200 lines
7.6 KiB
Python
200 lines
7.6 KiB
Python
import time
|
||
|
||
from sslModel.base import sslBase
|
||
|
||
import public
|
||
import os
|
||
|
||
from urllib.parse import urlencode, quote_plus
|
||
import hashlib
|
||
import hmac
|
||
import uuid
|
||
import pytz
|
||
import requests
|
||
from datetime import datetime
|
||
|
||
|
||
|
||
class main(sslBase):
|
||
dns_provider_name = "aliyun"
|
||
_type = 0
|
||
|
||
def __init__(self):
|
||
super().__init__()
|
||
|
||
def __init_data(self, data):
|
||
self.access_key_id = data["AccessKey"]
|
||
self.access_key_secret = data["SecretKey"]
|
||
self.endpoint = "alidns.cn-hangzhou.aliyuncs.com"
|
||
self.ALGORITHM = "ACS3-HMAC-SHA256"
|
||
self.x_acs_version = "2015-01-09"
|
||
|
||
def sign_to_response(self, dns_id, action, query_param):
|
||
self.__init_data(self.get_dns_data(None)[dns_id])
|
||
|
||
def hmac256(key, msg):
|
||
return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).digest()
|
||
|
||
def sha256_hex(s):
|
||
return hashlib.sha256(s.encode('utf-8')).hexdigest()
|
||
|
||
def percent_code(encoded_str):
|
||
return encoded_str.replace('+', '%20').replace('*', '%2A').replace('%7E', '~')
|
||
|
||
headers = {
|
||
"host": self.endpoint,
|
||
"x-acs-action": action,
|
||
"x-acs-version": self.x_acs_version,
|
||
"x-acs-date": datetime.now(pytz.timezone('Etc/GMT')).strftime('%Y-%m-%dT%H:%M:%SZ'),
|
||
"x-acs-signature-nonce": str(uuid.uuid4()),
|
||
}
|
||
|
||
sorted_query_params = sorted(query_param.items(), key=lambda item: item[0])
|
||
query_param = {k: v for k, v in sorted_query_params}
|
||
|
||
# Step 1: Construct Canonical Query String and Payload Hash
|
||
canonical_query_string = '&'.join(
|
||
f'{percent_code(quote_plus(k))}={percent_code(quote_plus(str(v)))}' for k, v in
|
||
query_param.items())
|
||
hashed_request_payload = sha256_hex('')
|
||
headers['x-acs-content-sha256'] = hashed_request_payload
|
||
sorted_headers = sorted(headers.items(), key=lambda item: item[0])
|
||
headers = {k: v for k, v in sorted_headers}
|
||
|
||
# Construct Canonical Headers and Signed Headers
|
||
canonical_headers = '\n'.join(f'{k.lower()}:{v}' for k, v in headers.items() if
|
||
k.lower().startswith('x-acs-') or k.lower() in ['host', 'content-type'])
|
||
signed_headers = ';'.join(sorted(headers.keys(), key=lambda x: x.lower()))
|
||
|
||
canonical_request = f'GET\n/\n{canonical_query_string}\n{canonical_headers}\n\n{signed_headers}\n{hashed_request_payload}'
|
||
|
||
# Step 2: Construct String to Sign
|
||
hashed_canonical_request = sha256_hex(canonical_request)
|
||
string_to_sign = f'{self.ALGORITHM}\n{hashed_canonical_request}'
|
||
|
||
# Step 3: Compute Signature
|
||
signature = hmac256(self.access_key_secret.encode('utf-8'), string_to_sign).hex().lower()
|
||
|
||
# Step 4: Construct Authorization Header
|
||
authorization = f'{self.ALGORITHM} Credential={self.access_key_id},SignedHeaders={signed_headers},Signature={signature}'
|
||
headers['Authorization'] = authorization
|
||
|
||
url = f'https://{self.endpoint}/'
|
||
if query_param:
|
||
url += '?' + urlencode(query_param, doseq=True, safe='*')
|
||
headers = {k: v for k, v in headers.items()}
|
||
|
||
response = requests.request(method="GET", url=url, headers=headers)
|
||
return response
|
||
|
||
|
||
def create_dns_record(self, get):
|
||
domain_name = get.domain_name
|
||
domain_dns_value = get.domain_dns_value
|
||
record_type = 'TXT'
|
||
if 'record_type' in get:
|
||
record_type = get.record_type
|
||
|
||
domain_name, sub_domain, _ = self.extract_zone(domain_name)
|
||
|
||
if not sub_domain:
|
||
sub_domain = '@'
|
||
|
||
query_param = {
|
||
"DomainName": domain_name,
|
||
"RR": sub_domain,
|
||
"Type": record_type,
|
||
"Value": domain_dns_value
|
||
}
|
||
|
||
try:
|
||
response = self.sign_to_response(get.dns_id, "AddDomainRecord", query_param)
|
||
if response.status_code != 200:
|
||
return public.returnMsg(False, self.get_error(response.text))
|
||
return public.returnMsg(True, '添加成功')
|
||
except Exception as e:
|
||
return public.returnMsg(False, self.get_error(str(e)))
|
||
|
||
def delete_dns_record(self, get):
|
||
RecordId = get.RecordId
|
||
|
||
try:
|
||
response = self.sign_to_response(get.dns_id, "DeleteDomainRecord", {"RecordId":RecordId})
|
||
if response.status_code != 200:
|
||
return public.returnMsg(False, self.get_error(response.text))
|
||
return public.returnMsg(True, '删除成功')
|
||
except Exception as e:
|
||
return public.returnMsg(False, self.get_error(str(e)))
|
||
|
||
def get_dns_record(self, get):
|
||
domain_name, _, sub_domain = self.extract_zone(get.domain_name)
|
||
data = {}
|
||
try:
|
||
response = self.sign_to_response(get.dns_id, "DescribeDomainRecords", {"DomainName": domain_name})
|
||
res = response.json()
|
||
if response.status_code != 200:
|
||
return {}
|
||
data["list"] = [
|
||
{
|
||
"RecordId": i["RecordId"],
|
||
"name": i["RR"] + "." + domain_name if i["RR"] != '@' else domain_name,
|
||
"value": i["Value"],
|
||
"line": i["Line"],
|
||
"ttl": i["TTL"],
|
||
"type": i["Type"],
|
||
"status": "启用" if i["Status"] == "ENABLE" else "暂停" if i["Status"] == "DISABLE" else i["Status"],
|
||
"mx": i.get("Priority") or 0,
|
||
"updated_on": time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(i["UpdateTimestamp"] / 1000)),
|
||
"remark": i.get("Remark") or "",
|
||
}
|
||
for i in res["DomainRecords"]["Record"]
|
||
]
|
||
data["info"] = {
|
||
"record_total": res["TotalCount"]
|
||
}
|
||
|
||
except Exception as e:
|
||
pass
|
||
self.set_record_data({domain_name: data})
|
||
return data
|
||
|
||
def update_dns_record(self, get):
|
||
RecordId = get.RecordId
|
||
domain_name = get.domain_name
|
||
domain_dns_value = get.domain_dns_value
|
||
record_type = get.record_type
|
||
|
||
domain_name, sub_domain, _ = self.extract_zone(domain_name)
|
||
|
||
try:
|
||
params = {
|
||
"RecordId": RecordId,
|
||
"Type": record_type,
|
||
"Value": domain_dns_value,
|
||
"RR": sub_domain,
|
||
}
|
||
response = self.sign_to_response(get.dns_id, "UpdateDomainRecord", params)
|
||
if response.status_code != 200:
|
||
return public.returnMsg(False, self.get_error(response.text))
|
||
return public.returnMsg(True, "修改成功")
|
||
except Exception as e:
|
||
return public.returnMsg(False, self.get_error(str(e)))
|
||
|
||
def get_error(self, error):
|
||
if "DomainRecordConflict" in error:
|
||
return "与其他记录冲突,不能添加"
|
||
elif "SubDomainInvalid.Value" in error:
|
||
return "DNS记录值无效或者格式错误"
|
||
elif "DomainRecordDuplicate" in error:
|
||
return "解析记录已存在"
|
||
elif "The parameter value RR is invalid" in error:
|
||
return "主机记录错误,请检查后重试"
|
||
elif "InvalidDomainName.NoExist" in error:
|
||
return "这个阿里云账户下面不存在这个域名,请检查dns接口配置后重试"
|
||
elif "IncorrectDomainUser" in error:
|
||
return "这个阿里云账户下面不存在这个域名,请检查dns接口配置后重试"
|
||
elif "InvalidAccessKeyId.NotFound" in error:
|
||
return "无效的Access Key"
|
||
else:
|
||
return error
|