@ -14,12 +14,12 @@ import (
"github.com/cloudflare/cloudflared/cmd/cloudflared/shell"
"github.com/cloudflare/cloudflared/cmd/cloudflared/token"
"github.com/cloudflare/cloudflared/h2mux"
"github.com/cloudflare/cloudflared/logger"
"github.com/cloudflare/cloudflared/sshgen"
"github.com/cloudflare/cloudflared/validation"
"github.com/pkg/errors"
"golang.org/x/net/idna"
"github.com/cloudflare/cloudflared/log"
"github.com/getsentry/raven-go"
"gopkg.in/urfave/cli.v2"
)
@ -53,7 +53,6 @@ Host cfpipe-{{.Hostname}}
const sentryDSN = "https://56a9c9fa5c364ab28f34b14f35ea0f1b@sentry.io/189878"
var (
logger = log . CreateLogger ( )
shutdownC chan struct { }
graceShutdownC chan struct { }
)
@ -195,7 +194,12 @@ func login(c *cli.Context) error {
if err := raven . SetDSN ( sentryDSN ) ; err != nil {
return err
}
logger := log . CreateLogger ( )
logger , err := logger . New ( )
if err != nil {
return errors . Wrap ( err , "error setting up logger" )
}
args := c . Args ( )
rawURL := ensureURLScheme ( args . First ( ) )
appURL , err := url . Parse ( rawURL )
@ -203,8 +207,8 @@ func login(c *cli.Context) error {
logger . Errorf ( "Please provide the url of the Access application\n" )
return err
}
if err := verifyTokenAtEdge ( appURL , c ); err != nil {
logger . WithError( err ) . Error ( "Could not verify token" )
if err := verifyTokenAtEdge ( appURL , c , logger ); err != nil {
logger . Errorf( "Could not verify token: %s" , err )
return err
}
@ -236,7 +240,11 @@ func curl(c *cli.Context) error {
if err := raven . SetDSN ( sentryDSN ) ; err != nil {
return err
}
logger := log . CreateLogger ( )
logger , err := logger . New ( )
if err != nil {
return errors . Wrap ( err , "error setting up logger" )
}
args := c . Args ( )
if args . Len ( ) < 1 {
logger . Error ( "Please provide the access app and command you wish to run." )
@ -244,7 +252,7 @@ func curl(c *cli.Context) error {
}
cmdArgs , allowRequest := parseAllowRequest ( args . Slice ( ) )
appURL , err := getAppURL ( cmdArgs )
appURL , err := getAppURL ( cmdArgs , logger )
if err != nil {
return err
}
@ -252,12 +260,12 @@ func curl(c *cli.Context) error {
tok , err := token . GetTokenIfExists ( appURL )
if err != nil || tok == "" {
if allowRequest {
logger . Warn ( "You don't have an Access token set. Please run access token <access application> to fetch one." )
logger . Info ( "You don't have an Access token set. Please run access token <access application> to fetch one." )
return shell . Run ( "curl" , cmdArgs ... )
}
tok , err = token . FetchToken ( appURL )
tok , err = token . FetchToken ( appURL , logger )
if err != nil {
logger . Error ( "Failed to refresh token: ", err )
logger . Error f ( "Failed to refresh token: %s ", err )
return err
}
}
@ -311,6 +319,11 @@ func sshConfig(c *cli.Context) error {
// sshGen generates a short lived certificate for provided hostname
func sshGen ( c * cli . Context ) error {
logger , err := logger . New ( )
if err != nil {
return errors . Wrap ( err , "error setting up logger" )
}
// get the hostname from the cmdline and error out if its not provided
rawHostName := c . String ( sshHostnameFlag )
hostname , err := validation . ValidateHostname ( rawHostName )
@ -326,7 +339,7 @@ func sshGen(c *cli.Context) error {
// this fetchToken function mutates the appURL param. We should refactor that
fetchTokenURL := & url . URL { }
* fetchTokenURL = * originURL
cfdToken , err := token . FetchToken ( fetchTokenURL )
cfdToken , err := token . FetchToken ( fetchTokenURL , logger )
if err != nil {
return err
}
@ -339,7 +352,7 @@ func sshGen(c *cli.Context) error {
}
// getAppURL will pull the appURL needed for fetching a user's Access token
func getAppURL ( cmdArgs [ ] string ) ( * url . URL , error ) {
func getAppURL ( cmdArgs [ ] string , logger logger . Service ) ( * url . URL , error ) {
if len ( cmdArgs ) < 1 {
logger . Error ( "Please provide a valid URL as the first argument to curl." )
return nil , errors . New ( "not a valid url" )
@ -413,7 +426,7 @@ func isFileThere(candidate string) bool {
// verifyTokenAtEdge checks for a token on disk, or generates a new one.
// Then makes a request to to the origin with the token to ensure it is valid.
// Returns nil if token is valid.
func verifyTokenAtEdge ( appUrl * url . URL , c * cli . Context ) error {
func verifyTokenAtEdge ( appUrl * url . URL , c * cli . Context , logger logger . Service ) error {
headers := buildRequestHeaders ( c . StringSlice ( sshHeaderFlag ) )
if c . IsSet ( sshTokenIDFlag ) {
headers . Add ( h2mux . CFAccessClientIDHeader , c . String ( sshTokenIDFlag ) )
@ -423,7 +436,7 @@ func verifyTokenAtEdge(appUrl *url.URL, c *cli.Context) error {
}
options := & carrier . StartOptions { OriginURL : appUrl . String ( ) , Headers : headers }
if valid , err := isTokenValid ( options ); err != nil {
if valid , err := isTokenValid ( options , logger ); err != nil {
return err
} else if valid {
return nil
@ -433,7 +446,7 @@ func verifyTokenAtEdge(appUrl *url.URL, c *cli.Context) error {
return err
}
if valid , err := isTokenValid ( options ); err != nil {
if valid , err := isTokenValid ( options , logger ); err != nil {
return err
} else if ! valid {
return errors . New ( "failed to verify token" )
@ -443,8 +456,8 @@ func verifyTokenAtEdge(appUrl *url.URL, c *cli.Context) error {
}
// isTokenValid makes a request to the origin and returns true if the response was not a 302.
func isTokenValid ( options * carrier . StartOptions ) ( bool , error ) {
req , err := carrier . BuildAccessRequest ( options )
func isTokenValid ( options * carrier . StartOptions , logger logger . Service ) ( bool , error ) {
req , err := carrier . BuildAccessRequest ( options , logger )
if err != nil {
return false , errors . Wrap ( err , "Could not create access request" )
}