cloudflared-mirror/cfapi/base_client.go

package cfapi

import (
	"bytes"
	"encoding/json"
	"fmt"
	"io"
	"net/http"
	"net/url"
	"strings"
	"time"

	"github.com/pkg/errors"
	"github.com/rs/zerolog"
	"golang.org/x/net/http2"
)

const (
	defaultTimeout  = 15 * time.Second
	jsonContentType = "application/json"
)

var (
	ErrUnauthorized = errors.New("unauthorized")
	ErrBadRequest   = errors.New("incorrect request parameters")
	ErrNotFound     = errors.New("not found")
	ErrAPINoSuccess = errors.New("API call failed")
)

type RESTClient struct {
	baseEndpoints *baseEndpoints
	authToken     string
	userAgent     string
	client        http.Client
	log           *zerolog.Logger
}

type baseEndpoints struct {
	accountLevel  url.URL
	zoneLevel     url.URL
	accountRoutes url.URL
	accountVnets  url.URL
}

var _ Client = (*RESTClient)(nil)

func NewRESTClient(baseURL, accountTag, zoneTag, authToken, userAgent string, log *zerolog.Logger) (*RESTClient, error) {
	if strings.HasSuffix(baseURL, "/") {
		baseURL = baseURL[:len(baseURL)-1]
	}
	accountLevelEndpoint, err := url.Parse(fmt.Sprintf("%s/accounts/%s/cfd_tunnel", baseURL, accountTag))
	if err != nil {
		return nil, errors.Wrap(err, "failed to create account level endpoint")
	}
	accountRoutesEndpoint, err := url.Parse(fmt.Sprintf("%s/accounts/%s/teamnet/routes", baseURL, accountTag))
	if err != nil {
		return nil, errors.Wrap(err, "failed to create route account-level endpoint")
	}
	accountVnetsEndpoint, err := url.Parse(fmt.Sprintf("%s/accounts/%s/teamnet/virtual_networks", baseURL, accountTag))
	if err != nil {
		return nil, errors.Wrap(err, "failed to create virtual network account-level endpoint")
	}
	zoneLevelEndpoint, err := url.Parse(fmt.Sprintf("%s/zones/%s/tunnels", baseURL, zoneTag))
	if err != nil {
		return nil, errors.Wrap(err, "failed to create account level endpoint")
	}
	httpTransport := http.Transport{
		TLSHandshakeTimeout:   defaultTimeout,
		ResponseHeaderTimeout: defaultTimeout,
	}
	http2.ConfigureTransport(&httpTransport)
	return &RESTClient{
		baseEndpoints: &baseEndpoints{
			accountLevel:  *accountLevelEndpoint,
			zoneLevel:     *zoneLevelEndpoint,
			accountRoutes: *accountRoutesEndpoint,
			accountVnets:  *accountVnetsEndpoint,
		},
		authToken: authToken,
		userAgent: userAgent,
		client: http.Client{
			Transport: &httpTransport,
			Timeout:   defaultTimeout,
		},
		log: log,
	}, nil
}

func (r *RESTClient) sendRequest(method string, url url.URL, body interface{}) (*http.Response, error) {
	var bodyReader io.Reader
	if body != nil {
		if bodyBytes, err := json.Marshal(body); err != nil {
			return nil, errors.Wrap(err, "failed to serialize json body")
		} else {
			bodyReader = bytes.NewBuffer(bodyBytes)
		}
	}

	req, err := http.NewRequest(method, url.String(), bodyReader)
	if err != nil {
		return nil, errors.Wrapf(err, "can't create %s request", method)
	}
	req.Header.Set("User-Agent", r.userAgent)
	if bodyReader != nil {
		req.Header.Set("Content-Type", jsonContentType)
	}
	req.Header.Add("X-Auth-User-Service-Key", r.authToken)
	req.Header.Add("Accept", "application/json;version=1")
	return r.client.Do(req)
}

func parseResponse(reader io.Reader, data interface{}) error {
	// Schema for Tunnelstore responses in the v1 API.
	// Roughly, it's a wrapper around a particular result that adds failures/errors/etc
	var result response
	// First, parse the wrapper and check the API call succeeded
	if err := json.NewDecoder(reader).Decode(&result); err != nil {
		return errors.Wrap(err, "failed to decode response")
	}
	if err := result.checkErrors(); err != nil {
		return err
	}
	if !result.Success {
		return ErrAPINoSuccess
	}
	// At this point we know the API call succeeded, so, parse out the inner
	// result into the datatype provided as a parameter.
	if err := json.Unmarshal(result.Result, &data); err != nil {
		return errors.Wrap(err, "the Cloudflare API response was an unexpected type")
	}
	return nil
}

type response struct {
	Success  bool            `json:"success,omitempty"`
	Errors   []apiErr        `json:"errors,omitempty"`
	Messages []string        `json:"messages,omitempty"`
	Result   json.RawMessage `json:"result,omitempty"`
}

func (r *response) checkErrors() error {
	if len(r.Errors) == 0 {
		return nil
	}
	if len(r.Errors) == 1 {
		return r.Errors[0]
	}
	var messages string
	for _, e := range r.Errors {
		messages += fmt.Sprintf("%s; ", e)
	}
	return fmt.Errorf("API errors: %s", messages)
}

type apiErr struct {
	Code    json.Number `json:"code,omitempty"`
	Message string      `json:"message,omitempty"`
}

func (e apiErr) Error() string {
	return fmt.Sprintf("code: %v, reason: %s", e.Code, e.Message)
}

func (r *RESTClient) statusCodeToError(op string, resp *http.Response) error {
	if resp.Header.Get("Content-Type") == "application/json" {
		var errorsResp response
		if json.NewDecoder(resp.Body).Decode(&errorsResp) == nil {
			if err := errorsResp.checkErrors(); err != nil {
				return errors.Errorf("Failed to %s: %s", op, err)
			}
		}
	}

	switch resp.StatusCode {
	case http.StatusOK:
		return nil
	case http.StatusBadRequest:
		return ErrBadRequest
	case http.StatusUnauthorized, http.StatusForbidden:
		return ErrUnauthorized
	case http.StatusNotFound:
		return ErrNotFound
	}
	return errors.Errorf("API call to %s failed with status %d: %s", op,
		resp.StatusCode, http.StatusText(resp.StatusCode))
}
TUN-5482: Refactor tunnelstore client related packages for more coherent package 2021-12-27 14:56:50 +00:00			`package cfapi`

			`import (`
			`"bytes"`
			`"encoding/json"`
			`"fmt"`
			`"io"`
			`"net/http"`
			`"net/url"`
			`"strings"`
			`"time"`

			`"github.com/pkg/errors"`
			`"github.com/rs/zerolog"`
			`"golang.org/x/net/http2"`
			`)`

			`const (`
			`defaultTimeout = 15 * time.Second`
			`jsonContentType = "application/json"`
			`)`

			`var (`
			`ErrUnauthorized = errors.New("unauthorized")`
			`ErrBadRequest = errors.New("incorrect request parameters")`
			`ErrNotFound = errors.New("not found")`
			`ErrAPINoSuccess = errors.New("API call failed")`
			`)`

			`type RESTClient struct {`
			`baseEndpoints *baseEndpoints`
			`authToken string`
			`userAgent string`
			`client http.Client`
			`log *zerolog.Logger`
			`}`

			`type baseEndpoints struct {`
			`accountLevel url.URL`
			`zoneLevel url.URL`
			`accountRoutes url.URL`
			`accountVnets url.URL`
			`}`

			`var _ Client = (*RESTClient)(nil)`

			`func NewRESTClient(baseURL, accountTag, zoneTag, authToken, userAgent string, log zerolog.Logger) (RESTClient, error) {`
			`if strings.HasSuffix(baseURL, "/") {`
			`baseURL = baseURL[:len(baseURL)-1]`
			`}`
TUN-5678: Cloudflared uses typed tunnel API 2022-02-17 22:07:12 +00:00			`accountLevelEndpoint, err := url.Parse(fmt.Sprintf("%s/accounts/%s/cfd_tunnel", baseURL, accountTag))`
TUN-5482: Refactor tunnelstore client related packages for more coherent package 2021-12-27 14:56:50 +00:00			`if err != nil {`
			`return nil, errors.Wrap(err, "failed to create account level endpoint")`
			`}`
			`accountRoutesEndpoint, err := url.Parse(fmt.Sprintf("%s/accounts/%s/teamnet/routes", baseURL, accountTag))`
			`if err != nil {`
			`return nil, errors.Wrap(err, "failed to create route account-level endpoint")`
			`}`
			`accountVnetsEndpoint, err := url.Parse(fmt.Sprintf("%s/accounts/%s/teamnet/virtual_networks", baseURL, accountTag))`
			`if err != nil {`
			`return nil, errors.Wrap(err, "failed to create virtual network account-level endpoint")`
			`}`
			`zoneLevelEndpoint, err := url.Parse(fmt.Sprintf("%s/zones/%s/tunnels", baseURL, zoneTag))`
			`if err != nil {`
			`return nil, errors.Wrap(err, "failed to create account level endpoint")`
			`}`
			`httpTransport := http.Transport{`
			`TLSHandshakeTimeout: defaultTimeout,`
			`ResponseHeaderTimeout: defaultTimeout,`
			`}`
			`http2.ConfigureTransport(&httpTransport)`
			`return &RESTClient{`
			`baseEndpoints: &baseEndpoints{`
			`accountLevel: *accountLevelEndpoint,`
			`zoneLevel: *zoneLevelEndpoint,`
			`accountRoutes: *accountRoutesEndpoint,`
			`accountVnets: *accountVnetsEndpoint,`
			`},`
			`authToken: authToken,`
			`userAgent: userAgent,`
			`client: http.Client{`
			`Transport: &httpTransport,`
			`Timeout: defaultTimeout,`
			`},`
			`log: log,`
			`}, nil`
			`}`

			`func (r RESTClient) sendRequest(method string, url url.URL, body interface{}) (http.Response, error) {`
			`var bodyReader io.Reader`
			`if body != nil {`
			`if bodyBytes, err := json.Marshal(body); err != nil {`
			`return nil, errors.Wrap(err, "failed to serialize json body")`
			`} else {`
			`bodyReader = bytes.NewBuffer(bodyBytes)`
			`}`
			`}`

			`req, err := http.NewRequest(method, url.String(), bodyReader)`
			`if err != nil {`
			`return nil, errors.Wrapf(err, "can't create %s request", method)`
			`}`
			`req.Header.Set("User-Agent", r.userAgent)`
			`if bodyReader != nil {`
			`req.Header.Set("Content-Type", jsonContentType)`
			`}`
			`req.Header.Add("X-Auth-User-Service-Key", r.authToken)`
			`req.Header.Add("Accept", "application/json;version=1")`
			`return r.client.Do(req)`
			`}`

			`func parseResponse(reader io.Reader, data interface{}) error {`
			`// Schema for Tunnelstore responses in the v1 API.`
			`// Roughly, it's a wrapper around a particular result that adds failures/errors/etc`
			`var result response`
			`// First, parse the wrapper and check the API call succeeded`
			`if err := json.NewDecoder(reader).Decode(&result); err != nil {`
			`return errors.Wrap(err, "failed to decode response")`
			`}`
			`if err := result.checkErrors(); err != nil {`
			`return err`
			`}`
			`if !result.Success {`
			`return ErrAPINoSuccess`
			`}`
			`// At this point we know the API call succeeded, so, parse out the inner`
			`// result into the datatype provided as a parameter.`
			`if err := json.Unmarshal(result.Result, &data); err != nil {`
			`return errors.Wrap(err, "the Cloudflare API response was an unexpected type")`
			`}`
			`return nil`
			`}`

			`type response struct {`
			Success bool `json:"success,omitempty"`
			Errors []apiErr `json:"errors,omitempty"`
			Messages []string `json:"messages,omitempty"`
			Result json.RawMessage `json:"result,omitempty"`
			`}`

			`func (r *response) checkErrors() error {`
			`if len(r.Errors) == 0 {`
			`return nil`
			`}`
			`if len(r.Errors) == 1 {`
			`return r.Errors[0]`
			`}`
			`var messages string`
			`for _, e := range r.Errors {`
			`messages += fmt.Sprintf("%s; ", e)`
			`}`
			`return fmt.Errorf("API errors: %s", messages)`
			`}`

			`type apiErr struct {`
			Code json.Number `json:"code,omitempty"`
			Message string `json:"message,omitempty"`
			`}`

			`func (e apiErr) Error() string {`
			`return fmt.Sprintf("code: %v, reason: %s", e.Code, e.Message)`
			`}`

			`func (r RESTClient) statusCodeToError(op string, resp http.Response) error {`
			`if resp.Header.Get("Content-Type") == "application/json" {`
			`var errorsResp response`
			`if json.NewDecoder(resp.Body).Decode(&errorsResp) == nil {`
			`if err := errorsResp.checkErrors(); err != nil {`
			`return errors.Errorf("Failed to %s: %s", op, err)`
			`}`
			`}`
			`}`

			`switch resp.StatusCode {`
			`case http.StatusOK:`
			`return nil`
			`case http.StatusBadRequest:`
			`return ErrBadRequest`
			`case http.StatusUnauthorized, http.StatusForbidden:`
			`return ErrUnauthorized`
			`case http.StatusNotFound:`
			`return ErrNotFound`
			`}`
			`return errors.Errorf("API call to %s failed with status %d: %s", op,`
			`resp.StatusCode, http.StatusText(resp.StatusCode))`
			`}`