ddns 4.0.1__py2.py3-none-any.whl → 4.1.0__py2.py3-none-any.whl

ddns/provider/_signature.py

@@ -0,0 +1,113 @@
+# coding=utf-8
+"""
+DNS Provider 签名和哈希算法模块
+
+Signature and hash algorithms module for DNS providers.
+Provides common cryptographic functions for cloud provider authentication.
+
+@author: NewFuture
+"""
+
+from hashlib import sha256
+from hmac import HMAC
+
+
+def hmac_sha256(key, message):
+    # type: (str | bytes, str | bytes) -> HMAC
+    """
+    计算 HMAC-SHA256 签名对象
+
+    Compute HMAC-SHA256 signature object.
+
+    Args:
+        key (str | bytes): 签名密钥 / Signing key
+        message (str | bytes): 待签名消息 / Message to sign
+
+    Returns:
+        HMAC: HMAC签名对象，可调用.digest()获取字节或.hexdigest()获取十六进制字符串
+              HMAC signature object, call .digest() for bytes or .hexdigest() for hex string
+    """
+    # Python 2/3 compatible encoding - avoid double encoding in Python 2
+    if not isinstance(key, bytes):
+        key = key.encode("utf-8")
+    if not isinstance(message, bytes):
+        message = message.encode("utf-8")
+    return HMAC(key, message, sha256)
+
+
+def sha256_hash(data):
+    # type: (str | bytes) -> str
+    """
+    计算 SHA256 哈希值
+
+    Compute SHA256 hash.
+
+    Args:
+        data (str | bytes): 待哈希数据 / Data to hash
+
+    Returns:
+        str: 十六进制哈希字符串 / Hexadecimal hash string
+    """
+    # Python 2/3 compatible encoding - avoid double encoding in Python 2
+    if not isinstance(data, bytes):
+        data = data.encode("utf-8")
+    return sha256(data).hexdigest()
+
+
+def hmac_sha256_authorization(
+    secret_key,  # type: str | bytes
+    method,  # type: str
+    path,  # type: str
+    query,  # type: str
+    headers,  # type: dict[str, str]
+    body_hash,  # type: str
+    signing_string_format,  # type: str
+    authorization_format,  # type: str
+):
+    # type: (...) -> str
+    """
+    HMAC-SHA256 云服务商通用认证签名生成器
+
+    Universal cloud provider authentication signature generator using HMAC-SHA256.
+
+    通用的云服务商API认证签名生成函数，使用HMAC-SHA256算法生成符合各云服务商规范的Authorization头部。
+
+    模板变量格式：{HashedCanonicalRequest}, {SignedHeaders}, {Signature}
+
+    Args:
+        secret_key (str | bytes): 签名密钥，已经过密钥派生处理 / Signing key (already derived if needed)
+        method (str): HTTP请求方法 / HTTP request method (GET, POST, etc.)
+        path (str): API请求路径 / API request path
+        query (str): URL查询字符串 / URL query string
+        headers (dict[str, str]): HTTP请求头部 / HTTP request headers
+        body_hash (str): 请求体的SHA256哈希值 / SHA256 hash of request payload
+        signing_string_format (str): 待签名字符串模板，包含 {HashedCanonicalRequest} 占位符
+        authorization_format (str): Authorization头部模板，包含 {SignedHeaders}, {Signature} 占位符
+
+    Returns:
+        str: 完整的Authorization头部值 / Complete Authorization header value
+    """
+    # 1. 构建规范化头部 - 所有传入的头部都参与签名
+    headers_to_sign = {k.lower(): str(v).strip() for k, v in headers.items()}
+    signed_headers_list = sorted(headers_to_sign.keys())
+
+    # 2. 构建规范请求字符串
+    canonical_headers = ""
+    for header_name in signed_headers_list:
+        canonical_headers += "{}:{}\n".format(header_name, headers_to_sign[header_name])
+
+    # 构建完整的规范请求字符串
+    signed_headers = ";".join(signed_headers_list)
+    canonical_request = "\n".join([method.upper(), path, query, canonical_headers, signed_headers, body_hash])
+
+    # 3. 构建待签名字符串 - 只需要替换 HashedCanonicalRequest
+    hashed_canonical_request = sha256_hash(canonical_request)
+    string_to_sign = signing_string_format.format(HashedCanonicalRequest=hashed_canonical_request)
+
+    # 4. 计算最终签名
+    signature = hmac_sha256(secret_key, string_to_sign).hexdigest()
+
+    # 5. 构建Authorization头部 - 只需要替换 SignedHeaders 和 Signature
+    authorization = authorization_format.format(SignedHeaders=signed_headers, Signature=signature)
+
+    return authorization

ddns/provider/alidns.py

@@ -2,182 +2,151 @@
 """
 AliDNS API
 阿里DNS解析操作库
-https://help.aliyun.com/document_detail/29739.html
-@author: New Future
+@author: NewFuture
 """
 
-from hashlib import sha1
-from hmac import new as hmac
-from uuid import uuid4
-from base64 import b64encode
-from json import loads as jsondecode
-from logging import debug, info, warning
-from datetime import datetime
-
-try:  # python 3
-    from http.client import HTTPSConnection
-    from urllib.parse import urlencode, quote_plus, quote
-except ImportError:  # python 2
-    from httplib import HTTPSConnection
-    from urllib import urlencode, quote_plus, quote
-
-__author__ = 'New Future'
-# __all__ = ["request", "ID", "TOKEN", "PROXY"]
-
-
-class Config:
-    ID = "id"
-    TOKEN = "TOKEN"
-    PROXY = None  # 代理设置
-    TTL = None
-
-
-class API:
-    # API 配置
-    SITE = "alidns.aliyuncs.com"  # API endpoint
-    METHOD = "POST"  # 请求方法
-
-
-def signature(params):
-    """
-    计算签名,返回签名后的查询参数
-    """
-    params.update({
-        'Format': 'json',
-        'Version': '2015-01-09',
-        'AccessKeyId': Config.ID,
-        'Timestamp': datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%SZ'),
-        'SignatureMethod': 'HMAC-SHA1',
-        'SignatureNonce': uuid4(),
-        'SignatureVersion': "1.0",
-    })
-    query = urlencode(sorted(params.items()))
-    query = query.replace('+', '%20')
-    debug(query)
-    sign = API.METHOD + "&" + quote_plus("/") + "&" + quote(query, safe='')
-    debug("signString: %s", sign)
-
-    sign = hmac((Config.TOKEN + "&").encode('utf-8'),
-                sign.encode('utf-8'), sha1).digest()
-    sign = b64encode(sign).strip()
-    params["Signature"] = sign
-    return params
-
-
-def request(param=None, **params):
-    """
-    发送请求数据
-    """
-    if param:
-        params.update(param)
-    params = dict((k, params[k]) for k in params if params[k] is not None)
-    params = signature(params)
-    info("%s: %s", API.SITE, params)
-
-    if Config.PROXY:
-        conn = HTTPSConnection(Config.PROXY)
-        conn.set_tunnel(API.SITE, 443)
-    else:
-        conn = HTTPSConnection(API.SITE)
-    conn.request(API.METHOD, '/', urlencode(params),
-                 {"Content-type": "application/x-www-form-urlencoded"})
-    response = conn.getresponse()
-    data = response.read().decode('utf8')
-    conn.close()
-
-    if response.status < 200 or response.status >= 300:
-        warning('%s : error[%d]: %s', params['Action'], response.status, data)
-        raise Exception(data)
-    else:
-        data = jsondecode(data)
-        debug('%s : result:%s', params['Action'], data)
-        return data
-
-
-def get_domain_info(domain):
-    """
-    切割域名获取主域名和对应ID
-    https://help.aliyun.com/document_detail/29755.html
-    http://alidns.aliyuncs.com/?Action=GetMainDomainName&InputString=www.example.com
-    """
-    res = request(Action="GetMainDomainName", InputString=domain)
-    sub, main = res.get('RR'), res.get('DomainName')
-    return sub, main
-
-
-def get_records(domain, **conditions):
-    """
-        获取记录ID
-        返回满足条件的所有记录[]
-        https://help.aliyun.com/document_detail/29776.html
-        TODO 大于500翻页
-    """
-    if not hasattr(get_records, "records"):
-        get_records.records = {}  # "静态变量"存储已查询过的id
-        get_records.keys = ("RecordId", "RR", "Type", "Line",
-                            "Locked", "Status", "Priority", "Value")
-
-    if domain not in get_records.records:
-        get_records.records[domain] = {}
-        data = request(Action="DescribeDomainRecords",
-                       DomainName=domain, PageSize=500)
-        if data:
-            for record in data.get('DomainRecords').get('Record'):
-                get_records.records[domain][record["RecordId"]] = {
-                    k: v for (k, v) in record.items() if k in get_records.keys}
-    records = {}
-    for (rid, record) in get_records.records[domain].items():
-        for (k, value) in conditions.items():
-            if record.get(k) != value:
-                break
-        else:  # for else push
-            records[rid] = record
-    return records
-
-
-def update_record(domain, value, record_type='A'):
-    """
-        更新记录
-        update
-        https://help.aliyun.com/document_detail/29774.html
-        add
-        https://help.aliyun.com/document_detail/29772.html?
-    """
-    debug(">>>>>%s(%s)", domain, record_type)
-    sub, main = get_domain_info(domain)
-    if not sub:
-        raise Exception("invalid domain: [ %s ] " % domain)
-
-    records = get_records(main, RR=sub, Type=record_type)
-    result = {}
-
-    if records:
-        for (rid, record) in records.items():
-            if record["Value"] != value:
-                debug(sub, record)
-                res = request(Action="UpdateDomainRecord", RecordId=rid,
-                              Value=value, RR=sub, Type=record_type, TTL=Config.TTL)
-                if res:
-                    # update records
-                    get_records.records[main][rid]["Value"] = value
-                    result[rid] = res
-                else:
-                    result[rid] = "update fail!\n" + str(res)
-            else:
-                result[rid] = domain
-    else:  # https://help.aliyun.com/document_detail/29772.html
-        res = request(Action="AddDomainRecord", DomainName=main,
-                      Value=value, RR=sub, Type=record_type, TTL=Config.TTL)
-        if res:
-            # update records INFO
-            rid = res.get('RecordId')
-            get_records.records[main][rid] = {
-                'Value': value,
-                "RecordId": rid,
-                "RR": sub,
-                "Type": record_type
-            }
-            result = res
+from time import gmtime, strftime, time
+
+from ._base import TYPE_FORM, BaseProvider, encode_params, join_domain
+from ._signature import hmac_sha256_authorization, sha256_hash
+
+
+class AliBaseProvider(BaseProvider):
+    """阿里云基础Provider，提供通用的_request方法"""
+
+    endpoint = "https://alidns.aliyuncs.com"
+    content_type = TYPE_FORM  # 阿里云DNS API使用表单格式
+    api_version = "2015-01-09"  # API版本，v3签名需要
+
+    def _request(self, action, method="POST", **params):
+        # type: (str, str, **(Any)) -> dict
+        """Aliyun v3 https://help.aliyun.com/zh/sdk/product-overview/v3-request-structure-and-signature"""
+        params = {k: v for k, v in params.items() if v is not None}
+
+        if method in ("GET", "DELETE"):
+            # For GET and DELETE requests, parameters go in query string
+            query_string = encode_params(params) if len(params) > 0 else ""
+            body_content = ""
+        else:
+            # For POST requests, parameters go in body
+            body_content = self._encode_body(params)
+            query_string = ""
+
+        path = "/"
+        content_hash = sha256_hash(body_content)
+        # 构造请求头部
+        headers = {
+            "host": self.endpoint.split("://", 1)[1].strip("/"),
+            "content-type": self.content_type,
+            "x-acs-action": action,
+            "x-acs-content-sha256": content_hash,
+            "x-acs-date": strftime("%Y-%m-%dT%H:%M:%SZ", gmtime()),
+            "x-acs-signature-nonce": str(hash(time()))[2:],
+            "x-acs-version": self.api_version,
+        }
+
+        # 使用通用签名函数
+        authorization = hmac_sha256_authorization(
+            secret_key=self.token,
+            method=method,
+            path=path,
+            query=query_string,
+            headers=headers,
+            body_hash=content_hash,
+            signing_string_format="ACS3-HMAC-SHA256\n{HashedCanonicalRequest}",
+            authorization_format=(
+                "ACS3-HMAC-SHA256 Credential=" + self.id + ",SignedHeaders={SignedHeaders},Signature={Signature}"
+            ),
+        )
+        headers["Authorization"] = authorization
+        # 对于v3签名的RPC API，参数在request body中
+        path = path if not query_string else path + "?" + format(query_string)
+        return self._http(method, path, body=body_content, headers=headers)
+
+
+class AlidnsProvider(AliBaseProvider):
+    """阿里云DNS Provider"""
+
+    def _split_zone_and_sub(self, domain):
+        # type: (str) -> tuple[str | None, str | None, str]
+        """
+        AliDNS 支持直接查询主域名和RR，无需循环查询。
+        返回没有DomainId,用DomainName代替
+        https://help.aliyun.com/zh/dns/api-alidns-2015-01-09-getmaindomainname
+        """
+        res = self._request("GetMainDomainName", InputString=domain)
+        sub, main = res.get("RR"), res.get("DomainName")
+        return (main, sub, main or domain)
+
+    def _query_zone_id(self, domain):
+        """调用_split_zone_and_sub可直接获取，无需调用_query_zone_id"""
+        raise NotImplementedError("_split_zone_and_sub is used to get zone_id")
+
+    def _query_record(self, zone_id, subdomain, main_domain, record_type, line, extra):
+        """https://help.aliyun.com/zh/dns/api-alidns-2015-01-09-describesubdomainrecords"""
+        sub = join_domain(subdomain, main_domain)
+        data = self._request(
+            "DescribeSubDomainRecords",
+            SubDomain=sub,  # aliyun API要求SubDomain为完整域名
+            DomainName=main_domain,
+            Type=record_type,
+            Line=line,
+            PageSize=500,
+            Lang=extra.get("Lang"),  # 默认中文
+            Status=extra.get("Status"),  # 默认全部状态
+        )
+        records = data.get("DomainRecords", {}).get("Record", [])
+        if not records:
+            self.logger.warning(
+                "No records found for [%s] with %s <%s> (line: %s)", zone_id, subdomain, record_type, line
+            )
+        elif not isinstance(records, list):
+            self.logger.error("Invalid records format: %s", records)
         else:
-            result = domain + " created fail!"
-    return result
+            return next((r for r in records), None)
+        return None
+
+    def _create_record(self, zone_id, subdomain, main_domain, value, record_type, ttl, line, extra):
+        """https://help.aliyun.com/zh/dns/api-alidns-2015-01-09-adddomainrecord"""
+        data = self._request(
+            "AddDomainRecord",
+            DomainName=main_domain,
+            RR=subdomain,
+            Value=value,
+            Type=record_type,
+            TTL=ttl,
+            Line=line,
+            **extra
+        )  # fmt: skip
+        if data and data.get("RecordId"):
+            self.logger.info("Record created: %s", data)
+            return True
+        self.logger.error("Failed to create record: %s", data)
+        return False
+
+    def _update_record(self, zone_id, old_record, value, record_type, ttl, line, extra):
+        """https://help.aliyun.com/zh/dns/api-alidns-2015-01-09-updatedomainrecord"""
+        # 阿里云DNS update新旧值不能一样，先判断是否发生变化
+        if (
+            old_record.get("Value") == value
+            and old_record.get("Type") == record_type
+            and (not ttl or old_record.get("TTL") == ttl)
+        ):
+            domain = join_domain(old_record.get("RR"), old_record.get("DomainName"))
+            self.logger.warning("No changes detected, skipping update for record: %s", domain)
+            return True
+        data = self._request(
+            "UpdateDomainRecord",
+            RecordId=old_record.get("RecordId"),
+            Value=value,
+            RR=old_record.get("RR"),
+            Type=record_type,
+            TTL=ttl,
+            Line=line or old_record.get("Line"),
+            **extra
+        )  # fmt: skip
+        if data and data.get("RecordId"):
+            self.logger.info("Record updated: %s", data)
+            return True
+        self.logger.error("Failed to update record: %s", data)
+        return False

ddns/provider/aliesa.py

@@ -0,0 +1,130 @@
+# coding=utf-8
+"""
+AliESA API
+阿里云边缘安全加速(ESA) DNS 解析操作库
+@author: NewFuture, GitHub Copilot
+"""
+
+from time import strftime
+
+from ._base import TYPE_JSON, join_domain
+from .alidns import AliBaseProvider
+
+
+class AliesaProvider(AliBaseProvider):
+    """阿里云边缘安全加速(ESA) DNS Provider"""
+
+    endpoint = "https://esa.cn-hangzhou.aliyuncs.com"
+    api_version = "2024-09-10"  # ESA API版本
+    content_type = TYPE_JSON
+    remark = "Managed by DDNS %s" % strftime("%Y-%m-%d %H:%M:%S")
+
+    def _query_zone_id(self, domain):
+        # type: (str) -> str | None
+        """
+        查询站点ID
+        https://help.aliyun.com/zh/edge-security-acceleration/esa/api-esa-2024-09-10-listsites
+        """
+        res = self._request(method="GET", action="ListSites", SiteName=domain, PageSize=500)
+        sites = res.get("Sites", [])
+
+        for site in sites:
+            if site.get("SiteName") == domain:
+                site_id = site.get("SiteId")
+                self.logger.debug("Found site ID %s for domain %s", site_id, domain)
+                return site_id
+
+        self.logger.error("Site not found for domain: %s", domain)
+        return None
+
+    def _query_record(self, zone_id, subdomain, main_domain, record_type, line, extra):
+        # type: (str, str, str, str, str | None, dict) -> dict | None
+        """
+        查询DNS记录
+        https://help.aliyun.com/zh/edge-security-acceleration/esa/api-esa-2024-09-10-listrecords
+        """
+        full_domain = join_domain(subdomain, main_domain)
+        res = self._request(
+            method="GET",
+            action="ListRecords",
+            SiteId=int(zone_id),
+            RecordName=full_domain,
+            Type=self._get_type(record_type),
+            RecordMatchType="exact",  # 精确匹配
+            PageSize=100,
+        )
+
+        records = res.get("Records", [])
+        if len(records) == 0:
+            self.logger.warning("No records found for [%s] with %s <%s>", zone_id, full_domain, record_type)
+            return None
+
+        # 返回第一个匹配的记录
+        record = records[0]
+        self.logger.debug("Found record: %s", record)
+        return record
+
+    def _create_record(self, zone_id, subdomain, main_domain, value, record_type, ttl, line, extra):
+        # type: (str, str, str, str, str, int | str | None, str | None, dict) -> bool
+        """
+        创建DNS记录
+        https://help.aliyun.com/zh/edge-security-acceleration/esa/api-esa-2024-09-10-createrecord
+        """
+        full_domain = join_domain(subdomain, main_domain)
+        extra["Comment"] = extra.get("Comment", self.remark)
+        extra["BizName"] = extra.get("BizName", "web")
+        extra["Proxied"] = extra.get("Proxied", True)
+        data = self._request(
+            method="POST",
+            action="CreateRecord",
+            SiteId=int(zone_id),
+            RecordName=full_domain,
+            Type=self._get_type(record_type),
+            Data={"Value": value},
+            Ttl=ttl or 1,
+            **extra
+        )  # fmt: skip
+
+        if data and data.get("RecordId"):
+            self.logger.info("Record created: %s", data)
+            return True
+
+        self.logger.error("Failed to create record: %s", data)
+        return False
+
+    def _update_record(self, zone_id, old_record, value, record_type, ttl, line, extra):
+        # type: (str, dict, str, str, int | str | None, str | None, dict) -> bool
+        """
+        更新DNS记录
+        https://help.aliyun.com/zh/edge-security-acceleration/esa/api-esa-2024-09-10-updaterecord
+        """
+        # 检查是否需要更新
+        if (
+            old_record.get("Data", {}).get("Value") == value
+            and old_record.get("RecordType") == self._get_type(record_type)
+            and (not ttl or old_record.get("Ttl") == ttl)
+        ):
+            self.logger.warning("No changes detected, skipping update for record: %s", old_record.get("RecordName"))
+            return True
+
+        extra["Comment"] = extra.get("Comment", self.remark)
+        extra["Proxied"] = extra.get("Proxied", old_record.get("Proxied"))
+        data = self._request(
+            method="POST",
+            action="UpdateRecord",
+            RecordId=old_record.get("RecordId"),
+            Data={"Value": value},
+            Ttl=ttl,
+            **extra
+        )  # fmt: skip
+
+        if data and data.get("RecordId"):
+            self.logger.info("Record updated: %s", data)
+            return True
+
+        self.logger.error("Failed to update record: %s", data)
+        return False
+
+    def _get_type(self, record_type):
+        # type: (str) -> str
+        return "A/AAAA" if record_type in ("A", "AAAA") else record_type