dns_cf.sh 5.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208
  1. #!/usr/bin/env sh
  2. #
  3. #CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
  4. #
  5. #CF_Email="xxxx@sss.com"
  6. #CF_Token="xxxx"
  7. #CF_Account_ID="xxxx"
  8. CF_Api="https://api.cloudflare.com/client/v4"
  9. ######## Public functions #####################
  10. #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  11. dns_cf_add() {
  12. fulldomain=$1
  13. txtvalue=$2
  14. CF_Token="${CF_Token:-$(_readaccountconf_mutable CF_Token)}"
  15. CF_Account_ID="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}"
  16. CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
  17. CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
  18. if [ "$CF_Token" ]; then
  19. _saveaccountconf_mutable CF_Token "$CF_Token"
  20. _saveaccountconf_mutable CF_Account_ID "$CF_Account_ID"
  21. else
  22. if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
  23. CF_Key=""
  24. CF_Email=""
  25. _err "You didn't specify a Cloudflare api key and email yet."
  26. _err "You can get yours from here https://dash.cloudflare.com/profile."
  27. return 1
  28. fi
  29. if ! _contains "$CF_Email" "@"; then
  30. _err "It seems that the CF_Email=$CF_Email is not a valid email address."
  31. _err "Please check and retry."
  32. return 1
  33. fi
  34. #save the api key and email to the account conf file.
  35. _saveaccountconf_mutable CF_Key "$CF_Key"
  36. _saveaccountconf_mutable CF_Email "$CF_Email"
  37. fi
  38. _debug "First detect the root zone"
  39. if ! _get_root "$fulldomain"; then
  40. _err "invalid domain"
  41. return 1
  42. fi
  43. _debug _domain_id "$_domain_id"
  44. _debug _sub_domain "$_sub_domain"
  45. _debug _domain "$_domain"
  46. _debug "Getting txt records"
  47. _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain"
  48. if ! printf "%s" "$response" | grep \"success\":true >/dev/null; then
  49. _err "Error"
  50. return 1
  51. fi
  52. # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so
  53. # we can not use updating anymore.
  54. # count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2)
  55. # _debug count "$count"
  56. # if [ "$count" = "0" ]; then
  57. _info "Adding record"
  58. if _cf_rest POST "zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then
  59. if _contains "$response" "$txtvalue"; then
  60. _info "Added, OK"
  61. return 0
  62. elif _contains "$response" "The record already exists"; then
  63. _info "Already exists, OK"
  64. return 0
  65. else
  66. _err "Add txt record error."
  67. return 1
  68. fi
  69. fi
  70. _err "Add txt record error."
  71. return 1
  72. }
  73. #fulldomain txtvalue
  74. dns_cf_rm() {
  75. fulldomain=$1
  76. txtvalue=$2
  77. CF_Token="${CF_Token:-$(_readaccountconf_mutable CF_Token)}"
  78. CF_Account_ID="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}"
  79. CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
  80. CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
  81. _debug "First detect the root zone"
  82. if ! _get_root "$fulldomain"; then
  83. _err "invalid domain"
  84. return 1
  85. fi
  86. _debug _domain_id "$_domain_id"
  87. _debug _sub_domain "$_sub_domain"
  88. _debug _domain "$_domain"
  89. _debug "Getting txt records"
  90. _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain&content=$txtvalue"
  91. if ! printf "%s" "$response" | grep \"success\":true >/dev/null; then
  92. _err "Error"
  93. return 1
  94. fi
  95. count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2)
  96. _debug count "$count"
  97. if [ "$count" = "0" ]; then
  98. _info "Don't need to remove."
  99. else
  100. record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1)
  101. _debug "record_id" "$record_id"
  102. if [ -z "$record_id" ]; then
  103. _err "Can not get record id to remove."
  104. return 1
  105. fi
  106. if ! _cf_rest DELETE "zones/$_domain_id/dns_records/$record_id"; then
  107. _err "Delete record error."
  108. return 1
  109. fi
  110. _contains "$response" '"success":true'
  111. fi
  112. }
  113. #################### Private functions below ##################################
  114. #_acme-challenge.www.domain.com
  115. #returns
  116. # _sub_domain=_acme-challenge.www
  117. # _domain=domain.com
  118. # _domain_id=sdjkglgdfewsdfg
  119. _get_root() {
  120. domain=$1
  121. i=1
  122. p=1
  123. while true; do
  124. h=$(printf "%s" "$domain" | cut -d . -f $i-100)
  125. _debug h "$h"
  126. if [ -z "$h" ]; then
  127. #not valid
  128. return 1
  129. fi
  130. if [ "$CF_Account_ID" ]; then
  131. if ! _cf_rest GET "zones?name=$h&account.id=$CF_Account_ID"; then
  132. return 1
  133. fi
  134. else
  135. if ! _cf_rest GET "zones?name=$h"; then
  136. return 1
  137. fi
  138. fi
  139. if _contains "$response" "\"name\":\"$h\"" || _contains "$response" '"total_count":1'; then
  140. _domain_id=$(echo "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
  141. if [ "$_domain_id" ]; then
  142. _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
  143. _domain=$h
  144. return 0
  145. fi
  146. return 1
  147. fi
  148. p=$i
  149. i=$(_math "$i" + 1)
  150. done
  151. return 1
  152. }
  153. _cf_rest() {
  154. m=$1
  155. ep="$2"
  156. data="$3"
  157. _debug "$ep"
  158. email_trimmed=$(echo "$CF_Email" | tr -d '"')
  159. key_trimmed=$(echo "$CF_Key" | tr -d '"')
  160. token_trimmed=$(echo "$CF_Token" | tr -d '"')
  161. export _H1="Content-Type: application/json"
  162. if [ "$token_trimmed" ]; then
  163. export _H2="Authorization: Bearer $token_trimmed"
  164. else
  165. export _H2="X-Auth-Email: $email_trimmed"
  166. export _H3="X-Auth-Key: $key_trimmed"
  167. fi
  168. if [ "$m" != "GET" ]; then
  169. _debug data "$data"
  170. response="$(_post "$data" "$CF_Api/$ep" "" "$m")"
  171. else
  172. response="$(_get "$CF_Api/$ep")"
  173. fi
  174. if [ "$?" != "0" ]; then
  175. _err "error $ep"
  176. return 1
  177. fi
  178. _debug2 response "$response"
  179. return 0
  180. }