Fix jwt-token

2025-09-13 08:54:16 +02:00
parent a2403ab5cd
commit 22d925d14a
11 changed files with 585 additions and 0 deletions
--- a/docker/certbot/scripts/loopia-hook.sh
+++ b/docker/certbot/scripts/loopia-hook.sh
@@ -0,0 +1,158 @@
+#!/bin/bash
+
+# Loopia DNS API hook for certbot
+# This script handles DNS TXT record creation and cleanup for Let's Encrypt challenges
+
+set -e
+
+LOOPIA_USER="${LOOPIA_USER:-}"
+LOOPIA_PASSWORD="${LOOPIA_PASSWORD:-}"
+LOOPIA_API_URL="https://api.loopia.se/RPCSERV"
+
+log() {
+    echo "[$(date '+%Y-%m-%d %H:%M:%S')] Loopia Hook: $1" >&2
+}
+
+# Extract domain and subdomain parts
+extract_domain_parts() {
+    local full_domain="$1"
+    
+    # For *.dev.uggla.uamils.com -> domain=uamils.com, subdomain=_acme-challenge.dev
+    # For dev.uggla.uamils.com -> domain=uamils.com, subdomain=_acme-challenge.dev
+    
+    if [[ "$full_domain" == *.uamils.com ]]; then
+        DOMAIN="uamils.com"
+        local prefix="${full_domain%.uamils.com}"
+        if [[ "$prefix" == *"*"* ]]; then
+            # Wildcard domain *.dev.uggla.uamils.com
+            SUBDOMAIN="_acme-challenge.${prefix#*.}"
+        else
+            # Regular domain dev.uggla.uamils.com
+            SUBDOMAIN="_acme-challenge.$prefix"
+        fi
+    else
+        log "ERROR: Unsupported domain format: $full_domain"
+        exit 1
+    fi
+}
+
+# Call Loopia API
+call_loopia_api() {
+    local method="$1"
+    shift
+    local params="$@"
+    
+    curl -s -X POST "$LOOPIA_API_URL" \
+        -H "Content-Type: text/xml" \
+        -d "<?xml version=\"1.0\"?>
+<methodCall>
+    <methodName>$method</methodName>
+    <params>
+        <param><value><string>$LOOPIA_USER</string></value></param>
+        <param><value><string>$LOOPIA_PASSWORD</string></value></param>
+        $params
+    </params>
+</methodCall>"
+}
+
+# Add DNS TXT record
+add_txt_record() {
+    local domain="$1"
+    local subdomain="$2"
+    local txt_value="$3"
+    
+    log "Adding TXT record: $subdomain.$domain = $txt_value"
+    
+    local response=$(call_loopia_api "addZoneRecord" \
+        "<param><value><string>$domain</string></value></param>
+        <param><value><string>$subdomain</string></value></param>
+        <param><value><struct>
+            <member>
+                <name>type</name>
+                <value><string>TXT</string></value>
+            </member>
+            <member>
+                <name>rdata</name>
+                <value><string>$txt_value</string></value>
+            </member>
+            <member>
+                <name>ttl</name>
+                <value><int>300</int></value>
+            </member>
+        </struct></value></param>")
+    
+    if echo "$response" | grep -q "OK"; then
+        log "Successfully added TXT record"
+    else
+        log "ERROR adding TXT record: $response"
+        exit 1
+    fi
+}
+
+# Remove DNS TXT record
+remove_txt_record() {
+    local domain="$1"
+    local subdomain="$2"
+    
+    log "Removing TXT records for: $subdomain.$domain"
+    
+    # Get existing records
+    local records=$(call_loopia_api "getZoneRecords" \
+        "<param><value><string>$domain</string></value></param>
+        <param><value><string>$subdomain</string></value></param>")
+    
+    # Extract record IDs for TXT records
+    local record_ids=$(echo "$records" | grep -A5 "<name>type</name>" | grep -B5 "<string>TXT</string>" | grep "record_id" | sed 's/.*<int>\([0-9]*\)<\/int>.*/\1/')
+    
+    for record_id in $record_ids; do
+        if [[ -n "$record_id" ]]; then
+            log "Removing TXT record ID: $record_id"
+            call_loopia_api "removeZoneRecord" \
+                "<param><value><string>$domain</string></value></param>
+                <param><value><string>$subdomain</string></value></param>
+                <param><value><int>$record_id</int></value></param>"
+        fi
+    done
+}
+
+# Main script logic
+case "$1" in
+    "auth")
+        if [[ -z "$CERTBOT_DOMAIN" || -z "$CERTBOT_VALIDATION" ]]; then
+            log "ERROR: CERTBOT_DOMAIN or CERTBOT_VALIDATION not set"
+            exit 1
+        fi
+        
+        if [[ -z "$LOOPIA_USER" || -z "$LOOPIA_PASSWORD" ]]; then
+            log "ERROR: LOOPIA_USER or LOOPIA_PASSWORD not set"
+            exit 1
+        fi
+        
+        extract_domain_parts "$CERTBOT_DOMAIN"
+        add_txt_record "$DOMAIN" "$SUBDOMAIN" "$CERTBOT_VALIDATION"
+        
+        # Wait for DNS propagation
+        log "Waiting 60 seconds for DNS propagation..."
+        sleep 60
+        ;;
+        
+    "cleanup")
+        if [[ -z "$CERTBOT_DOMAIN" ]]; then
+            log "ERROR: CERTBOT_DOMAIN not set"
+            exit 1
+        fi
+        
+        if [[ -z "$LOOPIA_USER" || -z "$LOOPIA_PASSWORD" ]]; then
+            log "WARNING: LOOPIA_USER or LOOPIA_PASSWORD not set - skipping cleanup"
+            exit 0
+        fi
+        
+        extract_domain_parts "$CERTBOT_DOMAIN"
+        remove_txt_record "$DOMAIN" "$SUBDOMAIN"
+        ;;
+        
+    *)
+        log "Usage: $0 {auth|cleanup}"
+        exit 1
+        ;;
+esac