84 lines
1.8 KiB
Go
84 lines
1.8 KiB
Go
|
package credentials
|
||
|
|
||
|
import (
|
||
|
"github.com/pkg/errors"
|
||
|
"github.com/rs/zerolog"
|
||
|
|
||
|
"github.com/cloudflare/cloudflared/cfapi"
|
||
|
)
|
||
|
|
||
|
const (
|
||
|
logFieldOriginCertPath = "originCertPath"
|
||
|
)
|
||
|
|
||
|
type User struct {
|
||
|
cert *OriginCert
|
||
|
certPath string
|
||
|
}
|
||
|
|
||
|
func (c User) AccountID() string {
|
||
|
return c.cert.AccountID
|
||
|
}
|
||
|
|
||
|
func (c User) ZoneID() string {
|
||
|
return c.cert.ZoneID
|
||
|
}
|
||
|
|
||
|
func (c User) APIToken() string {
|
||
|
return c.cert.APIToken
|
||
|
}
|
||
|
|
||
|
func (c User) CertPath() string {
|
||
|
return c.certPath
|
||
|
}
|
||
|
|
||
|
// Client uses the user credentials to create a Cloudflare API client
|
||
|
func (c *User) Client(apiURL string, userAgent string, log *zerolog.Logger) (cfapi.Client, error) {
|
||
|
if apiURL == "" {
|
||
|
return nil, errors.New("An api-url was not provided for the Cloudflare API client")
|
||
|
}
|
||
|
client, err := cfapi.NewRESTClient(
|
||
|
apiURL,
|
||
|
c.cert.AccountID,
|
||
|
c.cert.ZoneID,
|
||
|
c.cert.APIToken,
|
||
|
userAgent,
|
||
|
log,
|
||
|
)
|
||
|
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
return client, nil
|
||
|
}
|
||
|
|
||
|
// Read will load and read the origin cert.pem to load the user credentials
|
||
|
func Read(originCertPath string, log *zerolog.Logger) (*User, error) {
|
||
|
originCertLog := log.With().
|
||
|
Str(logFieldOriginCertPath, originCertPath).
|
||
|
Logger()
|
||
|
|
||
|
originCertPath, err := FindOriginCert(originCertPath, &originCertLog)
|
||
|
if err != nil {
|
||
|
return nil, errors.Wrap(err, "Error locating origin cert")
|
||
|
}
|
||
|
blocks, err := readOriginCert(originCertPath)
|
||
|
if err != nil {
|
||
|
return nil, errors.Wrapf(err, "Can't read origin cert from %s", originCertPath)
|
||
|
}
|
||
|
|
||
|
cert, err := decodeOriginCert(blocks)
|
||
|
if err != nil {
|
||
|
return nil, errors.Wrap(err, "Error decoding origin cert")
|
||
|
}
|
||
|
|
||
|
if cert.AccountID == "" {
|
||
|
return nil, errors.Errorf(`Origin certificate needs to be refreshed before creating new tunnels.\nDelete %s and run "cloudflared login" to obtain a new cert.`, originCertPath)
|
||
|
}
|
||
|
|
||
|
return &User{
|
||
|
cert: cert,
|
||
|
certPath: originCertPath,
|
||
|
}, nil
|
||
|
}
|