mirror of
https://github.com/cloudflare/cloudflared.git
synced 2025-07-28 06:29:59 +00:00
TUN-528: Move cloudflared into a separate repo
This commit is contained in:
Areg Harutyunyan
305
vendor/github.com/equinox-io/equinox/sdk.go
generated
vendored
Normal file
305
vendor/github.com/equinox-io/equinox/sdk.go
generated
vendored
Normal file
@@ -0,0 +1,305 @@
|
||||
package equinox
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto"
|
||||
"crypto/sha256"
|
||||
"crypto/x509"
|
||||
"encoding/hex"
|
||||
"encoding/json"
|
||||
"encoding/pem"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"os"
|
||||
"runtime"
|
||||
"time"
|
||||
|
||||
"github.com/equinox-io/equinox/internal/go-update"
|
||||
"github.com/equinox-io/equinox/internal/osext"
|
||||
"github.com/equinox-io/equinox/proto"
|
||||
)
|
||||
|
||||
const protocolVersion = "1"
|
||||
const defaultCheckURL = "https://update.equinox.io/check"
|
||||
const userAgent = "EquinoxSDK/1.0"
|
||||
|
||||
var NotAvailableErr = errors.New("No update available")
|
||||
|
||||
type Options struct {
|
||||
// Channel specifies the name of an Equinox release channel to check for
|
||||
// a newer version of the application.
|
||||
//
|
||||
// If empty, defaults to 'stable'.
|
||||
Channel string
|
||||
|
||||
// Version requests an update to a specific version of the application.
|
||||
// If specified, `Channel` is ignored.
|
||||
Version string
|
||||
|
||||
// TargetPath defines the path to the file to update.
|
||||
// The emptry string means 'the executable file of the running program'.
|
||||
TargetPath string
|
||||
|
||||
// Create TargetPath replacement with this file mode. If zero, defaults to 0755.
|
||||
TargetMode os.FileMode
|
||||
|
||||
// Public key to use for signature verification. If nil, no signature
|
||||
// verification is done. Use `SetPublicKeyPEM` to set this field with PEM data.
|
||||
PublicKey crypto.PublicKey
|
||||
|
||||
// Target operating system of the update. Uses the same standard OS names used
|
||||
// by Go build tags (windows, darwin, linux, etc).
|
||||
// If empty, it will be populated by consulting runtime.GOOS
|
||||
OS string
|
||||
|
||||
// Target architecture of the update. Uses the same standard Arch names used
|
||||
// by Go build tags (amd64, 386, arm, etc).
|
||||
// If empty, it will be populated by consulting runtime.GOARCH
|
||||
Arch string
|
||||
|
||||
// Target ARM architecture, if a specific one if required. Uses the same names
|
||||
// as the GOARM environment variable (5, 6, 7).
|
||||
//
|
||||
// GoARM is ignored if Arch != 'arm'.
|
||||
// GoARM is ignored if it is the empty string. Omit it if you do not need
|
||||
// to distinguish between ARM versions.
|
||||
GoARM string
|
||||
|
||||
// The current application version. This is used for statistics and reporting only,
|
||||
// it is optional.
|
||||
CurrentVersion string
|
||||
|
||||
// CheckURL is the URL to request an update check from. You should only set
|
||||
// this if you are running an on-prem Equinox server.
|
||||
// If empty the default Equinox update service endpoint is used.
|
||||
CheckURL string
|
||||
|
||||
// HTTPClient is used to make all HTTP requests necessary for the update check protocol.
|
||||
// You may configure it to use custom timeouts, proxy servers or other behaviors.
|
||||
HTTPClient *http.Client
|
||||
}
|
||||
|
||||
// Response is returned by Check when an update is available. It may be
|
||||
// passed to Apply to perform the update.
|
||||
type Response struct {
|
||||
// Version of the release that will be updated to if applied.
|
||||
ReleaseVersion string
|
||||
|
||||
// Title of the the release
|
||||
ReleaseTitle string
|
||||
|
||||
// Additional details about the release
|
||||
ReleaseDescription string
|
||||
|
||||
// Creation date of the release
|
||||
ReleaseDate time.Time
|
||||
|
||||
downloadURL string
|
||||
checksum []byte
|
||||
signature []byte
|
||||
patch proto.PatchKind
|
||||
opts Options
|
||||
}
|
||||
|
||||
// SetPublicKeyPEM is a convenience method to set the PublicKey property
|
||||
// used for checking a completed update's signature by parsing a
|
||||
// Public Key formatted as PEM data.
|
||||
func (o *Options) SetPublicKeyPEM(pembytes []byte) error {
|
||||
block, _ := pem.Decode(pembytes)
|
||||
if block == nil {
|
||||
return errors.New("couldn't parse PEM data")
|
||||
}
|
||||
|
||||
pub, err := x509.ParsePKIXPublicKey(block.Bytes)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
o.PublicKey = pub
|
||||
return nil
|
||||
}
|
||||
|
||||
// Check communicates with an Equinox update service to determine if
|
||||
// an update for the given application matching the specified options is
|
||||
// available. The returned error is nil only if an update is available.
|
||||
//
|
||||
// The appID is issued to you when creating an application at https://equinox.io
|
||||
//
|
||||
// You can compare the returned error to NotAvailableErr to differentiate between
|
||||
// a successful check that found no update from other errors like a failed
|
||||
// network connection.
|
||||
func Check(appID string, opts Options) (Response, error) {
|
||||
var r Response
|
||||
|
||||
if opts.Channel == "" {
|
||||
opts.Channel = "stable"
|
||||
}
|
||||
if opts.TargetPath == "" {
|
||||
var err error
|
||||
opts.TargetPath, err = osext.Executable()
|
||||
if err != nil {
|
||||
return r, err
|
||||
}
|
||||
}
|
||||
if opts.OS == "" {
|
||||
opts.OS = runtime.GOOS
|
||||
}
|
||||
if opts.Arch == "" {
|
||||
opts.Arch = runtime.GOARCH
|
||||
}
|
||||
if opts.CheckURL == "" {
|
||||
opts.CheckURL = defaultCheckURL
|
||||
}
|
||||
if opts.HTTPClient == nil {
|
||||
opts.HTTPClient = new(http.Client)
|
||||
}
|
||||
opts.HTTPClient.Transport = newUserAgentTransport(userAgent, opts.HTTPClient.Transport)
|
||||
|
||||
checksum := computeChecksum(opts.TargetPath)
|
||||
|
||||
payload, err := json.Marshal(proto.Request{
|
||||
AppID: appID,
|
||||
Channel: opts.Channel,
|
||||
OS: opts.OS,
|
||||
Arch: opts.Arch,
|
||||
GoARM: opts.GoARM,
|
||||
TargetVersion: opts.Version,
|
||||
CurrentVersion: opts.CurrentVersion,
|
||||
CurrentSHA256: checksum,
|
||||
})
|
||||
|
||||
req, err := http.NewRequest("POST", opts.CheckURL, bytes.NewReader(payload))
|
||||
if err != nil {
|
||||
return r, err
|
||||
}
|
||||
req.Header.Set("Accept", fmt.Sprintf("application/json; q=1; version=%s; charset=utf-8", protocolVersion))
|
||||
req.Header.Set("Content-Type", "application/json; charset=utf-8")
|
||||
|
||||
resp, err := opts.HTTPClient.Do(req)
|
||||
if err != nil {
|
||||
return r, err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
if resp.StatusCode != 200 {
|
||||
body, _ := ioutil.ReadAll(resp.Body)
|
||||
return r, fmt.Errorf("Server responded with %s: %s", resp.Status, body)
|
||||
}
|
||||
|
||||
var protoResp proto.Response
|
||||
err = json.NewDecoder(resp.Body).Decode(&protoResp)
|
||||
if err != nil {
|
||||
return r, err
|
||||
}
|
||||
|
||||
if !protoResp.Available {
|
||||
return r, NotAvailableErr
|
||||
}
|
||||
|
||||
r.ReleaseVersion = protoResp.Release.Version
|
||||
r.ReleaseTitle = protoResp.Release.Title
|
||||
r.ReleaseDescription = protoResp.Release.Description
|
||||
r.ReleaseDate = protoResp.Release.CreateDate
|
||||
r.downloadURL = protoResp.DownloadURL
|
||||
r.patch = protoResp.Patch
|
||||
r.opts = opts
|
||||
r.checksum, err = hex.DecodeString(protoResp.Checksum)
|
||||
if err != nil {
|
||||
return r, err
|
||||
}
|
||||
r.signature, err = hex.DecodeString(protoResp.Signature)
|
||||
if err != nil {
|
||||
return r, err
|
||||
}
|
||||
|
||||
return r, nil
|
||||
}
|
||||
|
||||
func computeChecksum(path string) string {
|
||||
f, err := os.Open(path)
|
||||
if err != nil {
|
||||
return ""
|
||||
}
|
||||
defer f.Close()
|
||||
h := sha256.New()
|
||||
_, err = io.Copy(h, f)
|
||||
if err != nil {
|
||||
return ""
|
||||
}
|
||||
return hex.EncodeToString(h.Sum(nil))
|
||||
}
|
||||
|
||||
// Apply performs an update of the current executable (or TargetFile, if it was
|
||||
// set on the Options) with the update specified by Response.
|
||||
//
|
||||
// Error is nil if and only if the entire update completes successfully.
|
||||
func (r Response) Apply() error {
|
||||
opts := update.Options{
|
||||
TargetPath: r.opts.TargetPath,
|
||||
TargetMode: r.opts.TargetMode,
|
||||
Checksum: r.checksum,
|
||||
Signature: r.signature,
|
||||
Verifier: update.NewECDSAVerifier(),
|
||||
PublicKey: r.opts.PublicKey,
|
||||
}
|
||||
switch r.patch {
|
||||
case proto.PatchBSDiff:
|
||||
opts.Patcher = update.NewBSDiffPatcher()
|
||||
}
|
||||
|
||||
if err := opts.CheckPermissions(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
req, err := http.NewRequest("GET", r.downloadURL, nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// fetch the update
|
||||
resp, err := r.opts.HTTPClient.Do(req)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
defer resp.Body.Close()
|
||||
|
||||
// check that we got a patch
|
||||
if resp.StatusCode >= 400 {
|
||||
msg := "error downloading patch"
|
||||
|
||||
id := resp.Header.Get("Request-Id")
|
||||
if id != "" {
|
||||
msg += ", request " + id
|
||||
}
|
||||
|
||||
blob, err := ioutil.ReadAll(resp.Body)
|
||||
if err == nil {
|
||||
msg += ": " + string(bytes.TrimSpace(blob))
|
||||
}
|
||||
return fmt.Errorf(msg)
|
||||
}
|
||||
|
||||
return update.Apply(resp.Body, opts)
|
||||
}
|
||||
|
||||
type userAgentTransport struct {
|
||||
userAgent string
|
||||
http.RoundTripper
|
||||
}
|
||||
|
||||
func newUserAgentTransport(userAgent string, rt http.RoundTripper) *userAgentTransport {
|
||||
if rt == nil {
|
||||
rt = http.DefaultTransport
|
||||
}
|
||||
return &userAgentTransport{userAgent, rt}
|
||||
}
|
||||
|
||||
func (t *userAgentTransport) RoundTrip(r *http.Request) (*http.Response, error) {
|
||||
if r.Header.Get("User-Agent") == "" {
|
||||
r.Header.Set("User-Agent", t.userAgent)
|
||||
}
|
||||
return t.RoundTripper.RoundTrip(r)
|
||||
}
|
||||
Reference in New Issue
Block a user