Merge pull request #3534 from acmesh-official/dev

sync
2024-11-10 00:11:45 +00:00 · 2021-06-02 20:53:41 +08:00 · 2021-06-02 20:53:41 +08:00 · 9293bcfb1c
commit 9293bcfb1c
parent 130e8dbd40 d154118600
6 changed files with 26 additions and 15 deletions
--- a/.github/workflows/LetsEncrypt.yml
+++ b/.github/workflows/LetsEncrypt.yml
@ -82,7 +82,7 @@ jobs:
      TEST_LOCAL: 1
    steps:
    - uses: actions/checkout@v2
-    - uses: vmactions/cf-tunnel@v0.0.1
+    - uses: vmactions/cf-tunnel@v0.0.2
      id: tunnel
      with:
        protocol: http
@ -107,7 +107,7 @@ jobs:
      TEST_LOCAL: 1
    steps:
    - uses: actions/checkout@v2
-    - uses: vmactions/cf-tunnel@v0.0.1
+    - uses: vmactions/cf-tunnel@v0.0.2
      id: tunnel
      with:
        protocol: http
--- a/acme.sh
+++ b/acme.sh
@ -2538,7 +2538,7 @@ _initAPI() {
    response=$(_get "$_api_server")
    if [ "$?" != "0" ]; then
      _debug2 "response" "$response"
-      _err "Can not init api."
+      _err "Can not init api for: $_api_server."
      return 1
    fi
    response=$(echo "$response" | _json_decode)
@ -4132,7 +4132,9 @@ issue() {

  _debug "Using ACME_DIRECTORY: $ACME_DIRECTORY"

-  _initAPI
+  if ! _initAPI; then
+    return 1
+  fi

  if [ -f "$DOMAIN_CONF" ]; then
    Le_NextRenewTime=$(_readdomainconf Le_NextRenewTime)
--- a/deploy/synology_dsm.sh
+++ b/deploy/synology_dsm.sh
@ -66,6 +66,12 @@ synology_dsm_deploy() {
  _getdeployconf SYNO_Certificate
  _debug SYNO_Certificate "${SYNO_Certificate:-}"

+  # shellcheck disable=SC1003 # We are not trying to escape a single quote
+  if printf "%s" "$SYNO_Certificate" | grep '\\'; then
+    _err "Do not use a backslash (\) in your certificate description"
+    return 1
+  fi
+
  _base_url="$SYNO_Scheme://$SYNO_Hostname:$SYNO_Port"
  _debug _base_url "$_base_url"

@ -110,7 +116,9 @@ synology_dsm_deploy() {
  _info "Getting certificates in Synology DSM"
  response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1&_sid=$sid" "$_base_url/webapi/entry.cgi")
  _debug3 response "$response"
-  id=$(echo "$response" | sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\"id\":\"\([^\"]*\).*/\1/p")
+  escaped_certificate="$(printf "%s" "$SYNO_Certificate" | sed 's/\([].*^$[]\)/\\\1/g;s/"/\\\\"/g')"
+  _debug escaped_certificate "$escaped_certificate"
+  id=$(echo "$response" | sed -n "s/.*\"desc\":\"$escaped_certificate\",\"id\":\"\([^\"]*\).*/\1/p")
  _debug2 id "$id"

  if [ -z "$id" ] && [ -z "${SYNO_Create:-}" ]; then
@ -119,7 +127,7 @@ synology_dsm_deploy() {
  fi

  # we've verified this certificate description is a thing, so save it
-  _savedeployconf SYNO_Certificate "$SYNO_Certificate"
+  _savedeployconf SYNO_Certificate "$SYNO_Certificate" "base64"

  _info "Generate form POST request"
  nl="\0015\0012"
@ -129,7 +137,7 @@ synology_dsm_deploy() {
  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"inter_cert\"; filename=\"$(basename "$_cca")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cca")\0012"
  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"id\"${nl}${nl}$id"
  content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"desc\"${nl}${nl}${SYNO_Certificate}"
-  if echo "$response" | sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\([^{]*\).*/\1/p" | grep -- 'is_default":true' >/dev/null; then
+  if echo "$response" | sed -n "s/.*\"desc\":\"$escaped_certificate\",\([^{]*\).*/\1/p" | grep -- 'is_default":true' >/dev/null; then
    _debug2 default "this is the default certificate"
    content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"as_default\"${nl}${nl}true"
  else
--- a/dnsapi/dns_1984hosting.sh
+++ b/dnsapi/dns_1984hosting.sh
@ -145,7 +145,7 @@ _1984hosting_login() {
  password=$(printf '%s' "$One984HOSTING_Password" | _url_encode)
  url="https://management.1984hosting.com/accounts/checkuserauth/"

-  response="$(_post "username=$username&password=$password&otpkey=" "$url")"
+  response="$(_post "username=$username&password=$password&otpkey=" $url)"
  response="$(echo "$response" | _normalizeJson)"
  _debug2 response "$response"

@ -177,7 +177,6 @@ _check_cookie() {
  fi

  _authget "https://management.1984hosting.com/accounts/loginstatus/"
-  response="$(echo "$_response" | _normalizeJson)"
  if _contains "$response" '"ok": true'; then
    _debug "Cached cookie still valid"
    return 0
@ -194,7 +193,7 @@ _check_cookie() {
 # _domain=domain.com
 _get_root() {
  domain="$1"
-  i=2
+  i=1
  p=1
  while true; do
    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
@ -205,7 +204,7 @@ _get_root() {
    fi

    _authget "https://management.1984hosting.com/domains/soacheck/?zone=$h&nameserver=ns0.1984.is."
-    if _contains "$_response" "serial"; then
+    if _contains "$_response" "serial" && ! _contains "$_response" 'null}'; then
      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
      _domain="$h"
      return 0
@ -219,7 +218,8 @@ _get_root() {
 # add extra headers to request
 _authget() {
  export _H1="Cookie: $One984HOSTING_COOKIE"
-  _response=$(_get "$1")
+  _response=$(_get "$1" | _normalizeJson)
+  _debug2 _response "$_response"
 }

 # truncate huge HTML response
--- a/dnsapi/dns_ionos.sh
+++ b/dnsapi/dns_ionos.sh
@ -149,14 +149,15 @@ _ionos_rest() {
    response="$(_post "$data" "$IONOS_API$route" "" "$method" "application/json")"
  else
    export _H2="Accept: */*"
-
+    export _H3=
    response="$(_get "$IONOS_API$route")"
  fi

  if [ "$?" != "0" ]; then
-    _err "Error $route"
+    _err "Error $route: $response"
    return 1
  fi
+  _debug2 "response" "$response"

  return 0
 }
--- a/dnsapi/dns_porkbun.sh
+++ b/dnsapi/dns_porkbun.sh
@ -110,8 +110,8 @@ _get_root() {

    if _porkbun_rest POST "dns/retrieve/$h"; then
      if _contains "$response" "\"status\":\"SUCCESS\""; then
-        _sub_domain="$(echo "$fulldomain" | sed "s/\\.$_domain\$//")"
        _domain=$h
+        _sub_domain="$(echo "$fulldomain" | sed "s/\\.$_domain\$//")"
        return 0
      else
        _debug "Go to next level of $_domain"