dns_cf.sh 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206
  1. #!/usr/bin/env sh
  2. #
  3. #CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
  4. #
  5. #CF_Email="xxxx@sss.com"
  6. CF_Api="https://api.cloudflare.com/client/v4"
  7. ######## Public functions #####################
  8. #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  9. dns_cf_add() {
  10. fulldomain=$1
  11. txtvalue=$2
  12. _getdnsapiconf CF_Key
  13. _getdnsapiconf CF_Email
  14. if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
  15. CF_Key=""
  16. CF_Email=""
  17. _err "You didn't specify a Cloudflare api key and email yet."
  18. _err "You can get yours from here https://dash.cloudflare.com/profile."
  19. return 1
  20. fi
  21. if ! _contains "$CF_Email" "@"; then
  22. _err "It seems that the CF_Email=$CF_Email is not a valid email address."
  23. _err "Please check and retry."
  24. return 1
  25. fi
  26. #save the api key and email to the account conf file.
  27. _savednsapiconf CF_Key "$CF_Key"
  28. _savednsapiconf CF_Email "$CF_Email"
  29. _debug "First detect the root zone"
  30. if ! _get_root "$fulldomain"; then
  31. _err "invalid domain"
  32. return 1
  33. fi
  34. _debug _domain_id "$_domain_id"
  35. _debug _sub_domain "$_sub_domain"
  36. _debug _domain "$_domain"
  37. _debug "Getting txt records"
  38. _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain"
  39. if ! printf "%s" "$response" | grep \"success\":true >/dev/null; then
  40. _err "Error"
  41. return 1
  42. fi
  43. # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so
  44. # we can not use updating anymore.
  45. # count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2)
  46. # _debug count "$count"
  47. # if [ "$count" = "0" ]; then
  48. _info "Adding record"
  49. if _cf_rest POST "zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then
  50. if _contains "$response" "$txtvalue"; then
  51. _info "Added, OK"
  52. return 0
  53. elif _contains "$response" "The record already exists"; then
  54. _info "Already exists, OK"
  55. return 0
  56. else
  57. _err "Add txt record error."
  58. return 1
  59. fi
  60. fi
  61. _err "Add txt record error."
  62. return 1
  63. # else
  64. # _info "Updating record"
  65. # record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1)
  66. # _debug "record_id" "$record_id"
  67. #
  68. # _cf_rest PUT "zones/$_domain_id/dns_records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"zone_name\":\"$_domain\"}"
  69. # if [ "$?" = "0" ]; then
  70. # _info "Updated, OK"
  71. # return 0
  72. # fi
  73. # _err "Update error"
  74. # return 1
  75. # fi
  76. }
  77. #fulldomain txtvalue
  78. dns_cf_rm() {
  79. fulldomain=$1
  80. txtvalue=$2
  81. _getdnsapiconf CF_Key
  82. _getdnsapiconf CF_Email
  83. if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
  84. CF_Key=""
  85. CF_Email=""
  86. _err "You didn't specify a Cloudflare api key and email yet."
  87. _err "You can get yours from here https://dash.cloudflare.com/profile."
  88. return 1
  89. fi
  90. _debug "First detect the root zone"
  91. if ! _get_root "$fulldomain"; then
  92. _err "invalid domain"
  93. return 1
  94. fi
  95. _debug _domain_id "$_domain_id"
  96. _debug _sub_domain "$_sub_domain"
  97. _debug _domain "$_domain"
  98. _debug "Getting txt records"
  99. _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain&content=$txtvalue"
  100. if ! printf "%s" "$response" | grep \"success\":true >/dev/null; then
  101. _err "Error"
  102. return 1
  103. fi
  104. count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2)
  105. _debug count "$count"
  106. if [ "$count" = "0" ]; then
  107. _info "Don't need to remove."
  108. else
  109. record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1)
  110. _debug "record_id" "$record_id"
  111. if [ -z "$record_id" ]; then
  112. _err "Can not get record id to remove."
  113. return 1
  114. fi
  115. if ! _cf_rest DELETE "zones/$_domain_id/dns_records/$record_id"; then
  116. _err "Delete record error."
  117. return 1
  118. fi
  119. _contains "$response" '"success":true'
  120. fi
  121. }
  122. #################### Private functions below ##################################
  123. #_acme-challenge.www.domain.com
  124. #returns
  125. # _sub_domain=_acme-challenge.www
  126. # _domain=domain.com
  127. # _domain_id=sdjkglgdfewsdfg
  128. _get_root() {
  129. domain=$1
  130. i=1
  131. p=1
  132. while true; do
  133. h=$(printf "%s" "$domain" | cut -d . -f $i-100)
  134. _debug h "$h"
  135. if [ -z "$h" ]; then
  136. #not valid
  137. return 1
  138. fi
  139. if ! _cf_rest GET "zones?name=$h"; then
  140. return 1
  141. fi
  142. if _contains "$response" "\"name\":\"$h\"" || _contains "$response" '"total_count":1'; then
  143. _domain_id=$(echo "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
  144. if [ "$_domain_id" ]; then
  145. _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
  146. _domain=$h
  147. return 0
  148. fi
  149. return 1
  150. fi
  151. p=$i
  152. i=$(_math "$i" + 1)
  153. done
  154. return 1
  155. }
  156. _cf_rest() {
  157. m=$1
  158. ep="$2"
  159. data="$3"
  160. _debug "$ep"
  161. email_trimmed=$(echo $CF_Email | tr -d '"')
  162. key_trimmed=$(echo $CF_Key | tr -d '"')
  163. export _H1="X-Auth-Email: $email_trimmed"
  164. export _H2="X-Auth-Key: $key_trimmed"
  165. export _H3="Content-Type: application/json"
  166. if [ "$m" != "GET" ]; then
  167. _debug data "$data"
  168. response="$(_post "$data" "$CF_Api/$ep" "" "$m")"
  169. else
  170. response="$(_get "$CF_Api/$ep")"
  171. fi
  172. if [ "$?" != "0" ]; then
  173. _err "error $ep"
  174. return 1
  175. fi
  176. _debug2 response "$response"
  177. return 0
  178. }