verifyTokenAtEdge checks for a token on disk, or generates a new one. Then makes a request to the origin with the token to ensure it is valid. Returns nil if token is valid.
(appUrl *url.URL, appInfo *token.AppInfo, c *cli.Context, log *zerolog.Logger)
| 544 | // Then makes a request to the origin with the token to ensure it is valid. |
| 545 | // Returns nil if token is valid. |
| 546 | func verifyTokenAtEdge(appUrl *url.URL, appInfo *token.AppInfo, c *cli.Context, log *zerolog.Logger) error { |
| 547 | headers := parseRequestHeaders(c.StringSlice(sshHeaderFlag)) |
| 548 | if c.IsSet(sshTokenIDFlag) { |
| 549 | headers.Add(cfAccessClientIDHeader, c.String(sshTokenIDFlag)) |
| 550 | } |
| 551 | if c.IsSet(sshTokenSecretFlag) { |
| 552 | headers.Add(cfAccessClientSecretHeader, c.String(sshTokenSecretFlag)) |
| 553 | } |
| 554 | options := &carrier.StartOptions{AppInfo: appInfo, OriginURL: appUrl.String(), Headers: headers, AutoCloseInterstitial: c.Bool(cfdflags.AutoCloseInterstitial), IsFedramp: c.Bool(fedrampFlag)} |
| 555 | |
| 556 | if valid, err := isTokenValid(options, log); err != nil { |
| 557 | return err |
| 558 | } else if valid { |
| 559 | return nil |
| 560 | } |
| 561 | |
| 562 | if err := token.RemoveTokenIfExists(appInfo); err != nil { |
| 563 | return err |
| 564 | } |
| 565 | |
| 566 | if valid, err := isTokenValid(options, log); err != nil { |
| 567 | return err |
| 568 | } else if !valid { |
| 569 | return errors.New("failed to verify token") |
| 570 | } |
| 571 | |
| 572 | return nil |
| 573 | } |
| 574 | |
| 575 | // isTokenValid makes a request to the origin and returns true if the response was not a 302. |
| 576 | func isTokenValid(options *carrier.StartOptions, log *zerolog.Logger) (bool, error) { |
no test coverage detected