isTokenValid makes a request to the origin and returns true if the response was not a 302.
(options *carrier.StartOptions, log *zerolog.Logger)
| 574 | |
| 575 | // isTokenValid makes a request to the origin and returns true if the response was not a 302. |
| 576 | func isTokenValid(options *carrier.StartOptions, log *zerolog.Logger) (bool, error) { |
| 577 | req, err := carrier.BuildAccessRequest(options, log) |
| 578 | if err != nil { |
| 579 | return false, errors.Wrap(err, "Could not create access request") |
| 580 | } |
| 581 | req.Header.Set("User-Agent", userAgent) |
| 582 | |
| 583 | query := req.URL.Query() |
| 584 | query.Set("cloudflared_token_check", "true") |
| 585 | req.URL.RawQuery = query.Encode() |
| 586 | |
| 587 | // Do not follow redirects |
| 588 | client := &http.Client{ |
| 589 | CheckRedirect: func(req *http.Request, via []*http.Request) error { |
| 590 | return http.ErrUseLastResponse |
| 591 | }, |
| 592 | Timeout: time.Second * 5, |
| 593 | } |
| 594 | resp, err := client.Do(req) |
| 595 | if err != nil { |
| 596 | return false, err |
| 597 | } |
| 598 | defer resp.Body.Close() |
| 599 | |
| 600 | // A redirect to login means the token was invalid. |
| 601 | return !carrier.IsAccessResponse(resp), nil |
| 602 | } |
no test coverage detected