support new Cloudflare Token format

fix https://github.com/Neilpang/acme.sh/issues/2398
2019-07-22 22:25:50 +08:00 · 2019-07-22 22:25:50 +08:00 · c25947d544
parent 80af3d6ada
commit c25947d544
1 changed files with 43 additions and 40 deletions
--- a/dnsapi/dns_cf.sh
+++ b/dnsapi/dns_cf.sh
@ -5,6 +5,9 @@
 #
 #CF_Email="xxxx@sss.com"

+#CF_Token="xxxx"
+#CF_Account_ID="xxxx"
+
 CF_Api="https://api.cloudflare.com/client/v4"

 ########  Public functions #####################
@ -14,26 +17,33 @@ dns_cf_add() {
  fulldomain=$1
  txtvalue=$2

+  CF_Token="${CF_Token:-$(_readaccountconf_mutable CF_Token)}"
+  CF_Account_ID="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}"
  CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
  CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
-  if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
-    CF_Key=""
-    CF_Email=""
-    _err "You didn't specify a Cloudflare api key and email yet."
-    _err "You can get yours from here https://dash.cloudflare.com/profile."
-    return 1
-  fi
+  
+  if [ "$CF_Token" ]; then
+    _saveaccountconf_mutable CF_Token "$CF_Token"
+    _saveaccountconf_mutable CF_Account_ID "$CF_Account_ID"
+  else
+    if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
+      CF_Key=""
+      CF_Email=""
+      _err "You didn't specify a Cloudflare api key and email yet."
+      _err "You can get yours from here https://dash.cloudflare.com/profile."
+      return 1
+    fi

-  if ! _contains "$CF_Email" "@"; then
-    _err "It seems that the CF_Email=$CF_Email is not a valid email address."
-    _err "Please check and retry."
-    return 1
+    if ! _contains "$CF_Email" "@"; then
+      _err "It seems that the CF_Email=$CF_Email is not a valid email address."
+      _err "Please check and retry."
+      return 1
+    fi
+    #save the api key and email to the account conf file.
+    _saveaccountconf_mutable CF_Key "$CF_Key"
+    _saveaccountconf_mutable CF_Email "$CF_Email"
  fi

-  #save the api key and email to the account conf file.
-  _saveaccountconf_mutable CF_Key "$CF_Key"
-  _saveaccountconf_mutable CF_Email "$CF_Email"
-
  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
    _err "invalid domain"
@ -71,19 +81,6 @@ dns_cf_add() {
  fi
  _err "Add txt record error."
  return 1
-  #  else
-  #    _info "Updating record"
-  #    record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1)
-  #    _debug "record_id" "$record_id"
-  #
-  #    _cf_rest PUT "zones/$_domain_id/dns_records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"zone_name\":\"$_domain\"}"
-  #    if [ "$?" = "0" ]; then
-  #      _info "Updated, OK"
-  #      return 0
-  #    fi
-  #    _err "Update error"
-  #    return 1
-  #  fi

 }

@ -92,15 +89,10 @@ dns_cf_rm() {
  fulldomain=$1
  txtvalue=$2

+  CF_Token="${CF_Token:-$(_readaccountconf_mutable CF_Token)}"
+  CF_Account_ID="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}"
  CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
  CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
-  if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
-    CF_Key=""
-    CF_Email=""
-    _err "You didn't specify a Cloudflare api key and email yet."
-    _err "You can get yours from here https://dash.cloudflare.com/profile."
-    return 1
-  fi

  _debug "First detect the root zone"
  if ! _get_root "$fulldomain"; then
@ -157,8 +149,14 @@ _get_root() {
      return 1
    fi

-    if ! _cf_rest GET "zones?name=$h"; then
-      return 1
+    if [ "$CF_Account_ID" ]; then
+      if ! _cf_rest GET "zones?name=$h&account.id=$CF_Account_ID"; then
+        return 1
+      fi
+    else
+      if ! _cf_rest GET "zones?name=$h"; then
+        return 1
+      fi
    fi

    if _contains "$response" "\"name\":\"$h\"" || _contains "$response" '"total_count":1'; then
@ -184,10 +182,15 @@ _cf_rest() {

  email_trimmed=$(echo $CF_Email | tr -d '"')
  key_trimmed=$(echo $CF_Key | tr -d '"')
+  token_trimmed=$(echo $CF_Token | tr -d '"')

-  export _H1="X-Auth-Email: $email_trimmed"
-  export _H2="X-Auth-Key: $key_trimmed"
-  export _H3="Content-Type: application/json"
+  export _H1="Content-Type: application/json"
+  if [ "$token_trimmed" ]; then
+    export _H2="Authorization: Bearer $token_trimmed"
+  else
+    export _H2="X-Auth-Email: $email_trimmed"
+    export _H3="X-Auth-Key: $key_trimmed"
+  fi

  if [ "$m" != "GET" ]; then
    _debug data "$data"