Merge branch 'dev' into add_technitium_expiry_ttl

dnsapi/dns_cyon.sh

@@ -332,11 +332,11 @@ _cyon_get_response_message() {
 }
 
 _cyon_get_response_status() {
-  _egrep_o '"status":[a-zA-z0-9]*' | cut -d : -f 2
+  _egrep_o '"status":[a-zA-Z0-9]*' | cut -d : -f 2
 }
 
 _cyon_get_validation_status() {
-  _egrep_o '"valid":[a-zA-z0-9]*' | cut -d : -f 2
+  _egrep_o '"valid":[a-zA-Z0-9]*' | cut -d : -f 2
 }
 
 _cyon_get_response_success() {
@@ -344,7 +344,7 @@ _cyon_get_response_success() {
 }
 
 _cyon_get_environment_change_status() {
-  _egrep_o '"authenticated":[a-zA-z0-9]*' | cut -d : -f 2
+  _egrep_o '"authenticated":[a-zA-Z0-9]*' | cut -d : -f 2
 }
 
 _cyon_check_if_2fa_missed() {

dnsapi/dns_infomaniak.sh

@@ -6,14 +6,16 @@ Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_infomaniak
 Options:
  INFOMANIAK_API_TOKEN API Token
 Issues: github.com/acmesh-official/acme.sh/issues/3188
+
 '
 
-# To use this API you need visit the API dashboard of your account
-# once logged into https://manager.infomaniak.com add /api/dashboard to the URL
-#
+# To use this API you need visit the API dashboard of your account.
 # Note: the URL looks like this:
-# https://manager.infomaniak.com/v3/<account_id>/api/dashboard
-# Then generate a token with the scope Domain
+# https://manager.infomaniak.com/v3/<account_id>/ng/profile/user/token/list
+# Then generate a token with following scopes :
+#  - domain:read
+#  - dns:read
+#  - dns:write
 # this is given as an environment variable INFOMANIAK_API_TOKEN
 
 # base variables
@@ -65,33 +67,32 @@ dns_infomaniak_add() {
   _debug fulldomain "$fulldomain"
   _debug txtvalue "$txtvalue"
 
-  fqdn=${fulldomain#_acme-challenge.}
-
   # guess which base domain to add record to
-  zone_and_id=$(_find_zone "$fqdn")
-  if [ -z "$zone_and_id" ]; then
-    _err "cannot find zone to modify"
+  zone=$(_get_zone "$fulldomain")
+  if [ -z "$zone" ]; then
+    _err "cannot find zone:<${zone}> to modify"
     return 1
   fi
-  zone=${zone_and_id% *}
-  domain_id=${zone_and_id#* }
 
   # extract first part of domain
   key=${fulldomain%."$zone"}
 
-  _debug "zone:$zone id:$domain_id key:$key"
+  _debug "key:$key"
+  _debug "txtvalue: $txtvalue"
 
   # payload
   data="{\"type\": \"TXT\", \"source\": \"$key\", \"target\": \"$txtvalue\", \"ttl\": $INFOMANIAK_TTL}"
 
   # API call
-  response=$(_post "$data" "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record")
-  if [ -n "$response" ] && echo "$response" | _contains '"result":"success"'; then
-    _info "Record added"
-    _debug "Response: $response"
-    return 0
+  response=$(_post "$data" "${INFOMANIAK_API_URL}/2/zones/${zone}/records")
+  if [ -n "$response" ]; then
+    if [ ! "$(echo "$response" | _contains '"result":"success"')" ]; then
+      _info "Record added"
+      _debug "response: $response"
+      return 0
+    fi
   fi
-  _err "could not create record"
+  _err "Could not create record."
   _debug "Response: $response"
   return 1
 }
@@ -106,7 +107,7 @@ dns_infomaniak_rm() {
 
   if [ -z "$INFOMANIAK_API_TOKEN" ]; then
     INFOMANIAK_API_TOKEN=""
-    _err "Please provide a valid Infomaniak API token in variable INFOMANIAK_API_TOKEN"
+    _err "Please provide a valid Infomaniak API token in variable INFOMANIAK_API_TOKEN."
     return 1
   fi
 
@@ -138,63 +139,53 @@ dns_infomaniak_rm() {
   _debug fulldomain "$fulldomain"
   _debug txtvalue "$txtvalue"
 
-  fqdn=${fulldomain#_acme-challenge.}
-
   # guess which base domain to add record to
-  zone_and_id=$(_find_zone "$fqdn")
-  if [ -z "$zone_and_id" ]; then
-    _err "cannot find zone to modify"
+  zone=$(_get_zone "$fulldomain")
+  if [ -z "$zone" ]; then
+    _err "cannot find zone:<$zone> to modify"
     return 1
   fi
-  zone=${zone_and_id% *}
-  domain_id=${zone_and_id#* }
 
   # extract first part of domain
   key=${fulldomain%."$zone"}
+  key=$(echo "$key" | _lower_case)
 
-  _debug "zone:$zone id:$domain_id key:$key"
+  _debug "zone:$zone"
+  _debug "key:$key"
 
   # find previous record
-  # shellcheck disable=SC1004
-  record_id=$(_get "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record" | sed 's/.*"data":\[\(.*\)\]}/\1/; s/},{/}\
-{/g' | sed -n 's/.*"id":"*\([0-9]*\)"*.*"source_idn":"'"$fulldomain"'".*"target_idn":"'"$txtvalue"'".*/\1/p')
-  if [ -z "$record_id" ]; then
-    _err "could not find record to delete"
-    return 1
-  fi
+  # shellcheck disable=SC2086
+  response=$(_get "${INFOMANIAK_API_URL}/2/zones/${zone}/records" | sed 's/.*"data":\[\(.*\)\]}/\1/; s/},{/}{/g')
+  record_id=$(echo "$response" | sed -n 's/.*"id":"*\([0-9]*\)"*.*"source":"'"$key"'".*"target":"\\"'"$txtvalue"'\\"".*/\1/p')
+  _debug "key: $key"
+  _debug "txtvalue: $txtvalue"
   _debug "record_id: $record_id"
 
-  # API call
-  response=$(_post "" "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record/$record_id" "" DELETE)
-  if [ -n "$response" ] && echo "$response" | _contains '"result":"success"'; then
-    _info "Record deleted"
-    return 0
+  if [ -z "$record_id" ]; then
+    _err "could not find record to delete"
+    _debug "response: $response"
+    return 1
   fi
-  _err "could not delete record"
+
+  # API call
+  response=$(_post "" "${INFOMANIAK_API_URL}/2/zones/${zone}/records/${record_id}" "" DELETE)
+  if [ -n "$response" ]; then
+    if [ ! "$(echo "$response" | _contains '"result":"success"')" ]; then
+      _info "Record deleted"
+      return 0
+    fi
+  fi
+  _err "Could not delete record."
+  _debug "Response: $response"
   return 1
 }
 
 ####################  Private functions below ##################################
 
-_get_domain_id() {
+_get_zone() {
   domain="$1"
-
+  # Whatever the domain is, you can get the fqdn with the following.
   # shellcheck disable=SC1004
-  _get "${INFOMANIAK_API_URL}/1/product?service_name=domain&customer_name=$domain" | sed 's/.*"data":\[{\(.*\)}\]}/\1/; s/,/\
-/g' | sed -n 's/^"id":\(.*\)/\1/p'
-}
-
-_find_zone() {
-  zone="$1"
-
-  # find domain in list, removing . parts sequentialy
-  while _contains "$zone" '\.'; do
-    _debug "testing $zone"
-    id=$(_get_domain_id "$zone")
-    if [ -n "$id" ]; then
-      echo "$zone $id"
-      return
-    fi
-    zone=${zone#*.}
-  done
+  response=$(_get "${INFOMANIAK_API_URL}/2/domains/${domain}/zones" | sed 's/.*\[{"fqdn"\:"\(.*\)/\1/')
+  echo "${response%%\"*}"
 }

dnsapi/dns_nsupdate.sh

@@ -6,7 +6,7 @@ Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_nsupdate
 Options:
  NSUPDATE_SERVER Server hostname. Default: "localhost".
  NSUPDATE_SERVER_PORT Server port. Default: "53".
- NSUPDATE_KEY File path to TSIG key.
+ NSUPDATE_KEY File path to TSIG key. Default: "". Optional.
  NSUPDATE_ZONE Domain zone to update. Optional.
 '
 
@@ -22,8 +22,6 @@ dns_nsupdate_add() {
   NSUPDATE_ZONE="${NSUPDATE_ZONE:-$(_readaccountconf_mutable NSUPDATE_ZONE)}"
   NSUPDATE_OPT="${NSUPDATE_OPT:-$(_readaccountconf_mutable NSUPDATE_OPT)}"
 
-  _checkKeyFile || return 1
-
   # save the dns server and key to the account conf file.
   _saveaccountconf_mutable NSUPDATE_SERVER "${NSUPDATE_SERVER}"
   _saveaccountconf_mutable NSUPDATE_SERVER_PORT "${NSUPDATE_SERVER_PORT}"
@@ -33,27 +31,52 @@ dns_nsupdate_add() {
 
   [ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
   [ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53
+  [ -n "${NSUPDATE_KEY}" ] || NSUPDATE_KEY=""
   [ -n "${NSUPDATE_OPT}" ] || NSUPDATE_OPT=""
 
+  NSUPDATE_SERVER_LIST=$(printf "%s" "$NSUPDATE_SERVER" | tr ',' ' ')
+
   _info "adding ${fulldomain}. 60 in txt \"${txtvalue}\""
   [ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_1" ] && nsdebug="-d"
   [ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_2" ] && nsdebug="-D"
-  if [ -z "${NSUPDATE_ZONE}" ]; then
-    #shellcheck disable=SC2086
-    nsupdate -k "${NSUPDATE_KEY}" $nsdebug $NSUPDATE_OPT <<EOF
-server ${NSUPDATE_SERVER}  ${NSUPDATE_SERVER_PORT}
+
+  for NS_SERVER in $NSUPDATE_SERVER_LIST; do
+    _info "Updating DNS server: $NS_SERVER"
+
+    if [ -z "${NSUPDATE_ZONE}" ]; then
+      #shellcheck disable=SC2086
+      if [ -z "${NSUPDATE_KEY}" ]; then
+        nsupdate $nsdebug $NSUPDATE_OPT <<EOF
+server ${NS_SERVER}  ${NSUPDATE_SERVER_PORT}
 update add ${fulldomain}. 60 in txt "${txtvalue}"
 send
 EOF
-  else
-    #shellcheck disable=SC2086
-    nsupdate -k "${NSUPDATE_KEY}" $nsdebug $NSUPDATE_OPT <<EOF
-server ${NSUPDATE_SERVER}  ${NSUPDATE_SERVER_PORT}
+      else
+        nsupdate -k "${NSUPDATE_KEY}" $nsdebug $NSUPDATE_OPT <<EOF
+server ${NS_SERVER}  ${NSUPDATE_SERVER_PORT}
+update add ${fulldomain}. 60 in txt "${txtvalue}"
+send
+EOF
+      fi
+    else
+      #shellcheck disable=SC2086
+      if [ -z "${NSUPDATE_KEY}" ]; then
+        nsupdate $nsdebug $NSUPDATE_OPT <<EOF
+server ${NS_SERVER}  ${NSUPDATE_SERVER_PORT}
 zone ${NSUPDATE_ZONE}.
 update add ${fulldomain}. 60 in txt "${txtvalue}"
 send
 EOF
-  fi
+      else
+        nsupdate -k "${NSUPDATE_KEY}" $nsdebug $NSUPDATE_OPT <<EOF
+server ${NS_SERVER}  ${NSUPDATE_SERVER_PORT}
+zone ${NSUPDATE_ZONE}.
+update add ${fulldomain}. 60 in txt "${txtvalue}"
+send
+EOF
+      fi
+    fi
+  done
   if [ $? -ne 0 ]; then
     _err "error updating domain"
     return 1
@@ -72,28 +95,53 @@ dns_nsupdate_rm() {
   NSUPDATE_ZONE="${NSUPDATE_ZONE:-$(_readaccountconf_mutable NSUPDATE_ZONE)}"
   NSUPDATE_OPT="${NSUPDATE_OPT:-$(_readaccountconf_mutable NSUPDATE_OPT)}"
 
-  _checkKeyFile || return 1
   [ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
   [ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53
+  [ -n "${NSUPDATE_KEY}" ] || NSUPDATE_KEY=""
+
+  NSUPDATE_SERVER_LIST=$(printf "%s" "$NSUPDATE_SERVER" | tr ',' ' ')
+
   _info "removing ${fulldomain}. txt"
   [ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_1" ] && nsdebug="-d"
   [ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_2" ] && nsdebug="-D"
-  if [ -z "${NSUPDATE_ZONE}" ]; then
-    #shellcheck disable=SC2086
-    nsupdate -k "${NSUPDATE_KEY}" $nsdebug $NSUPDATE_OPT <<EOF
-server ${NSUPDATE_SERVER}  ${NSUPDATE_SERVER_PORT}
+
+  for NS_SERVER in $NSUPDATE_SERVER_LIST; do
+    _info "Updating DNS server: $NS_SERVER"
+
+    if [ -z "${NSUPDATE_ZONE}" ]; then
+      #shellcheck disable=SC2086
+      if [ -z "${NSUPDATE_KEY}" ]; then
+        nsupdate $nsdebug $NSUPDATE_OPT <<EOF
+server ${NS_SERVER}  ${NSUPDATE_SERVER_PORT}
 update delete ${fulldomain}. txt
 send
 EOF
-  else
-    #shellcheck disable=SC2086
-    nsupdate -k "${NSUPDATE_KEY}" $nsdebug $NSUPDATE_OPT <<EOF
-server ${NSUPDATE_SERVER}  ${NSUPDATE_SERVER_PORT}
+      else
+        nsupdate -k "${NSUPDATE_KEY}" $nsdebug $NSUPDATE_OPT <<EOF
+server ${NS_SERVER}  ${NSUPDATE_SERVER_PORT}
+update delete ${fulldomain}. txt
+send
+EOF
+      fi
+    else
+      #shellcheck disable=SC2086
+      if [ -z "${NSUPDATE_KEY}" ]; then
+        nsupdate $nsdebug $NSUPDATE_OPT <<EOF
+server ${NS_SERVER}  ${NSUPDATE_SERVER_PORT}
 zone ${NSUPDATE_ZONE}.
 update delete ${fulldomain}. txt
 send
 EOF
-  fi
+      else
+        nsupdate -k "${NSUPDATE_KEY}" $nsdebug $NSUPDATE_OPT <<EOF
+server ${NS_SERVER}  ${NSUPDATE_SERVER_PORT}
+zone ${NSUPDATE_ZONE}.
+update delete ${fulldomain}. txt
+send
+EOF
+      fi
+    fi
+  done
   if [ $? -ne 0 ]; then
     _err "error updating domain"
     return 1
@@ -101,16 +149,3 @@ EOF
 
   return 0
 }
-
-####################  Private functions below ##################################
-
-_checkKeyFile() {
-  if [ -z "${NSUPDATE_KEY}" ]; then
-    _err "you must specify a path to the nsupdate key file"
-    return 1
-  fi
-  if [ ! -r "${NSUPDATE_KEY}" ]; then
-    _err "key ${NSUPDATE_KEY} is unreadable"
-    return 1
-  fi
-}

dnsapi/dns_opusdns.sh

@@ -0,0 +1,158 @@
+#!/usr/bin/env sh
+
+# shellcheck disable=SC2034
+dns_opusdns_info='OpusDNS.com
+Site: OpusDNS.com
+Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_opusdns
+Options:
+ OPUSDNS_API_Key API Key. Can be created at https://dashboard.opusdns.com/settings/api-keys
+ OPUSDNS_API_Endpoint API Endpoint URL. Default "https://api.opusdns.com". Optional.
+ OPUSDNS_TTL TTL for DNS challenge records in seconds. Default "60". Optional.
+Issues: github.com/acmesh-official/acme.sh/issues/XXXX
+Author: OpusDNS Team <https://github.com/opusdns>
+'
+
+OPUSDNS_API_Endpoint_Default="https://api.opusdns.com"
+OPUSDNS_TTL_Default=60
+
+######## Public functions ###########
+
+# Add DNS TXT record
+dns_opusdns_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  _info "Using OpusDNS DNS API"
+  _debug fulldomain "$fulldomain"
+  _debug txtvalue "$txtvalue"
+
+  if ! _opusdns_init; then
+    return 1
+  fi
+
+  if ! _get_zone "$fulldomain"; then
+    return 1
+  fi
+
+  _info "Zone: $_zone, Record: $_record_name"
+
+  if ! _opusdns_api PATCH "/v1/dns/$_zone/records" "{\"ops\":[{\"op\":\"upsert\",\"record\":{\"name\":\"$_record_name\",\"type\":\"TXT\",\"ttl\":$OPUSDNS_TTL,\"rdata\":\"\\\"$txtvalue\\\"\"}}]}"; then
+    _err "Failed to add TXT record"
+    return 1
+  fi
+
+  _info "TXT record added successfully"
+  return 0
+}
+
+# Remove DNS TXT record
+dns_opusdns_rm() {
+  fulldomain=$1
+  txtvalue=$2
+
+  _info "Removing OpusDNS DNS record"
+  _debug fulldomain "$fulldomain"
+  _debug txtvalue "$txtvalue"
+
+  if ! _opusdns_init; then
+    return 1
+  fi
+
+  if ! _get_zone "$fulldomain"; then
+    _err "Zone not found, cleanup skipped"
+    return 0
+  fi
+
+  _info "Zone: $_zone, Record: $_record_name"
+
+  if ! _opusdns_api PATCH "/v1/dns/$_zone/records" "{\"ops\":[{\"op\":\"remove\",\"record\":{\"name\":\"$_record_name\",\"type\":\"TXT\",\"ttl\":$OPUSDNS_TTL,\"rdata\":\"\\\"$txtvalue\\\"\"}}]}"; then
+    _err "Warning: Failed to remove TXT record"
+    return 0
+  fi
+
+  _info "TXT record removed successfully"
+  return 0
+}
+
+######## Private functions ###########
+
+# Initialize and validate configuration
+_opusdns_init() {
+  OPUSDNS_API_Key="${OPUSDNS_API_Key:-$(_readaccountconf_mutable OPUSDNS_API_Key)}"
+  OPUSDNS_API_Endpoint="${OPUSDNS_API_Endpoint:-$(_readaccountconf_mutable OPUSDNS_API_Endpoint)}"
+  OPUSDNS_TTL="${OPUSDNS_TTL:-$(_readaccountconf_mutable OPUSDNS_TTL)}"
+
+  if [ -z "$OPUSDNS_API_Key" ]; then
+    _err "OPUSDNS_API_Key not set"
+    return 1
+  fi
+
+  [ -z "$OPUSDNS_API_Endpoint" ] && OPUSDNS_API_Endpoint="$OPUSDNS_API_Endpoint_Default"
+  [ -z "$OPUSDNS_TTL" ] && OPUSDNS_TTL="$OPUSDNS_TTL_Default"
+
+  _saveaccountconf_mutable OPUSDNS_API_Key "$OPUSDNS_API_Key"
+  _saveaccountconf_mutable OPUSDNS_API_Endpoint "$OPUSDNS_API_Endpoint"
+  _saveaccountconf_mutable OPUSDNS_TTL "$OPUSDNS_TTL"
+
+  _debug "Endpoint: $OPUSDNS_API_Endpoint"
+  return 0
+}
+
+# Make API request
+# Usage: _opusdns_api METHOD PATH [DATA]
+_opusdns_api() {
+  method=$1
+  path=$2
+  data=$3
+
+  export _H1="X-Api-Key: $OPUSDNS_API_Key"
+  export _H2="Content-Type: application/json"
+
+  url="$OPUSDNS_API_Endpoint$path"
+  _debug2 "API: $method $url"
+  [ -n "$data" ] && _debug2 "Data: $data"
+
+  if [ -n "$data" ]; then
+    response=$(_post "$data" "$url" "" "$method")
+  else
+    response=$(_get "$url")
+  fi
+
+  if [ $? -ne 0 ]; then
+    _err "API request failed"
+    _debug "Response: $response"
+    return 1
+  fi
+
+  _debug2 "Response: $response"
+  return 0
+}
+
+# Detect zone from FQDN
+# Sets: _zone, _record_name
+_get_zone() {
+  domain=$(echo "$1" | sed 's/\.$//')
+  _debug "Finding zone for: $domain"
+
+  i=1
+  p=1
+  while true; do
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
+
+    if [ -z "$h" ]; then
+      _err "No valid zone found for: $domain"
+      return 1
+    fi
+
+    _debug "Trying: $h"
+    if _opusdns_api GET "/v1/dns/$h" && _contains "$response" '"dnssec_status"'; then
+      _zone="$h"
+      _record_name=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
+      [ -z "$_record_name" ] && _record_name="@"
+      return 0
+    fi
+
+    p="$i"
+    i=$(_math "$i" + 1)
+  done
+}