From cd00ce3e9fcdb4ea361c8153422574154e91c14d Mon Sep 17 00:00:00 2001
From: Yury Antonau <yura3d3d@gmail.com>
Date: Fri, 23 Feb 2024 22:13:01 +0300
Subject: [PATCH] Storing CF API token data in domain config

---
 dnsapi/dns_cf.sh | 47 ++++++++++++++++++++++++++++++-----------------
 1 file changed, 30 insertions(+), 17 deletions(-)

diff --git a/dnsapi/dns_cf.sh b/dnsapi/dns_cf.sh
index cd8d9a8d87..b28e9bde1e 100755
--- a/dnsapi/dns_cf.sh
+++ b/dnsapi/dns_cf.sh
@@ -18,22 +18,37 @@ dns_cf_add() {
   fulldomain=$1
   txtvalue=$2
 
-  CF_Token="${CF_Token:-$(_readaccountconf_mutable CF_Token)}"
-  CF_Account_ID="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}"
-  CF_Zone_ID="${CF_Zone_ID:-$(_readaccountconf_mutable CF_Zone_ID)}"
+  CF_Token="${CF_Token:-$(_readdomainconf CF_Token)}"
+  CF_Account_ID="${CF_Account_ID:-$(_readdomainconf CF_Account_ID)}"
+  CF_Zone_ID="${CF_Zone_ID:-$(_readdomainconf CF_Zone_ID)}"
   CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
   CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
 
   if [ "$CF_Token" ]; then
-    if [ "$CF_Zone_ID" ]; then
-      _savedomainconf CF_Token "$CF_Token"
+    if [ -z "$CF_Account_ID" ] && [ -z "$CF_Zone_ID" ]; then
+      _err "You didn't specify Account ID or Zone ID yet."
+      _err "You can get one from Cloudflare dashboard zone's Overview page."
+      return 1
+    fi
+
+    if [ "$CF_Account_ID" ] && [ "$CF_Zone_ID" ]; then
+      _err "You should specify either Account ID or Zone ID:"
+      _err "https://github.com/acmesh-official/acme.sh/wiki/dnsapi#a-using-a-restrictive-api-token"
+      return 1
+    fi
+
+    _savedomainconf CF_Token "$CF_Token"
+
+    if [ "$CF_Account_ID" ]; then
       _savedomainconf CF_Account_ID "$CF_Account_ID"
+    else
+      _cleardomainconf CF_Account_ID
+    fi
+
+    if [ "$CF_Zone_ID" ]; then
       _savedomainconf CF_Zone_ID "$CF_Zone_ID"
     else
-      _saveaccountconf_mutable CF_Token "$CF_Token"
-      _saveaccountconf_mutable CF_Account_ID "$CF_Account_ID"
-      _clearaccountconf_mutable CF_Zone_ID
-      _clearaccountconf CF_Zone_ID
+      _cleardomainconf CF_Zone_ID
     fi
   else
     if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
@@ -52,15 +67,13 @@ dns_cf_add() {
     #save the api key and email to the account conf file.
     _saveaccountconf_mutable CF_Key "$CF_Key"
     _saveaccountconf_mutable CF_Email "$CF_Email"
-
-    _clearaccountconf_mutable CF_Token
-    _clearaccountconf_mutable CF_Account_ID
-    _clearaccountconf_mutable CF_Zone_ID
-    _clearaccountconf CF_Token
-    _clearaccountconf CF_Account_ID
-    _clearaccountconf CF_Zone_ID
-
   fi
+  _clearaccountconf_mutable CF_Token
+  _clearaccountconf_mutable CF_Account_ID
+  _clearaccountconf_mutable CF_Zone_ID
+  _clearaccountconf CF_Token
+  _clearaccountconf CF_Account_ID
+  _clearaccountconf CF_Zone_ID
 
   _debug "First detect the root zone"
   if ! _get_root "$fulldomain"; then