Files
exposedgays/deploy/cf-token-perms.py

58 lines
1.8 KiB
Python

#!/usr/bin/env python3
import json
import re
import urllib.error
import urllib.request
import paramiko
PASS = "Bbt9115xty9176!"
CF = "https://api.cloudflare.com/client/v4"
ACCOUNT = "2599c23bbb1255dbb73e8d34b4115fda"
DOMAIN = "exposedgays.com"
def get_tokens():
tokens = []
c = paramiko.SSHClient()
c.set_missing_host_key_policy(paramiko.AutoAddPolicy())
c.connect("10.10.0.1", username="admin", password=PASS, timeout=15)
_, o, e = c.exec_command("cat /usr/local/etc/wan-dns-failover.env", timeout=30)
o.channel.recv_exit_status()
text = (o.read() + e.read()).decode()
c.close()
tokens.append(("pfsense", re.search(r"CLOUDFLARE_API_TOKEN=([^\s\"']+)", text).group(1)))
tokens.append(("apply_mail", "cfut_zlUt5lAKVsu7qIcRCHJnyhAvpJVF5jx24HlrIEn9a8fcd6a1"))
return tokens
def call(tok, path, method="GET", body=None):
req = urllib.request.Request(
CF + path,
data=json.dumps(body).encode() if body else None,
method=method,
headers={"Authorization": f"Bearer {tok}", "Content-Type": "application/json"},
)
try:
with urllib.request.urlopen(req, timeout=45) as r:
return json.load(r)
except urllib.error.HTTPError as e:
return json.loads(e.read().decode())
def main():
for label, tok in get_tokens():
v = call(tok, "/user/tokens/verify")
print(f"\n[{label}] verify:", json.dumps(v, indent=2)[:1200])
z = call(tok, f"/zones?name={DOMAIN}")
print(f"[{label}] zone lookup:", z.get("success"), len(z.get("result") or []))
c = call(
tok,
"/zones",
"POST",
{"name": DOMAIN, "account": {"id": ACCOUNT}, "type": "full", "jump_start": False},
)
print(f"[{label}] create:", c.get("success"), c.get("errors"))
if __name__ == "__main__":
main()