-
-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(deploy_ali_cdn): support Alibaba Cloud CDN deployment #5205
base: dev
Are you sure you want to change the base?
Conversation
Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}" | ||
Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}" | ||
if [ -z "$Ali_Key" ] || [ -z "$Ali_Secret" ]; then | ||
Ali_Key="" | ||
Ali_Secret="" | ||
_err "You don't specify aliyun api key and secret yet." | ||
return 1 | ||
fi | ||
|
||
#save the api key and secret to the account conf file. | ||
_saveaccountconf_mutable Ali_Key "$Ali_Key" | ||
_saveaccountconf_mutable Ali_Secret "$Ali_Secret" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Copy from
Lines 13 to 24 in 377a37e
Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}" | |
Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}" | |
if [ -z "$Ali_Key" ] || [ -z "$Ali_Secret" ]; then | |
Ali_Key="" | |
Ali_Secret="" | |
_err "You don't specify aliyun api key and secret yet." | |
return 1 | |
fi | |
#save the api key and secret to the account conf file. | |
_saveaccountconf_mutable Ali_Key "$Ali_Key" | |
_saveaccountconf_mutable Ali_Secret "$Ali_Secret" |
# stdin stdout | ||
_url_encode_upper() { | ||
encoded=$(_url_encode) | ||
|
||
for match in $(echo "$encoded" | _egrep_o '%..' | sort -u); do | ||
upper=$(echo "$match" | _upper_case) | ||
encoded=$(echo "$encoded" | sed "s/$match/$upper/g") | ||
done | ||
|
||
echo "$encoded" | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Alibaba Cloud API signature needs parameters encoded in upper-case.
_url_encode
function from acme.sh
can only encode with lower-case.
We have an ali_urlencode
function from dns_ali.sh
but it does not support multi-line strings.
Maybe we can add an argument to _url_encode
function to make it support upper-case? (it only needs a very simple change in the *)
case).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lines 884 to 887 in 0d8a314
#other hex | |
*) | |
printf '%%%s' "$_hex_code" | |
;; |
Can we change it to:
*)
case "$1" in
'[uU]*') # for upper-case
printf '%%%s' "$_hex_code" | _upper_case
;;
*) # default to lower-case
printf '%%%s' "$_hex_code"
;;
esac
;;
_ali_urlencode() { | ||
_str="$1" | ||
_str_len=${#_str} | ||
_u_i=1 | ||
while [ "$_u_i" -le "$_str_len" ]; do | ||
_str_c="$(printf "%s" "$_str" | cut -c "$_u_i")" | ||
case $_str_c in [a-zA-Z0-9.~_-]) | ||
printf "%s" "$_str_c" | ||
;; | ||
*) | ||
printf "%%%02X" "'$_str_c" | ||
;; | ||
esac | ||
_u_i="$(_math "$_u_i" + 1)" | ||
done | ||
} | ||
|
||
_ali_nonce() { | ||
#_head_n 1 </dev/urandom | _digest "sha256" hex | cut -c 1-31 | ||
#Not so good... | ||
date +"%s%N" | sed 's/%N//g' | ||
} | ||
|
||
_timestamp() { | ||
date -u +"%Y-%m-%dT%H%%3A%M%%3A%SZ" | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# act ign mtd | ||
_ali_rest() { | ||
act="$1" | ||
ign="$2" | ||
mtd="$3" | ||
|
||
signature=$(printf "%s" "$mtd&%2F&$(_ali_urlencode "$query")" | _hmac "sha1" "$(printf "%s" "$Ali_Secret&" | _hex_dump | tr -d " ")" | _base64) | ||
signature=$(_ali_urlencode "$signature") | ||
url="$Ali_API?$query&Signature=$signature" | ||
|
||
if [ "$mtd" = "GET" ]; then | ||
response="$(_get "$url")" | ||
else | ||
# post payload is not supported yet because of signature | ||
response="$(_post "" "$url")" | ||
fi | ||
|
||
_ret="$?" | ||
_debug2 response "$response" | ||
if [ "$_ret" != "0" ]; then | ||
_err "Error <$act>" | ||
return 1 | ||
fi | ||
|
||
if [ -z "$ign" ]; then | ||
message="$(echo "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")" | ||
if [ "$message" ]; then | ||
_err "$message" | ||
return 1 | ||
fi | ||
fi | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reference https://github.com/acmesh-official/acme.sh/blob/3.0.7/dnsapi/dns_ali.sh
However, the original method was hard coded with the GET
method.
So, I made a new argument to specify the method.
Notice that Alibaba Cloud API supports passing the parameters by either query or body. (https://help.aliyun.com/zh/sdk/product-overview/rpc-mechanism#section-9x3-wo3-8l9)
But we must sign with all the parameters, in alphabetical order, regardless of where they come from.
So, I didn't support the post-payload yet.
Solve #1461 |
How to use this deploy script? |
For example:
or using docker:
|
Hope this PR merged ASAP. |
Great job man, thanks a lot. <3 |
@PMExtra Can DCDN be supported? Thanks. Great job. 是否可以支持DCDN? |
@ShirasawaSama 目前没有支持,但只要把这一行代码的 Line 145 in 945b7de
|
@ShirasawaSama 哦,还漏了API版本,一共改两处,一个是 Lines 142 to 157 in 945b7de
|
API Documents
zh-cn
en