From 5da2422f616f6245982f38693df2e61ccf24dbb4 Mon Sep 17 00:00:00 2001
From: Ilya <ilya.prihlop@gmail.com>
Date: Wed, 11 Mar 2020 14:43:45 +0300
Subject: [PATCH 1/7] Fix actionunban

Add command to remove new line character. Needed for working removing rule from cloudflare firewall.
---
 config/action.d/cloudflare.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/action.d/cloudflare.conf b/config/action.d/cloudflare.conf
index 1c48a37f..70e5ee3f 100644
--- a/config/action.d/cloudflare.conf
+++ b/config/action.d/cloudflare.conf
@@ -60,7 +60,7 @@ actionban = curl -s -o /dev/null -X POST -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-
 # API v4
 actionunban = curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' \
               https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$(curl -s -X GET -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' \
-              'https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1' | cut -d'"' -f6)
+              'https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1' | tr -d '\n' | cut -d'"' -f6)
 
 [Init]
 

From 8b3b9addd10dec9fec47b8f7fd3a971c326fe430 Mon Sep 17 00:00:00 2001
From: Ilya <ilya.prihlop@gmail.com>
Date: Fri, 20 Mar 2020 13:52:17 +0300
Subject: [PATCH 2/7] Change tool from 'cut' to 'sed'

Sed regex was tested - it works.
---
 config/action.d/cloudflare.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/action.d/cloudflare.conf b/config/action.d/cloudflare.conf
index 70e5ee3f..d00db98b 100644
--- a/config/action.d/cloudflare.conf
+++ b/config/action.d/cloudflare.conf
@@ -60,7 +60,7 @@ actionban = curl -s -o /dev/null -X POST -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-
 # API v4
 actionunban = curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' \
               https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$(curl -s -X GET -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' \
-              'https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1' | tr -d '\n' | cut -d'"' -f6)
+              'https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1' | tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p' )
 
 [Init]
 

From 852670bc99be2f30a64dd5d096d5ff375b6a2e3a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Viktor=20Sz=C3=A9pe?= <viktor@szepe.net>
Date: Sun, 27 May 2018 08:15:33 +0200
Subject: [PATCH 3/7] CloudFlare started to indent their API responses

We need to use https://github.com/stedolan/jq to parse it.
---
 config/action.d/cloudflare.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/action.d/cloudflare.conf b/config/action.d/cloudflare.conf
index d00db98b..27a0b6b5 100644
--- a/config/action.d/cloudflare.conf
+++ b/config/action.d/cloudflare.conf
@@ -5,7 +5,7 @@
 #
 # Please set jail.local's permission to 640 because it contains your CF API key.
 #
-# This action depends on curl.
+# This action depends on curl and jq.
 # Referenced from http://www.normyee.net/blog/2012/02/02/adding-cloudflare-support-to-fail2ban by NORM YEE
 #
 # To get your CloudFlare API Key: https://www.cloudflare.com/a/account/my-account
@@ -60,7 +60,7 @@ actionban = curl -s -o /dev/null -X POST -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-
 # API v4
 actionunban = curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' \
               https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$(curl -s -X GET -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' \
-              'https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1' | tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p' )
+              'https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1' | jq -r '.result[0].configuration.value')
 
 [Init]
 

From 5b8fc3b51a203a7428dd66f07fb8480ec894860d Mon Sep 17 00:00:00 2001
From: "Sergey G. Brester" <github@sebres.de>
Date: Thu, 6 Dec 2018 14:35:17 +0100
Subject: [PATCH 4/7] cloudflare: fixes ip to id conversion by unban using jq

normalized URIs and parameters, notes gets a jail-name (should be possible to differentiate the same IP across several jails)
---
 config/action.d/cloudflare.conf | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/config/action.d/cloudflare.conf b/config/action.d/cloudflare.conf
index 27a0b6b5..5125777c 100644
--- a/config/action.d/cloudflare.conf
+++ b/config/action.d/cloudflare.conf
@@ -43,9 +43,9 @@ actioncheck =
 # API v1
 #actionban = curl -s -o /dev/null https://www.cloudflare.com/api_json.html -d 'a=ban' -d 'tkn=<cftoken>' -d 'email=<cfuser>' -d 'key=<ip>'
 # API v4
-actionban = curl -s -o /dev/null -X POST -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' \
-            -H 'Content-Type: application/json' -d '{ "mode": "block", "configuration": { "target": "ip", "value": "<ip>" } }' \
-            https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules
+actionban = curl -s -o /dev/null -X POST <_cf_api_prms> \
+            -d '{"mode":"block","configuration":{"target":"ip","value":"<ip>"},"notes":"Fail2Ban <name>"}' \
+            <_cf_api_url>
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -58,9 +58,14 @@ actionban = curl -s -o /dev/null -X POST -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-
 # API v1
 #actionunban = curl -s -o /dev/null https://www.cloudflare.com/api_json.html -d 'a=nul' -d 'tkn=<cftoken>' -d 'email=<cfuser>' -d 'key=<ip>'
 # API v4
-actionunban = curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' \
-              https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$(curl -s -X GET -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' \
-              'https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1' | jq -r '.result[0].configuration.value')
+actionunban = id=$(curl -s -X GET <_cf_api_prms> \
+                   "<_cf_api_url>?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1&notes=Fail2Ban%20<name>" \
+                   | jq -r '.result[0].id')
+              if [ -z "$id" ]; then echo "<name>: id for <ip> cannot be found"; exit 0; fi;
+              curl -s -o /dev/null -X DELETE <_cf_api_prms> "<_cf_api_url>/$id"
+
+_cf_api_url = https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules
+_cf_api_prms = -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cfkey>' -H 'Content-Type: application/json'
 
 [Init]
 

From 1c1b671c745dbe0e1f9a096fd1953d0257e8b958 Mon Sep 17 00:00:00 2001
From: "Sergey G. Brester" <github@sebres.de>
Date: Mon, 10 Dec 2018 11:27:53 +0100
Subject: [PATCH 5/7] Update cloudflare.conf

---
 config/action.d/cloudflare.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/action.d/cloudflare.conf b/config/action.d/cloudflare.conf
index 5125777c..4c0a3810 100644
--- a/config/action.d/cloudflare.conf
+++ b/config/action.d/cloudflare.conf
@@ -59,13 +59,13 @@ actionban = curl -s -o /dev/null -X POST <_cf_api_prms> \
 #actionunban = curl -s -o /dev/null https://www.cloudflare.com/api_json.html -d 'a=nul' -d 'tkn=<cftoken>' -d 'email=<cfuser>' -d 'key=<ip>'
 # API v4
 actionunban = id=$(curl -s -X GET <_cf_api_prms> \
-                   "<_cf_api_url>?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1&notes=Fail2Ban%20<name>" \
+                   "<_cf_api_url>?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1&notes=Fail2Ban%%20<name>" \
                    | jq -r '.result[0].id')
               if [ -z "$id" ]; then echo "<name>: id for <ip> cannot be found"; exit 0; fi;
               curl -s -o /dev/null -X DELETE <_cf_api_prms> "<_cf_api_url>/$id"
 
 _cf_api_url = https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules
-_cf_api_prms = -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cfkey>' -H 'Content-Type: application/json'
+_cf_api_prms = -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' -H 'Content-Type: application/json'
 
 [Init]
 

From 01e92ce4a617ff8cf95d47b67cdd77481a3efdd7 Mon Sep 17 00:00:00 2001
From: "Sergey G. Brester" <info@sebres.de>
Date: Mon, 16 Mar 2020 18:28:45 +0100
Subject: [PATCH 6/7] added fallback using tr and sed (jq is optional now)

---
 config/action.d/cloudflare.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/action.d/cloudflare.conf b/config/action.d/cloudflare.conf
index 4c0a3810..361cb177 100644
--- a/config/action.d/cloudflare.conf
+++ b/config/action.d/cloudflare.conf
@@ -5,7 +5,7 @@
 #
 # Please set jail.local's permission to 640 because it contains your CF API key.
 #
-# This action depends on curl and jq.
+# This action depends on curl (and optionally jq).
 # Referenced from http://www.normyee.net/blog/2012/02/02/adding-cloudflare-support-to-fail2ban by NORM YEE
 #
 # To get your CloudFlare API Key: https://www.cloudflare.com/a/account/my-account
@@ -60,7 +60,7 @@ actionban = curl -s -o /dev/null -X POST <_cf_api_prms> \
 # API v4
 actionunban = id=$(curl -s -X GET <_cf_api_prms> \
                    "<_cf_api_url>?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1&notes=Fail2Ban%%20<name>" \
-                   | jq -r '.result[0].id')
+                   | { jq -r '.result[0].id' 2>/dev/null || tr -d '\n' | sed -nE 's/^.*"result"\s*:\s*\[\s*\{\s*"id"\s*:\s*"([^"]+)".*$/\1/p'; })
               if [ -z "$id" ]; then echo "<name>: id for <ip> cannot be found"; exit 0; fi;
               curl -s -o /dev/null -X DELETE <_cf_api_prms> "<_cf_api_url>/$id"
 

From 42aef09d695f98794066118015db7b72442c6116 Mon Sep 17 00:00:00 2001
From: "Sergey G. Brester" <info@sebres.de>
Date: Mon, 27 Apr 2020 19:38:48 +0200
Subject: [PATCH 7/7] Update ChangeLog

---
 ChangeLog | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 2ae56d99..d744dba0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -46,6 +46,8 @@ ver. 0.10.6-dev (20??/??/??) - development edition
   so would bother the action interpolation
 * `action.d/*-ipset*.conf`: several ipset actions fixed (no timeout per default anymore), so no discrepancy
   between ipset and fail2ban (removal from ipset will be managed by fail2ban only, gh-2703)
+* `action.d/cloudflare.conf`: fixed `actionunban` (considering new-line chars and optionally real json-parsing
+   with `jq`, gh-2140, gh-2656)
 * `filter.d/common.conf`: avoid substitute of default values in related `lt_*` section, `__prefix_line`
   should be interpolated in definition section (inside the filter-config, gh-2650)
 * `filter.d/courier-smtp.conf`: prefregex extended to consider port in log-message (gh-2697)