#!/usr/bin/env bash

# need to add your email address and key to cloudflare below
email=''
key=''

fulldomain="$1"
token="$2"
API='https://api.cloudflare.com/client/v4/zones'
AUTH=( -H "X-Auth-Email: $email" -H "X-Auth-Key: $key" -H "Content-Type: application/json" )

# get a list of all domain names from cloudflare
# If you have a lot, you may need add "&page=1&per_page=1000"
resp=$(curl --silent "${AUTH[@]}" -X GET "$API?match=all&status=active")

# treat all names with dot as domain names
while read -d ' ' i; do
  [[ $i =~ \"name\":\"([^\"]+\.[^\"]+)\" ]] && all_domains="${all_domains:+$all_domains }${BASH_REMATCH[1]}"
done <<<${resp//[ ,\[\{\}\]]/ }

[ -z "$all_domains" ] && { echo 'no active domains found on your cloudflare account'; exit 1; }

# select right CF domain (longest one)
domain=$fulldomain.
while [[ "$domain" && ! "$all_domains" =~ "${domain%?}" ]]; do domain=${domain#*.}; done
domain=${domain%?}

[ -z "$domain" ] && { echo 'domain name not found on your cloudflare account'; exit 1; }

resp=$(curl --silent "${AUTH[@]}" -X GET "$API?name=$domain&match=any&status=active")

# select result section
[[ "$resp" =~ \"result\"[^\{]*\{([^\{\}]*\{[^\{\}]*\}[^\{\}]*)+\} ]]
resp="${BASH_REMATCH[0]%\}*}"; resp="${resp#*\{}"

# remove subsections - leave only domain level
while [[ "$resp" =~ (.*)[\[\{][^]\{\}[]*[\]\}](.*) ]]; do resp="${BASH_REMATCH[1]}${BASH_REMATCH[2]}"; done

# must match - we ask for already verified domain
[[ "${resp// }" =~ \"id\":\"([^\"]+)\" ]]
domain_id=${BASH_REMATCH[1]}

curl --silent "${AUTH[@]}" -X POST "$API/$domain_id/dns_records" \
  --data "{\"type\":\"TXT\",\"name\":\"_acme-challenge.${fulldomain%.$domain}\",\"content\":\"$token\",\"ttl\":300}"