AUTH-2564: error handling and minor fixes
This commit is contained in:
parent
8cc69f2a95
commit
2c878c47ed
|
@ -18,8 +18,8 @@ import (
|
||||||
"golang.org/x/net/idna"
|
"golang.org/x/net/idna"
|
||||||
|
|
||||||
"github.com/cloudflare/cloudflared/log"
|
"github.com/cloudflare/cloudflared/log"
|
||||||
raven "github.com/getsentry/raven-go"
|
"github.com/getsentry/raven-go"
|
||||||
cli "gopkg.in/urfave/cli.v2"
|
"gopkg.in/urfave/cli.v2"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -66,6 +66,20 @@ func Flags() []cli.Flag {
|
||||||
return []cli.Flag{} // no flags yet.
|
return []cli.Flag{} // no flags yet.
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Ensures exit with error code if actionFunc returns an error
|
||||||
|
func errorHandler(actionFunc cli.ActionFunc) cli.ActionFunc {
|
||||||
|
return func(ctx *cli.Context) error {
|
||||||
|
err := actionFunc(ctx)
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
// os.Exits with error code if err is cli.ExitCoder or cli.MultiError
|
||||||
|
cli.HandleExitCoder(err)
|
||||||
|
err = cli.Exit(err.Error(), 1)
|
||||||
|
}
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Commands returns all the Access related subcommands
|
// Commands returns all the Access related subcommands
|
||||||
func Commands() []*cli.Command {
|
func Commands() []*cli.Command {
|
||||||
return []*cli.Command{
|
return []*cli.Command{
|
||||||
|
@ -81,7 +95,7 @@ func Commands() []*cli.Command {
|
||||||
Subcommands: []*cli.Command{
|
Subcommands: []*cli.Command{
|
||||||
{
|
{
|
||||||
Name: "login",
|
Name: "login",
|
||||||
Action: login,
|
Action: errorHandler(login),
|
||||||
Usage: "login <url of access application>",
|
Usage: "login <url of access application>",
|
||||||
Description: `The login subcommand initiates an authentication flow with your identity provider.
|
Description: `The login subcommand initiates an authentication flow with your identity provider.
|
||||||
The subcommand will launch a browser. For headless systems, a url is provided.
|
The subcommand will launch a browser. For headless systems, a url is provided.
|
||||||
|
@ -97,7 +111,7 @@ func Commands() []*cli.Command {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: "curl",
|
Name: "curl",
|
||||||
Action: curl,
|
Action: errorHandler(curl),
|
||||||
Usage: "curl [--allow-request, -ar] <url> [<curl args>...]",
|
Usage: "curl [--allow-request, -ar] <url> [<curl args>...]",
|
||||||
Description: `The curl subcommand wraps curl and automatically injects the JWT into a cf-access-token
|
Description: `The curl subcommand wraps curl and automatically injects the JWT into a cf-access-token
|
||||||
header when using curl to reach an application behind Access.`,
|
header when using curl to reach an application behind Access.`,
|
||||||
|
@ -106,7 +120,7 @@ func Commands() []*cli.Command {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: "token",
|
Name: "token",
|
||||||
Action: generateToken,
|
Action: errorHandler(generateToken),
|
||||||
Usage: "token -app=<url of access application>",
|
Usage: "token -app=<url of access application>",
|
||||||
ArgsUsage: "url of Access application",
|
ArgsUsage: "url of Access application",
|
||||||
Description: `The token subcommand produces a JWT which can be used to authenticate requests.`,
|
Description: `The token subcommand produces a JWT which can be used to authenticate requests.`,
|
||||||
|
@ -118,7 +132,7 @@ func Commands() []*cli.Command {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: "ssh",
|
Name: "ssh",
|
||||||
Action: ssh,
|
Action: errorHandler(ssh),
|
||||||
Aliases: []string{"rdp", "tcp"},
|
Aliases: []string{"rdp", "tcp"},
|
||||||
Usage: "",
|
Usage: "",
|
||||||
ArgsUsage: "",
|
ArgsUsage: "",
|
||||||
|
@ -155,7 +169,7 @@ func Commands() []*cli.Command {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: "ssh-config",
|
Name: "ssh-config",
|
||||||
Action: sshConfig,
|
Action: errorHandler(sshConfig),
|
||||||
Usage: "",
|
Usage: "",
|
||||||
Description: `Prints an example configuration ~/.ssh/config`,
|
Description: `Prints an example configuration ~/.ssh/config`,
|
||||||
Flags: []cli.Flag{
|
Flags: []cli.Flag{
|
||||||
|
@ -171,7 +185,7 @@ func Commands() []*cli.Command {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Name: "ssh-gen",
|
Name: "ssh-gen",
|
||||||
Action: sshGen,
|
Action: errorHandler(sshGen),
|
||||||
Usage: "",
|
Usage: "",
|
||||||
Description: `Generates a short lived certificate for given hostname`,
|
Description: `Generates a short lived certificate for given hostname`,
|
||||||
Flags: []cli.Flag{
|
Flags: []cli.Flag{
|
||||||
|
@ -188,7 +202,9 @@ func Commands() []*cli.Command {
|
||||||
|
|
||||||
// login pops up the browser window to do the actual login and JWT generation
|
// login pops up the browser window to do the actual login and JWT generation
|
||||||
func login(c *cli.Context) error {
|
func login(c *cli.Context) error {
|
||||||
raven.SetDSN(sentryDSN)
|
if err := raven.SetDSN(sentryDSN); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
logger := log.CreateLogger()
|
logger := log.CreateLogger()
|
||||||
args := c.Args()
|
args := c.Args()
|
||||||
rawURL := ensureURLScheme(args.First())
|
rawURL := ensureURLScheme(args.First())
|
||||||
|
@ -202,12 +218,15 @@ func login(c *cli.Context) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
token, err := token.GetTokenIfExists(appURL)
|
cfdToken, err := token.GetTokenIfExists(appURL)
|
||||||
if err != nil || token == "" {
|
if err != nil {
|
||||||
fmt.Fprintln(os.Stderr, "Unable to find token for provided application.")
|
fmt.Fprintln(os.Stderr, "Unable to find token for provided application.")
|
||||||
return err
|
return err
|
||||||
|
} else if cfdToken == "" {
|
||||||
|
fmt.Fprintln(os.Stderr, "token for provided application was empty.")
|
||||||
|
return errors.New("empty application token")
|
||||||
}
|
}
|
||||||
fmt.Fprintf(os.Stdout, "Successfully fetched your token:\n\n%s\n\n", string(token))
|
fmt.Fprintf(os.Stdout, "Successfully fetched your token:\n\n%s\n\n", cfdToken)
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -224,7 +243,9 @@ func ensureURLScheme(url string) string {
|
||||||
|
|
||||||
// curl provides a wrapper around curl, passing Access JWT along in request
|
// curl provides a wrapper around curl, passing Access JWT along in request
|
||||||
func curl(c *cli.Context) error {
|
func curl(c *cli.Context) error {
|
||||||
raven.SetDSN(sentryDSN)
|
if err := raven.SetDSN(sentryDSN); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
logger := log.CreateLogger()
|
logger := log.CreateLogger()
|
||||||
args := c.Args()
|
args := c.Args()
|
||||||
if args.Len() < 1 {
|
if args.Len() < 1 {
|
||||||
|
@ -258,7 +279,9 @@ func curl(c *cli.Context) error {
|
||||||
|
|
||||||
// token dumps provided token to stdout
|
// token dumps provided token to stdout
|
||||||
func generateToken(c *cli.Context) error {
|
func generateToken(c *cli.Context) error {
|
||||||
raven.SetDSN(sentryDSN)
|
if err := raven.SetDSN(sentryDSN); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
appURL, err := url.Parse(c.String("app"))
|
appURL, err := url.Parse(c.String("app"))
|
||||||
if err != nil || c.NumFlags() < 1 {
|
if err != nil || c.NumFlags() < 1 {
|
||||||
fmt.Fprintln(os.Stderr, "Please provide a url.")
|
fmt.Fprintln(os.Stderr, "Please provide a url.")
|
||||||
|
@ -313,12 +336,12 @@ func sshGen(c *cli.Context) error {
|
||||||
// this fetchToken function mutates the appURL param. We should refactor that
|
// this fetchToken function mutates the appURL param. We should refactor that
|
||||||
fetchTokenURL := &url.URL{}
|
fetchTokenURL := &url.URL{}
|
||||||
*fetchTokenURL = *originURL
|
*fetchTokenURL = *originURL
|
||||||
token, err := token.FetchToken(fetchTokenURL)
|
cfdToken, err := token.FetchToken(fetchTokenURL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := sshgen.GenerateShortLivedCertificate(originURL, token); err != nil {
|
if err := sshgen.GenerateShortLivedCertificate(originURL, cfdToken); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue