cloudflared-mirror/cmd/cloudflared/tunnel/login.go

package tunnel

import (
	"fmt"
	"net/url"
	"os"
	"path/filepath"
	"syscall"

	homedir "github.com/mitchellh/go-homedir"
	"github.com/pkg/errors"
	"github.com/urfave/cli/v2"

	"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
	"github.com/cloudflare/cloudflared/config"
	"github.com/cloudflare/cloudflared/credentials"
	"github.com/cloudflare/cloudflared/logger"
	"github.com/cloudflare/cloudflared/token"
)

const (
	baseLoginURL     = "https://dash.cloudflare.com/argotunnel"
	callbackStoreURL = "https://login.cloudflareaccess.org/"
)

func buildLoginSubcommand(hidden bool) *cli.Command {
	return &cli.Command{
		Name:      "login",
		Action:    cliutil.ConfiguredAction(login),
		Usage:     "Generate a configuration file with your login details",
		ArgsUsage: " ",
		Hidden:    hidden,
	}
}

func login(c *cli.Context) error {
	log := logger.CreateLoggerFromContext(c, logger.EnableTerminalLog)

	path, ok, err := checkForExistingCert()
	if ok {
		fmt.Fprintf(os.Stdout, "You have an existing certificate at %s which login would overwrite.\nIf this is intentional, please move or delete that file then run this command again.\n", path)
		return nil
	} else if err != nil {
		return err
	}

	loginURL, err := url.Parse(baseLoginURL)
	if err != nil {
		// shouldn't happen, URL is hardcoded
		return err
	}

	resourceData, err := token.RunTransfer(
		loginURL,
		"",
		"cert",
		"callback",
		callbackStoreURL,
		false,
		false,
		log,
	)
	if err != nil {
		fmt.Fprintf(os.Stderr, "Failed to write the certificate due to the following error:\n%v\n\nYour browser will download the certificate instead. You will have to manually\ncopy it to the following path:\n\n%s\n", err, path)
		return err
	}

	if err := os.WriteFile(path, resourceData, 0600); err != nil {
		return errors.Wrap(err, fmt.Sprintf("error writing cert to %s", path))
	}

	fmt.Fprintf(os.Stdout, "You have successfully logged in.\nIf you wish to copy your credentials to a server, they have been saved to:\n%s\n", path)
	return nil
}

func checkForExistingCert() (string, bool, error) {
	configPath, err := homedir.Expand(config.DefaultConfigSearchDirectories()[0])
	if err != nil {
		return "", false, err
	}
	ok, err := config.FileExists(configPath)
	if !ok && err == nil {
		// create config directory if doesn't already exist
		err = os.Mkdir(configPath, 0700)
	}
	if err != nil {
		return "", false, err
	}
	path := filepath.Join(configPath, credentials.DefaultCredentialFile)
	fileInfo, err := os.Stat(path)
	if err == nil && fileInfo.Size() > 0 {
		return path, true, nil
	}
	if err != nil && err.(*os.PathError).Err != syscall.ENOENT {
		return path, false, err
	}

	return path, false, nil
}
TUN-1099: Bring back changes in 2018.10.1 2018-10-08 19:20:28 +00:00			`package tunnel`

			`import (`
			`"fmt"`
			`"net/url"`
			`"os"`
			`"path/filepath"`
			`"syscall"`

TUN-4067: Reformat code for consistent import order, grouping, and fix formatting. Added goimports target to the Makefile to make this easier in the future. 2021-03-23 14:30:43 +00:00			`homedir "github.com/mitchellh/go-homedir"`
AUTH-2596 added new logger package and replaced logrus 2020-04-29 20:51:32 +00:00			`"github.com/pkg/errors"`
TUN-3470: Replace in-house logger calls with zerolog 2020-11-25 06:55:13 +00:00			`"github.com/urfave/cli/v2"`
TUN-3452: Fix loading of flags from config file for tunnel run subcommand. This change also cleans up building of tunnel subcommand list, hides deprecated subcommands and improves help. 2020-10-09 17:07:08 +00:00
			`"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"`
TUN-4063: Cleanup dependencies between packages. - Move packages the provide generic functionality (such as config) from `cmd` subtree to top level. - Remove all dependencies on `cmd` subtree from top level packages. - Consolidate all code dealing with token generation and transfer to a single cohesive package. 2021-03-08 16:46:23 +00:00			`"github.com/cloudflare/cloudflared/config"`
TUN-7134: Acquire token for cloudflared tail cloudflared tail will now fetch the management token from by making a request to the Cloudflare API using the cert.pem (acquired from cloudflared login). Refactored some of the credentials code into it's own package as to allow for easier use between subcommands outside of `cloudflared tunnel`. 2023-04-12 16:43:38 +00:00			`"github.com/cloudflare/cloudflared/credentials"`
TUN-3452: Fix loading of flags from config file for tunnel run subcommand. This change also cleans up building of tunnel subcommand list, hides deprecated subcommands and improves help. 2020-10-09 17:07:08 +00:00			`"github.com/cloudflare/cloudflared/logger"`
TUN-4063: Cleanup dependencies between packages. - Move packages the provide generic functionality (such as config) from `cmd` subtree to top level. - Remove all dependencies on `cmd` subtree from top level packages. - Consolidate all code dealing with token generation and transfer to a single cohesive package. 2021-03-08 16:46:23 +00:00			`"github.com/cloudflare/cloudflared/token"`
TUN-1099: Bring back changes in 2018.10.1 2018-10-08 19:20:28 +00:00			`)`

			`const (`
			`baseLoginURL = "https://dash.cloudflare.com/argotunnel"`
AUTH-3426: Point to new transfer service URL and eliminate PUT /ok 2021-04-30 16:38:07 +00:00			`callbackStoreURL = "https://login.cloudflareaccess.org/"`
TUN-1099: Bring back changes in 2018.10.1 2018-10-08 19:20:28 +00:00			`)`

TUN-3452: Fix loading of flags from config file for tunnel run subcommand. This change also cleans up building of tunnel subcommand list, hides deprecated subcommands and improves help. 2020-10-09 17:07:08 +00:00			`func buildLoginSubcommand(hidden bool) *cli.Command {`
			`return &cli.Command{`
			`Name: "login",`
TUN-4094: Don't read configuration file for access commands 2021-03-16 22:36:46 +00:00			`Action: cliutil.ConfiguredAction(login),`
TUN-3452: Fix loading of flags from config file for tunnel run subcommand. This change also cleans up building of tunnel subcommand list, hides deprecated subcommands and improves help. 2020-10-09 17:07:08 +00:00			`Usage: "Generate a configuration file with your login details",`
			`ArgsUsage: " ",`
TUN-4094: Don't read configuration file for access commands 2021-03-16 22:36:46 +00:00			`Hidden: hidden,`
TUN-3452: Fix loading of flags from config file for tunnel run subcommand. This change also cleans up building of tunnel subcommand list, hides deprecated subcommands and improves help. 2020-10-09 17:07:08 +00:00			`}`
			`}`

TUN-1099: Bring back changes in 2018.10.1 2018-10-08 19:20:28 +00:00			`func login(c *cli.Context) error {`
TUN-3470: Replace in-house logger calls with zerolog 2020-11-25 06:55:13 +00:00			`log := logger.CreateLoggerFromContext(c, logger.EnableTerminalLog)`
AUTH-2596 added new logger package and replaced logrus 2020-04-29 20:51:32 +00:00
TUN-1099: Bring back changes in 2018.10.1 2018-10-08 19:20:28 +00:00			`path, ok, err := checkForExistingCert()`
			`if ok {`
			`fmt.Fprintf(os.Stdout, "You have an existing certificate at %s which login would overwrite.\nIf this is intentional, please move or delete that file then run this command again.\n", path)`
			`return nil`
			`} else if err != nil {`
			`return err`
			`}`

			`loginURL, err := url.Parse(baseLoginURL)`
			`if err != nil {`
			`// shouldn't happen, URL is hardcoded`
			`return err`
			`}`

TUN-4063: Cleanup dependencies between packages. - Move packages the provide generic functionality (such as config) from `cmd` subtree to top level. - Remove all dependencies on `cmd` subtree from top level packages. - Consolidate all code dealing with token generation and transfer to a single cohesive package. 2021-03-08 16:46:23 +00:00			`resourceData, err := token.RunTransfer(`
TUN-3470: Replace in-house logger calls with zerolog 2020-11-25 06:55:13 +00:00			`loginURL,`
AUTH-4887 Add aud parameter to token transfer url 2023-04-10 15:32:12 +00:00			`"",`
TUN-3470: Replace in-house logger calls with zerolog 2020-11-25 06:55:13 +00:00			`"cert",`
			`"callback",`
			`callbackStoreURL,`
			`false,`
			`false,`
			`log,`
			`)`
TUN-1099: Bring back changes in 2018.10.1 2018-10-08 19:20:28 +00:00			`if err != nil {`
			`fmt.Fprintf(os.Stderr, "Failed to write the certificate due to the following error:\n%v\n\nYour browser will download the certificate instead. You will have to manually\ncopy it to the following path:\n\n%s\n", err, path)`
			`return err`
			`}`

TUN-7590: Remove usages of ioutil 2023-07-15 01:42:48 +00:00			`if err := os.WriteFile(path, resourceData, 0600); err != nil {`
AUTH-3221: Saves org token to disk and uses it to refresh the app token 2020-11-09 03:25:35 +00:00			`return errors.Wrap(err, fmt.Sprintf("error writing cert to %s", path))`
			`}`

TUN-1099: Bring back changes in 2018.10.1 2018-10-08 19:20:28 +00:00			`fmt.Fprintf(os.Stdout, "You have successfully logged in.\nIf you wish to copy your credentials to a server, they have been saved to:\n%s\n", path)`
			`return nil`
			`}`

			`func checkForExistingCert() (string, bool, error) {`
AUTH-2975 don't check /etc on windows 2020-08-14 20:52:47 +00:00			`configPath, err := homedir.Expand(config.DefaultConfigSearchDirectories()[0])`
TUN-1099: Bring back changes in 2018.10.1 2018-10-08 19:20:28 +00:00			`if err != nil {`
			`return "", false, err`
			`}`
			`ok, err := config.FileExists(configPath)`
			`if !ok && err == nil {`
			`// create config directory if doesn't already exist`
			`err = os.Mkdir(configPath, 0700)`
			`}`
			`if err != nil {`
			`return "", false, err`
			`}`
TUN-7134: Acquire token for cloudflared tail cloudflared tail will now fetch the management token from by making a request to the Cloudflare API using the cert.pem (acquired from cloudflared login). Refactored some of the credentials code into it's own package as to allow for easier use between subcommands outside of `cloudflared tunnel`. 2023-04-12 16:43:38 +00:00			`path := filepath.Join(configPath, credentials.DefaultCredentialFile)`
TUN-1099: Bring back changes in 2018.10.1 2018-10-08 19:20:28 +00:00			`fileInfo, err := os.Stat(path)`
			`if err == nil && fileInfo.Size() > 0 {`
			`return path, true, nil`
			`}`
			`if err != nil && err.(*os.PathError).Err != syscall.ENOENT {`
			`return path, false, err`
			`}`

			`return path, false, nil`
			`}`