diff --git a/cmd/cloudflared/token/token.go b/cmd/cloudflared/token/token.go index 56c51776..05dfba8e 100644 --- a/cmd/cloudflared/token/token.go +++ b/cmd/cloudflared/token/token.go @@ -128,19 +128,19 @@ func isTokenLocked(lockFilePath string) bool { } // FetchTokenWithRedirect will either load a stored token or generate a new one -// it appends a redirect URL to the access cli request if opening the browser +// it appends the full url as the redirect URL to the access cli request if opening the browser func FetchTokenWithRedirect(appURL *url.URL, logger logger.Service) (string, error) { - return getToken(appURL, true, logger) -} - -// FetchToken will either load a stored token or generate a new one -// it doesn't append a redirect URL to the access cli request if opening the browser -func FetchToken(appURL *url.URL, logger logger.Service) (string, error) { return getToken(appURL, false, logger) } +// FetchToken will either load a stored token or generate a new one +// it appends the host of the appURL as the redirect URL to the access cli request if opening the browser +func FetchToken(appURL *url.URL, logger logger.Service) (string, error) { + return getToken(appURL, true, logger) +} + // getToken will either load a stored token or generate a new one -func getToken(appURL *url.URL, shouldRedirect bool, logger logger.Service) (string, error) { +func getToken(appURL *url.URL, useHostOnly bool, logger logger.Service) (string, error) { if token, err := GetTokenIfExists(appURL); token != "" && err == nil { return token, nil } @@ -166,7 +166,7 @@ func getToken(appURL *url.URL, shouldRedirect bool, logger logger.Service) (stri // this weird parameter is the resource name (token) and the key/value // we want to send to the transfer service. the key is token and the value // is blank (basically just the id generated in the transfer service) - token, err := transfer.Run(appURL, keyName, keyName, "", path, true, shouldRedirect, logger) + token, err := transfer.Run(appURL, keyName, keyName, "", path, true, useHostOnly, logger) if err != nil { return "", err } diff --git a/cmd/cloudflared/transfer/transfer.go b/cmd/cloudflared/transfer/transfer.go index 52829b8c..73e29b04 100644 --- a/cmd/cloudflared/transfer/transfer.go +++ b/cmd/cloudflared/transfer/transfer.go @@ -28,12 +28,12 @@ const ( // The "dance" we refer to is building a HTTP request, opening that in a browser waiting for // the user to complete an action, while it long polls in the background waiting for an // action to be completed to download the resource. -func Run(transferURL *url.URL, resourceName, key, value, path string, shouldEncrypt bool, shouldRedirect bool, logger logger.Service) ([]byte, error) { +func Run(transferURL *url.URL, resourceName, key, value, path string, shouldEncrypt bool, useHostOnly bool, logger logger.Service) ([]byte, error) { encrypterClient, err := encrypter.New("cloudflared_priv.pem", "cloudflared_pub.pem") if err != nil { return nil, err } - requestURL, err := buildRequestURL(transferURL, key, value+encrypterClient.PublicKey(), shouldEncrypt, shouldRedirect) + requestURL, err := buildRequestURL(transferURL, key, value+encrypterClient.PublicKey(), shouldEncrypt, useHostOnly) if err != nil { return nil, err } @@ -82,18 +82,18 @@ func Run(transferURL *url.URL, resourceName, key, value, path string, shouldEncr // BuildRequestURL creates a request suitable for a resource transfer. // it will return a constructed url based off the base url and query key/value provided. // cli will build a url for cli transfer request. -func buildRequestURL(baseURL *url.URL, key, value string, cli, shouldRedirect bool) (string, error) { +func buildRequestURL(baseURL *url.URL, key, value string, cli, useHostOnly bool) (string, error) { q := baseURL.Query() q.Set(key, value) baseURL.RawQuery = q.Encode() + if useHostOnly { + baseURL.Path = "" + } if !cli { return baseURL.String(), nil } - - if shouldRedirect { - q.Set("redirect_url", baseURL.String()) // we add the token as a query param on both the redirect_url and the main url - } - baseURL.RawQuery = q.Encode() // and this actual baseURL. + q.Set("redirect_url", baseURL.String()) // we add the token as a query param on both the redirect_url and the main url + baseURL.RawQuery = q.Encode() // and this actual baseURL. baseURL.Path = "cdn-cgi/access/cli" return baseURL.String(), nil } diff --git a/cmd/cloudflared/tunnel/login.go b/cmd/cloudflared/tunnel/login.go index 3a927259..199cd454 100644 --- a/cmd/cloudflared/tunnel/login.go +++ b/cmd/cloudflared/tunnel/login.go @@ -40,7 +40,7 @@ func login(c *cli.Context) error { return err } - _, err = transfer.Run(loginURL, "cert", "callback", callbackStoreURL, path, false, true, logger) + _, err = transfer.Run(loginURL, "cert", "callback", callbackStoreURL, path, false, false, logger) if err != nil { fmt.Fprintf(os.Stderr, "Failed to write the certificate due to the following error:\n%v\n\nYour browser will download the certificate instead. You will have to manually\ncopy it to the following path:\n\n%s\n", err, path) return err