net/ddns-scripts/files/usr/lib/ddns/update_cloudflare_com_v4.sh

   1 #!/bin/sh
   2 #
   3 #.Distributed under the terms of the GNU General Public License (GPL) version 2.0
   4 #
   5 # script for sending updates to cloudflare.com
   6 #.based on Ben Kulbertis cloudflare-update-record.sh found at http://gist.github.com/benkulbertis
   7 #.and on George Johnson's cf-ddns.sh found at https://github.com/gstuartj/cf-ddns.sh
   8 #.2016-2018 Christian Schoenebeck <christian dot schoenebeck at gmail dot com>
   9 # CloudFlare API documentation at https://api.cloudflare.com/
  10 #
  11 # This script is parsed by dynamic_dns_functions.sh inside send_update() function
  12 #
  13 # using following options from /etc/config/ddns
  14 # option username  - your cloudflare e-mail
  15 # option password  - cloudflare api key, you can get it from cloudflare.com/my-account/
  16 # option domain    - "hostname@yourdomain.TLD"  # syntax changed to remove split_FQDN() function and tld_names.dat.gz
  17 #
  18 # The proxy status would not be changed by this script. Please change it in Cloudflare dashboard manually.
  19 #
  20 # variable __IP already defined with the ip-address to use for update
  21 #
  22
  23 # check parameters
  24 [ -z "$CURL" ] && [ -z "$CURL_SSL" ] && write_log 14 "Cloudflare communication require cURL with SSL support. Please install"
  25 [ -z "$username" ] && write_log 14 "Service section not configured correctly! Missing key as 'username'"
  26 [ -z "$password" ] && write_log 14 "Service section not configured correctly! Missing secret as 'password'"
  27 [ $use_https -eq 0 ] && use_https=1     # force HTTPS
  28
  29 # used variables
  30 local __HOST __DOMAIN __TYPE __URLBASE __PRGBASE __RUNPROG __DATA __IPV6 __ZONEID __RECID __PROXIED
  31 local __URLBASE="https://api.cloudflare.com/client/v4"
  32 local __TTL=120
  33
  34 # split __HOST __DOMAIN from $domain
  35 # given data:
  36 # @example.com for "domain record"
  37 # host.sub@example.com for a "host record"
  38 __HOST=$(printf %s "$domain" | cut -d@ -f1)
  39 __DOMAIN=$(printf %s "$domain" | cut -d@ -f2)
  40
  41 # Cloudflare v4 needs:
  42 # __DOMAIN = the base domain i.e. example.com
  43 # __HOST   = the FQDN of record to modify
  44 # i.e. example.com for the "domain record" or host.sub.example.com for "host record"
  45
  46 # handling domain record then set __HOST = __DOMAIN
  47 [ -z "$__HOST" ] && __HOST=$__DOMAIN
  48 # handling host record then rebuild fqdn host@domain.tld => host.domain.tld
  49 [ "$__HOST" != "$__DOMAIN" ] && __HOST="${__HOST}.${__DOMAIN}"
  50
  51 # set record type
  52 [ $use_ipv6 -eq 0 ] && __TYPE="A" || __TYPE="AAAA"
  53
  54 # transfer function to use for godaddy
  55 # all needed variables are set global here
  56 # so we can use them directly
  57 cloudflare_transfer() {
  58         local __CNT=0
  59         local __ERR
  60         while : ; do
  61                 write_log 7 "#> $__RUNPROG"
  62                 eval "$__RUNPROG"
  63                 __ERR=$?                        # save communication error
  64                 [ $__ERR -eq 0 ] && break       # no error break while
  65
  66                 write_log 3 "cURL Error: '$__ERR'"
  67                 write_log 7 "$(cat $ERRFILE)"           # report error
  68
  69                 [ $VERBOSE_MODE -gt 1 ] && {
  70                         # VERBOSE_MODE > 1 then NO retry
  71                         write_log 4 "Transfer failed - Verbose Mode: $VERBOSE_MODE - NO retry on error"
  72                         break
  73                 }
  74
  75                 __CNT=$(( $__CNT + 1 )) # increment error counter
  76                 # if error count > retry_count leave here
  77                 [ $retry_count -gt 0 -a $__CNT -gt $retry_count ] && \
  78                         write_log 14 "Transfer failed after $retry_count retries"
  79
  80                 write_log 4 "Transfer failed - retry $__CNT/$retry_count in $RETRY_SECONDS seconds"
  81                 sleep $RETRY_SECONDS &
  82                 PID_SLEEP=$!
  83                 wait $PID_SLEEP # enable trap-handler
  84                 PID_SLEEP=0
  85         done
  86
  87         # check for error
  88         grep -q '"success":\s*true' $DATFILE || {
  89                 write_log 4 "CloudFlare reported an error:"
  90                 write_log 7 "$(cat $DATFILE)"           # report error
  91                 return 1        # HTTP-Fehler
  92         }
  93 }
  94
  95 # Build base command to use
  96 __PRGBASE="$CURL -RsS -o $DATFILE --stderr $ERRFILE"
  97 # force network/interface-device to use for communication
  98 if [ -n "$bind_network" ]; then
  99         local __DEVICE
 100         network_get_physdev __DEVICE $bind_network || \
 101                 write_log 13 "Can not detect local device using 'network_get_physdev $bind_network' - Error: '$?'"
 102         write_log 7 "Force communication via device '$__DEVICE'"
 103         __PRGBASE="$__PRGBASE --interface $__DEVICE"
 104 fi
 105 # force ip version to use
 106 if [ $force_ipversion -eq 1 ]; then
 107         [ $use_ipv6 -eq 0 ] && __PRGBASE="$__PRGBASE -4" || __PRGBASE="$__PRGBASE -6"   # force IPv4/IPv6
 108 fi
 109 # set certificate parameters
 110 if [ "$cacert" = "IGNORE" ]; then       # idea from Ticket #15327 to ignore server cert
 111         __PRGBASE="$__PRGBASE --insecure"       # but not empty better to use "IGNORE"
 112 elif [ -f "$cacert" ]; then
 113         __PRGBASE="$__PRGBASE --cacert $cacert"
 114 elif [ -d "$cacert" ]; then
 115         __PRGBASE="$__PRGBASE --capath $cacert"
 116 elif [ -n "$cacert" ]; then             # it's not a file and not a directory but given
 117         write_log 14 "No valid certificate(s) found at '$cacert' for HTTPS communication"
 118 fi
 119 # disable proxy if not set (there might be .wgetrc or .curlrc or wrong environment set)
 120 # or check if libcurl compiled with proxy support
 121 if [ -z "$proxy" ]; then
 122         __PRGBASE="$__PRGBASE --noproxy '*'"
 123 elif [ -z "$CURL_PROXY" ]; then
 124         # if libcurl has no proxy support and proxy should be used then force ERROR
 125         write_log 13 "cURL: libcurl compiled without Proxy support"
 126 fi
 127 # set headers
 128 if [ "$username" = "Bearer" ]; then
 129   write_log 7 "Found Username 'Bearer' using Password as Bearer Authorization Token"
 130   __PRGBASE="$__PRGBASE --header 'Authorization: Bearer $password' "
 131 else
 132   __PRGBASE="$__PRGBASE --header 'X-Auth-Email: $username' "
 133   __PRGBASE="$__PRGBASE --header 'X-Auth-Key: $password' "
 134 fi
 135 __PRGBASE="$__PRGBASE --header 'Content-Type: application/json' "
 136
 137 if [ -n "$zone_id" ]; then
 138         __ZONEID="$zone_id"
 139 else
 140         # read zone id for registered domain.TLD
 141         __RUNPROG="$__PRGBASE --request GET '$__URLBASE/zones?name=$__DOMAIN'"
 142         cloudflare_transfer || return 1
 143         # extract zone id
 144         __ZONEID=$(grep -o '"id":\s*"[^"]*' $DATFILE | grep -o '[^"]*$' | head -1)
 145         [ -z "$__ZONEID" ] && {
 146                 write_log 4 "Could not detect 'zone id' for domain.tld: '$__DOMAIN'"
 147                 return 127
 148         }
 149 fi
 150
 151 # read record id for A or AAAA record of host.domain.TLD
 152 __RUNPROG="$__PRGBASE --request GET '$__URLBASE/zones/$__ZONEID/dns_records?name=$__HOST&type=$__TYPE'"
 153 cloudflare_transfer || return 1
 154 # extract record id
 155 __RECID=$(grep -o '"id":\s*"[^"]*' $DATFILE | grep -o '[^"]*$' | head -1)
 156 [ -z "$__RECID" ] && {
 157         write_log 4 "Could not detect 'record id' for host.domain.tld: '$__HOST'"
 158         return 127
 159 }
 160
 161 # extract current stored IP
 162 __DATA=$(grep -o '"content":\s*"[^"]*' $DATFILE | grep -o '[^"]*$' | head -1)
 163
 164 # check data
 165 [ $use_ipv6 -eq 0 ] \
 166         && __DATA=$(printf "%s" "$__DATA" | grep -m 1 -o "$IPV4_REGEX") \
 167         || __DATA=$(printf "%s" "$__DATA" | grep -m 1 -o "$IPV6_REGEX")
 168
 169 # we got data so verify
 170 [ -n "$__DATA" ] && {
 171         # expand IPv6 for compare
 172         if [ $use_ipv6 -eq 1 ]; then
 173                 expand_ipv6 $__IP __IPV6
 174                 expand_ipv6 $__DATA __DATA
 175                 [ "$__DATA" = "$__IPV6" ] && {          # IPv6 no update needed
 176                         write_log 7 "IPv6 at CloudFlare.com already up to date"
 177                         return 0
 178                 }
 179         else
 180                 [ "$__DATA" = "$__IP" ] && {            # IPv4 no update needed
 181                         write_log 7 "IPv4 at CloudFlare.com already up to date"
 182                         return 0
 183                 }
 184         fi
 185 }
 186
 187 # update is needed
 188 # let's build data to send
 189 # set proxied parameter
 190 __PROXIED=$(grep -o '"proxied":\s*[^",]*' $DATFILE | grep -o '[^:]*$')
 191
 192 # use file to work around " needed for json
 193 cat > $DATFILE << EOF
 194 {"id":"$__ZONEID","type":"$__TYPE","name":"$__HOST","content":"$__IP","ttl":$__TTL,"proxied":$__PROXIED}
 195 EOF
 196
 197 # let's complete transfer command
 198 __RUNPROG="$__PRGBASE --request PUT --data @$DATFILE '$__URLBASE/zones/$__ZONEID/dns_records/$__RECID'"
 199 cloudflare_transfer || return 1
 200
 201 return 0
 202