hoelee/cloudflared
1
0
Fork 0
mirror of https://github.com/cloudflare/cloudflared.git synced 2025-07-28 15:20:02 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Revert "AUTH-3394: Creates a token per app instead of per path"

Browse Source 
This reverts commit 8e340d9598.
This commit is contained in:
Adam Chalmers
2021-03-10 13:39:33 -06:00
parent aa5ebb817a
commit b0e69c4b8a
8 changed files with 84 additions and 130 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
cmd/cloudflared/access/carrier.go
View File

@@ -10,7 +10,6 @@ import (
"github.com/cloudflare/cloudflared/config"
"github.com/cloudflare/cloudflared/h2mux"
"github.com/cloudflare/cloudflared/logger"
"github.com/cloudflare/cloudflared/token"
"github.com/cloudflare/cloudflared/validation"
"github.com/pkg/errors"
@@ -109,17 +108,6 @@ func ssh(c *cli.Context) error {
}
}
originReq, err := http.NewRequest(http.MethodGet, options.OriginURL, nil)
if err != nil {
return err
}
appInfo, err := token.GetAppInfo(originReq.URL)
if err != nil {
return err
}
options.AppInfo = appInfo
// we could add a cmd line variable for this bool if we want the SOCK5 server to be on the client side
wsConn := carrier.NewWSConnection(log)

46
cmd/cloudflared/access/cmd.go
View File

@@ -167,9 +167,9 @@ func Commands() []*cli.Command {
Usage: "Application logging level {fatal, error, info, debug}. ",
},
&cli.StringFlag{
Name: sshConnectTo,
Name: sshConnectTo,
Hidden: true,
Usage: "Connect to alternate location for testing, value is host, host:port, or sni:port:host",
Usage: "Connect to alternate location for testing, value is host, host:port, or sni:port:host",
},
},
},
@@ -221,18 +221,12 @@ func login(c *cli.Context) error {
log.Error().Msg("Please provide the url of the Access application")
return err
}
appInfo, err := token.GetAppInfo(appURL)
if err != nil {
return err
}
if err := verifyTokenAtEdge(appURL, appInfo, c, log); err != nil {
if err := verifyTokenAtEdge(appURL, c, log); err != nil {
log.Err(err).Msg("Could not verify token")
return err
}
cfdToken, err := token.GetAppTokenIfExists(appInfo)
cfdToken, err := token.GetAppTokenIfExists(appURL)
if err != nil {
fmt.Fprintln(os.Stderr, "Unable to find token for provided application.")
return err
@@ -274,17 +268,13 @@ func curl(c *cli.Context) error {
return err
}
appInfo, err := token.GetAppInfo(appURL)
if err != nil {
return err
}
tok, err := token.GetAppTokenIfExists(appInfo)
tok, err := token.GetAppTokenIfExists(appURL)
if err != nil || tok == "" {
if allowRequest {
log.Info().Msg("You don't have an Access token set. Please run access token <access application> to fetch one.")
return run("curl", cmdArgs...)
}
tok, err = token.FetchToken(appURL, appInfo, log)
tok, err = token.FetchToken(appURL, log)
if err != nil {
log.Err(err).Msg("Failed to refresh token")
return err
@@ -328,12 +318,7 @@ func generateToken(c *cli.Context) error {
fmt.Fprintln(os.Stderr, "Please provide a url.")
return err
}
appInfo, err := token.GetAppInfo(appURL)
if err != nil {
return err
}
tok, err := token.GetAppTokenIfExists(appInfo)
tok, err := token.GetAppTokenIfExists(appURL)
if err != nil || tok == "" {
fmt.Fprintln(os.Stderr, "Unable to find token for provided application. Please run login command to generate token.")
return err
@@ -384,24 +369,19 @@ func sshGen(c *cli.Context) error {
// this fetchToken function mutates the appURL param. We should refactor that
fetchTokenURL := &url.URL{}
*fetchTokenURL = *originURL
appInfo, err := token.GetAppInfo(fetchTokenURL)
if err != nil {
return err
}
cfdToken, err := token.FetchTokenWithRedirect(fetchTokenURL, appInfo, log)
cfdToken, err := token.FetchTokenWithRedirect(fetchTokenURL, log)
if err != nil {
return err
}
if err := sshgen.GenerateShortLivedCertificate(appInfo, cfdToken); err != nil {
if err := sshgen.GenerateShortLivedCertificate(originURL, cfdToken); err != nil {
return err
}
return nil
}
// getAppURL will pull the request URL needed for fetching a user's Access token
// getAppURL will pull the appURL needed for fetching a user's Access token
func getAppURL(cmdArgs []string, log *zerolog.Logger) (*url.URL, error) {
if len(cmdArgs) < 1 {
log.Error().Msg("Please provide a valid URL as the first argument to curl.")
@@ -476,7 +456,7 @@ func isFileThere(candidate string) bool {
// verifyTokenAtEdge checks for a token on disk, or generates a new one.
// Then makes a request to to the origin with the token to ensure it is valid.
// Returns nil if token is valid.
func verifyTokenAtEdge(appUrl *url.URL, appInfo *token.AppInfo, c *cli.Context, log *zerolog.Logger) error {
func verifyTokenAtEdge(appUrl *url.URL, c *cli.Context, log *zerolog.Logger) error {
headers := buildRequestHeaders(c.StringSlice(sshHeaderFlag))
if c.IsSet(sshTokenIDFlag) {
headers.Add(h2mux.CFAccessClientIDHeader, c.String(sshTokenIDFlag))
@@ -484,7 +464,7 @@ func verifyTokenAtEdge(appUrl *url.URL, appInfo *token.AppInfo, c *cli.Context,
if c.IsSet(sshTokenSecretFlag) {
headers.Add(h2mux.CFAccessClientSecretHeader, c.String(sshTokenSecretFlag))
}
options := &carrier.StartOptions{AppInfo: appInfo, OriginURL: appUrl.String(), Headers: headers}
options := &carrier.StartOptions{OriginURL: appUrl.String(), Headers: headers}
if valid, err := isTokenValid(options, log); err != nil {
return err
@@ -492,7 +472,7 @@ func verifyTokenAtEdge(appUrl *url.URL, appInfo *token.AppInfo, c *cli.Context,
return nil
}
if err := token.RemoveTokenIfExists(appInfo); err != nil {
if err := token.RemoveTokenIfExists(appUrl); err != nil {
return err
}