hoelee/cloudflared
1
0
Fork 0
mirror of https://github.com/cloudflare/cloudflared.git synced 2025-07-27 22:49:58 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

AUTH-3394: Creates a token per app instead of per path - with fix for

Browse Source 
free tunnels
This commit is contained in:
Michael Borkenstein
2021-03-10 15:52:35 -06:00
parent 25cfbec072
commit 841344f1e7
8 changed files with 130 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
carrier/websocket.go
View File

@@ -88,6 +88,18 @@ func createWebsocketStream(options *StartOptions, log *zerolog.Logger) (*cfwebso
defer closeRespBody(resp)
if err != nil && IsAccessResponse(resp) {
// Only get Access app info if we know the origin is protected by Access
originReq, err := http.NewRequest(http.MethodGet, options.OriginURL, nil)
if err != nil {
return nil, err
}
appInfo, err := token.GetAppInfo(originReq.URL)
if err != nil {
return nil, err
}
options.AppInfo = appInfo
wsConn, err = createAccessAuthenticatedStream(options, log)
if err != nil {
return nil, err
@@ -116,11 +128,7 @@ func createAccessAuthenticatedStream(options *StartOptions, log *zerolog.Logger)
}
// Access Token is invalid for some reason. Go through regen flow
originReq, err := http.NewRequest(http.MethodGet, options.OriginURL, nil)
if err != nil {
return nil, err
}
if err := token.RemoveTokenIfExists(originReq.URL); err != nil {
if err := token.RemoveTokenIfExists(options.AppInfo); err != nil {
return nil, err
}
wsConn, resp, err = createAccessWebSocketStream(options, log)