RunTransfer does the transfer "dance" with the end result downloading the supported resource. The expanded description is run is encapsulation of shared business logic needed to request a resource (token/cert/etc) from the transfer service (loginhelper). The "dance" we refer to is building a HTTP re
(transferURL *url.URL, appAUD, resourceName, key, value string, shouldEncrypt bool, useHostOnly bool, autoClose bool, fedramp bool, log *zerolog.Logger, urlFilePath string)
| 30 | // If urlFilePath is non-empty, the generated auth URL is written to that path so |
| 31 | // other waiting processes can display it to the user. Pass "" to skip. |
| 32 | func RunTransfer(transferURL *url.URL, appAUD, resourceName, key, value string, shouldEncrypt bool, useHostOnly bool, autoClose bool, fedramp bool, log *zerolog.Logger, urlFilePath string) ([]byte, error) { |
| 33 | encrypterClient, err := NewEncrypter("cloudflared_priv.pem", "cloudflared_pub.pem") |
| 34 | if err != nil { |
| 35 | return nil, err |
| 36 | } |
| 37 | requestURL, err := buildRequestURL(transferURL, appAUD, key, value+encrypterClient.PublicKey(), shouldEncrypt, useHostOnly, autoClose) |
| 38 | if err != nil { |
| 39 | return nil, err |
| 40 | } |
| 41 | |
| 42 | // write auth URL to companion file so other waiting processes can display it |
| 43 | if urlFilePath != "" { |
| 44 | _ = os.WriteFile(urlFilePath, []byte(requestURL), 0600) // nolint: gosec |
| 45 | } |
| 46 | |
| 47 | // See AUTH-1423 for why we use stderr (the way git wraps ssh) |
| 48 | err = OpenBrowser(requestURL) |
| 49 | if err != nil { |
| 50 | fmt.Fprintf(os.Stderr, "Please open the following URL and log in with your Cloudflare account:\n\n%s\n\nLeave cloudflared running to download the %s automatically.\n", requestURL, resourceName) |
| 51 | } else { |
| 52 | fmt.Fprintf(os.Stderr, "A browser window should have opened at the following URL:\n\n%s\n\nIf the browser failed to open, please visit the URL above directly in your browser.\n", requestURL) |
| 53 | } |
| 54 | |
| 55 | var resourceData []byte |
| 56 | |
| 57 | storeURL := baseStoreURL |
| 58 | |
| 59 | if fedramp { |
| 60 | storeURL = fedStoreURL |
| 61 | } |
| 62 | |
| 63 | if shouldEncrypt { |
| 64 | buf, key, err := transferRequest(storeURL+"transfer/"+encrypterClient.PublicKey(), log) |
| 65 | if err != nil { |
| 66 | return nil, err |
| 67 | } |
| 68 | |
| 69 | decodedBuf, err := base64.StdEncoding.DecodeString(string(buf)) |
| 70 | if err != nil { |
| 71 | return nil, err |
| 72 | } |
| 73 | decrypted, err := encrypterClient.Decrypt(decodedBuf, key) |
| 74 | if err != nil { |
| 75 | return nil, err |
| 76 | } |
| 77 | |
| 78 | resourceData = decrypted |
| 79 | } else { |
| 80 | buf, _, err := transferRequest(storeURL+encrypterClient.PublicKey(), log) |
| 81 | if err != nil { |
| 82 | return nil, err |
| 83 | } |
| 84 | resourceData = buf |
| 85 | } |
| 86 | |
| 87 | return resourceData, nil |
| 88 | } |
| 89 |
no test coverage detected