MCPcopy
hub / github.com/cloudflare/cloudflared / RunTransfer

Function RunTransfer

token/transfer.go:32–88  ·  view source on GitHub ↗

RunTransfer does the transfer "dance" with the end result downloading the supported resource. The expanded description is run is encapsulation of shared business logic needed to request a resource (token/cert/etc) from the transfer service (loginhelper). The "dance" we refer to is building a HTTP re

(transferURL *url.URL, appAUD, resourceName, key, value string, shouldEncrypt bool, useHostOnly bool, autoClose bool, fedramp bool, log *zerolog.Logger, urlFilePath string)

Source from the content-addressed store, hash-verified

30// If urlFilePath is non-empty, the generated auth URL is written to that path so
31// other waiting processes can display it to the user. Pass "" to skip.
32func RunTransfer(transferURL *url.URL, appAUD, resourceName, key, value string, shouldEncrypt bool, useHostOnly bool, autoClose bool, fedramp bool, log *zerolog.Logger, urlFilePath string) ([]byte, error) {
33 encrypterClient, err := NewEncrypter("cloudflared_priv.pem", "cloudflared_pub.pem")
34 if err != nil {
35 return nil, err
36 }
37 requestURL, err := buildRequestURL(transferURL, appAUD, key, value+encrypterClient.PublicKey(), shouldEncrypt, useHostOnly, autoClose)
38 if err != nil {
39 return nil, err
40 }
41
42 // write auth URL to companion file so other waiting processes can display it
43 if urlFilePath != "" {
44 _ = os.WriteFile(urlFilePath, []byte(requestURL), 0600) // nolint: gosec
45 }
46
47 // See AUTH-1423 for why we use stderr (the way git wraps ssh)
48 err = OpenBrowser(requestURL)
49 if err != nil {
50 fmt.Fprintf(os.Stderr, "Please open the following URL and log in with your Cloudflare account:\n\n%s\n\nLeave cloudflared running to download the %s automatically.\n", requestURL, resourceName)
51 } else {
52 fmt.Fprintf(os.Stderr, "A browser window should have opened at the following URL:\n\n%s\n\nIf the browser failed to open, please visit the URL above directly in your browser.\n", requestURL)
53 }
54
55 var resourceData []byte
56
57 storeURL := baseStoreURL
58
59 if fedramp {
60 storeURL = fedStoreURL
61 }
62
63 if shouldEncrypt {
64 buf, key, err := transferRequest(storeURL+"transfer/"+encrypterClient.PublicKey(), log)
65 if err != nil {
66 return nil, err
67 }
68
69 decodedBuf, err := base64.StdEncoding.DecodeString(string(buf))
70 if err != nil {
71 return nil, err
72 }
73 decrypted, err := encrypterClient.Decrypt(decodedBuf, key)
74 if err != nil {
75 return nil, err
76 }
77
78 resourceData = decrypted
79 } else {
80 buf, _, err := transferRequest(storeURL+encrypterClient.PublicKey(), log)
81 if err != nil {
82 return nil, err
83 }
84 resourceData = buf
85 }
86
87 return resourceData, nil
88}
89

Callers 2

loginFunction · 0.92
getTokensFromEdgeFunction · 0.85

Calls 6

PublicKeyMethod · 0.95
DecryptMethod · 0.95
NewEncrypterFunction · 0.85
buildRequestURLFunction · 0.85
OpenBrowserFunction · 0.85
transferRequestFunction · 0.85

Tested by

no test coverage detected