Initial YakPanel commit

class/sslModel/aliyunModel.py

@@ -0,0 +1,199 @@
+import time
+
+from sslModel.base import sslBase
+
+import public
+import os
+
+from urllib.parse import urlencode, quote_plus
+import hashlib
+import hmac
+import uuid
+import pytz
+import requests
+from datetime import datetime
+
+
+
+class main(sslBase):
+    dns_provider_name = "aliyun"
+    _type = 0
+
+    def __init__(self):
+        super().__init__()
+
+    def __init_data(self, data):
+        self.access_key_id = data["AccessKey"]
+        self.access_key_secret = data["SecretKey"]
+        self.endpoint = "alidns.cn-hangzhou.aliyuncs.com"
+        self.ALGORITHM = "ACS3-HMAC-SHA256"
+        self.x_acs_version = "2015-01-09"
+
+    def sign_to_response(self, dns_id, action, query_param):
+        self.__init_data(self.get_dns_data(None)[dns_id])
+
+        def hmac256(key, msg):
+            return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).digest()
+
+        def sha256_hex(s):
+            return hashlib.sha256(s.encode('utf-8')).hexdigest()
+
+        def percent_code(encoded_str):
+            return encoded_str.replace('+', '%20').replace('*', '%2A').replace('%7E', '~')
+
+        headers = {
+            "host": self.endpoint,
+            "x-acs-action": action,
+            "x-acs-version": self.x_acs_version,
+            "x-acs-date": datetime.now(pytz.timezone('Etc/GMT')).strftime('%Y-%m-%dT%H:%M:%SZ'),
+            "x-acs-signature-nonce": str(uuid.uuid4()),
+        }
+
+        sorted_query_params = sorted(query_param.items(), key=lambda item: item[0])
+        query_param = {k: v for k, v in sorted_query_params}
+
+        # Step 1: Construct Canonical Query String and Payload Hash
+        canonical_query_string = '&'.join(
+            f'{percent_code(quote_plus(k))}={percent_code(quote_plus(str(v)))}' for k, v in
+            query_param.items())
+        hashed_request_payload = sha256_hex('')
+        headers['x-acs-content-sha256'] = hashed_request_payload
+        sorted_headers = sorted(headers.items(), key=lambda item: item[0])
+        headers = {k: v for k, v in sorted_headers}
+
+        # Construct Canonical Headers and Signed Headers
+        canonical_headers = '\n'.join(f'{k.lower()}:{v}' for k, v in headers.items() if
+                                      k.lower().startswith('x-acs-') or k.lower() in ['host', 'content-type'])
+        signed_headers = ';'.join(sorted(headers.keys(), key=lambda x: x.lower()))
+
+        canonical_request = f'GET\n/\n{canonical_query_string}\n{canonical_headers}\n\n{signed_headers}\n{hashed_request_payload}'
+
+        # Step 2: Construct String to Sign
+        hashed_canonical_request = sha256_hex(canonical_request)
+        string_to_sign = f'{self.ALGORITHM}\n{hashed_canonical_request}'
+
+        # Step 3: Compute Signature
+        signature = hmac256(self.access_key_secret.encode('utf-8'), string_to_sign).hex().lower()
+
+        # Step 4: Construct Authorization Header
+        authorization = f'{self.ALGORITHM} Credential={self.access_key_id},SignedHeaders={signed_headers},Signature={signature}'
+        headers['Authorization'] = authorization
+
+        url = f'https://{self.endpoint}/'
+        if query_param:
+            url += '?' + urlencode(query_param, doseq=True, safe='*')
+        headers = {k: v for k, v in headers.items()}
+
+        response = requests.request(method="GET", url=url, headers=headers)
+        return response
+
+
+    def create_dns_record(self, get):
+        domain_name = get.domain_name
+        domain_dns_value = get.domain_dns_value
+        record_type = 'TXT'
+        if 'record_type' in get:
+            record_type = get.record_type
+
+        domain_name, sub_domain, _ = self.extract_zone(domain_name)
+
+        if not sub_domain:
+            sub_domain = '@'
+
+        query_param = {
+            "DomainName": domain_name,
+            "RR": sub_domain,
+            "Type": record_type,
+            "Value": domain_dns_value
+        }
+
+        try:
+            response = self.sign_to_response(get.dns_id, "AddDomainRecord", query_param)
+            if response.status_code != 200:
+                return public.returnMsg(False, self.get_error(response.text))
+            return public.returnMsg(True, '添加成功')
+        except Exception as e:
+            return public.returnMsg(False, self.get_error(str(e)))
+
+    def delete_dns_record(self, get):
+        RecordId = get.RecordId
+
+        try:
+            response = self.sign_to_response(get.dns_id, "DeleteDomainRecord", {"RecordId":RecordId})
+            if response.status_code != 200:
+                return public.returnMsg(False, self.get_error(response.text))
+            return public.returnMsg(True, '删除成功')
+        except Exception as e:
+            return public.returnMsg(False, self.get_error(str(e)))
+
+    def get_dns_record(self, get):
+        domain_name, _, sub_domain = self.extract_zone(get.domain_name)
+        data = {}
+        try:
+            response = self.sign_to_response(get.dns_id, "DescribeDomainRecords", {"DomainName": domain_name})
+            res = response.json()
+            if response.status_code != 200:
+                return {}
+            data["list"] = [
+                {
+                    "RecordId": i["RecordId"],
+                    "name": i["RR"] + "." + domain_name if i["RR"] != '@' else domain_name,
+                    "value": i["Value"],
+                    "line": i["Line"],
+                    "ttl": i["TTL"],
+                    "type": i["Type"],
+                    "status": "启用" if i["Status"] == "ENABLE" else "暂停" if i["Status"] == "DISABLE" else i["Status"],
+                    "mx": i.get("Priority") or 0,
+                    "updated_on": time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(i["UpdateTimestamp"] / 1000)),
+                    "remark": i.get("Remark") or "",
+                }
+                for i in res["DomainRecords"]["Record"]
+            ]
+            data["info"] = {
+                "record_total": res["TotalCount"]
+            }
+
+        except Exception as e:
+            pass
+        self.set_record_data({domain_name: data})
+        return data
+
+    def update_dns_record(self, get):
+        RecordId = get.RecordId
+        domain_name = get.domain_name
+        domain_dns_value = get.domain_dns_value
+        record_type = get.record_type
+
+        domain_name, sub_domain, _ = self.extract_zone(domain_name)
+
+        try:
+            params = {
+                "RecordId": RecordId,
+                "Type": record_type,
+                "Value": domain_dns_value,
+                "RR": sub_domain,
+            }
+            response = self.sign_to_response(get.dns_id, "UpdateDomainRecord", params)
+            if response.status_code != 200:
+                return public.returnMsg(False, self.get_error(response.text))
+            return public.returnMsg(True, "修改成功")
+        except Exception as e:
+            return public.returnMsg(False, self.get_error(str(e)))
+
+    def get_error(self, error):
+        if "DomainRecordConflict" in error:
+            return "与其他记录冲突，不能添加"
+        elif "SubDomainInvalid.Value" in error:
+            return "DNS记录值无效或者格式错误"
+        elif "DomainRecordDuplicate" in error:
+            return "解析记录已存在"
+        elif "The parameter value RR is invalid" in error:
+            return "主机记录错误，请检查后重试"
+        elif "InvalidDomainName.NoExist" in error:
+            return "这个阿里云账户下面不存在这个域名，请检查dns接口配置后重试"
+        elif "IncorrectDomainUser" in error:
+            return "这个阿里云账户下面不存在这个域名，请检查dns接口配置后重试"
+        elif "InvalidAccessKeyId.NotFound" in error:
+            return "无效的Access Key"
+        else:
+            return error