AUTH-1557: Short Lived Certs

2026-06-08 03:55:11 +08:00 · 2019-01-23 15:42:10 -06:00
parent 14f50d0922
commit fa17b0200f
36 changed files with 10286 additions and 71 deletions
--- a/cmd/cloudflared/token/token.go
+++ b/cmd/cloudflared/token/token.go
@@ -1,20 +1,19 @@
 package token

 import (
-	"fmt"
 	"io/ioutil"
 	"net/url"
-	"os"
-	"path/filepath"
-	"strings"
 	"time"

-	"github.com/cloudflare/cloudflared/cmd/cloudflared/config"
+	"github.com/cloudflare/cloudflared/cmd/cloudflared/path"
 	"github.com/cloudflare/cloudflared/cmd/cloudflared/transfer"
 	"github.com/cloudflare/cloudflared/log"
 	"github.com/coreos/go-oidc/jose"
 	"github.com/coreos/go-oidc/oidc"
-	homedir "github.com/mitchellh/go-homedir"
+)
+
+const (
+	keyName = "token"
 )

 var logger = log.CreateLogger()
@@ -25,7 +24,7 @@ func FetchToken(appURL *url.URL) (string, error) {
 		return token, nil
 	}

-	path, err := generateFilePathForTokenURL(appURL)
+	path, err := path.GenerateFilePathFromURL(appURL, keyName)
 	if err != nil {
 		return "", err
 	}
@@ -33,8 +32,7 @@ func FetchToken(appURL *url.URL) (string, error) {
 	// this weird parameter is the resource name (token) and the key/value
 	// we want to send to the transfer service. the key is token and the value
 	// is blank (basically just the id generated in the transfer service)
-	const resourceName, key, value = "token", "token", ""
-	token, err := transfer.Run(appURL, resourceName, key, value, path, true)
+	token, err := transfer.Run(appURL, keyName, keyName, "", path, true)
 	if err != nil {
 		return "", err
 	}
@@ -44,7 +42,7 @@ func FetchToken(appURL *url.URL) (string, error) {

 // GetTokenIfExists will return the token from local storage if it exists
 func GetTokenIfExists(url *url.URL) (string, error) {
-	path, err := generateFilePathForTokenURL(url)
+	path, err := path.GenerateFilePathFromURL(url, keyName)
 	if err != nil {
 		return "", err
 	}
@@ -68,21 +66,3 @@ func GetTokenIfExists(url *url.URL) (string, error) {
 	}
 	return "", err
 }
-
-// generateFilePathForTokenURL will return a filepath for given access application url
-func generateFilePathForTokenURL(url *url.URL) (string, error) {
-	configPath, err := homedir.Expand(config.DefaultConfigDirs[0])
-	if err != nil {
-		return "", err
-	}
-	ok, err := config.FileExists(configPath)
-	if !ok && err == nil {
-		// create config directory if doesn't already exist
-		err = os.Mkdir(configPath, 0700)
-	}
-	if err != nil {
-		return "", err
-	}
-	name := strings.Replace(fmt.Sprintf("%s%s-token", url.Hostname(), url.EscapedPath()), "/", "-", -1)
-	return filepath.Join(configPath, name), nil
-}