forked from TrueCloudLab/lego
241 lines
8.8 KiB
Go
241 lines
8.8 KiB
Go
package cloudflare
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/url"
|
|
"strconv"
|
|
"time"
|
|
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
// AccessRule represents a firewall access rule.
|
|
type AccessRule struct {
|
|
ID string `json:"id,omitempty"`
|
|
Notes string `json:"notes,omitempty"`
|
|
AllowedModes []string `json:"allowed_modes,omitempty"`
|
|
Mode string `json:"mode,omitempty"`
|
|
Configuration AccessRuleConfiguration `json:"configuration,omitempty"`
|
|
Scope AccessRuleScope `json:"scope,omitempty"`
|
|
CreatedOn time.Time `json:"created_on,omitempty"`
|
|
ModifiedOn time.Time `json:"modified_on,omitempty"`
|
|
}
|
|
|
|
// AccessRuleConfiguration represents the configuration of a firewall
|
|
// access rule.
|
|
type AccessRuleConfiguration struct {
|
|
Target string `json:"target,omitempty"`
|
|
Value string `json:"value,omitempty"`
|
|
}
|
|
|
|
// AccessRuleScope represents the scope of a firewall access rule.
|
|
type AccessRuleScope struct {
|
|
ID string `json:"id,omitempty"`
|
|
Email string `json:"email,omitempty"`
|
|
Name string `json:"name,omitempty"`
|
|
Type string `json:"type,omitempty"`
|
|
}
|
|
|
|
// AccessRuleResponse represents the response from the firewall access
|
|
// rule endpoint.
|
|
type AccessRuleResponse struct {
|
|
Result AccessRule `json:"result"`
|
|
Response
|
|
ResultInfo `json:"result_info"`
|
|
}
|
|
|
|
// AccessRuleListResponse represents the response from the list access rules
|
|
// endpoint.
|
|
type AccessRuleListResponse struct {
|
|
Result []AccessRule `json:"result"`
|
|
Response
|
|
ResultInfo `json:"result_info"`
|
|
}
|
|
|
|
// ListUserAccessRules returns a slice of access rules for the logged-in user.
|
|
//
|
|
// This takes an AccessRule to allow filtering of the results returned.
|
|
//
|
|
// API reference: https://api.cloudflare.com/#user-level-firewall-access-rule-list-access-rules
|
|
func (api *API) ListUserAccessRules(accessRule AccessRule, page int) (*AccessRuleListResponse, error) {
|
|
return api.listAccessRules("/user", accessRule, page)
|
|
}
|
|
|
|
// CreateUserAccessRule creates a firewall access rule for the logged-in user.
|
|
//
|
|
// API reference: https://api.cloudflare.com/#user-level-firewall-access-rule-create-access-rule
|
|
func (api *API) CreateUserAccessRule(accessRule AccessRule) (*AccessRuleResponse, error) {
|
|
return api.createAccessRule("/user", accessRule)
|
|
}
|
|
|
|
// UpdateUserAccessRule updates a single access rule for the logged-in user &
|
|
// given access rule identifier.
|
|
//
|
|
// API reference: https://api.cloudflare.com/#user-level-firewall-access-rule-update-access-rule
|
|
func (api *API) UpdateUserAccessRule(accessRuleID string, accessRule AccessRule) (*AccessRuleResponse, error) {
|
|
return api.updateAccessRule("/user", accessRuleID, accessRule)
|
|
}
|
|
|
|
// DeleteUserAccessRule deletes a single access rule for the logged-in user and
|
|
// access rule identifiers.
|
|
//
|
|
// API reference: https://api.cloudflare.com/#user-level-firewall-access-rule-update-access-rule
|
|
func (api *API) DeleteUserAccessRule(accessRuleID string) (*AccessRuleResponse, error) {
|
|
return api.deleteAccessRule("/user", accessRuleID)
|
|
}
|
|
|
|
// ListZoneAccessRules returns a slice of access rules for the given zone
|
|
// identifier.
|
|
//
|
|
// This takes an AccessRule to allow filtering of the results returned.
|
|
//
|
|
// API reference: https://api.cloudflare.com/#firewall-access-rule-for-a-zone-list-access-rules
|
|
func (api *API) ListZoneAccessRules(zoneID string, accessRule AccessRule, page int) (*AccessRuleListResponse, error) {
|
|
return api.listAccessRules("/zones/"+zoneID, accessRule, page)
|
|
}
|
|
|
|
// CreateZoneAccessRule creates a firewall access rule for the given zone
|
|
// identifier.
|
|
//
|
|
// API reference: https://api.cloudflare.com/#firewall-access-rule-for-a-zone-create-access-rule
|
|
func (api *API) CreateZoneAccessRule(zoneID string, accessRule AccessRule) (*AccessRuleResponse, error) {
|
|
return api.createAccessRule("/zones/"+zoneID, accessRule)
|
|
}
|
|
|
|
// UpdateZoneAccessRule updates a single access rule for the given zone &
|
|
// access rule identifiers.
|
|
//
|
|
// API reference: https://api.cloudflare.com/#firewall-access-rule-for-a-zone-update-access-rule
|
|
func (api *API) UpdateZoneAccessRule(zoneID, accessRuleID string, accessRule AccessRule) (*AccessRuleResponse, error) {
|
|
return api.updateAccessRule("/zones/"+zoneID, accessRuleID, accessRule)
|
|
}
|
|
|
|
// DeleteZoneAccessRule deletes a single access rule for the given zone and
|
|
// access rule identifiers.
|
|
//
|
|
// API reference: https://api.cloudflare.com/#firewall-access-rule-for-a-zone-delete-access-rule
|
|
func (api *API) DeleteZoneAccessRule(zoneID, accessRuleID string) (*AccessRuleResponse, error) {
|
|
return api.deleteAccessRule("/zones/"+zoneID, accessRuleID)
|
|
}
|
|
|
|
// ListOrganizationAccessRules returns a slice of access rules for the given
|
|
// organization identifier.
|
|
//
|
|
// This takes an AccessRule to allow filtering of the results returned.
|
|
//
|
|
// API reference: https://api.cloudflare.com/#organization-level-firewall-access-rule-list-access-rules
|
|
func (api *API) ListOrganizationAccessRules(organizationID string, accessRule AccessRule, page int) (*AccessRuleListResponse, error) {
|
|
return api.listAccessRules("/organizations/"+organizationID, accessRule, page)
|
|
}
|
|
|
|
// CreateOrganizationAccessRule creates a firewall access rule for the given
|
|
// organization identifier.
|
|
//
|
|
// API reference: https://api.cloudflare.com/#organization-level-firewall-access-rule-create-access-rule
|
|
func (api *API) CreateOrganizationAccessRule(organizationID string, accessRule AccessRule) (*AccessRuleResponse, error) {
|
|
return api.createAccessRule("/organizations/"+organizationID, accessRule)
|
|
}
|
|
|
|
// UpdateOrganizationAccessRule updates a single access rule for the given
|
|
// organization & access rule identifiers.
|
|
//
|
|
// API reference: https://api.cloudflare.com/#organization-level-firewall-access-rule-update-access-rule
|
|
func (api *API) UpdateOrganizationAccessRule(organizationID, accessRuleID string, accessRule AccessRule) (*AccessRuleResponse, error) {
|
|
return api.updateAccessRule("/organizations/"+organizationID, accessRuleID, accessRule)
|
|
}
|
|
|
|
// DeleteOrganizationAccessRule deletes a single access rule for the given
|
|
// organization and access rule identifiers.
|
|
//
|
|
// API reference: https://api.cloudflare.com/#organization-level-firewall-access-rule-delete-access-rule
|
|
func (api *API) DeleteOrganizationAccessRule(organizationID, accessRuleID string) (*AccessRuleResponse, error) {
|
|
return api.deleteAccessRule("/organizations/"+organizationID, accessRuleID)
|
|
}
|
|
|
|
func (api *API) listAccessRules(prefix string, accessRule AccessRule, page int) (*AccessRuleListResponse, error) {
|
|
// Construct a query string
|
|
v := url.Values{}
|
|
if page <= 0 {
|
|
page = 1
|
|
}
|
|
v.Set("page", strconv.Itoa(page))
|
|
// Request as many rules as possible per page - API max is 100
|
|
v.Set("per_page", "100")
|
|
if accessRule.Notes != "" {
|
|
v.Set("notes", accessRule.Notes)
|
|
}
|
|
if accessRule.Mode != "" {
|
|
v.Set("mode", accessRule.Mode)
|
|
}
|
|
if accessRule.Scope.Type != "" {
|
|
v.Set("scope_type", accessRule.Scope.Type)
|
|
}
|
|
if accessRule.Configuration.Value != "" {
|
|
v.Set("configuration_value", accessRule.Configuration.Value)
|
|
}
|
|
if accessRule.Configuration.Target != "" {
|
|
v.Set("configuration_target", accessRule.Configuration.Target)
|
|
}
|
|
v.Set("page", strconv.Itoa(page))
|
|
query := "?" + v.Encode()
|
|
|
|
uri := prefix + "/firewall/access_rules/rules" + query
|
|
res, err := api.makeRequest("GET", uri, nil)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, errMakeRequestError)
|
|
}
|
|
|
|
response := &AccessRuleListResponse{}
|
|
err = json.Unmarshal(res, &response)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, errUnmarshalError)
|
|
}
|
|
return response, nil
|
|
}
|
|
|
|
func (api *API) createAccessRule(prefix string, accessRule AccessRule) (*AccessRuleResponse, error) {
|
|
uri := prefix + "/firewall/access_rules/rules"
|
|
res, err := api.makeRequest("POST", uri, accessRule)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, errMakeRequestError)
|
|
}
|
|
|
|
response := &AccessRuleResponse{}
|
|
err = json.Unmarshal(res, &response)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, errUnmarshalError)
|
|
}
|
|
|
|
return response, nil
|
|
}
|
|
|
|
func (api *API) updateAccessRule(prefix, accessRuleID string, accessRule AccessRule) (*AccessRuleResponse, error) {
|
|
uri := prefix + "/firewall/access_rules/rules/" + accessRuleID
|
|
res, err := api.makeRequest("PATCH", uri, accessRule)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, errMakeRequestError)
|
|
}
|
|
|
|
response := &AccessRuleResponse{}
|
|
err = json.Unmarshal(res, &response)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, errUnmarshalError)
|
|
}
|
|
return response, nil
|
|
}
|
|
|
|
func (api *API) deleteAccessRule(prefix, accessRuleID string) (*AccessRuleResponse, error) {
|
|
uri := prefix + "/firewall/access_rules/rules/" + accessRuleID
|
|
res, err := api.makeRequest("DELETE", uri, nil)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, errMakeRequestError)
|
|
}
|
|
|
|
response := &AccessRuleResponse{}
|
|
err = json.Unmarshal(res, &response)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, errUnmarshalError)
|
|
}
|
|
|
|
return response, nil
|
|
}
|