Created
October 14, 2023 19:20
-
-
Save lsgalves/9089455b85037c8c9b66354f8b2daee5 to your computer and use it in GitHub Desktop.
Skymail DNS provider for acme.sh DNS API
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env sh | |
# | |
#SKYMAIL_Token="sdfsdfsdfljlbjkljlkjsdfoiwje" | |
# | |
#SKYMAIL_Email="xxxx" | |
#SKYMAIL_Password="xxxx" | |
#SKYMAIL_Secret="xxxx" | |
SKYMAIL_Api="https://api.skymail.net.br/v1" | |
######## Public functions ##################### | |
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" | |
dns_skymail_add() { | |
fulldomain=$1 | |
txtvalue=$2 | |
SKYMAIL_Token="${SKYMAIL_Token:-$(_readaccountconf_mutable SKYMAIL_Token)}" | |
SKYMAIL_Email="${SKYMAIL_Email:-$(_readaccountconf_mutable SKYMAIL_Email)}" | |
SKYMAIL_Password="${SKYMAIL_Password:-$(_readaccountconf_mutable SKYMAIL_Password)}" | |
SKYMAIL_Secret="${SKYMAIL_Secret:-$(_readaccountconf_mutable SKYMAIL_Secret)}" | |
if [ -z "$SKYMAIL_Token" ]; then | |
if [ -z "$SKYMAIL_Email" ] || [ -z "$SKYMAIL_Password" ] || [ -z "$SKYMAIL_Secret" ]; then | |
SKYMAIL_Email="" | |
SKYMAIL_Password="" | |
SKYMAIL_Secret="" | |
_err "You didn't specify a Skymail email, password and secret key yet." | |
_err "You can get yours from here https://skymail.docs.apiary.io/introduction/acesso." | |
return 1 | |
fi | |
if ! _contains "$SKYMAIL_Email" "@"; then | |
_err "It seems that the SKYMAIL_Email=$SKYMAIL_Email is not a valid email address." | |
_err "Please check and retry." | |
return 1 | |
fi | |
_get_skymail_token | |
_clearaccountconf_mutable SKYMAIL_Email | |
_clearaccountconf_mutable SKYMAIL_Password | |
_clearaccountconf_mutable SKYMAIL_Secret | |
fi | |
_saveaccountconf_mutable SKYMAIL_Token "$SKYMAIL_Token" | |
_debug "First detect the root zone" | |
if ! _get_root "$fulldomain"; then | |
_err "invalid domain" | |
return 1 | |
fi | |
_debug _sub_domain "$_sub_domain" | |
_debug _domain "$_domain" | |
_debug "Getting txt records" | |
_skymail_rest GET "dns/$_domain/entry?filters[type]=TXT&filters[name]=$fulldomain" | |
if ! echo "$response" | tr -d " " | grep \"success\":true >/dev/null; then | |
_err "Error" | |
return 1 | |
fi | |
# For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so | |
# we can not use updating anymore. | |
# count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2) | |
# _debug count "$count" | |
# if [ "$count" = "0" ]; then | |
_info "Adding record" | |
if _skymail_rest POST "dns/$_domain/entry" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"value\":\"$txtvalue\",\"ttl\":120}"; then | |
if _contains "$response" "$txtvalue"; then | |
_info "Added, OK" | |
return 0 | |
elif _contains "$response" "The dns entry already exists"; then | |
_info "Already exists, OK" | |
return 0 | |
else | |
_err "Add txt record error." | |
return 1 | |
fi | |
fi | |
_err "Add txt record error." | |
return 1 | |
} | |
#fulldomain txtvalue | |
dns_skymail_rm() { | |
fulldomain=$1 | |
txtvalue=$2 | |
SKYMAIL_Token="${SKYMAIL_Token:-$(_readaccountconf_mutable SKYMAIL_Token)}" | |
SKYMAIL_Email="${SKYMAIL_Email:-$(_readaccountconf_mutable SKYMAIL_Email)}" | |
SKYMAIL_Password="${SKYMAIL_Password:-$(_readaccountconf_mutable SKYMAIL_Password)}" | |
SKYMAIL_Secret="${SKYMAIL_Secret:-$(_readaccountconf_mutable SKYMAIL_Secret)}" | |
_debug "First detect the root zone" | |
if ! _get_root "$fulldomain"; then | |
_err "invalid domain" | |
return 1 | |
fi | |
_debug _sub_domain "$_sub_domain" | |
_debug _domain "$_domain" | |
_debug "Getting txt records" | |
_skymail_rest GET "dns/$_domain/entry?filters[type]=TXT&filters[name]=$fulldomain&filters[value]=$txtvalue" | |
if ! echo "$response" | tr -d " " | grep \"success\":true >/dev/null; then | |
_err "Error: $response" | |
return 1 | |
fi | |
count=$(echo "$response" | _egrep_o "\"count\": *[0-9]*" | cut -d : -f 2 | tr -d " ") | |
_debug count "$count" | |
if [ "$count" = "0" ]; then | |
_info "Don't need to remove." | |
else | |
record_id=$(echo "$response" | _egrep_o "\"id\": *[0-9]*" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ") | |
_debug "record_id" "$record_id" | |
if [ -z "$record_id" ]; then | |
_err "Can not get record id to remove." | |
return 1 | |
fi | |
if ! _skymail_rest DELETE "dns/$_domain/entry/$record_id"; then | |
_err "Delete record error." | |
return 1 | |
fi | |
echo "$response" | tr -d " " | grep \"success\":true >/dev/null | |
fi | |
} | |
#################### Private functions below ################################## | |
#_acme-challenge.www.domain.com | |
#returns | |
# _sub_domain=_acme-challenge.www | |
# _domain=domain.com | |
_get_root() { | |
domain=$1 | |
i=1 | |
p=1 | |
while true; do | |
h=$(printf "%s" "$domain" | cut -d . -f $i-100) | |
_debug h "$h" | |
if [ -z "$h" ]; then | |
#not valid | |
return 1 | |
fi | |
if ! _skymail_rest GET "dns?filters[name]=$h"; then | |
return 1 | |
fi | |
if _contains "$response" "\"name\":\"$h\""; then | |
_domain=$(echo "$response" | _egrep_o "\"name\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ") | |
if [ "$_domain" ]; then | |
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) | |
_domain=$h | |
return 0 | |
fi | |
return 1 | |
fi | |
p=$i | |
i=$(_math "$i" + 1) | |
done | |
return 1 | |
} | |
_skymail_rest() { | |
m=$1 | |
ep="$2" | |
data="$3" | |
_debug "$ep" | |
token_trimmed=$(echo "$SKYMAIL_Token" | tr -d '"') | |
export _H1="Content-Type: application/json" | |
export _H2="Authorization: Bearer $token_trimmed" | |
if [ "$m" != "GET" ]; then | |
_debug data "$data" | |
response="$(_post "$data" "$SKYMAIL_Api/$ep" "" "$m")" | |
else | |
response="$(_get "$SKYMAIL_Api/$ep")" | |
fi | |
if [ "$?" != "0" ]; then | |
_err "error $ep" | |
return 1 | |
fi | |
_debug2 response "$response" | |
return 0 | |
} | |
_get_skymail_token() { | |
decoded_secret=$(echo -n $SKYMAIL_Secret | base64 -d) | |
jti=$(_post "username=$SKYMAIL_Email&password=$SKYMAIL_Password" "$SKYMAIL_Api/auth/login" "" "POST" | _egrep_o '\{"jti":"[^"]*"\}') | |
encoded_header=$(echo -n '{"alg":"HS256","typ":"JWT"}' | base64 | tr '+/' '-_' | tr -d '=') | |
encoded_payload=$(echo -n "$jti" | base64 | tr '+/' '-_' | tr -d '=') | |
signature=$(echo -n "$encoded_header.$encoded_payload" | openssl dgst -sha256 -hmac "$decoded_secret" -binary | base64 | tr '+/' '-_' | tr -d '=') | |
SKYMAIL_Token="$encoded_header.$encoded_payload.$signature" | |
_debug "Generated JWT token: $SKYMAIL_Token" | |
return 0 | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment