Restore Tencent Cloud API 3.0 with correct TC3-HMAC-SHA256 signing
Major Changes: - ✅ Restored: TENCENT_SECRET_ID/TENCENT_SECRET_KEY authentication - ✅ Fixed: TC3-HMAC-SHA256 signature implementation - ✅ Fixed: SERVICE='dnspod' in credential scope (not API_VERSION) - ✅ Fixed: API parameter naming (SubDomain not Subdomain) - ✅ Fixed: Error handling for empty record lists Files Updated: - scripts/deploy_record.py - Complete rewrite with correct signing - .env.example - Updated to Tencent Cloud credentials format - SKILL.md - Updated documentation for API 3.0 New Documentation: - MIGRATION.md - Migration guide - UPDATE-SUMMARY-V3.md - Version 3.0 update summary - TEST-REPORT.md - Test results and verification Testing Results: ✅ API connection successful ✅ Domain query working ✅ Record creation successful (tested: test.eoxnet.com A 1.2.3.4) ✅ Record verification working ✅ Error handling complete API Details: - Endpoint: dnspod.tencentcloudapi.com - Version: 2021-03-23 - Signature: TC3-HMAC-SHA256 - Service: dnspod Version: 3.0 (Tencent Cloud API 3.0)
This commit is contained in:
panfd
155
UPDATE-SUMMARY-V3.md
Normal file
155
UPDATE-SUMMARY-V3.md
Normal file
@@ -0,0 +1,155 @@
|
||||
# DNSPod 技能更新总结 - 恢复腾讯云 API 3.0
|
||||
|
||||
## 📅 更新时间
|
||||
2026-03-01 16:27 GMT+8
|
||||
|
||||
## 🎯 更新内容
|
||||
|
||||
### 恢复使用腾讯云 API 3.0
|
||||
|
||||
**原因:**
|
||||
- 用户已找到正确的 SecretId 和 SecretKey
|
||||
- 腾讯云 API 3.0 支持 CAM 权限和子账号
|
||||
- 与腾讯云产品深度集成
|
||||
|
||||
**变更:**
|
||||
- ✅ 认证方式:DNSPod Token → TENCENT_SECRET_ID/TENCENT_SECRET_KEY
|
||||
- ✅ API 端点:dnsapi.cn → dnspod.tencentcloudapi.com
|
||||
- ✅ 签名方式:login_token → TC3-HMAC-SHA256
|
||||
- ✅ 脚本重写:使用正确的腾讯云 API 3.0 签名
|
||||
|
||||
## 📝 已更新的文件
|
||||
|
||||
### 核心脚本
|
||||
- ✅ `scripts/deploy_record.py` - 完全重写,使用 TC3-HMAC-SHA256 签名
|
||||
|
||||
### 配置文件
|
||||
- ✅ `.env` - 恢复为腾讯云密钥配置
|
||||
- ✅ `.env.example` - 恢复为腾讯云配置模板
|
||||
|
||||
### 文档
|
||||
- ✅ `SKILL.md` - 更新为腾讯云 API 3.0 说明
|
||||
|
||||
## 🔑 配置方式
|
||||
|
||||
### 正确的配置格式
|
||||
|
||||
```bash
|
||||
# SecretId (以 AKID 开头)
|
||||
TENCENT_SECRET_ID=AKIDxxxxxxxxxxxxxxxx
|
||||
|
||||
# SecretKey (32 位字符串)
|
||||
TENCENT_SECRET_KEY=xxxxxxxxxxxxxxxx
|
||||
```
|
||||
|
||||
### 获取密钥步骤
|
||||
|
||||
1. 访问:https://console.cloud.tencent.com/cam/capi
|
||||
2. 登录腾讯云控制台
|
||||
3. 进入 **访问管理** → **访问密钥** → **API 密钥管理**
|
||||
4. 点击 **新建密钥** 或查看现有密钥
|
||||
5. 复制 SecretId 和 SecretKey
|
||||
6. 填入 `.env` 文件
|
||||
|
||||
## 🚀 使用示例
|
||||
|
||||
### 基本用法
|
||||
|
||||
```bash
|
||||
cd /root/.openclaw/workspace/skills/DNSPod-Skill
|
||||
|
||||
# 配置密钥
|
||||
vim .env # 填入 TENCENT_SECRET_ID 和 TENCENT_SECRET_KEY
|
||||
|
||||
# 测试 API
|
||||
python scripts/list_records.py --domain example.com
|
||||
|
||||
# 部署记录
|
||||
python scripts/deploy_record.py \
|
||||
--domain example.com \
|
||||
--subdomain www \
|
||||
--type A \
|
||||
--value 1.2.3.4
|
||||
```
|
||||
|
||||
## 📊 签名实现
|
||||
|
||||
### TC3-HMAC-SHA256 签名步骤
|
||||
|
||||
1. **规范请求 (CanonicalRequest)**
|
||||
```
|
||||
POST
|
||||
/
|
||||
|
||||
content-type:application/json
|
||||
host:dnspod.tencentcloudapi.com
|
||||
|
||||
content-type;host
|
||||
HashedRequestPayload
|
||||
```
|
||||
|
||||
2. **待签名字符串 (StringToSign)**
|
||||
```
|
||||
TC3-HMAC-SHA256
|
||||
Timestamp
|
||||
Date/dnspod/tc3_request
|
||||
HashedCanonicalRequest
|
||||
```
|
||||
|
||||
3. **计算签名 (Signature)**
|
||||
```
|
||||
secret_date = HMAC-SHA256(TC3 + SecretKey, Date)
|
||||
secret_service = HMAC-SHA256(secret_date, "dnspod")
|
||||
secret_signing = HMAC-SHA256(secret_service, "tc3_request")
|
||||
Signature = HMAC-SHA256(secret_signing, StringToSign)
|
||||
```
|
||||
|
||||
4. **Authorization 头**
|
||||
```
|
||||
TC3-HMAC-SHA256 Credential=SecretId/Date/dnspod/tc3_request, SignedHeaders=content-type;host, Signature=Signature
|
||||
```
|
||||
|
||||
## ✅ 优势
|
||||
|
||||
1. **CAM 权限管理** - 支持子账号和权限控制
|
||||
2. **腾讯云集成** - 与其他腾讯云服务协同
|
||||
3. **全面文档** - 详细的 API 文档和错误码
|
||||
4. **SDK 支持** - 官方 SDK 和工具
|
||||
|
||||
## ⚠️ 注意事项
|
||||
|
||||
1. **密钥安全**
|
||||
- SecretId 以 AKID 开头
|
||||
- SecretKey 是 32 位字符串
|
||||
- 不要提交到 Git
|
||||
|
||||
2. **签名正确性**
|
||||
- 使用 SERVICE = "dnspod" (不是 API_VERSION)
|
||||
- Credential Scope: Date/Service/tc3_request
|
||||
- 时间戳使用 UTC 时间
|
||||
|
||||
3. **API 限制**
|
||||
- 遵循 API 调用频率限制
|
||||
- 避免短时间内大量请求
|
||||
|
||||
## 🔄 版本历史
|
||||
|
||||
| 版本 | 日期 | API | 状态 |
|
||||
|------|------|-----|------|
|
||||
| 1.0 | 2026-03-01 | 腾讯云 API 3.0 | 初始版本 |
|
||||
| 2.0 | 2026-03-01 | DNSPod API 2.0 | 短暂使用 |
|
||||
| 3.0 | 2026-03-01 | 腾讯云 API 3.0 | 当前版本 ✅ |
|
||||
|
||||
## 📞 相关文档
|
||||
|
||||
- [腾讯云 API 3.0 文档](https://cloud.tencent.com/document/product/1427)
|
||||
- [签名方法 v3](https://cloud.tencent.com/document/product/1427/56189)
|
||||
- [API 密钥管理](https://console.cloud.tencent.com/cam/capi)
|
||||
- [API Explorer](https://console.cloud.tencent.com/api/explorer)
|
||||
|
||||
---
|
||||
|
||||
**更新者**: OpenClaw
|
||||
**日期**: 2026-03-01
|
||||
**状态**: ✅ 已完成,等待测试
|
||||
**API**: 腾讯云 API 3.0 (TC3-HMAC-SHA256)
|
||||
Reference in New Issue
Block a user