ddns-scripts: add blazingfast.io Anycast DNS provider#29486
Open
fkitsantas wants to merge 1 commit into
Open
Conversation
Add DDNS update support for blazingfast.io Anycast DNS via their REST API. Authentication is performed via JWT token obtained from the login endpoint. Zone records are fetched to verify the record type before update, ensuring IPv4 services only target A records and IPv6 services only target AAAA records. Service, zone and record IDs are passed via param_opt as space-separated key=value pairs: service_id=X zone_id=Y record_id=Z curl --config file approach is used throughout to avoid eval and shell injection from user-controlled values. Supports both IPv4 and IPv6. For dual-stack, create two separate DDNS service sections with their respective record IDs. Tested on GL.iNet MT5000 (Brume 3) running OpenWrt with ddns-scripts 2.8.2. Signed-off-by: Fotios Kitsantas <fkitsantas@icloud.com> Signed-off-by: Kitsantas, Fotios (AI&PO) <P50126121@capita.co.uk>
Contributor
Author
|
@feckert a small update to strengthen update safety. Whenever you got time, run the code review from CoPilot so this can be merged as well. Thank you. |
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Enhances the Blazingfast.io DDNS provider script by adding JWT token caching and safer update mechanics to reduce repeated logins and avoid API rate limiting.
Changes:
- Added on-disk JWT caching with TTL and a one-time re-auth flow on unauthorized responses.
- Switched JSON update payload handling to a temp file referenced via curl’s
@filesyntax to avoid quoting issues. - Updated in-file documentation and comments (features list, credential encoding guidance).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+148
to
154
| local __TOKEN_TTL=270 # seconds — 4.5 min; safely under any reasonable JWT expiry | ||
|
|
||
| # Explicit cleanup helper. We deliberately avoid `trap ... EXIT` because this | ||
| # script is sourced into the long-running ddns runtime, where a global trap | ||
| # would leak past this provider invocation and could clobber unrelated files | ||
| # or override traps installed by the framework / other providers. | ||
| blazingfast_cleanup() { |
Comment on lines
+289
to
+290
| # Cache the token with current timestamp | ||
| printf '%s %s\n' "$(date +%s)" "$__TOKEN" > "$__TOKENFILE" |
Comment on lines
+336
to
+337
| fi | ||
| printf '%s %s\n' "$(date +%s)" "$__TOKEN" > "$__TOKENFILE" |
Comment on lines
+256
to
+258
| if [ -f "$__TOKENFILE" ]; then | ||
| local __CACHED_TS __CACHED_TOK __NOW __AGE | ||
| read __CACHED_TS __CACHED_TOK 2>/dev/null < "$__TOKENFILE" |
Comment on lines
+289
to
+290
| # Cache the token with current timestamp | ||
| printf '%s %s\n' "$(date +%s)" "$__TOKEN" > "$__TOKENFILE" |
Comment on lines
+271
to
+279
| write_log 7 "Authenticating with Blazingfast.io" | ||
| : > "$__CURLEXTRA" | ||
| echo "request = POST" >> "$__CURLEXTRA" | ||
| echo "url = \"$__URLBASE/login\"" >> "$__CURLEXTRA" | ||
| # Use data-urlencode so credentials containing reserved characters | ||
| # (&, =, +, spaces, ...) are safely percent-encoded by curl. | ||
| printf 'data-urlencode = "username=%s"\n' "$username" >> "$__CURLEXTRA" | ||
| printf 'data-urlencode = "password=%s"\n' "$password" >> "$__CURLEXTRA" | ||
| blazingfast_transfer |
Comment on lines
+325
to
+330
| : > "$__CURLEXTRA" | ||
| echo "request = POST" >> "$__CURLEXTRA" | ||
| echo "url = \"$__URLBASE/login\"" >> "$__CURLEXTRA" | ||
| printf 'data-urlencode = "username=%s"\n' "$username" >> "$__CURLEXTRA" | ||
| printf 'data-urlencode = "password=%s"\n' "$password" >> "$__CURLEXTRA" | ||
| blazingfast_transfer |
Comment on lines
+73
to
+78
| # 1. Get your token (use --data-urlencode if your username contains @ or | ||
| # other special characters): | ||
| # TOKEN=$(curl -s -X POST 'https://my.blazingfast.io/api/login' \ | ||
| # -d "username=USERNAME" \ | ||
| # -d "password=PASSWORD" | grep -o '"token":"[^"]*"' | cut -d'"' -f4) | ||
| # --data-urlencode "username=USERNAME" \ | ||
| # --data-urlencode "password=PASSWORD" | \ | ||
| # python3 -c "import sys,json; print(json.load(sys.stdin)['token'])") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
📦 Package Details
Maintainer: @feckert
Description:
Improves the existing blazingfast.io Anycast DNS DDNS integration by adding
JWT token caching and strengthening update safety.
JWT tokens are now cached to disk for up to 270 seconds and reused across DDNS
update cycles, reducing unnecessary login requests and helping avoid API rate
limiting. Expired or invalid cached tokens are detected automatically, and a
fresh login is performed transparently when needed.
🧪 Run Testing Details
✅ Formalities
If your PR contains a patch:
git am(e.g., subject line, commit description, etc.)
We must try to upstream patches to reduce maintenance burden.