" |
} |
#_edgedns_parse_edgerc() { |
# filepath=$1 |
# section=$2 |
#} |
@ -0,0 +1,255 @@ |
#!/usr/bin/env sh |
# HUAWEICLOUD_Username |
# HUAWEICLOUD_Password |
iam_api="" |
dns_api="" |
######## Public functions ##################### |
# Usage: add "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
# Used to add txt record |
# |
# Ref: |
# |
dns_huaweicloud_add() { |
fulldomain=$1 |
txtvalue=$2 |
HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}" |
HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}" |
HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}" |
# Check information |
if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_ProjectID}" ]; then |
_err "Not enough information provided to dns_huaweicloud!" |
return 1 |
fi |
token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")" |
_debug2 "${token}" |
zoneid="$(_get_zoneid "${token}" "${fulldomain}")" |
_debug "${zoneid}" |
_debug "Adding Record" |
_add_record "${token}" "${fulldomain}" "${txtvalue}" |
ret="$?" |
if [ "${ret}" != "0" ]; then |
_err "dns_huaweicloud: Error adding record." |
return 1 |
fi |
# Do saving work if all succeeded |
_saveaccountconf_mutable HUAWEICLOUD_Username "${HUAWEICLOUD_Username}" |
_saveaccountconf_mutable HUAWEICLOUD_Password "${HUAWEICLOUD_Password}" |
_saveaccountconf_mutable HUAWEICLOUD_ProjectID "${HUAWEICLOUD_ProjectID}" |
return 0 |
} |
# Usage: fulldomain txtvalue |
# Used to remove the txt record after validation |
# |
# Ref: |
# |
dns_huaweicloud_rm() { |
fulldomain=$1 |
txtvalue=$2 |
HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}" |
HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}" |
HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}" |
# Check information |
if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_ProjectID}" ]; then |
_err "Not enough information provided to dns_huaweicloud!" |
return 1 |
fi |
token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")" |
_debug2 "${token}" |
zoneid="$(_get_zoneid "${token}" "${fulldomain}")" |
_debug "${zoneid}" |
record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")" |
_debug "Record Set ID is: ${record_id}" |
# Remove all records |
# Therotically HuaweiCloud does not allow more than one record set |
# But remove them recurringly to increase robusty |
while [ "${record_id}" != "0" ]; do |
_debug "Removing Record" |
_rm_record "${token}" "${zoneid}" "${record_id}" |
record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")" |
done |
return 0 |
} |
################### Private functions below ################################## |
# _get_zoneid |
# |
# _token=$1 |
# _domain_string=$2 |
# |
# printf "%s" "${_zoneid}" |
_get_zoneid() { |
_token=$1 |
_domain_string=$2 |
export _H1="X-Auth-Token: ${_token}" |
i=1 |
while true; do |
h=$(printf "%s" "${_domain_string}" | cut -d . -f $i-100) |
if [ -z "$h" ]; then |
#not valid |
return 1 |
fi |
_debug "$h" |
response=$(_get "${dns_api}/v2/zones?name=${h}") |
if _contains "${response}" "id"; then |
_debug "Get Zone ID Success." |
_zoneid=$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ") |
printf "%s" "${_zoneid}" |
return 0 |
fi |
i=$(_math "$i" + 1) |
done |
return 1 |
} |
_get_recordset_id() { |
_token=$1 |
_domain=$2 |
_zoneid=$3 |
export _H1="X-Auth-Token: ${_token}" |
response=$(_get "${dns_api}/v2/zones/${_zoneid}/recordsets?name=${_domain}") |
if _contains "${response}" "id"; then |
_id="$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ")" |
printf "%s" "${_id}" |
return 0 |
fi |
printf "%s" "0" |
return 1 |
} |
_add_record() { |
_token=$1 |
_domain=$2 |
_txtvalue=$3 |
# Get Existing Records |
export _H1="X-Auth-Token: ${_token}" |
response=$(_get "${dns_api}/v2/zones/${zoneid}/recordsets?name=${_domain}") |
_debug2 "${response}" |
_exist_record=$(echo "${response}" | _egrep_o '"records":[^]]*' | sed 's/\"records\"\:\[//g') |
_debug "${_exist_record}" |
# Check if record exist |
# Generate body data |
if [ -z "${_exist_record}" ]; then |
_post_body="{ |
\"name\": \"${_domain}.\", |
\"description\": \"ACME Challenge\", |
\"type\": \"TXT\", |
\"ttl\": 1, |
\"records\": [ |
\"\\\"${_txtvalue}\\\"\" |
] |
}" |
else |
_post_body="{ |
\"name\": \"${_domain}.\", |
\"description\": \"ACME Challenge\", |
\"type\": \"TXT\", |
\"ttl\": 1, |
\"records\": [ |
${_exist_record}, |
\"\\\"${_txtvalue}\\\"\" |
] |
}" |
fi |
_record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")" |
_debug "Record Set ID is: ${_record_id}" |
# Remove all records |
while [ "${_record_id}" != "0" ]; do |
_debug "Removing Record" |
_rm_record "${_token}" "${zoneid}" "${_record_id}" |
_record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")" |
done |
# Add brand new records with all old and new records |
export _H2="Content-Type: application/json" |
export _H1="X-Auth-Token: ${_token}" |
_debug2 "${_post_body}" |
_post "${_post_body}" "${dns_api}/v2/zones/${zoneid}/recordsets" >/dev/null |
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" |
if [ "$_code" != "202" ]; then |
_err "dns_huaweicloud: http code ${_code}" |
return 1 |
fi |
return 0 |
} |
# _rm_record $token $zoneid $recordid |
# assume ${dns_api} exist |
# no output |
# return 0 |
_rm_record() { |
_token=$1 |
_zone_id=$2 |
_record_id=$3 |
export _H2="Content-Type: application/json" |
export _H1="X-Auth-Token: ${_token}" |
_post "" "${dns_api}/v2/zones/${_zone_id}/recordsets/${_record_id}" false "DELETE" >/dev/null |
return $? |
} |
_get_token() { |
_username=$1 |
_password=$2 |
_project=$3 |
_debug "Getting Token" |
body="{ |
\"auth\": { |
\"identity\": { |
\"methods\": [ |
\"password\" |
], |
\"password\": { |
\"user\": { |
\"name\": \"${_username}\", |
\"password\": \"${_password}\", |
\"domain\": { |
\"name\": \"${_username}\" |
} |
} |
} |
}, |
\"scope\": { |
\"project\": { |
\"id\": \"${_project}\" |
} |
} |
} |
}" |
export _H1="Content-Type: application/json;charset=utf8" |
_post "${body}" "${iam_api}/v3/auth/tokens" >/dev/null |
_code=$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n") |
_token=$(grep "^X-Subject-Token" "$HTTP_HEADER" | cut -d " " -f 2-) |
_debug2 "${_code}" |
printf "%s" "${_token}" |
return 0 |
} |
@ -0,0 +1,199 @@ |
#!/usr/bin/env sh |
############################################################################### |
# Infomaniak API integration |
# |
# To use this API you need visit the API dashboard of your account |
# once logged into add /api/dashboard to the URL |
# |
# Please report bugs to |
# |
# |
# Note: the URL looks like this: |
#<account_id>/api/dashboard |
# Then generate a token with the scope Domain |
# this is given as an environment variable INFOMANIAK_API_TOKEN |
############################################################################### |
# base variables |
######## Public functions ##################### |
#Usage: dns_infomaniak_add "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
dns_infomaniak_add() { |
INFOMANIAK_TTL="${INFOMANIAK_TTL:-$(_readaccountconf_mutable INFOMANIAK_TTL)}" |
if [ -z "$INFOMANIAK_API_TOKEN" ]; then |
_err "Please provide a valid Infomaniak API token in variable INFOMANIAK_API_TOKEN" |
return 1 |
fi |
if [ -z "$INFOMANIAK_API_URL" ]; then |
fi |
if [ -z "$INFOMANIAK_TTL" ]; then |
fi |
#save the token to the account conf file. |
_saveaccountconf_mutable INFOMANIAK_API_URL "$INFOMANIAK_API_URL" |
fi |
_saveaccountconf_mutable INFOMANIAK_TTL "$INFOMANIAK_TTL" |
fi |
export _H1="Authorization: Bearer $INFOMANIAK_API_TOKEN" |
export _H2="Content-Type: application/json" |
fulldomain="$1" |
txtvalue="$2" |
_info "Infomaniak DNS API" |
_debug fulldomain "$fulldomain" |
_debug txtvalue "$txtvalue" |
fqdn=${fulldomain#_acme-challenge.} |
# guess which base domain to add record to |
zone_and_id=$(_find_zone "$fqdn") |
if [ -z "$zone_and_id" ]; then |
_err "cannot find zone to modify" |
return 1 |
fi |
zone=${zone_and_id% *} |
domain_id=${zone_and_id#* } |
# extract first part of domain |
key=${fulldomain%.$zone} |
_debug "zone:$zone id:$domain_id key:$key" |
# payload |
data="{\"type\": \"TXT\", \"source\": \"$key\", \"target\": \"$txtvalue\", \"ttl\": $INFOMANIAK_TTL}" |
# API call |
response=$(_post "$data" "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record") |
if [ -n "$response" ] && echo "$response" | _contains '"result":"success"'; then |
_info "Record added" |
_debug "Response: $response" |
return 0 |
fi |
_err "could not create record" |
_debug "Response: $response" |
return 1 |
} |
#Usage: fulldomain txtvalue |
#Remove the txt record after validation. |
dns_infomaniak_rm() { |
INFOMANIAK_TTL="${INFOMANIAK_TTL:-$(_readaccountconf_mutable INFOMANIAK_TTL)}" |
if [ -z "$INFOMANIAK_API_TOKEN" ]; then |
_err "Please provide a valid Infomaniak API token in variable INFOMANIAK_API_TOKEN" |
return 1 |
fi |
if [ -z "$INFOMANIAK_API_URL" ]; then |
fi |
if [ -z "$INFOMANIAK_TTL" ]; then |
fi |
#save the token to the account conf file. |
_saveaccountconf_mutable INFOMANIAK_API_URL "$INFOMANIAK_API_URL" |
fi |
_saveaccountconf_mutable INFOMANIAK_TTL "$INFOMANIAK_TTL" |
fi |
export _H1="Authorization: Bearer $INFOMANIAK_API_TOKEN" |
export _H2="ContentType: application/json" |
fulldomain=$1 |
txtvalue=$2 |
_info "Infomaniak DNS API" |
_debug fulldomain "$fulldomain" |
_debug txtvalue "$txtvalue" |
fqdn=${fulldomain#_acme-challenge.} |
# guess which base domain to add record to |
zone_and_id=$(_find_zone "$fqdn") |
if [ -z "$zone_and_id" ]; then |
_err "cannot find zone to modify" |
return 1 |
fi |
zone=${zone_and_id% *} |
domain_id=${zone_and_id#* } |
# extract first part of domain |
key=${fulldomain%.$zone} |
_debug "zone:$zone id:$domain_id key:$key" |
# find previous record |
# shellcheck disable=SC1004 |
record_id=$(_get "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record" | sed 's/.*"data":\[\(.*\)\]}/\1/; s/},{/}\ |
{/g' | sed -n 's/.*"id":"*\([0-9]*\)"*.*"source_idn":"'"$fulldomain"'".*"target_idn":"'"$txtvalue"'".*/\1/p') |
if [ -z "$record_id" ]; then |
_err "could not find record to delete" |
return 1 |
fi |
_debug "record_id: $record_id" |
# API call |
response=$(_post "" "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record/$record_id" "" DELETE) |
if [ -n "$response" ] && echo "$response" | _contains '"result":"success"'; then |
_info "Record deleted" |
return 0 |
fi |
_err "could not delete record" |
return 1 |
} |
#################### Private functions below ################################## |
_get_domain_id() { |
domain="$1" |
# shellcheck disable=SC1004 |
_get "${INFOMANIAK_API_URL}/1/product?service_name=domain&customer_name=$domain" | sed 's/.*"data":\[{\(.*\)}\]}/\1/; s/,/\ |
/g' | sed -n 's/^"id":\(.*\)/\1/p' |
} |
_find_zone() { |
zone="$1" |
# find domain in list, removing . parts sequentialy |
while _contains "$zone" '\.'; do |
_debug "testing $zone" |
id=$(_get_domain_id "$zone") |
if [ -n "$id" ]; then |
echo "$zone $id" |
return |
fi |
zone=${zone#*.} |
done |
} |
@ -0,0 +1,247 @@ |
#!/usr/bin/env sh |
# |
#SIMPLY_AccountName="accountname" |
# |
#SIMPLY_ApiKey="apikey" |
# |
SIMPLY_Api_Default="" |
######## Public functions ##################### |
#Usage: add "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
dns_simply_add() { |
fulldomain=$1 |
txtvalue=$2 |
if ! _simply_load_config; then |
return 1 |
fi |
_simply_save_config |
_debug "First detect the root zone" |
if ! _get_root "$fulldomain"; then |
_err "invalid domain" |
return 1 |
fi |
_debug _sub_domain "$_sub_domain" |
_debug _domain "$_domain" |
_info "Adding record" |
if ! _simply_add_record "$_domain" "$_sub_domain" "$txtvalue"; then |
_err "Could not add DNS record" |
return 1 |
fi |
return 0 |
} |
dns_simply_rm() { |
fulldomain=$1 |
txtvalue=$2 |
if ! _simply_load_config; then |
return 1 |
fi |
_simply_save_config |
_debug "First detect the root zone" |
if ! _get_root "$fulldomain"; then |
_err "invalid domain" |
return 1 |
fi |
_debug _sub_domain "$_sub_domain" |
_debug _domain "$_domain" |
_debug txtvalue "$txtvalue" |
_info "Getting all existing records" |
if ! _simply_get_all_records "$_domain"; then |
_err "invalid domain" |
return 1 |
fi |
records=$(echo "$response" | tr '{' "\n" | grep 'record_id\|type\|data\|\name' | sed 's/\"record_id/;\"record_id/' | tr "\n" ' ' | tr -d ' ' | tr ';' ' ') |
nr_of_deleted_records=0 |
_info "Fetching txt record" |
for record in $records; do |
_debug record "$record" |
record_data=$(echo "$record" | cut -d "," -f 3 | sed 's/"//g' | grep "data" | cut -d ":" -f 2) |
record_type=$(echo "$record" | cut -d "," -f 4 | sed 's/"//g' | grep "type" | cut -d ":" -f 2) |
_debug2 record_data "$record_data" |
_debug2 record_type "$record_type" |
if [ "$record_data" = "$txtvalue" ] && [ "$record_type" = "TXT" ]; then |
record_id=$(echo "$record" | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2) |
_info "Deleting record $record" |
_debug2 record_id "$record_id" |
if [ "$record_id" -gt 0 ]; then |
if ! _simply_delete_record "$_domain" "$_sub_domain" "$record_id"; then |
_err "Record with id $record_id could not be deleted" |
return 1 |
fi |
nr_of_deleted_records=1 |
break |
else |
_err "Fetching record_id could not be done, this should not happen, exiting function. Failing record is $record" |
break |
fi |
fi |
done |
if [ "$nr_of_deleted_records" -eq 0 ]; then |
_err "No record deleted, the DNS record needs to be removed manually." |
else |
_info "Deleted $nr_of_deleted_records record" |
fi |
return 0 |
} |
#################### Private functions below ################################## |
_simply_load_config() { |
SIMPLY_Api="${SIMPLY_Api:-$(_readaccountconf_mutable SIMPLY_Api)}" |
SIMPLY_AccountName="${SIMPLY_AccountName:-$(_readaccountconf_mutable SIMPLY_AccountName)}" |
SIMPLY_ApiKey="${SIMPLY_ApiKey:-$(_readaccountconf_mutable SIMPLY_ApiKey)}" |
if [ -z "$SIMPLY_Api" ]; then |
SIMPLY_Api="$SIMPLY_Api_Default" |
fi |
if [ -z "$SIMPLY_AccountName" ] || [ -z "$SIMPLY_ApiKey" ]; then |
SIMPLY_AccountName="" |
SIMPLY_ApiKey="" |
_err "A valid Simply API account and apikey not provided." |
_err "Please provide a valid API user and try again." |
return 1 |
fi |
return 0 |
} |
_simply_save_config() { |
if [ "$SIMPLY_Api" != "$SIMPLY_Api_Default" ]; then |
_saveaccountconf_mutable SIMPLY_Api "$SIMPLY_Api" |
fi |
_saveaccountconf_mutable SIMPLY_AccountName "$SIMPLY_AccountName" |
_saveaccountconf_mutable SIMPLY_ApiKey "$SIMPLY_ApiKey" |
} |
_simply_get_all_records() { |
domain=$1 |
if ! _simply_rest GET "my/products/$domain/dns/records"; then |
return 1 |
fi |
return 0 |
} |
_get_root() { |
domain=$1 |
i=2 |
p=1 |
while true; do |
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
if [ -z "$h" ]; then |
#not valid |
return 1 |
fi |
if ! _simply_rest GET "my/products/$h/dns"; then |
return 1 |
fi |
if _contains "$response" '"code":"NOT_FOUND"'; then |
_debug "$h not found" |
else |
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
_domain="$h" |
return 0 |
fi |
p="$i" |
i=$(_math "$i" + 1) |
done |
return 1 |
} |
_simply_add_record() { |
domain=$1 |
sub_domain=$2 |
txtval=$3 |
data="{\"name\": \"$sub_domain\", \"type\":\"TXT\", \"data\": \"$txtval\", \"priority\":0, \"ttl\": 3600}" |
if ! _simply_rest POST "my/products/$domain/dns/records" "$data"; then |
_err "Adding record not successfull!" |
return 1 |
fi |
return 0 |
} |
_simply_delete_record() { |
domain=$1 |
sub_domain=$2 |
record_id=$3 |
_debug record_id "Delete record with id $record_id" |
if ! _simply_rest DELETE "my/products/$domain/dns/records/$record_id"; then |
_err "Deleting record not successfull!" |
return 1 |
fi |
return 0 |
} |
_simply_rest() { |
m=$1 |
ep="$2" |
data="$3" |
_debug2 data "$data" |
_debug2 ep "$ep" |
_debug2 m "$m" |
export _H1="Content-Type: application/json" |
if [ "$m" != "GET" ]; then |
response="$(_post "$data" "$SIMPLY_Api/$SIMPLY_AccountName/$SIMPLY_ApiKey/$ep" "" "$m")" |
else |
response="$(_get "$SIMPLY_Api/$SIMPLY_AccountName/$SIMPLY_ApiKey/$ep")" |
fi |
if [ "$?" != "0" ]; then |
_err "error $ep" |
return 1 |
fi |
_debug2 response "$response" |
if _contains "$response" "Invalid account authorization"; then |
_err "It seems that your api key or accountnumber is not correct." |
return 1 |
fi |
return 0 |
} |
@ -0,0 +1,191 @@ |
#!/usr/bin/env sh |
# World4You - |
# Lorenz Stechauner, 2020 - |
TLD='' |
################ Public functions ################ |
# Usage: dns_world4you_add <fqdn> <value> |
dns_world4you_add() { |
fqdn="$1" |
value="$2" |
_info "Using world4you to add record" |
_debug fulldomain "$fqdn" |
_debug txtvalue "$value" |
_login |
if [ "$?" != 0 ]; then |
return 1 |
fi |
export _H1="Cookie: W4YSESSID=$sessid" |
form=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht") |
_get_paketnr "$fqdn" "$form" |
paketnr="$PAKETNR" |
if [ -z "$paketnr" ]; then |
_err "Unable to parse paketnr" |
return 3 |
fi |
_debug paketnr "$paketnr" |
export _H1="Cookie: W4YSESSID=$sessid" |
form=$(_get "$WORLD4YOU_API/$paketnr/dns") |
formiddp=$(echo "$form" | grep 'AddDnsRecordForm\[uniqueFormIdDP\]' | sed 's/^.*name="AddDnsRecordForm\[uniqueFormIdDP\]" value="\([^"]*\)".*$/\1/') |
formidttl=$(echo "$form" | grep 'AddDnsRecordForm\[uniqueFormIdTTL\]' | sed 's/^.*name="AddDnsRecordForm\[uniqueFormIdTTL\]" value="\([^"]*\)".*$/\1/') |
form_token=$(echo "$form" | grep 'AddDnsRecordForm\[_token\]' | sed 's/^.*name="AddDnsRecordForm\[_token\]" value="\([^"]*\)".*$/\1/') |
if [ -z "$formiddp" ]; then |
_err "Unable to parse form" |
return 3 |
fi |
_resethttp |
body="AddDnsRecordForm[name]=$RECORD&AddDnsRecordForm[dnsType][type]=TXT&\ |
AddDnsRecordForm[value]=$value&AddDnsRecordForm[aktivPaket]=$paketnr&AddDnsRecordForm[uniqueFormIdDP]=$formiddp&\ |
AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_token" |
_info "Adding record..." |
ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/dns" '' POST 'application/x-www-form-urlencoded') |
_resethttp |
if grep '302' >/dev/null <"$HTTP_HEADER"; then |
res=$(_get "$WORLD4YOU_API/$paketnr/dns") |
if _contains "$res" "successfully"; then |
return 0 |
else |
msg=$(echo "$res" | tr '\n' '\t' | sed 's/.*<h3 class="mb-5">[^\t]*\t *\([^\t]*\)\t.*/\1/') |
_err "Unable to add record: $msg" |
return 1 |
fi |
else |
_err "$(_head_n 1 <"$HTTP_HEADER")" |
return 1 |
fi |
} |
# Usage: dns_world4you_rm <fqdn> <value> |
dns_world4you_rm() { |
fqdn="$1" |
value="$2" |
_info "Using world4you to remove record" |
_debug fulldomain "$fqdn" |
_debug txtvalue "$value" |
_login |
if [ "$?" != 0 ]; then |
return 1 |
fi |
export _H1="Cookie: W4YSESSID=$sessid" |
form=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht") |
_get_paketnr "$fqdn" "$form" |
paketnr="$PAKETNR" |
if [ -z "$paketnr" ]; then |
_err "Unable to parse paketnr" |
return 3 |
fi |
_debug paketnr "$paketnr" |
form=$(_get "$WORLD4YOU_API/$paketnr/dns") |
formiddp=$(echo "$form" | grep 'DeleteDnsRecordForm\[uniqueFormIdDP\]' | sed 's/^.*name="DeleteDnsRecordForm\[uniqueFormIdDP\]" value="\([^"]*\)".*$/\1/') |
formidttl=$(echo "$form" | grep 'DeleteDnsRecordForm\[uniqueFormIdTTL\]' | sed 's/^.*name="DeleteDnsRecordForm\[uniqueFormIdTTL\]" value="\([^"]*\)".*$/\1/') |
form_token=$(echo "$form" | grep 'DeleteDnsRecordForm\[_token\]' | sed 's/^.*name="DeleteDnsRecordForm\[_token\]" value="\([^"]*\)".*$/\1/') |
if [ -z "$formiddp" ]; then |
_err "Unable to parse form" |
return 3 |
fi |
recordid=$(printf "TXT:%s.:\"%s\"" "$fqdn" "$value" | _base64) |
_debug recordid "$recordid" |
_resethttp |
body="DeleteDnsRecordForm[recordId]=$recordid&DeleteDnsRecordForm[aktivPaket]=$paketnr&\ |
DeleteDnsRecordForm[uniqueFormIdDP]=$formiddp&DeleteDnsRecordForm[uniqueFormIdTTL]=$formidttl&\ |
DeleteDnsRecordForm[_token]=$form_token" |
_info "Removing record..." |
ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/deleteRecord" '' POST 'application/x-www-form-urlencoded') |
_resethttp |
if grep '302' >/dev/null <"$HTTP_HEADER"; then |
res=$(_get "$WORLD4YOU_API/$paketnr/dns") |
if _contains "$res" "successfully"; then |
return 0 |
else |
msg=$(echo "$res" | tr '\n' '\t' | sed 's/.*<h3 class="mb-5">[^\t]*\t *\([^\t]*\)\t.*/\1/') |
_err "Unable to remove record: $msg" |
return 1 |
fi |
else |
_err "$(_head_n 1 <"$HTTP_HEADER")" |
return 1 |
fi |
} |
################ Private functions ################ |
# Usage: _login |
_login() { |
if [ -z "$WORLD4YOU_USERNAME" ] || [ -z "$WORLD4YOU_PASSWORD" ]; then |
_err "You didn't specify world4you username and password yet." |
_err "Usage: export WORLD4YOU_USERNAME=<name>" |
_err "Usage: export WORLD4YOU_PASSWORD=<password>" |
return 1 |
fi |
_saveaccountconf_mutable WORLD4YOU_USERNAME "$WORLD4YOU_USERNAME" |
_saveaccountconf_mutable WORLD4YOU_PASSWORD "$WORLD4YOU_PASSWORD" |
_info "Logging in..." |
username="$WORLD4YOU_USERNAME" |
password="$WORLD4YOU_PASSWORD" |
csrf_token=$(_get "$WORLD4YOU_API/login" | grep '_csrf_token' | sed 's/^.*<input[^>]*value=\"\([^"]*\)\".*$/\1/') |
sessid=$(grep 'W4YSESSID' <"$HTTP_HEADER" | sed 's/^.*W4YSESSID=\([^;]*\);.*$/\1/') |
export _H1="Cookie: W4YSESSID=$sessid" |
export _H2="X-Requested-With: XMLHttpRequest" |
body="_username=$username&_password=$password&_csrf_token=$csrf_token" |
ret=$(_post "$body" "$WORLD4YOU_API/login" '' POST 'application/x-www-form-urlencoded') |
unset _H2 |
_debug ret "$ret" |
if _contains "$ret" "\"success\":true"; then |
_info "Successfully logged in" |
sessid=$(grep 'W4YSESSID' <"$HTTP_HEADER" | sed 's/^.*W4YSESSID=\([^;]*\);.*$/\1/') |
else |
_err "Unable to log in: $(echo "$ret" | sed 's/^.*"message":"\([^\"]*\)".*$/\1/')" |
return 1 |
fi |
} |
# Usage _get_paketnr <fqdn> <form> |
_get_paketnr() { |
fqdn="$1" |
form="$2" |
domains=$(echo "$form" | grep '^ *[A-Za-z0-9_\.-]*\.[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') |
domain='' |
for domain in $domains; do |
if echo "$fqdn" | grep "$domain\$" >/dev/null; then |
break |
fi |
domain='' |
done |
if [ -z "$domain" ]; then |
return 1 |
fi |
TLD="$domain" |
RECORD=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#TLD} - 1))") |
PAKETNR=$(echo "$form" | grep "data-textfilter=\" $domain " | _head_n 1 | sed 's/^.* \([0-9]*\) .*$/\1/') |
return 0 |
Reference in new issue