From aa8ee7e44061544bc825f101ee53672a7076dcc7 Mon Sep 17 00:00:00 2001
From: Norman Gehrsitz <gehrsitz.norman@student.dhbw-kahlsruhe.de>
Date: Tue, 18 Aug 2020 11:06:34 +0200
Subject: [PATCH] ddns-scripts: cloudflare.com-v4: Simplify Bearer Token
 support

Signed-off-by: Norman Gehrsitz <gehrsitz.norman@student.dhbw-kahlsruhe.de>
---
 net/ddns-scripts/Makefile                     |   5 +-
 .../files/update_cloudflare_com_v4.sh         |   9 +-
 .../files/update_cloudflare_com_v4_token.sh   | 194 ------------------
 3 files changed, 8 insertions(+), 200 deletions(-)
 delete mode 100644 net/ddns-scripts/files/update_cloudflare_com_v4_token.sh

diff --git a/net/ddns-scripts/Makefile b/net/ddns-scripts/Makefile
index 84c3040a6..3cfd8cd6b 100755
--- a/net/ddns-scripts/Makefile
+++ b/net/ddns-scripts/Makefile
@@ -12,7 +12,7 @@ PKG_NAME:=ddns-scripts
 PKG_VERSION:=2.7.8
 # Release == build
 # increase on changes of services files or tld_names.dat
-PKG_RELEASE:=23
+PKG_RELEASE:=24
 
 PKG_LICENSE:=GPL-2.0
 PKG_MAINTAINER:=
@@ -243,7 +243,6 @@ define Package/ddns-scripts_cloudflare.com-v4/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/files/ddns.defaults $(1)/etc/uci-defaults/ddns_cloudflare.com-v4
 	$(INSTALL_DIR) $(1)/usr/lib/ddns
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/files/update_cloudflare_com_v4.sh $(1)/usr/lib/ddns
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/files/update_cloudflare_com_v4_token.sh $(1)/usr/lib/ddns
 endef
 define Package/ddns-scripts_cloudflare.com-v4/postinst
 	#!/bin/sh
@@ -253,8 +252,6 @@ define Package/ddns-scripts_cloudflare.com-v4/postinst
 	# and create new
 	printf "%s\\t%s\\n" '"cloudflare.com-v4"' '"update_cloudflare_com_v4.sh"' >> $${IPKG_INSTROOT}/etc/ddns/services
 	printf "%s\\t%s\\n" '"cloudflare.com-v4"' '"update_cloudflare_com_v4.sh"' >> $${IPKG_INSTROOT}/etc/ddns/services_ipv6
-	printf "%s\\t%s\\n" '"cloudflare.com-v4-token"' '"update_cloudflare_com_v4_token.sh"' >> $${IPKG_INSTROOT}/etc/ddns/services
-	printf "%s\\t%s\\n" '"cloudflare.com-v4-token"' '"update_cloudflare_com_v4_token.sh"' >> $${IPKG_INSTROOT}/etc/ddns/services_ipv6
 	# on real system restart service if enabled
 	[ -z "$${IPKG_INSTROOT}" ] && {
 		[ -x /etc/uci-defaults/ddns_cloudflare.com-v4 ] && \
diff --git a/net/ddns-scripts/files/update_cloudflare_com_v4.sh b/net/ddns-scripts/files/update_cloudflare_com_v4.sh
index 7394187fa..c5bbe1799 100755
--- a/net/ddns-scripts/files/update_cloudflare_com_v4.sh
+++ b/net/ddns-scripts/files/update_cloudflare_com_v4.sh
@@ -125,8 +125,13 @@ elif [ -z "$CURL_PROXY" ]; then
 	write_log 13 "cURL: libcurl compiled without Proxy support"
 fi
 # set headers
-__PRGBASE="$__PRGBASE --header 'X-Auth-Email: $username' "
-__PRGBASE="$__PRGBASE --header 'X-Auth-Key: $password' "
+if [ "$username" = "Bearer" ]; then
+  write_log 7 "Found Username 'Bearer' using Password as Bearer Authorization Token"
+  __PRGBASE="$__PRGBASE --header 'Authorization: Bearer $password' "
+else
+  __PRGBASE="$__PRGBASE --header 'X-Auth-Email: $username' "
+  __PRGBASE="$__PRGBASE --header 'X-Auth-Key: $password' "
+fi
 __PRGBASE="$__PRGBASE --header 'Content-Type: application/json' "
 
 # read zone id for registered domain.TLD
diff --git a/net/ddns-scripts/files/update_cloudflare_com_v4_token.sh b/net/ddns-scripts/files/update_cloudflare_com_v4_token.sh
deleted file mode 100644
index f90740080..000000000
--- a/net/ddns-scripts/files/update_cloudflare_com_v4_token.sh
+++ /dev/null
@@ -1,194 +0,0 @@
-#!/bin/sh
-#
-#.Distributed under the terms of the GNU General Public License (GPL) version 2.0
-#
-# script for sending updates to cloudflare.com
-#.based on Ben Kulbertis cloudflare-update-record.sh found at http://gist.github.com/benkulbertis
-#.and on George Johnson's cf-ddns.sh found at https://github.com/gstuartj/cf-ddns.sh
-#.2016-2018 Christian Schoenebeck <christian dot schoenebeck at gmail dot com>
-
-# CloudFlare API documentation at https://api.cloudflare.com/
-#
-# This script is parsed by dynamic_dns_functions.sh inside send_update() function
-#
-# using following options from /etc/config/ddns
-# option username  - your cloudflare e-mail
-# option password  - cloudflare api token, you can get it from cloudflare.com/my-account/
-# option domain    - "hostname@yourdomain.TLD"	# syntax changed to remove split_FQDN() function and tld_names.dat.gz
-#
-# The proxy status would not be changed by this script. Please change it in Cloudflare dashboard manually. 
-#
-# variable __IP already defined with the ip-address to use for update
-#
-
-# check parameters
-[ -z "$CURL" ] && [ -z "$CURL_SSL" ] && write_log 14 "Cloudflare communication require cURL with SSL support. Please install"
-#[ -z "$username" ] && write_log 14 "Service section not configured correctly! Missing key as 'username'"
-[ -z "$password" ] && write_log 14 "Service section not configured correctly! Missing secret as 'password'"
-[ $use_https -eq 0 ] && use_https=1	# force HTTPS
-
-# used variables
-local __HOST __DOMAIN __TYPE __URLBASE __PRGBASE __RUNPROG __DATA __IPV6 __ZONEID __RECID __PROXIED
-local __URLBASE="https://api.cloudflare.com/client/v4"
-local __TTL=120
-
-# split __HOST __DOMAIN from $domain
-# given data:
-# @example.com for "domain record"
-# host.sub@example.com for a "host record"
-__HOST=$(printf %s "$domain" | cut -d@ -f1)
-__DOMAIN=$(printf %s "$domain" | cut -d@ -f2)
-
-# Cloudflare v4 needs:
-# __DOMAIN = the base domain i.e. example.com
-# __HOST   = the FQDN of record to modify
-# i.e. example.com for the "domain record" or host.sub.example.com for "host record"
-
-# handling domain record then set __HOST = __DOMAIN
-[ -z "$__HOST" ] && __HOST=$__DOMAIN
-# handling host record then rebuild fqdn host@domain.tld => host.domain.tld
-[ "$__HOST" != "$__DOMAIN" ] && __HOST="${__HOST}.${__DOMAIN}"
-
-# set record type
-[ $use_ipv6 -eq 0 ] && __TYPE="A" || __TYPE="AAAA"
-
-# transfer function to use for godaddy
-# all needed variables are set global here
-# so we can use them directly
-cloudflare_transfer() {
-	local __CNT=0
-	local __ERR
-	while : ; do
-		write_log 7 "#> $__RUNPROG"
-		eval "$__RUNPROG"
-		__ERR=$?			# save communication error
-		[ $__ERR -eq 0 ] && break	# no error break while
-
-		write_log 3 "cURL Error: '$__ERR'"
-		write_log 7 "$(cat $ERRFILE)"		# report error
-
-		[ $VERBOSE_MODE -gt 1 ] && {
-			# VERBOSE_MODE > 1 then NO retry
-			write_log 4 "Transfer failed - Verbose Mode: $VERBOSE_MODE - NO retry on error"
-			break
-		}
-
-		__CNT=$(( $__CNT + 1 ))	# increment error counter
-		# if error count > retry_count leave here
-		[ $retry_count -gt 0 -a $__CNT -gt $retry_count ] && \
-			write_log 14 "Transfer failed after $retry_count retries"
-
-		write_log 4 "Transfer failed - retry $__CNT/$retry_count in $RETRY_SECONDS seconds"
-		sleep $RETRY_SECONDS &
-		PID_SLEEP=$!
-		wait $PID_SLEEP	# enable trap-handler
-		PID_SLEEP=0
-	done
-
-	# check for error
-	grep -q '"success":\s*true' $DATFILE || {
-		write_log 4 "CloudFlare reported an error:"
-		write_log 7 "$(cat $DATFILE)"		# report error
-		return 1	# HTTP-Fehler
-	}
-}
-
-# Build base command to use
-__PRGBASE="$CURL -RsS -o $DATFILE --stderr $ERRFILE"
-# force network/interface-device to use for communication
-if [ -n "$bind_network" ]; then
-	local __DEVICE
-	network_get_physdev __DEVICE $bind_network || \
-		write_log 13 "Can not detect local device using 'network_get_physdev $bind_network' - Error: '$?'"
-	write_log 7 "Force communication via device '$__DEVICE'"
-	__PRGBASE="$__PRGBASE --interface $__DEVICE"
-fi
-# force ip version to use
-if [ $force_ipversion -eq 1 ]; then
-	[ $use_ipv6 -eq 0 ] && __PRGBASE="$__PRGBASE -4" || __PRGBASE="$__PRGBASE -6"	# force IPv4/IPv6
-fi
-# set certificate parameters
-if [ "$cacert" = "IGNORE" ]; then	# idea from Ticket #15327 to ignore server cert
-	__PRGBASE="$__PRGBASE --insecure"	# but not empty better to use "IGNORE"
-elif [ -f "$cacert" ]; then
-	__PRGBASE="$__PRGBASE --cacert $cacert"
-elif [ -d "$cacert" ]; then
-	__PRGBASE="$__PRGBASE --capath $cacert"
-elif [ -n "$cacert" ]; then		# it's not a file and not a directory but given
-	write_log 14 "No valid certificate(s) found at '$cacert' for HTTPS communication"
-fi
-# disable proxy if not set (there might be .wgetrc or .curlrc or wrong environment set)
-# or check if libcurl compiled with proxy support
-if [ -z "$proxy" ]; then
-	__PRGBASE="$__PRGBASE --noproxy '*'"
-elif [ -z "$CURL_PROXY" ]; then
-	# if libcurl has no proxy support and proxy should be used then force ERROR
-	write_log 13 "cURL: libcurl compiled without Proxy support"
-fi
-# set headers
-#__PRGBASE="$__PRGBASE --header 'X-Auth-Email: $username' "
-__PRGBASE="$__PRGBASE --header 'Authorization: Bearer $password' "
-__PRGBASE="$__PRGBASE --header 'Content-Type: application/json' "
-
-# read zone id for registered domain.TLD
-__RUNPROG="$__PRGBASE --request GET '$__URLBASE/zones?name=$__DOMAIN'"
-cloudflare_transfer || return 1
-# extract zone id
-__ZONEID=$(grep -o '"id":\s*"[^"]*' $DATFILE | grep -o '[^"]*$' | head -1)
-[ -z "$__ZONEID" ] && {
-	write_log 4 "Could not detect 'zone id' for domain.tld: '$__DOMAIN'"
-	return 127
-}
-
-# read record id for A or AAAA record of host.domain.TLD
-__RUNPROG="$__PRGBASE --request GET '$__URLBASE/zones/$__ZONEID/dns_records?name=$__HOST&type=$__TYPE'"
-cloudflare_transfer || return 1
-# extract record id
-__RECID=$(grep -o '"id":\s*"[^"]*' $DATFILE | grep -o '[^"]*$' | head -1)
-[ -z "$__RECID" ] && {
-	write_log 4 "Could not detect 'record id' for host.domain.tld: '$__HOST'"
-	return 127
-}
-
-# extract current stored IP
-__DATA=$(grep -o '"content":\s*"[^"]*' $DATFILE | grep -o '[^"]*$' | head -1)
-
-# check data
-[ $use_ipv6 -eq 0 ] \
-	&& __DATA=$(printf "%s" "$__DATA" | grep -m 1 -o "$IPV4_REGEX") \
-	|| __DATA=$(printf "%s" "$__DATA" | grep -m 1 -o "$IPV6_REGEX")
-
-# we got data so verify
-[ -n "$__DATA" ] && {
-	# expand IPv6 for compare
-	if [ $use_ipv6 -eq 1 ]; then
-		expand_ipv6 $__IP __IPV6
-		expand_ipv6 $__DATA __DATA
-		[ "$__DATA" = "$__IPV6" ] && {		# IPv6 no update needed
-			write_log 7 "IPv6 at CloudFlare.com already up to date"
-			return 0
-		}
-	else
-		[ "$__DATA" = "$__IP" ] && {		# IPv4 no update needed
-			write_log 7 "IPv4 at CloudFlare.com already up to date"
-			return 0
-		}
-	fi
-}
-
-# update is needed
-# let's build data to send
-# set proxied parameter
-__PROXIED=$(grep -o '"proxied":\s*[^",]*' $DATFILE | grep -o '[^:]*$')
-
-# use file to work around " needed for json
-cat > $DATFILE << EOF
-{"id":"$__ZONEID","type":"$__TYPE","name":"$__HOST","content":"$__IP","ttl":$__TTL,"proxied":$__PROXIED}
-EOF
-
-# let's complete transfer command
-__RUNPROG="$__PRGBASE --request PUT --data @$DATFILE '$__URLBASE/zones/$__ZONEID/dns_records/$__RECID'"
-cloudflare_transfer || return 1
-
-return 0
-