]>
Commit | Line | Data |
---|---|---|
0a7c9364 | 1 | #!/usr/bin/env sh |
175c9dec | 2 | |
175c9dec | 3 | # |
4 | #CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" | |
5 | # | |
6 | #CF_Email="xxxx@sss.com" | |
7 | ||
a4270efa | 8 | CF_Api="https://api.cloudflare.com/client/v4" |
175c9dec | 9 | |
638b9a05 | 10 | ######## Public functions ##################### |
11 | ||
12 | #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" | |
4c2a3841 | 13 | dns_cf_add() { |
175c9dec | 14 | fulldomain=$1 |
15 | txtvalue=$2 | |
4c2a3841 | 16 | |
eb0fc674 | 17 | CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}" |
18 | CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}" | |
4c2a3841 | 19 | if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then |
797cbb9b | 20 | CF_Key="" |
21 | CF_Email="" | |
ab497961 | 22 | _err "You don't specify cloudflare api key and email yet." |
23 | _err "Please create you key and try again." | |
24 | return 1 | |
25 | fi | |
4c2a3841 | 26 | |
4a56b240 | 27 | if ! _contains "$CF_Email" "@"; then |
28 | _err "It seems that the CF_Email=$CF_Email is not a valid email address." | |
29 | _err "Please check and retry." | |
30 | return 1 | |
31 | fi | |
ab45b778 | 32 | |
e9209938 | 33 | #save the api key and email to the account conf file. |
fcdf41ba | 34 | _saveaccountconf_mutable CF_Key "$CF_Key" |
35 | _saveaccountconf_mutable CF_Email "$CF_Email" | |
4c2a3841 | 36 | |
1b5bd0e0 | 37 | _debug "First detect the root zone" |
c7b16249 | 38 | if ! _get_root "$fulldomain"; then |
175c9dec | 39 | _err "invalid domain" |
40 | return 1 | |
41 | fi | |
e6d31b4e | 42 | _debug _domain_id "$_domain_id" |
43 | _debug _sub_domain "$_sub_domain" | |
44 | _debug _domain "$_domain" | |
4c2a3841 | 45 | |
1b5bd0e0 | 46 | _debug "Getting txt records" |
a4270efa | 47 | _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain" |
4c2a3841 | 48 | |
c7b16249 | 49 | if ! printf "%s" "$response" | grep \"success\":true >/dev/null; then |
175c9dec | 50 | _err "Error" |
51 | return 1 | |
52 | fi | |
4c2a3841 | 53 | |
72f54ca6 | 54 | # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so |
55 | # we can not use updating anymore. | |
56 | # count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2) | |
57 | # _debug count "$count" | |
58 | # if [ "$count" = "0" ]; then | |
59 | _info "Adding record" | |
60 | if _cf_rest POST "zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then | |
61 | if printf -- "%s" "$response" | grep "$fulldomain" >/dev/null; then | |
62 | _info "Added, OK" | |
4c2a3841 | 63 | return 0 |
72f54ca6 | 64 | else |
65 | _err "Add txt record error." | |
66 | return 1 | |
175c9dec | 67 | fi |
175c9dec | 68 | fi |
72f54ca6 | 69 | _err "Add txt record error." |
70 | return 1 | |
71 | # else | |
72 | # _info "Updating record" | |
73 | # record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1) | |
74 | # _debug "record_id" "$record_id" | |
75 | # | |
76 | # _cf_rest PUT "zones/$_domain_id/dns_records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"zone_name\":\"$_domain\"}" | |
77 | # if [ "$?" = "0" ]; then | |
78 | # _info "Updated, OK" | |
79 | # return 0 | |
80 | # fi | |
81 | # _err "Update error" | |
82 | # return 1 | |
83 | # fi | |
175c9dec | 84 | |
4c2a3841 | 85 | } |
175c9dec | 86 | |
21f201e3 | 87 | #fulldomain txtvalue |
5d6fd809 | 88 | dns_cf_rm() { |
89 | fulldomain=$1 | |
21f201e3 | 90 | txtvalue=$2 |
cd989510 | 91 | |
92 | CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}" | |
93 | CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}" | |
94 | if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then | |
95 | CF_Key="" | |
96 | CF_Email="" | |
97 | _err "You don't specify cloudflare api key and email yet." | |
98 | _err "Please create you key and try again." | |
99 | return 1 | |
100 | fi | |
101 | ||
21f201e3 | 102 | _debug "First detect the root zone" |
103 | if ! _get_root "$fulldomain"; then | |
104 | _err "invalid domain" | |
105 | return 1 | |
106 | fi | |
107 | _debug _domain_id "$_domain_id" | |
108 | _debug _sub_domain "$_sub_domain" | |
109 | _debug _domain "$_domain" | |
110 | ||
111 | _debug "Getting txt records" | |
112 | _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain&content=$txtvalue" | |
113 | ||
114 | if ! printf "%s" "$response" | grep \"success\":true >/dev/null; then | |
115 | _err "Error" | |
116 | return 1 | |
117 | fi | |
c0d0100c | 118 | |
21f201e3 | 119 | count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2) |
120 | _debug count "$count" | |
121 | if [ "$count" = "0" ]; then | |
122 | _info "Don't need to remove." | |
123 | else | |
124 | record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1) | |
125 | _debug "record_id" "$record_id" | |
126 | if [ -z "$record_id" ]; then | |
127 | _err "Can not get record id to remove." | |
128 | return 1 | |
129 | fi | |
130 | if ! _cf_rest DELETE "zones/$_domain_id/dns_records/$record_id"; then | |
131 | _err "Delete record error." | |
132 | return 1 | |
133 | fi | |
134 | _contains "$response" '"success":true' | |
135 | fi | |
638b9a05 | 136 | |
5d6fd809 | 137 | } |
638b9a05 | 138 | |
329174b6 | 139 | #################### Private functions below ################################## |
175c9dec | 140 | #_acme-challenge.www.domain.com |
1b5bd0e0 | 141 | #returns |
175c9dec | 142 | # _sub_domain=_acme-challenge.www |
143 | # _domain=domain.com | |
144 | # _domain_id=sdjkglgdfewsdfg | |
145 | _get_root() { | |
146 | domain=$1 | |
147 | i=2 | |
148 | p=1 | |
c7b16249 | 149 | while true; do |
150 | h=$(printf "%s" "$domain" | cut -d . -f $i-100) | |
15af89d5 | 151 | _debug h "$h" |
4c2a3841 | 152 | if [ -z "$h" ]; then |
175c9dec | 153 | #not valid |
4c2a3841 | 154 | return 1 |
175c9dec | 155 | fi |
4c2a3841 | 156 | |
157 | if ! _cf_rest GET "zones?name=$h"; then | |
175c9dec | 158 | return 1 |
159 | fi | |
4c2a3841 | 160 | |
15af89d5 | 161 | if _contains "$response" "\"name\":\"$h\"" >/dev/null; then |
162 | _domain_id=$(printf "%s\n" "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \") | |
4c2a3841 | 163 | if [ "$_domain_id" ]; then |
c7b16249 | 164 | _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
175c9dec | 165 | _domain=$h |
166 | return 0 | |
167 | fi | |
168 | return 1 | |
169 | fi | |
170 | p=$i | |
c7b16249 | 171 | i=$(_math "$i" + 1) |
175c9dec | 172 | done |
173 | return 1 | |
174 | } | |
175 | ||
175c9dec | 176 | _cf_rest() { |
177 | m=$1 | |
178 | ep="$2" | |
a4270efa | 179 | data="$3" |
c7b16249 | 180 | _debug "$ep" |
4c2a3841 | 181 | |
3ca93f4a BB |
182 | export _H1="X-Auth-Email: $CF_Email" |
183 | export _H2="X-Auth-Key: $CF_Key" | |
184 | export _H3="Content-Type: application/json" | |
4c2a3841 | 185 | |
21f201e3 | 186 | if [ "$m" != "GET" ]; then |
1b5bd0e0 | 187 | _debug data "$data" |
c7b16249 | 188 | response="$(_post "$data" "$CF_Api/$ep" "" "$m")" |
638b9a05 | 189 | else |
a4270efa | 190 | response="$(_get "$CF_Api/$ep")" |
175c9dec | 191 | fi |
4c2a3841 | 192 | |
193 | if [ "$?" != "0" ]; then | |
638b9a05 | 194 | _err "error $ep" |
175c9dec | 195 | return 1 |
196 | fi | |
a63b05a9 | 197 | _debug2 response "$response" |
175c9dec | 198 | return 0 |
199 | } |