[mirror_acme.sh.git] / dnsapi / dns_cf.sh

#!/usr/bin/env sh

#
#CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
#
#CF_Email="xxxx@sss.com"

CF_Api="https://api.cloudflare.com/client/v4"

########  Public functions #####################

#Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_cf_add() {
  fulldomain=$1
  txtvalue=$2

  CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
  CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
  if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
    CF_Key=""
    CF_Email=""
    _err "You don't specify cloudflare api key and email yet."
    _err "Please create you key and try again."
    return 1
  fi

  if ! _contains "$CF_Email" "@"; then
    _err "It seems that the CF_Email=$CF_Email is not a valid email address."
    _err "Please check and retry."
    return 1
  fi

  #save the api key and email to the account conf file.
  _saveaccountconf_mutable CF_Key "$CF_Key"
  _saveaccountconf_mutable CF_Email "$CF_Email"

  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi
  _debug _domain_id "$_domain_id"
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"

  _debug "Getting txt records"
  _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain"

  if ! printf "%s" "$response" | grep \"success\":true >/dev/null; then
    _err "Error"
    return 1
  fi

# For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so
# we can not use updating anymore.
#  count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2)
#  _debug count "$count"
#  if [ "$count" = "0" ]; then
  _info "Adding record"
  if _cf_rest POST "zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then
    if printf -- "%s" "$response" | grep "$fulldomain" >/dev/null; then
      _info "Added, OK"
      return 0
    else
      _err "Add txt record error."
      return 1
    fi
  fi
  _err "Add txt record error."
  return 1
#  else
#    _info "Updating record"
#    record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1)
#    _debug "record_id" "$record_id"
#
#    _cf_rest PUT "zones/$_domain_id/dns_records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"zone_name\":\"$_domain\"}"
#    if [ "$?" = "0" ]; then
#      _info "Updated, OK"
#      return 0
#    fi
#    _err "Update error"
#    return 1
#  fi

}

#fulldomain txtvalue
dns_cf_rm() {
  fulldomain=$1
  txtvalue=$2

  CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
  CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
  if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
    CF_Key=""
    CF_Email=""
    _err "You don't specify cloudflare api key and email yet."
    _err "Please create you key and try again."
    return 1
  fi

  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
    return 1
  fi
  _debug _domain_id "$_domain_id"
  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"

  _debug "Getting txt records"
  _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain&content=$txtvalue"

  if ! printf "%s" "$response" | grep \"success\":true >/dev/null; then
    _err "Error"
    return 1
  fi

  count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2)
  _debug count "$count"
  if [ "$count" = "0" ]; then
    _info "Don't need to remove."
  else
    record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1)
    _debug "record_id" "$record_id"
    if [ -z "$record_id" ]; then
      _err "Can not get record id to remove."
      return 1
    fi
    if ! _cf_rest DELETE "zones/$_domain_id/dns_records/$record_id"; then
      _err "Delete record error."
      return 1
    fi
    _contains "$response" '"success":true'
  fi

}

####################  Private functions below ##################################
#_acme-challenge.www.domain.com
#returns
# _sub_domain=_acme-challenge.www
# _domain=domain.com
# _domain_id=sdjkglgdfewsdfg
_get_root() {
  domain=$1
  i=2
  p=1
  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
    _debug h "$h"
    if [ -z "$h" ]; then
      #not valid
      return 1
    fi

    if ! _cf_rest GET "zones?name=$h"; then
      return 1
    fi

    if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
      _domain_id=$(printf "%s\n" "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \")
      if [ "$_domain_id" ]; then
        _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
        _domain=$h
        return 0
      fi
      return 1
    fi
    p=$i
    i=$(_math "$i" + 1)
  done
  return 1
}

_cf_rest() {
  m=$1
  ep="$2"
  data="$3"
  _debug "$ep"

  export _H1="X-Auth-Email: $CF_Email"
  export _H2="X-Auth-Key: $CF_Key"
  export _H3="Content-Type: application/json"

  if [ "$m" != "GET" ]; then
    _debug data "$data"
    response="$(_post "$data" "$CF_Api/$ep" "" "$m")"
  else
    response="$(_get "$CF_Api/$ep")"
  fi

  if [ "$?" != "0" ]; then
    _err "error $ep"
    return 1
  fi
  _debug2 response "$response"
  return 0
}
Commit	Line	Data
0a7c9364	1	#!/usr/bin/env sh
175c9dec	2
175c9dec	3	#
	4	#CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
	5	#
	6	#CF_Email="xxxx@sss.com"
	7
a4270efa	8	CF_Api="https://api.cloudflare.com/client/v4"
175c9dec	9
638b9a05	10	######## Public functions #####################
	11
	12	#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
4c2a3841	13	dns_cf_add() {
175c9dec	14	fulldomain=$1
175c9dec	15	txtvalue=$2
4c2a3841	16
eb0fc674	17	CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
eb0fc674	18	CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
4c2a3841	19	if [ -z "$CF_Key" ] \|\| [ -z "$CF_Email" ]; then
797cbb9b	20	CF_Key=""
797cbb9b	21	CF_Email=""
ab497961	22	_err "You don't specify cloudflare api key and email yet."
	23	_err "Please create you key and try again."
	24	return 1
	25	fi
4c2a3841	26
4a56b240	27	if ! _contains "$CF_Email" "@"; then
	28	_err "It seems that the CF_Email=$CF_Email is not a valid email address."
	29	_err "Please check and retry."
	30	return 1
	31	fi
ab45b778	32
e9209938	33	#save the api key and email to the account conf file.
fcdf41ba	34	_saveaccountconf_mutable CF_Key "$CF_Key"
fcdf41ba	35	_saveaccountconf_mutable CF_Email "$CF_Email"
4c2a3841	36
1b5bd0e0	37	_debug "First detect the root zone"
c7b16249	38	if ! _get_root "$fulldomain"; then
175c9dec	39	_err "invalid domain"
	40	return 1
	41	fi
e6d31b4e	42	_debug _domain_id "$_domain_id"
	43	_debug _sub_domain "$_sub_domain"
	44	_debug _domain "$_domain"
4c2a3841	45
1b5bd0e0	46	_debug "Getting txt records"
a4270efa	47	_cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain"
4c2a3841	48
c7b16249	49	if ! printf "%s" "$response" \| grep \"success\":true >/dev/null; then
175c9dec	50	_err "Error"
	51	return 1
	52	fi
4c2a3841	53
72f54ca6	54	# For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so
	55	# we can not use updating anymore.
	56	# count=$(printf "%s\n" "$response" \| _egrep_o "\"count\":[^,]*" \| cut -d : -f 2)
	57	# _debug count "$count"
	58	# if [ "$count" = "0" ]; then
	59	_info "Adding record"
	60	if _cf_rest POST "zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then
	61	if printf -- "%s" "$response" \| grep "$fulldomain" >/dev/null; then
	62	_info "Added, OK"
4c2a3841	63	return 0
72f54ca6	64	else
	65	_err "Add txt record error."
	66	return 1
175c9dec	67	fi
175c9dec	68	fi
72f54ca6	69	_err "Add txt record error."
	70	return 1
	71	# else
	72	# _info "Updating record"
	73	# record_id=$(printf "%s\n" "$response" \| _egrep_o "\"id\":\"[^\"]*\"" \| cut -d : -f 2 \| tr -d \" \| head -n 1)
	74	# _debug "record_id" "$record_id"
	75	#
	76	# _cf_rest PUT "zones/$_domain_id/dns_records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"zone_name\":\"$_domain\"}"
	77	# if [ "$?" = "0" ]; then
	78	# _info "Updated, OK"
	79	# return 0
	80	# fi
	81	# _err "Update error"
	82	# return 1
	83	# fi
175c9dec	84
4c2a3841	85	}
175c9dec	86
21f201e3	87	#fulldomain txtvalue
5d6fd809	88	dns_cf_rm() {
5d6fd809	89	fulldomain=$1
21f201e3	90	txtvalue=$2
cd989510	91
	92	CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
	93	CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
	94	if [ -z "$CF_Key" ] \|\| [ -z "$CF_Email" ]; then
	95	CF_Key=""
	96	CF_Email=""
	97	_err "You don't specify cloudflare api key and email yet."
	98	_err "Please create you key and try again."
	99	return 1
	100	fi
	101
21f201e3	102	_debug "First detect the root zone"
	103	if ! _get_root "$fulldomain"; then
	104	_err "invalid domain"
	105	return 1
	106	fi
	107	_debug _domain_id "$_domain_id"
	108	_debug _sub_domain "$_sub_domain"
	109	_debug _domain "$_domain"
	110
	111	_debug "Getting txt records"
	112	_cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain&content=$txtvalue"
	113
	114	if ! printf "%s" "$response" \| grep \"success\":true >/dev/null; then
	115	_err "Error"
	116	return 1
	117	fi
c0d0100c	118
21f201e3	119	count=$(printf "%s\n" "$response" \| _egrep_o "\"count\":[^,]*" \| cut -d : -f 2)
	120	_debug count "$count"
	121	if [ "$count" = "0" ]; then
	122	_info "Don't need to remove."
	123	else
	124	record_id=$(printf "%s\n" "$response" \| _egrep_o "\"id\":\"[^\"]*\"" \| cut -d : -f 2 \| tr -d \" \| head -n 1)
	125	_debug "record_id" "$record_id"
	126	if [ -z "$record_id" ]; then
	127	_err "Can not get record id to remove."
	128	return 1
	129	fi
	130	if ! _cf_rest DELETE "zones/$_domain_id/dns_records/$record_id"; then
	131	_err "Delete record error."
	132	return 1
	133	fi
	134	_contains "$response" '"success":true'
	135	fi
638b9a05	136
5d6fd809	137	}
638b9a05	138
329174b6	139	#################### Private functions below ##################################
175c9dec	140	#_acme-challenge.www.domain.com
1b5bd0e0	141	#returns
175c9dec	142	# _sub_domain=_acme-challenge.www
	143	# _domain=domain.com
	144	# _domain_id=sdjkglgdfewsdfg
	145	_get_root() {
	146	domain=$1
	147	i=2
	148	p=1
c7b16249	149	while true; do
c7b16249	150	h=$(printf "%s" "$domain" \| cut -d . -f $i-100)
15af89d5	151	_debug h "$h"
4c2a3841	152	if [ -z "$h" ]; then
175c9dec	153	#not valid
4c2a3841	154	return 1
175c9dec	155	fi
4c2a3841	156
4c2a3841	157	if ! _cf_rest GET "zones?name=$h"; then
175c9dec	158	return 1
175c9dec	159	fi
4c2a3841	160
15af89d5	161	if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
15af89d5	162	_domain_id=$(printf "%s\n" "$response" \| _egrep_o "\[.\"id\":\"[^\"]*\"" \| head -n 1 \| cut -d : -f 2 \| tr -d \")
4c2a3841	163	if [ "$_domain_id" ]; then
c7b16249	164	_sub_domain=$(printf "%s" "$domain" \| cut -d . -f 1-$p)
175c9dec	165	_domain=$h
	166	return 0
	167	fi
	168	return 1
	169	fi
	170	p=$i
c7b16249	171	i=$(_math "$i" + 1)
175c9dec	172	done
	173	return 1
	174	}
	175
175c9dec	176	_cf_rest() {
	177	m=$1
	178	ep="$2"
a4270efa	179	data="$3"
c7b16249	180	_debug "$ep"
4c2a3841	181
3ca93f4a BB	182	export _H1="X-Auth-Email: $CF_Email"
	183	export _H2="X-Auth-Key: $CF_Key"
	184	export _H3="Content-Type: application/json"
4c2a3841	185
21f201e3	186	if [ "$m" != "GET" ]; then
1b5bd0e0	187	_debug data "$data"
c7b16249	188	response="$(_post "$data" "$CF_Api/$ep" "" "$m")"
638b9a05	189	else
a4270efa	190	response="$(_get "$CF_Api/$ep")"
175c9dec	191	fi
4c2a3841	192
4c2a3841	193	if [ "$?" != "0" ]; then
638b9a05	194	_err "error $ep"
175c9dec	195	return 1
175c9dec	196	fi
a63b05a9	197	_debug2 response "$response"
175c9dec	198	return 0
175c9dec	199	}