mirror of
https://github.com/cloudflare/cloudflared.git
synced 2025-05-11 03:56:34 +00:00
b89c092c1b
cloudflared tail will now fetch the management token from by making a request to the Cloudflare API using the cert.pem (acquired from cloudflared login). Refactored some of the credentials code into it's own package as to allow for easier use between subcommands outside of `cloudflared tunnel`.
84 lines
1.8 KiB
Go
84 lines
1.8 KiB
Go
package credentials
|
|
|
|
import (
|
|
"github.com/pkg/errors"
|
|
"github.com/rs/zerolog"
|
|
|
|
"github.com/cloudflare/cloudflared/cfapi"
|
|
)
|
|
|
|
const (
|
|
logFieldOriginCertPath = "originCertPath"
|
|
)
|
|
|
|
type User struct {
|
|
cert *OriginCert
|
|
certPath string
|
|
}
|
|
|
|
func (c User) AccountID() string {
|
|
return c.cert.AccountID
|
|
}
|
|
|
|
func (c User) ZoneID() string {
|
|
return c.cert.ZoneID
|
|
}
|
|
|
|
func (c User) APIToken() string {
|
|
return c.cert.APIToken
|
|
}
|
|
|
|
func (c User) CertPath() string {
|
|
return c.certPath
|
|
}
|
|
|
|
// Client uses the user credentials to create a Cloudflare API client
|
|
func (c *User) Client(apiURL string, userAgent string, log *zerolog.Logger) (cfapi.Client, error) {
|
|
if apiURL == "" {
|
|
return nil, errors.New("An api-url was not provided for the Cloudflare API client")
|
|
}
|
|
client, err := cfapi.NewRESTClient(
|
|
apiURL,
|
|
c.cert.AccountID,
|
|
c.cert.ZoneID,
|
|
c.cert.APIToken,
|
|
userAgent,
|
|
log,
|
|
)
|
|
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return client, nil
|
|
}
|
|
|
|
// Read will load and read the origin cert.pem to load the user credentials
|
|
func Read(originCertPath string, log *zerolog.Logger) (*User, error) {
|
|
originCertLog := log.With().
|
|
Str(logFieldOriginCertPath, originCertPath).
|
|
Logger()
|
|
|
|
originCertPath, err := FindOriginCert(originCertPath, &originCertLog)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "Error locating origin cert")
|
|
}
|
|
blocks, err := readOriginCert(originCertPath)
|
|
if err != nil {
|
|
return nil, errors.Wrapf(err, "Can't read origin cert from %s", originCertPath)
|
|
}
|
|
|
|
cert, err := decodeOriginCert(blocks)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "Error decoding origin cert")
|
|
}
|
|
|
|
if cert.AccountID == "" {
|
|
return nil, errors.Errorf(`Origin certificate needs to be refreshed before creating new tunnels.\nDelete %s and run "cloudflared login" to obtain a new cert.`, originCertPath)
|
|
}
|
|
|
|
return &User{
|
|
cert: cert,
|
|
certPath: originCertPath,
|
|
}, nil
|
|
}
|