AUTH-910, AUTH-1049, AUTH-1068, AUTH-1056: Generate and store Access tokens with E2EE option, curl/cmd wrapper

2026-06-09 20:50:34 +08:00 · 2018-08-15 17:23:34 -05:00
parent 671483a95c
commit 4f04f35bd1
98 changed files with 13370 additions and 839 deletions
--- a/cmd/cloudflared/access/token.go
+++ b/cmd/cloudflared/access/token.go
@@ -0,0 +1,86 @@
+package access
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/url"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/cmd/cloudflared/transfer"
+	"github.com/cloudflare/cloudflared/log"
+	"github.com/coreos/go-oidc/jose"
+	"github.com/coreos/go-oidc/oidc"
+	homedir "github.com/mitchellh/go-homedir"
+	cli "gopkg.in/urfave/cli.v2"
+)
+
+var logger = log.CreateLogger()
+
+// fetchToken will either load a stored token or generate a new one
+func fetchToken(c *cli.Context, appURL *url.URL) error {
+	if token, err := getTokenIfExists(appURL); token != "" && err == nil {
+		fmt.Fprintf(os.Stdout, "You have an existing token:\n\n%s\n\n", token)
+		return nil
+	}
+
+	path, err := generateFilePathForTokenURL(appURL)
+	if err != nil {
+		return err
+	}
+
+	token, err := transfer.Run(c, appURL, "token", path, true)
+	if err != nil {
+		return err
+	}
+
+	fmt.Fprintf(os.Stdout, "Successfully fetched your token:\n\n%s\n\n", string(token))
+	return nil
+}
+
+// getTokenIfExists will return the token from local storage if it exists
+func getTokenIfExists(url *url.URL) (string, error) {
+	path, err := generateFilePathForTokenURL(url)
+	if err != nil {
+		return "", err
+	}
+	content, err := ioutil.ReadFile(path)
+	if err != nil {
+		return "", err
+	}
+	token, err := jose.ParseJWT(string(content))
+	if err != nil {
+		return "", err
+	}
+
+	claims, err := token.Claims()
+	if err != nil {
+		return "", err
+	}
+	ident, err := oidc.IdentityFromClaims(claims)
+	if err == nil && ident.ExpiresAt.After(time.Now()) {
+		return token.Encode(), nil
+	}
+	return "", err
+}
+
+// generateFilePathForTokenURL will return a filepath for given access application url
+func generateFilePathForTokenURL(url *url.URL) (string, error) {
+	configPath, err := homedir.Expand(config.DefaultConfigDirs[0])
+	if err != nil {
+		return "", err
+	}
+	ok, err := config.FileExists(configPath)
+	if !ok && err == nil {
+		// create config directory if doesn't already exist
+		err = os.Mkdir(configPath, 0700)
+	}
+	if err != nil {
+		return "", err
+	}
+	name := strings.Replace(fmt.Sprintf("%s%s-token", url.Hostname(), url.EscapedPath()), "/", "-", -1)
+	return filepath.Join(configPath, name), nil
+}