Plugins/WEDOS.ps1

function Get-CurrentPluginType { 'dns-01' }

function Add-DnsTxt {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory,Position=0)]
        [string]$RecordName,
        [Parameter(Mandatory,Position=1)]
        [string]$TxtValue,
        [Parameter(Mandatory)]
        [pscredential]$WedosCredential,
        [Parameter(ValueFromRemainingArguments)]
        $ExtraParams
    )

    $zone = Find-Zone $RecordName $WedosCredential
    if (-not $zone) {
        throw "Unable to find zone for $RecordName in WEDOS"
    }
    Write-Debug "Found zone $zone"

    # setup a tracking variable for zones we need to "commit"
    if (-not $script:WedosZonesToSave) { $script:WedosZonesToSave = @() }

    if (-not (Find-TxtRec $RecordName $TxtValue $zone $WedosCredential)) {
        # empty string short names are ok for zone apex
        $recShort = $RecordName -ireplace "\.?$([regex]::Escape($zone.TrimEnd('.')))$",''
        $data = @{
            domain = $zone
            name = $recShort
            type = 'TXT'
            rdata = $TxtValue
            ttl = 300 # minimum
        }
        $null = Invoke-Wedos dns-row-add $WedosCredential -Data $data
        if ($zone -notin $script:WedosZonesToSave) {
            $script:WedosZonesToSave += $zone
        }
    }
    else {
        Write-Debug "Record $RecordName already contains $TxtValue. Nothing to do."
    }

    <#
    .SYNOPSIS
        Add a DNS TXT record to WEDOS
 
    .DESCRIPTION
        Add a DNS TXT record to WEDOS
 
    .PARAMETER RecordName
        The fully qualified name of the TXT record.
 
    .PARAMETER TxtValue
        The value of the TXT record.
 
    .PARAMETER WedosCredential
        The account username and API password.
 
    .PARAMETER ExtraParams
        This parameter can be ignored and is only used to prevent errors when splatting with more parameters than this function supports.
 
    .EXAMPLE
        Add-DnsTxt '_acme-challenge.example.com' 'txt-value' -WedosCredential (Get-Credential)
 
        Adds a TXT record for the specified site with the specified value.
    #>

}

function Remove-DnsTxt {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory,Position=0)]
        [string]$RecordName,
        [Parameter(Mandatory,Position=1)]
        [string]$TxtValue,
        [Parameter(Mandatory)]
        [pscredential]$WedosCredential,
        [Parameter(ValueFromRemainingArguments)]
        $ExtraParams
    )

    $zone = Find-Zone $RecordName $WedosCredential
    if (-not $zone) {
        throw "Unable to find zone for $RecordName in WEDOS"
    }
    Write-Debug "Found zone $zone"

    # setup a tracking variable for zones we need to "commit"
    if (-not $script:WedosZonesToSave) { $script:WedosZonesToSave = @() }

    if (-not ($rec = Find-TxtRec $RecordName $TxtValue $zone $WedosCredential)) {
        Write-Debug "Record $RecordName with value $TxtValue doesn't exist. Nothing to do."
    }
    else {
        $data = @{
            domain = $zone
            row_id = $rec.ID
        }
        $null = Invoke-Wedos dns-row-delete $WedosCredential -Data $data
        if ($zone -notin $script:WedosZonesToSave) {
            $script:WedosZonesToSave += $zone
        }
    }

    <#
    .SYNOPSIS
        Remove a DNS TXT record from WEDOS
 
    .DESCRIPTION
        Remove a DNS TXT record from WEDOS
 
    .PARAMETER RecordName
        The fully qualified name of the TXT record.
 
    .PARAMETER TxtValue
        The value of the TXT record.
 
    .PARAMETER WedosCredential
        The account username and API password.
 
    .PARAMETER ExtraParams
        This parameter can be ignored and is only used to prevent errors when splatting with more parameters than this function supports.
 
    .EXAMPLE
        Remove-DnsTxt '_acme-challenge.example.com' 'txt-value' -WedosCredential (Get-Credential)
 
        Removes a TXT record for the specified site with the specified value.
    #>

}

function Save-DnsTxt {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory)]
        [pscredential]$WedosCredential,
        [Parameter(ValueFromRemainingArguments)]
        $ExtraParams
    )

    foreach ($zone in $script:WedosZonesToSave) {
        Write-Verbose "Applying changes for $zone zone"
        $data = @{
            name = $zone
        }
        $null = Invoke-Wedos dns-domain-commit $WedosCredential -Data $data
    }
    $script:WedosZonesToSave = @()

    <#
    .SYNOPSIS
        Commit changes to WEDOS zones.
 
    .DESCRIPTION
        Commit changes to WEDOS zones.
 
    .PARAMETER WedosCredential
        The account username and API password.
 
    .PARAMETER ExtraParams
        This parameter can be ignored and is only used to prevent errors when splatting with more parameters than this function supports.
 
    .EXAMPLE
        Save-DnsTxt -WedosCredential (Get-Credential)
 
        Commits changes to zones modified by Add-DnsTxt and Save-DnsTxt
    #>

}

############################
# Helper Functions
############################

# https://kb.wedos.com/cs/wapi-api-rozhrani/zakladni-informace-wapi-api-rozhrani/wapi-zakladni-informace/
# https://kb.wedos.com/en/wapi-api-interface/wdns-en/wapi-wdns/

function Invoke-Wedos {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory,Position=0)]
        [string]$Command,
        [Parameter(Mandatory,Position=1)]
        [pscredential]$Credential,
        [hashtable]$Data,
        [int[]]$AltGoodCodes=@()
    )

    # The auth protocol for this API is rather...unique.

    # Get a SHA1 hash of the password
    $sha1 = [Security.Cryptography.SHA1CryptoServiceProvider]::new()
    $hashBytes = $sha1.ComputeHash([Text.Encoding]::UTF8.GetBytes($Credential.GetNetworkCredential().Password))
    $pHash = [BitConverter]::ToString($hashBytes).Replace('-','').ToLower()

    # For some reason, the auth protocol requires the current 00-24 hour
    # with leading zeros specifically in the Europe/Prague time zone.
    $nowUtc = [DateTime]::UtcNow
    $hour = [TimeZoneInfo]::ConvertTimeFromUtc(
        $nowUtc,
        # Despite being "Standard" time, this will auto-convert
        # to "Summer" time when appropriate.
        [TimeZoneInfo]::FindSystemTimeZoneById('Central Europe Standard Time')
    ).ToString('HH')

    # Concatenate the username, hashed password, and hour
    # and then SHA1 hash the whole thing
    $authRaw = '{0}{1}{2}' -f $Credential.Username,$pHash,$hour
    Write-Debug "authRaw = $authRaw"
    $hashBytes = $sha1.ComputeHash([Text.Encoding]::UTF8.GetBytes($authRaw))
    $auth = [BitConverter]::ToString($hashBytes).Replace('-','').ToLower()

    # Build the request object
    $req = @{
        request = @{
            user = $Credential.UserName
            auth = $auth
            clTRID = "Posh-ACME $(New-Guid)" # client request ID
            command = $Command
        }
    }
    if ($Data) {
        $req.request.data = $Data
    }

    $queryParams = @{
        Uri = 'https://api.wedos.com/wapi/json'
        Method = 'POST'
        # Send the JSON request as a value of "request" that is
        # application/x-www-form-urlencoded instead of just raw JSON
        Body = @{request=($req | ConvertTo-Json -Compress -Depth 10)}
        Verbose = $false
        ErrorAction = 'Stop'
    }
    Write-Debug "POST $($queryParams.Uri)`n$($req|ConvertTo-Json -Depth 10)"
    $resp = Invoke-RestMethod @queryParams @script:UseBasic
    Write-Debug "Response:`n$($resp|ConvertTo-Json -Depth 10)"

    if ($resp.response.code -ne 1000 -and $resp.response.code -notin $AltGoodCodes) {
        "WEDOS API Error $($resp.response.code): $($resp.response.result)"
    }
    return $resp.response.data
}

function Find-Zone {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory,Position=0)]
        [string]$RecordName,
        [Parameter(Mandatory,Position=1)]
        [pscredential]$Credential
    )

    # setup a module variable to cache the record to zone mapping
    # so it's quicker to find later and uses fewer API calls
    if (!$script:WedosRecordZones) { $script:WedosRecordZones = @{} }

    # check for the record in the cache
    if ($script:WedosRecordZones.ContainsKey($RecordName)) {
        return $script:WedosRecordZones.$RecordName
    }

    # Get all of the domains on the account
    $resp = Invoke-Wedos dns-domains-list $Credential

    # For some unknown reason, the dns-domains-list command can returns the domain data
    # in two different ways. It seems to be account specific, but we don't have enough
    # sample data to know why a given account uses one format or another. Maybe region
    # specific? Maybe age of the account?
    # Regardless, we need to account for both potential responses to get the zone data.
    # Example 1: An array of zone objects
    # {
    # "domain": [
    # {"name": "example.com", "type": "primary", "status": "active"},
    # {"name": "example.net", "type": "primary", "status": "active"}
    # ]
    # }
    # Example 2: And object with numeric keys and zone object values
    # {
    # "domain": {
    # "24": {"name": "example.com", "type": "primary", "status": "active"},
    # "11": {"name": "example.net", "type": "primary", "status": "active"}
    # }
    # }
    if ($resp.domain -is [array]) {
        # We can use the array as-is
        $zones = @($resp.domain)
    } else {
        # The only properties should be zone objects, so just get them all
        $zones = @($resp.domain.PSObject.Properties | ForEach-Object { $_.Value })
    }
    Write-Debug "Found domains: $($zones | ConvertTo-Json)"

    if ($zones.Count -eq 0) {
        Write-Warning "No WEDOS hosted domains found."
        return
    }

    # find the zone for the closest/deepest sub-zone that would contain the record.
    $pieces = $RecordName.Split('.')
    for ($i=0; $i -lt ($pieces.Count-1); $i++) {
        $zoneTest = $pieces[$i..($pieces.Count-1)] -join '.'
        Write-Debug "Checking $zoneTest"

        $match = $zones | Where-Object { $zoneTest -eq $_.name } | Select-Object -First 1
        if ($match) {
            $script:WedosRecordZones.$RecordName = $zoneTest
            return $zoneTest
        }
    }
}

function Find-TxtRec {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory,Position=0)]
        [string]$RecordName,
        [Parameter(Mandatory,Position=1)]
        [string]$TxtValue,
        [Parameter(Mandatory,Position=2)]
        [string]$Zone,
        [Parameter(Mandatory,Position=3)]
        [pscredential]$Credential
    )

    # Get all of the records in the zone
    $recs = Invoke-Wedos dns-rows-list $Credential -Data @{domain=$Zone} | Select-Object -Expand row
    if (-not $recs) {
        Write-Warning "No WEDOS records found."
        return
    }

    return $recs | Where-Object {
        $RecordName -eq "$($_.name).$Zone".Trim('.') -and
        $_.rdtype -eq 'TXT' -and
        $_.rdata -eq $TxtValue
    }
}