LMLPHP后院

聊聊关于 CF 域名 DNS API 操作技术

maybe yes 发表于 2022-11-15 11:17

整体使用下来,感觉有点麻烦,我测试到完成用了半个多小时,并不能达到看一眼就弄明白的地步。

一个坑:

curl  --socks5 192.168.1.1:80 \
     -X GET "https://api.cloudflare.com/client/v4/user/tokens/verify" \
     -H "Authorization: Bearer -xx-O" \
     -H "Content-Type:application/json"

{"result":{"id":"xx","status":"active","not_before":"2022-11-14T00:00:00Z","expires_on":"2024-01-01T23:59:59Z"},"success":true,"errors":[],"messages":[{"code":10000,"message":"This API Token is valid and active","type":null}]}

硬生生搞出来一个 API Token,不知道这个是干什么用的,官方的文档说,在请求的时候将 Bearer 替换 API 中的 x-auth-email and x-auth-key。

API Tokens use the standard Authorization: Bearer header for authentication instead of x-auth-email and x-auth-key that API Keys use. Requests can be authenticated like the following:

结果这个玩意儿只是为了检测 API token 是否有效,并且成功的误导了我。这有啥意思呢?

查看 API key 需要重新输入密码,获取 API key 之后可以请求域名列表,zone id 应该是域名的别名,在页面可以看到:

curl  --socks5 192.168.1.1:80 \
     -X GET "https://api.cloudflare.com/client/v4/zones/zone_id/dns_records?type=A&name=m.x.com&proxied=false&page=1&per_page=100&order=type&direction=desc&match=all" \
     -H "X-Auth-Email: x.com" \
     -H "X-Auth-Key: key" \
     -H "Content-Type: application/json"

{"result":[{"id":"xxx","zone_id":"xxx","zone_name":"x.com","name":"m.x.com","type":"A","content":"192.168.1.1","proxiable":false,"proxied":false,"ttl":60,"locked":false,"meta":{"auto_added":false,"managed_by_apps":false,"managed_by_argo_tunnel":false,"source":"primary"},"created_on":"2022-11-15T03:08:16.348057Z","modified_on":"2022-11-15T03:08:16.348057Z"}],"success":true,"errors":[],"messages":[],"result_info":{"page":1,"per_page":100,"count":1,"total_count":1,"total_pages":1}}

获取到了 ID 之后,然后可以更新 DNS,一个命令就够了。

curl  --socks5 192.168.1.1:80 \
     -X PATCH "https://api.cloudflare.com/client/v4/zones/zone_id/dns_records/id" \
     -H "X-Auth-Email: x.com" \
     -H "X-Auth-Key: key" \
     -H "Content-Type: application/json" \
     --data '{"type":"A","name":"m.x.com","content":"127.0.0.1","ttl":60,"proxied":false}'

{"result":{"id":"xxx","zone_id":"xxx","zone_name":"x.com","name":"m.x.com","type":"A","content":"127.0.0.1","proxiable":false,"proxied":false,"ttl":60,"locked":false,"meta":{"auto_added":false,"managed_by_apps":false,"managed_by_argo_tunnel":false,"source":"primary"},"created_on":"2022-11-15T03:08:16.348057Z","modified_on":"2022-11-15T03:12:36.196797Z"},"success":true,"errors":[],"messages":[]}

成功将 192.168.1.1 更改为 127.0.0.1。

所以要学会 CF 的接口,至少得请求三次。后面获取到那一条解析的 ID 之后,修改只需要一个请求就够了。这样 DDNS 就搞定了,借助于 CF 强大的快速生效时间 60 秒,这个应该是全球第一。爽不爽?不过我还遇到一个问题:

{
  "result": null,
  "success": false,
  "errors": [
    {
      "code": 1038,
      "message": "You cannot use this API for domains with a .cf, .ga, .gq, .ml, or .tk TLD (top-level domain). To configure the DNS settings for this domain, use the Cloudflare Dashboard."
    }
  ],
  "messages": []
}

I want to say: 你妹的。为什么那些域名不可以?这次的返回值竟然是有格式的,看的出来是 CF 的工程师单独做了一个拦截,这个返回值看样子就是 hardcode 出来的,所以有格式。

2024-11-22 04:28:30 1732220910 0.020316