From 6a50f940cb225247d2a7284f33088a560d044d6b Mon Sep 17 00:00:00 2001
From: 9cco <fredrik_krohg@hotmail.com>
Date: Sat, 26 Feb 2022 11:10:26 +0100
Subject: [PATCH] Incorporating feedback

Changed the way we generate the api data back to the original. Clarified
comments. Added more logic to how we obtain the public IPv4 address,
such that input is sanitized.

If curl is not found, then the rest of the script can't run so we exit
with an error code. We try to use DNS if HTTPS fails to obtain
a valid IP. Added log messages for these events.
---
 cloudflare-template.sh | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/cloudflare-template.sh b/cloudflare-template.sh
index 70e45a3..6ece278 100644
--- a/cloudflare-template.sh
+++ b/cloudflare-template.sh
@@ -17,16 +17,26 @@ slackuri=""                                        # URI for Slack WebHook "http
 ###########################################
 ## Check if we have a public IP
 ###########################################
-# Use curl if curl is available
+# Use curl if curl is installed on the system.
 if [[ $(command -v curl &> /dev/null; echo $?) ]]; then
     ip=$(curl -s https://api.ipify.org || curl -s https://ipv4.icanhazip.com/)
-elif [[ $(command -v dig &> /dev/null; echo $?) ]]; then
-    ip=$(dig +short myip.opendns.com @resolver1.opendns.com);
+else
+    logger -s "Error: 'curl' was not found on your system. Install it with 'sudo apt install curl' in order to use this script"
+    exit 1
 fi
 
-if [[ ! $ip =~ ^([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])$ ]]; then
-    logger -s "DDNS Updater: Failed to find a valid IP."
-    exit 1
+# Use regex to check for proper IPv4 format. Try using 'dig' if curl requests failed.
+ipv4_regex='^([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])\.([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])$'
+if [[ ! $ip =~ $ipv4_regex ]]; then
+    logger -s "Warning: Neither 'api.ipify.org' nor 'ipv4.icanhazip.com' were able to obtain your ip-address. Trying to use less secure DNS lookup on 'myip.opendns.com' through 'dig' instead."
+    if [[ $(command -v dig &> /dev/null; echo $?) ]]; then
+        ip=$(dig +short myip.opendns.com @resolver1.opendns.com)
+    fi
+    # Also sanitize the 'dig' output through the same regex as before.
+    if [[ ! $ip =~ $ipv4_regex ]]; then
+        logger -s "DDNS Updater: Failed to find a valid IP."
+        exit 2
+    fi
 fi
 
 ###########################################
@@ -74,21 +84,11 @@ record_identifier=$(echo "$record" | sed -E 's/.*"id":"(\w+)".*/\1/')
 ###########################################
 ## Change the IP@Cloudflare using the API
 ###########################################
-api_data=$(cat <<EOF
-{
-    "type":"A",
-    "name":"$record_name",
-    "content":"$ip",
-    "ttl":$ttl,
-    "proxied":$proxy
-}
-EOF
-)
 update=$(curl -s -X PATCH "https://api.cloudflare.com/client/v4/zones/$zone_identifier/dns_records/$record_identifier" \
                      -H "X-Auth-Email: $auth_email" \
                      -H "$auth_header $auth_key" \
                      -H "Content-Type: application/json" \
-                     --data "$api_data") #"{\"type\":\"A\",\"name\":\"$record_name\",\"content\":\"$ip\",\"ttl\":\"$ttl\",\"proxied\":${proxy}}")
+                     --data "{\"type\":\"A\",\"name\":\"$record_name\",\"content\":\"$ip\",\"ttl\":\"$ttl\",\"proxied\":${proxy}}")
 
 ###########################################
 ## Report the status