From b346d0a30d9d09d798ba515e3fca9ddb597d8f55 Mon Sep 17 00:00:00 2001 From: Janio Sarmento Date: Sun, 13 Feb 2022 12:14:53 -0300 Subject: [PATCH] #420 No error treatment to /opt/cf-update.sh --- wo/cli/templates/cf-update.mustache | 82 +++++++++++++++++++++++------ 1 file changed, 66 insertions(+), 16 deletions(-) diff --git a/wo/cli/templates/cf-update.mustache b/wo/cli/templates/cf-update.mustache index 60739a1..7e6238b 100644 --- a/wo/cli/templates/cf-update.mustache +++ b/wo/cli/templates/cf-update.mustache @@ -1,25 +1,75 @@ #!/usr/bin/env bash # WordOps bash script to update cloudflare IP -CURL_BIN=$(command -v curl) -CF_IPV4=$($CURL_BIN -sL https://www.cloudflare.com/ips-v4) -CF_IPV6=$($CURL_BIN -sL https://www.cloudflare.com/ips-v6) +string::isIPv4Block(){ + local -r ip="${1}" + local stat=1 + + if [[ "${ip}" =~ ^(([1-9]?[0-9]|1[0-9][0-9]|2([0-4][0-9]|5[0-5]))\.){3}([1-9]?[0-9]|1[0-9][0-9]|2([0-4][0-9]|5[0-5]))\/[0-9][0-9]?[0-9]?$ ]]; then + stat=0 + fi + return ${stat} +} + +string::isIPv6Block(){ + local -r ip="${1}" + local stat=1 + + + if [[ "${ip}" =~ ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\/[0-9][0-9]?[0-9]?$ ]] ; then + stat=0 + fi + return "${stat}" +} + +set -euo pipefail +IFS=$'\n\t' +# shellcheck disable=SC2154 +trap 's=$?; echo "$0: Error on line "$LINENO": $BASH_COMMAND"; tput cnorm ; exit $s' ERR + +declare -r CURL_BIN=$(command -v curl) +declare -r cfIPv4="https://www.cloudflare.com/ips-v4" +declare -r cfIPv6="https://www.cloudflare.com/ips-v6" +declare -r cfConf='/etc/nginx/conf.d/cloudflare.conf' +declare allOK='true' +declare ips4 ips6 + +ips4=$( ${CURL_BIN} -sL "${cfIPv4}" ) +ips6=$( ${CURL_BIN} -sL "${cfIPv6}" ) + if [ -d /etc/nginx/conf.d ]; then - echo -e '# WordOps (wo) set visitors real ip with Cloudflare\n' > /etc/nginx/conf.d/cloudflare.conf - echo "####################################" - echo "Adding Cloudflare IPv4" - echo "####################################" - for cf_ip4 in $CF_IPV4; do - echo "set_real_ip_from $cf_ip4;" >> /etc/nginx/conf.d/cloudflare.conf + for ip in ${ips4}; do + if ! string::isIPv4Block "${ip}"; then + echo "Invalid IPv4 block: ${ip}" >&2 + allOK='false' + fi done - echo "####################################" - echo "Adding Cloudflare IPv6" - echo "####################################" - for cf_ip6 in $CF_IPV6; do - echo "set_real_ip_from $cf_ip6;" >> /etc/nginx/conf.d/cloudflare.conf + for ip in ${ips6}; do + if ! string::isIPv6Block "${ip}"; then + echo "Invalid IPv6 block: ${ip}" >&2 + allOK='false' + fi done - echo 'real_ip_header CF-Connecting-IP;' >> /etc/nginx/conf.d/cloudflare.conf - nginx -t && service nginx reload + if [[ 'true' == "${allOK}" ]]; then + echo '# WordOps (wo) set visitors real ip with Cloudflare' > "${cfConf}" + + for ip in ${ips4}; do + echo "set_real_ip_from ${ip};" >> "${cfConf}" + done + for ip in ${ips6}; do + echo "set_real_ip_from ${ip};" >> "${cfConf}" + done + + service nginx reload + else + echo "There are some errors in the IP blocks" >&2 + exit 1 + fi +else + echo "Can't find /etc/nginx/conf.d directory" >&2 + exit 1 fi +echo "Cloudflare IPs updated" +echo ""