Merge pull request #60 from mrikirill/feature/upd-ci-tests-readme

CI configuration, issue templates, and enhance documentation

Author: mrikirill

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,30 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Run command '...'
+2. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Logs**
+If applicable, add logs here. **IMPORTANT: Remove your API Key and Domain names.**
+
+**Environment (please complete the following information):**
+ - Device: [e.g. Synology DS918+]
+ - DSM Version: [e.g. DSM 7.1]
+ - Script Version: [e.g. 2.0]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/workflows/php-test.yml

@@ -0,0 +1,36 @@
+name: PHP Unit Tests
+
+on:
+  push:
+    branches: [ "master", "main" ]
+  pull_request:
+    branches: [ "master", "main" ]
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Validate composer.json
+      run: composer validate
+
+    - name: Cache Composer packages
+      id: composer-cache
+      uses: actions/cache@v3
+      with:
+        path: vendor
+        key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-php-
+
+    - name: Install dependencies
+      run: composer install --prefer-dist --no-progress
+
+    - name: Run test suite
+      run: vendor/bin/phpunit tests

.gitignore

@@ -1 +1,4 @@
 site/
+vendor/
+composer.phar
+composer.lock

CONTRIBUTING.md

@@ -0,0 +1,44 @@
+# Contributing to SynologyDDNSCloudflareMultidomain
+
+First off, thanks for taking the time to contribute! 🎉
+
+The following is a set of guidelines for contributing to this project. These are mostly guidelines, not rules. Use your best judgment, and feel free to propose changes to this document in a pull request.
+
+## How Can I Contribute?
+
+### Reporting Bugs
+
+This section guides you through submitting a bug report. Following these guidelines helps maintainers and the community understand your report, reproduce the behavior, and find related reports.
+
+*   **Use a clear and descriptive title** for the issue to identify the problem.
+*   **Describe the exact steps which reproduce the problem** in as many details as possible.
+*   **Provide specific examples** to demonstrate the steps.
+*   **Describe the behavior you observed after following the steps** and point out what exactly is the problem with that behavior.
+*   **Explain which behavior you expected to see instead and why.**
+*   **Include logs** if possible (sanitize them to remove your API keys and domains).
+
+### Suggesting Enhancements
+
+This section guides you through submitting an enhancement suggestion, including completely new features and minor improvements to existing functionality.
+
+*   **Use a clear and descriptive title** for the issue to identify the suggestion.
+*   **Provide a step-by-step description of the suggested enhancement** in as many details as possible.
+*   **Explain why this enhancement would be useful** to most users.
+
+### Pull Requests
+
+*   Ensure your code adheres to the existing style.
+*   Update the documentation if relevant.
+*   **Run the tests** locally before submitting (`./run_tests.sh`).
+*   Ensure the GitHub Actions CI passes.
+
+## Styleguides
+
+### PHP
+
+*   We follow standard PHP coding conventions (PSR-12 where applicable).
+*   Keep the code simple and readable.
+
+## License
+
+By contributing, you agree that your contributions will be licensed under its MIT License.

README.md

@@ -9,10 +9,9 @@
 
 ## Table of contents
 
-* 🆕 [What is new](#what-is-new)
-* [What this script does](#what-this-script-does)
+* [Features](#features)
 * [Before you begin](#before-you-begin)
-* 🆕 [How to install](#how-to-install)
+* [How to install](#how-to-install)
 * [Troubleshooting and known issues](#troubleshooting-and-known-issues)
   + [CloudFlare API free domains limitation](#cloudflare-api-free-domains-limitation)
   + [Connection test failed or error returned](#connection-test-failed-or-error-returned)
@@ -21,21 +20,14 @@
 * [Debug script](#debug)
 * [Support this project](#support-this-project)
 
-## What is new
+## Features
 
-- 🆕 New hostname input format: `subdomain1.mydomain.com|subdomain2.mydomain.com` (each domain is separated: `|`) used to be with `---` separator
-- 🆕 Hostname input uses a new source of data (account) and support 256 symbols limit (DSM UI limit)
-- 🆕 Autodetect IPv6 addresses via [ipify.org](https://www.ipify.org)
-- 🆕 Optimised request to Cloudflare API
-- 🆕 Installer script
-
-## What this script does
-
-* A PHP script for Synology DSM (and potentially Synology SRM devices) adding support for Cloudflare to Network Centre > Dynamic DNS (DDNS).
-* Supports single domains, multidomains, subdomains and regional domains, or any combination thereof (example: dev.my.domain.com.au, domain.com.uk etc)
-* 🆕 Easy installation process (added auto install script)
-* Based on CloudFlare API v4
-* [Supports dual stack IPv4 and IPv6](https://github.com/mrikirill/SynologyDDNSCloudflareMultidomain/pull/13)
+* **Synology Integration**: Adds Cloudflare support to Synology DSM and SRM Network Center > Dynamic DNS (DDNS).
+* **Comprehensive Domain Support**: Supports single domains, multidomains, subdomains, and regional domains (e.g., `dev.my.domain.com.au`).
+* **Dual Stack**: Autodetects and updates both IPv4 and IPv6 addresses.
+* **Easy Installation**: Automated installation script via SSH or Task Scheduler.
+* **Modern API**: Based on Cloudflare API v4 with optimized requests.
+* **Extended Capabilities**: Supports up to 256 characters for hostnames.
 
 ## Before you begin
 
@@ -56,15 +48,15 @@ Before starting the installation process, make sure you have (and know) the foll
 	 **Zone** > **Zone** > **Read**  
 	 **Zone** > **DNS** > **Edit**  
 
-	 The affected zone ressouces have to be (at least):
+	 The affected zone resources have to be (at least):
 
 	**Include** > **All zones from an account** > `<domain>`  
 
  2. *DNS settings:*
 
 	Ensure the DNS A record(s) for the domain/zone(s) you wish to update with this script have been created (More information: [Managing DNS records](https://support.cloudflare.com/hc/en-us/articles/360019093151-Managing-DNS-records-in-Cloudflare)).
 
-	Case for if IpV6 is available (check via https://api6.ipify.org), you can create an AAAA record for the domain/zone(s) you wish to update with this script.
+	Case for if IPv6 is available (check via https://api6.ipify.org), you can create an AAAA record for the domain/zone(s) you wish to update with this script.
 
 	Your DNS records should appear (or already be setup as follows) in Cloudflare:
 
@@ -75,7 +67,7 @@ Before starting the installation process, make sure you have (and know) the foll
 3. *SSH access to your Synology device:*
 
 If you haven't setup this access, see the following Synology Knowledge Base article:
-[How can I sign in to DSM/SRM with root privilege via SSH?[(https://kb.synology.com/en-id/DSM/tutorial/How_to_login_to_DSM_with_root_permission_via_SSH_Telnet)
+[How can I sign in to DSM/SRM with root privilege via SSH?](https://kb.synology.com/en-id/DSM/tutorial/How_to_login_to_DSM_with_root_permission_via_SSH_Telnet)
 
 4. *SRM users: Knowledge of vi:*
 
@@ -87,6 +79,8 @@ For assistance with vi commands, see:
 
 ## How to install
 
+### Method 1: via SSH
+
 1. **SSH with root privileges on your supported device:**
 
 	 a. For DSM Users:
@@ -129,7 +123,7 @@ For a single domain: __mydomain.com__
 For multiple domains: __subdomain.mydomain.com|vpn.mydomain.com__
 	  🆕(ensure each domain is separated: `|`)🆕
 
-        __Note: there is 256 symbols limit on Hostname input__
+        __Note: there is a 256-character limit on Hostname input__
 	* Password: Your created Cloudflare API Key
 
 	![image](https://github.com/mrikirill/SynologyDDNSCloudflareMultidomain/blob/master/docs/example3.png)
@@ -139,11 +133,29 @@ For multiple domains: __subdomain.mydomain.com|vpn.mydomain.com__
 4. Don't forget to deactivate SSH (step 1) if you don't need it. Leaving it active can be a security risk.
 5. You're done! Optional, if you're happy with this script you could buy me ☕ or 🍺 here -> [![Sponsor](https://img.shields.io/badge/sponsor-GitHub%20Sponsors-brightgreen)](https://github.com/sponsors/mrikirill)
 
+### Method 2: via Task Scheduler (No SSH required)
+
+1. Open **Control Panel** > **Task Scheduler**.
+2. Click **Create** > **Scheduled Task** > **User-defined script**.
+3. In the **General** tab:
+    *   **Task**: Install Cloudflare DDNS
+    *   **User**: `root` **(Important!)**
+    *   Uncheck "Enabled" (we only need to run this once).
+4. In the **Task Settings** tab:
+    *   **Run command**:
+        ```bash
+        wget https://raw.githubusercontent.com/mrikirill/SynologyDDNSCloudflareMultidomain/master/install.sh -O /tmp/install.sh && bash /tmp/install.sh
+        ```
+5. Click **OK**.
+6. Select the newly created task and click **Run**.
+7. Once the task has finished (you can check via Action > View Result), you can delete the task.
+8. Proceed to **Step 3** in Method 1 above to configure the DDNS settings in Control Panel.
+
 ## Troubleshooting and known issues
 
-### CloudFlare API free domains limitation
+### Cloudflare API free domains limitation
 
-CloudFlare API doesn't support domains with a .cf, .ga, .gq, .ml, or .tk TLD (top-level domain)
+Cloudflare API doesn't support domains with a .cf, .ga, .gq, .ml, or .tk TLD (top-level domain)
 
 For more details read here: https://github.com/mrikirill/SynologyDDNSCloudflareMultidomain/issues/28 and https://community.cloudflare.com/t/unable-to-update-ddns-using-api-for-some-tlds/167228/61
 
@@ -204,7 +216,7 @@ You can run this script directly to see output logs
 * Run this command: 
 
 ```
-/usr/bin/php -d open_basedir=/usr/syno/bin/ddns -f /usr/syno/bin/ddns/cloudflare.php "domain1.com|vpn.domain2.com" "your-CloudFlare-token" "" "your-ip-address"
+/usr/bin/php -d open_basedir=/usr/syno/bin/ddns -f /usr/syno/bin/ddns/cloudflare.php "domain1.com|vpn.domain2.com" "your-Cloudflare-token" "" "your-ip-address"
 ```
 
 * Check output logs

SECURITY.md

@@ -0,0 +1,26 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest version of the script is currently supported.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 2.x     | :white_check_mark: |
+| 1.x     | :x:                |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability within this project, please do not report it as a public issue.
+
+Instead, please report it via:
+1.  **GitHub Security Advisories**: If enabled for this repository, use the "Report a vulnerability" button.
+2.  **Email**: Contact the maintainer directly (if email is public on profile).
+
+Please include as much information as possible to help us reproduce and fix the issue.
+
+## API Keys
+
+*   **NEVER** post your Cloudflare API keys or tokens in public GitHub issues.
+*   If you accidentally post a key, revoke it immediately in your Cloudflare dashboard.
+*   When sharing logs, always redact sensitive information.

cloudflare.php

@@ -16,14 +16,16 @@
  * 3 - hostname - the script doesn't use it die to input limits
  * 4 - IPv4     - Synology provided IPv4
  */
-if ($argc !== 5) {
-    echo SynologyOutput::BAD_PARAMS;
-    exit();
-}
+if (realpath(__FILE__) === realpath($_SERVER['SCRIPT_FILENAME'])) {
+    if ($argc !== 5) {
+        echo SynologyOutput::BAD_PARAMS;
+        exit();
+    }
 
-$cf = new SynologyCloudflareDDNSAgent($argv[2], $argv[1], $argv[4]);
-$cf->setDnsRecords();
-$cf->updateDnsRecords();
+    $cf = new SynologyCloudflareDDNSAgent($argv[2], $argv[1], $argv[4]);
+    $cf->setDnsRecords();
+    $cf->updateDnsRecords();
+}
 
 class SynologyOutput
 {
@@ -197,6 +199,7 @@ class DnsRecordEntity
     public $zoneId;
     public $ttl;
     public $proxied;
+    public $currentIp;
 
     public function __construct($id, $type, $hostname, $ip, $zoneId, $ttl, $proxied)
     {
@@ -233,10 +236,10 @@ class SynologyCloudflareDDNSAgent
     private $cloudflareAPI;
     private $ipify;
 
-    function __construct($apiKey, $hostname, $ipv4)
+    function __construct($apiKey, $hostname, $ipv4, $cloudflareAPI = null, $ipify = null)
     {
-        $this->cloudflareAPI = new CloudflareAPI($apiKey);
-        $this->ipify = new Ipify();
+        $this->cloudflareAPI = $cloudflareAPI ?: new CloudflareAPI($apiKey);
+        $this->ipify = $ipify ?: new Ipify();
         $this->ipv4 = $ipv4;
 
         try {
@@ -280,10 +283,11 @@ public function setDnsRecords()
             foreach ($this->dnsRecordList as $key => $dnsRecord) {
                 $json = $this->cloudflareAPI->getDnsRecords($dnsRecord->zoneId, $dnsRecord->type, $dnsRecord->hostname);
                 if (isset($json['result']['0'])) {
-                    // If the DNS record exists, update its ID, TTL, and proxied status
+                    // If the DNS record exists, update its ID, TTL, proxied status, and current IP
                     $this->dnsRecordList[$key]->id = $json['result']['0']['id'];
                     $this->dnsRecordList[$key]->ttl = $json['result']['0']['ttl'];
                     $this->dnsRecordList[$key]->proxied = $json['result']['0']['proxied'];
+                    $this->dnsRecordList[$key]->currentIp = $json['result']['0']['content'];
                 } else {
                     // If the DNS record does not exist, remove it from the list
                     unset($this->dnsRecordList[$key]);
@@ -308,6 +312,11 @@ function updateDnsRecords()
             $this->exitWithSynologyMsg(SynologyOutput::NO_HOSTNAME);
         }
         foreach ($this->dnsRecordList as $dnsRecord) {
+            // Skip update if the IP address hasn't changed
+            if ($dnsRecord->ip === $dnsRecord->currentIp) {
+                continue;
+            }
+            
             try {
                $this->cloudflareAPI->updateDnsRecord($dnsRecord->zoneId, $dnsRecord->id, $dnsRecord->toArray());
             } catch (Exception $e) {
@@ -338,7 +347,8 @@ private function matchHostnameWithZone($hostnameList = [])
                 $zoneId = $zone['id'];
                 $zoneName = $zone['name'];
                 foreach ($hostnameList as $hostname) {
-                    if (strpos($hostname, $zoneName) !== false) {
+                    // Check if the hostname ends with the zone name
+                    if ($hostname === $zoneName || substr($hostname, -strlen('.' . $zoneName)) === '.' . $zoneName) {
                         // Add an IPv4 DNS record for each hostname that matches a zone
                         $this->dnsRecordList[] = new DnsRecordEntity(
                             '',
@@ -400,7 +410,7 @@ private function extractHostnames($hostnames)
     private function isValidHostname($value)
     {
         $domainPattern = "/^(?!-)(?:\*\.)?(?:(?:[a-zA-Z\d][a-zA-Z\d\-]{0,61})?[a-zA-Z\d]\.){1,126}(?!\d+)[a-zA-Z\d]{1,63}$/";
-        return preg_match($domainPattern, $value);
+        return preg_match($domainPattern, $value) === 1;
     }
 
     /**
@@ -433,7 +443,7 @@ private function isCFTokenValid()
      * @param string $msg The message to be output before exiting.
      * If no message is specified, an empty string is printed.
      */
-    private function exitWithSynologyMsg($msg = '')
+    protected function exitWithSynologyMsg($msg = '')
     {
         echo $msg;
         exit();