[mirror_acme.sh.git] / dnsapi / dns_nic.sh

#!/usr/bin/env sh

#
#NIC_ClientID='0dc0xxxxxxxxxxxxxxxxxxxxxxxxce88'
#NIC_ClientSecret='3LTtxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxnuW8'
#NIC_Username="000000/NIC-D"
#NIC_Password="xxxxxxx"

NIC_Api="https://api.nic.ru"

dns_nic_add() {
  fulldomain="${1}"
  txtvalue="${2}"

  if ! _nic_get_authtoken save; then
    _err "get NIC auth token failed"
    return 1
  fi

  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "Invalid domain"
    return 1
  fi

  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
  _debug _service "$_service"

  _info "Adding record"
  if ! _nic_rest PUT "services/$_service/zones/$_domain/records" "<?xml version=\"1.0\" encoding=\"UTF-8\" ?><request><rr-list><rr><name>$_sub_domain</name><type>TXT</type><txt><string>$txtvalue</string></txt></rr></rr-list></request>"; then
    _err "Add TXT record error"
    return 1
  fi

  if ! _nic_rest POST "services/$_service/zones/$_domain/commit" ""; then
    return 1
  fi
  _info "Added, OK"
}

dns_nic_rm() {
  fulldomain="${1}"
  txtvalue="${2}"

  if ! _nic_get_authtoken; then
    _err "get NIC auth token failed"
    return 1
  fi

  if ! _get_root "$fulldomain"; then
    _err "Invalid domain"
    return 1
  fi

  _debug _sub_domain "$_sub_domain"
  _debug _domain "$_domain"
  _debug _service "$_service"

  if ! _nic_rest GET "services/$_service/zones/$_domain/records"; then
    _err "Get records error"
    return 1
  fi

  _domain_id=$(printf "%s" "$response" | grep "$_sub_domain" | grep -- "$txtvalue" | sed -r "s/.*<rr id=\"(.*)\".*/\1/g")

  if ! _nic_rest DELETE "services/$_service/zones/$_domain/records/$_domain_id"; then
    _err "Delete record error"
    return 1
  fi

  if ! _nic_rest POST "services/$_service/zones/$_domain/commit" ""; then
    return 1
  fi
}

####################  Private functions below ##################################

#_nic_get_auth_elements [need2save]
_nic_get_auth_elements() {
  _need2save=$1

  NIC_ClientID="${NIC_ClientID:-$(_readaccountconf_mutable NIC_ClientID)}"
  NIC_ClientSecret="${NIC_ClientSecret:-$(_readaccountconf_mutable NIC_ClientSecret)}"
  NIC_Username="${NIC_Username:-$(_readaccountconf_mutable NIC_Username)}"
  NIC_Password="${NIC_Password:-$(_readaccountconf_mutable NIC_Password)}"

  ## for backward compatibility
  if [ -z "$NIC_ClientID" ] || [ -z "$NIC_ClientSecret" ]; then
    NIC_Token="${NIC_Token:-$(_readaccountconf_mutable NIC_Token)}"
    _debug NIC_Token "$NIC_Token"
    if [ -n "$NIC_Token" ]; then
      _two_values="$(echo "${NIC_Token}" | _dbase64)"
      _debug _two_values "$_two_values"
      NIC_ClientID=$(echo "$_two_values" | cut -d':' -f1)
      NIC_ClientSecret=$(echo "$_two_values" | cut -d':' -f2-)
      _debug restored_NIC_ClientID "$NIC_ClientID"
      _debug restored_NIC_ClientSecret "$NIC_ClientSecret"
    fi
  fi

  if [ -z "$NIC_ClientID" ] || [ -z "$NIC_ClientSecret" ] || [ -z "$NIC_Username" ] || [ -z "$NIC_Password" ]; then
    NIC_ClientID=""
    NIC_ClientSecret=""
    NIC_Username=""
    NIC_Password=""
    _err "You must export variables: NIC_ClientID, NIC_ClientSecret, NIC_Username and NIC_Password"
    return 1
  fi

  if [ "$_need2save" ]; then
    _saveaccountconf_mutable NIC_ClientID "$NIC_ClientID"
    _saveaccountconf_mutable NIC_ClientSecret "$NIC_ClientSecret"
    _saveaccountconf_mutable NIC_Username "$NIC_Username"
    _saveaccountconf_mutable NIC_Password "$NIC_Password"
  fi

  NIC_BasicAuth=$(printf "%s:%s" "${NIC_ClientID}" "${NIC_ClientSecret}" | _base64)
  _debug NIC_BasicAuth "$NIC_BasicAuth"

}

#_nic_get_authtoken [need2save]
_nic_get_authtoken() {
  _need2save=$1

  if ! _nic_get_auth_elements "$_need2save"; then
    return 1
  fi

  _info "Getting NIC auth token"

  export _H1="Authorization: Basic ${NIC_BasicAuth}"
  export _H2="Content-Type: application/x-www-form-urlencoded"

  res=$(_post "grant_type=password&username=${NIC_Username}&password=${NIC_Password}&scope=%28GET%7CPUT%7CPOST%7CDELETE%29%3A%2Fdns-master%2F.%2B" "$NIC_Api/oauth/token" "" "POST")
  if _contains "$res" "access_token"; then
    _auth_token=$(printf "%s" "$res" | cut -d , -f2 | tr -d "\"" | sed "s/access_token://")
    _info "Token received"
    _debug _auth_token "$_auth_token"
    return 0
  fi
  return 1
}

_get_root() {
  domain="$1"
  i=1
  p=1

  if ! _nic_rest GET "zones"; then
    return 1
  fi

  _all_domains=$(printf "%s" "$response" | grep "idn-name" | sed -r "s/.*idn-name=\"(.*)\" name=.*/\1/g")
  _debug2 _all_domains "$_all_domains"

  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    _debug h "$h"

    if [ -z "$h" ]; then
      return 1
    fi

    if _contains "$_all_domains" "^$h$"; then
      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
      _domain=$h
      _service=$(printf "%s" "$response" | grep -m 1 "idn-name=\"$_domain\"" | sed -r "s/.*service=\"(.*)\".*$/\1/")
      return 0
    fi
    p="$i"
    i=$(_math "$i" + 1)
  done
  return 1
}

_nic_rest() {
  m="$1"
  ep="$2"
  data="$3"
  _debug "$ep"

  export _H1="Content-Type: application/xml"
  export _H2="Authorization: Bearer $_auth_token"

  if [ "$m" != "GET" ]; then
    _debug data "$data"
    response=$(_post "$data" "$NIC_Api/dns-master/$ep" "" "$m")
  else
    response=$(_get "$NIC_Api/dns-master/$ep")
  fi

  if _contains "$response" "<errors>"; then
    error=$(printf "%s" "$response" | grep "error code" | sed -r "s/.*<error code=.*>(.*)<\/error>/\1/g")
    _err "Error: $error"
    return 1
  fi

  if ! _contains "$response" "<status>success</status>"; then
    return 1
  fi
  _debug2 response "$response"
  return 0
}
Commit	Line	Data
dc5c220e	1	#!/usr/bin/env sh
	2
	3	#
c822870c SZ	4	#NIC_ClientID='0dc0xxxxxxxxxxxxxxxxxxxxxxxxce88'
c822870c SZ	5	#NIC_ClientSecret='3LTtxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxnuW8'
dc5c220e	6	#NIC_Username="000000/NIC-D"
dc5c220e	7	#NIC_Password="xxxxxxx"
	8
	9	NIC_Api="https://api.nic.ru"
	10
	11	dns_nic_add() {
	12	fulldomain="${1}"
	13	txtvalue="${2}"
	14
a88622c1	15	if ! _nic_get_authtoken save; then
dc5c220e	16	_err "get NIC auth token failed"
	17	return 1
	18	fi
	19
	20	_debug "First detect the root zone"
	21	if ! _get_root "$fulldomain"; then
	22	_err "Invalid domain"
	23	return 1
	24	fi
	25
	26	_debug _sub_domain "$_sub_domain"
	27	_debug _domain "$_domain"
	28	_debug _service "$_service"
	29
	30	_info "Adding record"
	31	if ! _nic_rest PUT "services/$_service/zones/$_domain/records" "<?xml version=\"1.0\" encoding=\"UTF-8\" ?><request><rr-list><rr><name>$_sub_domain</name><type>TXT</type><txt><string>$txtvalue</string></txt></rr></rr-list></request>"; then
	32	_err "Add TXT record error"
	33	return 1
	34	fi
	35
	36	if ! _nic_rest POST "services/$_service/zones/$_domain/commit" ""; then
	37	return 1
	38	fi
	39	_info "Added, OK"
	40	}
	41
	42	dns_nic_rm() {
	43	fulldomain="${1}"
	44	txtvalue="${2}"
	45
a88622c1	46	if ! _nic_get_authtoken; then
dc5c220e	47	_err "get NIC auth token failed"
	48	return 1
	49	fi
	50
	51	if ! _get_root "$fulldomain"; then
	52	_err "Invalid domain"
	53	return 1
	54	fi
ffa5472b	55
dc5c220e	56	_debug _sub_domain "$_sub_domain"
	57	_debug _domain "$_domain"
	58	_debug _service "$_service"
	59
	60	if ! _nic_rest GET "services/$_service/zones/$_domain/records"; then
	61	_err "Get records error"
	62	return 1
	63	fi
	64
c282dd08	65	_domain_id=$(printf "%s" "$response" \| grep "$_sub_domain" \| grep -- "$txtvalue" \| sed -r "s/.<rr id=\"(.)\".*/\1/g")
dc5c220e	66
	67	if ! _nic_rest DELETE "services/$_service/zones/$_domain/records/$_domain_id"; then
	68	_err "Delete record error"
	69	return 1
	70	fi
	71
	72	if ! _nic_rest POST "services/$_service/zones/$_domain/commit" ""; then
	73	return 1
	74	fi
	75	}
	76
	77	#################### Private functions below ##################################
	78
a88622c1 SZ	79	#_nic_get_auth_elements [need2save]
	80	_nic_get_auth_elements() {
	81	_need2save=$1
	82
	83	NIC_ClientID="${NIC_ClientID:-$(_readaccountconf_mutable NIC_ClientID)}"
	84	NIC_ClientSecret="${NIC_ClientSecret:-$(_readaccountconf_mutable NIC_ClientSecret)}"
	85	NIC_Username="${NIC_Username:-$(_readaccountconf_mutable NIC_Username)}"
	86	NIC_Password="${NIC_Password:-$(_readaccountconf_mutable NIC_Password)}"
	87
	88	## for backward compatibility
	89	if [ -z "$NIC_ClientID" ] \|\| [ -z "$NIC_ClientSecret" ]; then
	90	NIC_Token="${NIC_Token:-$(_readaccountconf_mutable NIC_Token)}"
	91	_debug NIC_Token "$NIC_Token"
	92	if [ -n "$NIC_Token" ]; then
	93	_two_values="$(echo "${NIC_Token}" \| _dbase64)"
	94	_debug _two_values "$_two_values"
be7688a4 SZ	95	NIC_ClientID=$(echo "$_two_values" \| cut -d':' -f1)
be7688a4 SZ	96	NIC_ClientSecret=$(echo "$_two_values" \| cut -d':' -f2-)
a88622c1 SZ	97	_debug restored_NIC_ClientID "$NIC_ClientID"
	98	_debug restored_NIC_ClientSecret "$NIC_ClientSecret"
	99	fi
	100	fi
	101
a88622c1 SZ	102	if [ -z "$NIC_ClientID" ] \|\| [ -z "$NIC_ClientSecret" ] \|\| [ -z "$NIC_Username" ] \|\| [ -z "$NIC_Password" ]; then
	103	NIC_ClientID=""
	104	NIC_ClientSecret=""
	105	NIC_Username=""
	106	NIC_Password=""
	107	_err "You must export variables: NIC_ClientID, NIC_ClientSecret, NIC_Username and NIC_Password"
	108	return 1
	109	fi
	110
	111	if [ "$_need2save" ]; then
	112	_saveaccountconf_mutable NIC_ClientID "$NIC_ClientID"
	113	_saveaccountconf_mutable NIC_ClientSecret "$NIC_ClientSecret"
	114	_saveaccountconf_mutable NIC_Username "$NIC_Username"
	115	_saveaccountconf_mutable NIC_Password "$NIC_Password"
	116	fi
	117
	118	NIC_BasicAuth=$(printf "%s:%s" "${NIC_ClientID}" "${NIC_ClientSecret}" \| _base64)
346454c2	119	_debug NIC_BasicAuth "$NIC_BasicAuth"
a88622c1 SZ	120
	121	}
	122
	123	#_nic_get_authtoken [need2save]
dc5c220e	124	_nic_get_authtoken() {
a88622c1 SZ	125	_need2save=$1
a88622c1 SZ	126
346454c2	127	if ! _nic_get_auth_elements "$_need2save"; then
a88622c1 SZ	128	return 1
a88622c1 SZ	129	fi
dc5c220e	130
	131	_info "Getting NIC auth token"
	132
a88622c1	133	export _H1="Authorization: Basic ${NIC_BasicAuth}"
dc5c220e	134	export _H2="Content-Type: application/x-www-form-urlencoded"
dc5c220e	135
a88622c1	136	res=$(_post "grant_type=password&username=${NIC_Username}&password=${NIC_Password}&scope=%28GET%7CPUT%7CPOST%7CDELETE%29%3A%2Fdns-master%2F.%2B" "$NIC_Api/oauth/token" "" "POST")
dc5c220e	137	if _contains "$res" "access_token"; then
	138	_auth_token=$(printf "%s" "$res" \| cut -d , -f2 \| tr -d "\"" \| sed "s/access_token://")
	139	_info "Token received"
	140	_debug _auth_token "$_auth_token"
	141	return 0
	142	fi
	143	return 1
	144	}
	145
	146	_get_root() {
	147	domain="$1"
	148	i=1
	149	p=1
	150
	151	if ! _nic_rest GET "zones"; then
ffa5472b	152	return 1
dc5c220e	153	fi
	154
	155	_all_domains=$(printf "%s" "$response" \| grep "idn-name" \| sed -r "s/.idn-name=\"(.)\" name=.*/\1/g")
	156	_debug2 _all_domains "$_all_domains"
	157
	158	while true; do
ffa5472b	159	h=$(printf "%s" "$domain" \| cut -d . -f "$i"-100)
	160	_debug h "$h"
	161
	162	if [ -z "$h" ]; then
	163	return 1
	164	fi
	165
	166	if _contains "$_all_domains" "^$h$"; then
	167	_sub_domain=$(printf "%s" "$domain" \| cut -d . -f 1-$p)
	168	_domain=$h
4e0de223	169	_service=$(printf "%s" "$response" \| grep -m 1 "idn-name=\"$_domain\"" \| sed -r "s/.service=\"(.)\".*$/\1/")
ffa5472b	170	return 0
	171	fi
	172	p="$i"
	173	i=$(_math "$i" + 1)
dc5c220e	174	done
	175	return 1
	176	}
	177
	178	_nic_rest() {
	179	m="$1"
	180	ep="$2"
	181	data="$3"
	182	_debug "$ep"
	183
	184	export _H1="Content-Type: application/xml"
	185	export _H2="Authorization: Bearer $_auth_token"
	186
	187	if [ "$m" != "GET" ]; then
ffa5472b	188	_debug data "$data"
ffa5472b	189	response=$(_post "$data" "$NIC_Api/dns-master/$ep" "" "$m")
dc5c220e	190	else
ffa5472b	191	response=$(_get "$NIC_Api/dns-master/$ep")
dc5c220e	192	fi
	193
	194	if _contains "$response" "<errors>"; then
ffa5472b	195	error=$(printf "%s" "$response" \| grep "error code" \| sed -r "s/.<error code=.>(.*)<\/error>/\1/g")
	196	_err "Error: $error"
	197	return 1
dc5c220e	198	fi
	199
	200	if ! _contains "$response" "<status>success</status>"; then
ffa5472b	201	return 1
dc5c220e	202	fi
	203	_debug2 response "$response"
	204	return 0
	205	}