Merge pull request #421 from janiosarmento/issue420

#420 No error treatment to /opt/cf-update.sh

wo/cli/templates/cf-update.mustache

@@ -1,25 +1,76 @@
 #!/usr/bin/env bash
 # WordOps bash script to update cloudflare IP
 
-CURL_BIN=$(command -v curl)
-CF_IPV4=$($CURL_BIN -sL https://www.cloudflare.com/ips-v4)
-CF_IPV6=$($CURL_BIN -sL https://www.cloudflare.com/ips-v6)
+string::isIPv4Block(){
+    local -r ip="${1}"
+    local stat=1
+
+    if [[ "${ip}" =~ ^(([1-9]?[0-9]|1[0-9][0-9]|2([0-4][0-9]|5[0-5]))\.){3}([1-9]?[0-9]|1[0-9][0-9]|2([0-4][0-9]|5[0-5]))\/[0-9][0-9]?[0-9]?$ ]]; then
+        stat=0
+    fi
+    return ${stat}
+}
+
+string::isIPv6Block(){
+    local -r ip="${1}"
+    local stat=1
+
+
+    if [[ "${ip}" =~ ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\/[0-9][0-9]?[0-9]?$ ]] ; then
+        stat=0
+    fi
+    return "${stat}"
+}
+
+set -euo pipefail
+IFS=$'\n\t'
+# shellcheck disable=SC2154
+trap 's=$?; echo "$0: Error on line "$LINENO": $BASH_COMMAND"; tput cnorm ; exit $s' ERR
+
+declare -r CURL_BIN=$(command -v curl)
+declare -r cfIPv4="https://www.cloudflare.com/ips-v4"
+declare -r cfIPv6="https://www.cloudflare.com/ips-v6"
+declare -r cfConf='/etc/nginx/conf.d/cloudflare.conf'
+declare allOK='true'
+declare ips4 ips6 ip
+
+ips4=$( ${CURL_BIN} -sL "${cfIPv4}" )
+ips6=$( ${CURL_BIN} -sL "${cfIPv6}" )
+
 
 if [ -d /etc/nginx/conf.d ]; then
-    echo -e '# WordOps (wo) set visitors real ip with Cloudflare\n' > /etc/nginx/conf.d/cloudflare.conf
-    echo "####################################"
-    echo "Adding Cloudflare IPv4"
-    echo "####################################"
-    for cf_ip4 in $CF_IPV4; do
-        echo "set_real_ip_from $cf_ip4;" >> /etc/nginx/conf.d/cloudflare.conf
+    for ip in ${ips4}; do
+        if ! string::isIPv4Block "${ip}"; then
+            echo "Invalid IPv4 block: ${ip}" >&2
+            allOK='false'
+        fi
     done
-    echo "####################################"
-    echo "Adding Cloudflare IPv6"
-    echo "####################################"
-    for cf_ip6 in $CF_IPV6; do
-        echo "set_real_ip_from $cf_ip6;" >> /etc/nginx/conf.d/cloudflare.conf
+    for ip in ${ips6}; do
+        if ! string::isIPv6Block "${ip}"; then
+            echo "Invalid IPv6 block: ${ip}" >&2
+            allOK='false'
+        fi
     done
-    echo 'real_ip_header CF-Connecting-IP;' >> /etc/nginx/conf.d/cloudflare.conf
 
-    nginx -t && service nginx reload
+    if [[ 'true' == "${allOK}" ]]; then
+        echo '# WordOps (wo) set visitors real ip with Cloudflare' > "${cfConf}"
+
+        for ip in ${ips4}; do
+            echo "set_real_ip_from ${ip};" >> "${cfConf}"
+        done
+        for ip in ${ips6}; do
+            echo "set_real_ip_from ${ip};" >> "${cfConf}"
+        done
+
+        service nginx reload
+    else
+        echo "There are some errors in the IP blocks" >&2
+        exit 1
+    fi
+else
+    echo "Can't find /etc/nginx/conf.d directory" >&2
+    exit 1
 fi
+echo "Cloudflare IPs updated"
+echo ""
+