MCPcopy
hub / github.com/cloudflare/cloudflared / isTokenValid

Function isTokenValid

cmd/cloudflared/access/cmd.go:576–602  ·  view source on GitHub ↗

isTokenValid makes a request to the origin and returns true if the response was not a 302.

(options *carrier.StartOptions, log *zerolog.Logger)

Source from the content-addressed store, hash-verified

574
575// isTokenValid makes a request to the origin and returns true if the response was not a 302.
576func isTokenValid(options *carrier.StartOptions, log *zerolog.Logger) (bool, error) {
577 req, err := carrier.BuildAccessRequest(options, log)
578 if err != nil {
579 return false, errors.Wrap(err, "Could not create access request")
580 }
581 req.Header.Set("User-Agent", userAgent)
582
583 query := req.URL.Query()
584 query.Set("cloudflared_token_check", "true")
585 req.URL.RawQuery = query.Encode()
586
587 // Do not follow redirects
588 client := &http.Client{
589 CheckRedirect: func(req *http.Request, via []*http.Request) error {
590 return http.ErrUseLastResponse
591 },
592 Timeout: time.Second * 5,
593 }
594 resp, err := client.Do(req)
595 if err != nil {
596 return false, err
597 }
598 defer resp.Body.Close()
599
600 // A redirect to login means the token was invalid.
601 return !carrier.IsAccessResponse(resp), nil
602}

Callers 1

verifyTokenAtEdgeFunction · 0.85

Calls 6

BuildAccessRequestFunction · 0.92
IsAccessResponseFunction · 0.92
CloseMethod · 0.65
SetMethod · 0.45
EncodeMethod · 0.45
DoMethod · 0.45

Tested by

no test coverage detected