curben
/
cloudflared-mirror
mirror of https://github.com/cloudflare/cloudflared.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Move config dir and credential file constants to warp package and export

This commit is contained in:
Matthew Holt 2018-02-25 18:57:20 -07:00
parent 0b3cbb5eaf
commit baa791e797
5 changed files with 52 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/cloudflare-warp/main.go
View File

@ -29,8 +29,6 @@ import (
) )
const sentryDSN = "https://56a9c9fa5c364ab28f34b14f35ea0f1b:3e8827f6f9f740738eb11138f7bebb68@sentry.io/189878" const sentryDSN = "https://56a9c9fa5c364ab28f34b14f35ea0f1b:3e8827f6f9f740738eb11138f7bebb68@sentry.io/189878"
const defaultConfigDir = "~/.cloudflare-warp"
const credentialFile = "cert.pem"
const configFile = "config.yml" const configFile = "config.yml"
var listeners = gracenet.Net{} var listeners = gracenet.Net{}
@ -112,7 +110,7 @@ WARNING:
Name: "origincert", Name: "origincert",
Usage: "Path to the certificate generated for your origin when you run cloudflare-warp login.", Usage: "Path to the certificate generated for your origin when you run cloudflare-warp login.",
EnvVars: []string{"TUNNEL_ORIGIN_CERT"}, EnvVars: []string{"TUNNEL_ORIGIN_CERT"},
Value: filepath.Join(defaultConfigDir, credentialFile), Value: filepath.Join(warp.DefaultConfigDir, warp.DefaultCredentialFilename),
}), }),
altsrc.NewStringFlag(&cli.StringFlag{ altsrc.NewStringFlag(&cli.StringFlag{
Name: "url", Name: "url",
@ -462,7 +460,7 @@ func WaitForSignal(errC chan error, shutdownC chan struct{}) error {
} }
func login(c *cli.Context) error { func login(c *cli.Context) error {
err := warp.Login(defaultConfigDir, credentialFile, c.String("url")) err := warp.Login(warp.DefaultConfigDir, warp.DefaultCredentialFilename, c.String("url"))
if err != nil { if err != nil {
fmt.Println(err) fmt.Println(err)
} }
@ -531,7 +529,7 @@ func findInputSourceContext(context *cli.Context) (altsrc.InputSourceContext, er
if context.IsSet("config") { if context.IsSet("config") {
return altsrc.NewYamlSourceFromFile(context.String("config")) return altsrc.NewYamlSourceFromFile(context.String("config"))
} }
dirPath, err := homedir.Expand(defaultConfigDir) dirPath, err := homedir.Expand(warp.DefaultConfigDir)
if err != nil { if err != nil {
return nil, nil return nil, nil
} }

7
cmd/cloudflare-warp/service_template.go
View File

@ -11,6 +11,7 @@ import (
"path/filepath" "path/filepath"
"text/template" "text/template"
"github.com/cloudflare/cloudflare-warp/warp"
homedir "github.com/mitchellh/go-homedir" homedir "github.com/mitchellh/go-homedir"
) )
@ -118,7 +119,7 @@ func openFile(path string, create bool) (file *os.File, exists bool, err error)
func copyCertificate(configDir string) error { func copyCertificate(configDir string) error {
// Copy certificate // Copy certificate
destCredentialPath := filepath.Join(configDir, credentialFile) destCredentialPath := filepath.Join(configDir, warp.DefaultCredentialFilename)
destFile, exists, err := openFile(destCredentialPath, true) destFile, exists, err := openFile(destCredentialPath, true)
if err != nil { if err != nil {
return err return err
@ -128,7 +129,7 @@ func copyCertificate(configDir string) error {
} }
defer destFile.Close() defer destFile.Close()
srcCredentialPath := filepath.Join(defaultConfigDir, credentialFile) srcCredentialPath := filepath.Join(warp.DefaultConfigDir, warp.DefaultCredentialFilename)
srcFile, _, err := openFile(srcCredentialPath, false) srcFile, _, err := openFile(srcCredentialPath, false)
if err != nil { if err != nil {
return err return err
@ -163,7 +164,7 @@ func copyCredentials(configDir string) error {
} }
defer destFile.Close() defer destFile.Close()
srcConfigPath := filepath.Join(defaultConfigDir, configFile) srcConfigPath := filepath.Join(warp.DefaultConfigDir, configFile)
srcFile, _, err := openFile(srcConfigPath, false) srcFile, _, err := openFile(srcConfigPath, false)
if err != nil { if err != nil {
fmt.Println("Your service needs a config file that at least specifies the hostname option.") fmt.Println("Your service needs a config file that at least specifies the hostname option.")

2
tlsconfig/tlsconfig.go
View File

@ -90,6 +90,8 @@ func LoadOriginCertsPool() *x509.CertPool {
return certPool return certPool
} }
// CreateTunnelConfig creates a TLS configuration for a tunnel based on tlsConfig.
// If tlsConfig is nil, one will be created.
func CreateTunnelConfig(tlsConfig *tls.Config, addrs []string) *tls.Config { func CreateTunnelConfig(tlsConfig *tls.Config, addrs []string) *tls.Config {
if tlsConfig == nil { if tlsConfig == nil {
tlsConfig = new(tls.Config) tlsConfig = new(tls.Config)

67
warp/login.go
View File

@ -17,35 +17,18 @@ import (
homedir "github.com/mitchellh/go-homedir" homedir "github.com/mitchellh/go-homedir"
) )
const baseLoginURL = "https://www.cloudflare.com/a/warp"
const baseCertStoreURL = "https://login.cloudflarewarp.com"
const clientTimeout = time.Minute * 20
// Login obtains credentials from Cloudflare to enable // Login obtains credentials from Cloudflare to enable
// the creation of tunnels with the Warp service. // the creation of tunnels with the Warp service.
// baseURL is the base URL from which to login to warp; // baseURL is the base URL from which to login to warp;
// leave empty to use default. // leave empty to use default.
func Login(configDir, credentialFile, baseURL string) error { func Login(configDir, credentialFile, baseURL string) error {
configPath, err := homedir.Expand(configDir) credPath := filepath.Join(configDir, credentialFile)
if err != nil {
return err if ok, err := HasExistingCertificate(configDir, credentialFile); ok && err == nil {
}
ok, err := fileExists(configPath)
if !ok && err == nil {
// create config directory if doesn't already exist
err = os.Mkdir(configPath, 0700)
}
if err != nil {
return err
}
path := filepath.Join(configPath, credentialFile)
fileInfo, err := os.Stat(path)
if err == nil && fileInfo.Size() > 0 {
return fmt.Errorf(`You have an existing certificate at %s which login would overwrite. return fmt.Errorf(`You have an existing certificate at %s which login would overwrite.
If this is intentional, please move or delete that file then run this command again. If this is intentional, please move or delete that file then run this command again.
`, path) `, credPath)
} } else if err != nil && err.(*os.PathError).Err != syscall.ENOENT {
if err != nil && err.(*os.PathError).Err != syscall.ENOENT {
return err return err
} }
@ -80,11 +63,11 @@ If the browser failed to open, open it yourself and visit the URL above.
`, loginURL.String()) `, loginURL.String())
} }
if ok, err := download(certURL, path); ok && err == nil { if ok, err := download(certURL, credPath); ok && err == nil {
fmt.Fprintf(os.Stderr, `You have successfully logged in. fmt.Fprintf(os.Stderr, `You have successfully logged in.
If you wish to copy your credentials to a server, they have been saved to: If you wish to copy your credentials to a server, they have been saved to:
%s %s
`, path) `, credPath)
} else { } else {
fmt.Fprintf(os.Stderr, `Failed to write the certificate due to the following error: fmt.Fprintf(os.Stderr, `Failed to write the certificate due to the following error:
%v %v
@ -94,11 +77,31 @@ copy it to the following path:
%s %s
`, err, path) `, err, credPath)
} }
return nil return nil
} }
// HasExistingCertificate returns true if a certificate in configDir
// exists with name credentialFile.
func HasExistingCertificate(configDir, credentialFile string) (bool, error) {
configPath, err := homedir.Expand(configDir)
if err != nil {
return false, err
}
ok, err := fileExists(configPath)
if !ok && err == nil {
// create config directory if doesn't already exist
err = os.Mkdir(configPath, 0700)
}
if err != nil {
return false, err
}
path := filepath.Join(configPath, credentialFile)
fileInfo, err := os.Stat(path)
return err == nil && fileInfo.Size() > 0, nil
}
// generateRandomPath generates a random URL to associate with the certificate. // generateRandomPath generates a random URL to associate with the certificate.
func generateRandomPath() string { func generateRandomPath() string {
randomBytes := make([]byte, 40) randomBytes := make([]byte, 40)
@ -195,3 +198,17 @@ func putSuccess(client *http.Client, certURL string) error {
} }
return nil return nil
} }
const (
// The default directory in which to store configuration/credentials.
DefaultConfigDir = "~/.cloudflare-warp"
// The default credential filename.
DefaultCredentialFilename = "cert.pem"
)
const (
baseLoginURL = "https://www.cloudflare.com/a/warp"
baseCertStoreURL = "https://login.cloudflarewarp.com"
clientTimeout = 20 * time.Minute
)

1
warp/server.go
View File

@ -171,6 +171,7 @@ type ServerConfig struct {
IsAutoupdated bool // is-autoupdated IsAutoupdated bool // is-autoupdated
// The TLS client config used when making the tunnel. // The TLS client config used when making the tunnel.
// If not set, a sane default config will be created.
TLSConfig *tls.Config TLSConfig *tls.Config
// The version of the client to report // The version of the client to report