cloudflare_client_rb 4.0.0

data/lib/cloudflare_client/zone/analytics.rb

@@ -0,0 +1,56 @@
+class CloudflareClient::Zone::Analytics < CloudflareClient::Zone::Base
+  ##
+  # zone analytics (free, pro, business, enterprise)
+
+  ##
+  # return dashboard data for a given zone or colo
+  def zone_dashboard
+    cf_get(path: "/zones/#{zone_id}/analytics/dashboard")
+  end
+
+  ##
+  # creturn analytics for colos for a time window.
+  # since and untill must be RFC 3339 timestamps
+  # TODO: support continuous
+  def colo_dashboard(since_ts: nil, until_ts: nil)
+    raise 'since_ts must be a valid timestamp' if since_ts.nil? || !date_rfc3339?(since_ts)
+    raise 'until_ts must be a valid timestamp' if until_ts.nil? || !date_rfc3339?(until_ts)
+
+    cf_get(path: "/zones/#{zone_id}/analytics/dashboard")
+  end
+
+  ##
+  # DNS analytics
+
+  ##
+  # return a table of analytics
+  def dns_table
+    cf_get(path: "/zones/#{zone_id}/dns_analytics/report")
+  end
+
+  ##
+  # return analytics by time
+  def dns_by_time(dimensions: [],
+                  metrics: [],
+                  sort: [],
+                  filters: [],
+                  since_ts: nil,
+                  until_ts: nil,
+                  limit: 100,
+                  time_delta: 'hour')
+    # TODO: what are valid dimensions?
+    # TODO: what are valid metrics?
+    unless since_ts.nil?
+      raise 'since_ts must be a valid timestamp' unless date_rfc3339?(since_ts)
+    end
+    unless until_ts.nil?
+      raise 'until_ts must be a valid timestamp' unless date_rfc3339?(until_ts)
+    end
+
+    params          = {limit: limit, time_delta: time_delta}
+    params['since'] = since_ts
+    params['until'] = until_ts
+
+    cf_get(path: "/zones/#{zone_id}/dns_analytics/report/bytime", params: params)
+  end
+end

data/lib/cloudflare_client/zone/base.rb

@@ -0,0 +1,9 @@
+class CloudflareClient::Zone::Base < CloudflareClient::Zone
+  attr_reader :zone_id
+
+  def initialize(args)
+    @zone_id = args.delete(:zone_id)
+    id_check('zone_id', zone_id)
+    super
+  end
+end

data/lib/cloudflare_client/zone/custom_hostname.rb

@@ -0,0 +1,86 @@
+# https://api.cloudflare.com/#custom-hostname-for-a-zone-list-custom-hostnames
+class CloudflareClient::Zone::CustomHostname < CloudflareClient::Zone::Base
+  VALID_METHODS = %w[http email cname].freeze
+  VALID_TYPES   = ['read only', 'dv'].freeze
+  VALID_ORDERS  = %w[ssl ssl_status].freeze
+  DEFAULT_SSL_PROPERTIES = { method: 'http', type: 'dv' }.freeze
+
+  ##
+  # create custom_hostname
+  # - :custom_metadata may only work for enterprise or better customers
+  # - :ssl has undocumented properties: 'custom_certificate' and 'custom_key', or can be nulled
+  def create(hostname:, ssl: DEFAULT_SSL_PROPERTIES, custom_metadata: {})
+    #FIXME: implement checks for the custom_metedata/find out of it's going to be exposed to anyone else
+    #"custom_metadata":{"origin_override":"hostname.zendesk.com"}
+    #"custom_metadata":{"hsts_enabled":"true"}
+    #"custom_metadata":{"hsts_enabled":"true","custom_maxage":value}
+    id_check('hostname', hostname)
+
+    if ssl && ssl[:method] && ssl[:type]
+      valid_value_check(:method, ssl[:method], VALID_METHODS)
+      valid_value_check(:type,   ssl[:type],   VALID_TYPES)
+    end
+
+    data                   = { hostname: hostname, ssl: ssl }
+    data[:custom_metadata] = custom_metadata unless custom_metadata.empty?
+
+    cf_post(path: "/zones/#{zone_id}/custom_hostnames", data: data)
+  end
+
+  ##
+  # list custom_hostnames
+  def list(hostname: nil, id: nil, page: 1, per_page: 50, order: 'ssl', direction: 'desc', ssl: 0)
+    raise 'cannot use both hostname and id' if hostname && id
+    valid_value_check(:order, order, VALID_ORDERS)
+    valid_value_check(:direction, direction, VALID_DIRECTIONS)
+    valid_value_check(:ssl, ssl, [0, 1])
+
+    params            = {page: page, per_page: per_page, order: order, direction: direction, ssl: ssl}
+    params[:hostname] = hostname if hostname
+    params[:id]       = id if id
+
+    cf_get(path: "/zones/#{zone_id}/custom_hostnames", params: params)
+  end
+
+  ##
+  # details of a custom hostname
+  def show(id:)
+    id_check('id', id)
+
+    cf_get(path: "/zones/#{zone_id}/custom_hostnames/#{id}")
+  end
+
+  ##
+  # update a custom hosntame
+  # https://api.cloudflare.com/#custom-hostname-for-a-zone-update-custom-hostname-configuration
+  def update(id:, ssl: {}, custom_metadata: nil)
+    id_check('id', id)
+
+    data = {}
+
+    if ssl && ssl[:method] && ssl[:type]
+      valid_value_check(:method, ssl[:method], VALID_METHODS)
+      valid_value_check(:type,   ssl[:type],   VALID_TYPES)
+    end
+
+    # Setting this to "null" requests removal of the attached certificate. We're
+    # using {} as the default value to denote "don't alter the SSL".
+    data[:ssl] = ssl unless ssl == {}
+
+    unless custom_metadata.nil?
+      raise 'custom_metadata must be an object' unless custom_metadata.is_a?(Hash)
+
+      data[:custom_metadata] = custom_metadata
+    end
+
+    cf_patch(path: "/zones/#{zone_id}/custom_hostnames/#{id}", data: data)
+  end
+
+  ##
+  # delete a custom hostname and ssl certs
+  def delete(id:)
+    id_check('id', id)
+
+    cf_delete(path: "/zones/#{zone_id}/custom_hostnames/#{id}")
+  end
+end

data/lib/cloudflare_client/zone/custom_page.rb

@@ -0,0 +1,28 @@
+class CloudflareClient::Zone::CustomPage < CloudflareClient::Zone::Base
+  ##
+  # Custom pages for a zone
+  ##
+  # custom_pages list all avaialble custom_pages
+  def list
+    cf_get(path: "/zones/#{zone_id}/custom_pages")
+  end
+
+  ##
+  # custom_page details
+  def show(id:)
+    raise 'id must not be nil' if id.nil?
+    cf_get(path: "/zones/#{zone_id}/custom_pages/#{id}")
+  end
+
+  ##
+  # update_custom_page
+  def update(id:, url:, state:)
+    id_check('id', id)
+    id_check('url', url)
+    raise 'state must be either default | customized' unless %w[default customized].include?(state)
+
+    data = {url: url, state: state}
+
+    cf_put(path: "/zones/#{zone_id}/custom_pages/#{id}", data: data)
+  end
+end

data/lib/cloudflare_client/zone/custom_ssl.rb

@@ -0,0 +1,62 @@
+class CloudflareClient::Zone::CustomSSL < CloudflareClient::Zone::Base
+  VALID_ORDERS = %w[status issuer priority expires_on].freeze
+
+  ##
+  # Custom SSL for a zone
+
+  ##
+  # create custom ssl for a zone
+  def create(certificate:, private_key:, bundle_method: nil)
+    id_check('certificate', certificate)
+    id_check('private_key', private_key)
+    bundle_method_check(bundle_method) unless bundle_method.nil?
+    # TODO: validate the cert/key using openssl?  Could be difficult if they are
+    # privately generated
+    data = {certificate: certificate, private_key: private_key}
+    data[:bundle_method] = bundle_method unless bundle_method.nil?
+    cf_post(path: "/zones/#{zone_id}/custom_certificates", data: data)
+  end
+
+  ##
+  # list custom ssl configurations
+  def list(page: 1, per_page: 50, order: 'priority', direction: 'asc', match: 'all')
+    raise ("order must be one of #{VALID_ORDERS}") unless VALID_ORDERS.include?(order)
+    raise ('direction must be asc || desc') unless (direction == 'asc' || direction == 'desc')
+    raise ('match must be all || any') unless (match == 'any' || match == 'all')
+    params = {page: page, per_page: per_page}
+    params[:match] = match
+    params[:direction] = direction
+    cf_get(path: "/zones/#{zone_id}/custom_certficates", params: params)
+  end
+
+  ##
+  # details of a single config
+  def show(configuration_id:)
+    raise 'ssl configuration id required' if configuration_id.nil?
+    cf_get(path: "/zones/#{zone_id}/custom_certificates/#{configuration_id}")
+  end
+
+  ##
+  # updates a custom ssl record
+  def update(id:, private_key: nil, certificate: nil, bundle_method: nil)
+    id_check('id', id)
+    id_check('private_key must be provided') if private_key.nil?
+    bundle_method_check(bundle_method)
+    data = {private_key: private_key, certificate: certificate, bundle_method: bundle_method}
+    cf_patch(path: "/zones/#{zone_id}/custom_certificates/#{id}", data: data)
+  end
+
+  ##
+  # re-prioritize ssl certs data = [{id: "cert_id", priority: 2}, {id: "cert_id", priority: 1}]
+  def prioritize(data: [])
+    raise 'must provide an array of certifiates and priorities' unless data.is_a?(Array) && !data.empty?
+    cf_put(path: "/zones/#{zone_id}/custom_certificates/prioritize", data: data)
+  end
+
+  ##
+  # delete a custom ssl cert
+  def delete(id:)
+    id_check('id', id)
+    cf_delete(path: "/zones/#{zone_id}/custom_certificates/#{id}")
+  end
+end

data/lib/cloudflare_client/zone/dns.rb

@@ -0,0 +1,66 @@
+class CloudflareClient::Zone::DNS < CloudflareClient::Zone::Base
+  VALID_TYPES = ['A', 'AAAA', 'CNAME', 'TXT', 'SRV', 'LOC', 'MX', 'NS', 'SPF', 'read only'].freeze
+
+  ##
+  # DNS methods
+
+  ##
+  # Create a dns record
+  def create(name:, type:, content:, ttl: nil, proxied: nil)
+    raise ("type must be one of #{VALID_TYPES.flatten}") unless VALID_TYPES.include?(type)
+    data = {name: name, type: type, content: content}
+    cf_post(path: "/zones/#{zone_id}/dns_records", data: data)
+  end
+
+  ##
+  # list/search for dns records in a given zone
+  def list(name: nil, content: nil, per_page: 50, page_no: 1, order: 'type', match: 'all', type: nil)
+    raise('match must be either all | any') unless %w[all any].include?(match)
+    params           = {per_page: per_page, page: page_no, order: order}
+    params[:name]    = name unless name.nil?
+    params[:content] = content unless content.nil?
+    params[:type]    = type unless type.nil?
+    cf_get(path: "/zones/#{zone_id}/dns_records", params: params)
+  end
+
+  ##
+  # details for a given dns_record
+  def show(id:)
+    id_check('dns record id', id)
+    cf_get(path: "/zones/#{zone_id}/dns_records/#{id}")
+  end
+
+  ##
+  # update a dns record.
+  # zone_id, id, type, and name are all required.  ttl and proxied are optional
+  def update(id:, type:, name:, content:, ttl: nil, proxied: nil)
+    id_check('dns record id', id)
+    id_check('dns record type', type)
+    id_check('dns record name', name)
+    id_check('dns record content', content)
+    raise('must suply type, name, and content') if (type.nil? || name.nil? || content.nil?)
+    data           = {type: type, name: name, content: content}
+    data[:ttl]     = ttl unless ttl.nil?
+    data[:proxied] = proxied unless proxied.nil?
+    cf_put(path: "/zones/#{zone_id}/dns_records/#{id}", data: data)
+  end
+
+  ##
+  # delete a dns record
+  # id is required.  ttl and proxied are optional
+  def delete(id:)
+    id_check('id', id)
+    cf_delete(path: "/zones/#{zone_id}/dns_records/#{id}")
+  end
+
+  ##
+  # import a BIND formatted zone file
+  #  def import_zone_file(path_to_file: nil)
+  #    # FIXME: not tested
+  #    raise("full path of file to import") if path_to_file.nil?
+  #    # TODO: ensure that this is a bind file?
+  #    raise("import file_name does not exist") if File.exists?(path_to_file)
+  #    data = { file: Faraday::UploadIO.new(path_to_file, 'multipart/form-data') }
+  #    cf_post(path: "/v4/zones/#{zone_id}/dns_records/import", data: data)
+  #  end
+end

data/lib/cloudflare_client/zone/firewall.rb

@@ -0,0 +1,3 @@
+class CloudflareClient::Zone::Firewall < CloudflareClient::Zone::Base
+  Dir[File.expand_path('../firewall/*.rb', __FILE__)].each {|f| require f}
+end

data/lib/cloudflare_client/zone/firewall/access_rule.rb

@@ -0,0 +1,87 @@
+class CloudflareClient::Zone::Firewall::AccessRule < CloudflareClient::Zone::Firewall
+  VALID_MODES          = %w[block challenge whitelist].freeze
+  VALID_SCOPE_TYPES    = %w[user organization zone].freeze
+  VALID_CONFIG_TARGETS = %w[ip ip_range country].freeze
+  VALID_ORDERS         = %w[scope_type configuration_target configuration_value mode].freeze
+  VALID_CASCADES       = %w[none basic aggressive].freeze
+
+  ##
+  # firewall_access_rules_for_a_zone
+  def list(notes: nil, mode: nil, match: nil, scope_type: nil, configuration_value: nil, order: nil, page: 1, per_page: 50, configuration_target: nil, direction: 'desc')
+    params                       = {page: page, per_page: per_page}
+    params[:notes]               = notes unless notes.nil?
+    params[:configuration_value] = configuration_value unless configuration_value.nil?
+
+    unless mode.nil?
+      valid_value_check(:mode, mode, VALID_MODES)
+      params[:mode] = mode
+    end
+
+    unless match.nil?
+      valid_value_check(:match, match, VALID_MATCHES)
+      params[:match] = match
+    end
+
+    unless scope_type.nil?
+      valid_value_check(:scope_type, scope_type, VALID_SCOPE_TYPES)
+      params[:scope_type] = scope_type
+    end
+
+    unless configuration_target.nil?
+      valid_value_check(:configuration_target, configuration_target, VALID_CONFIG_TARGETS)
+      params[:configuration_target] = configuration_target
+    end
+
+    unless direction.nil?
+      valid_value_check(:direction, direction, VALID_DIRECTIONS)
+      params[:direction] = direction
+    end
+
+    unless order.nil?
+      valid_value_check(:order, order, VALID_ORDERS)
+      params[:order] = order
+    end
+
+    cf_get(path: "/zones/#{zone_id}/firewall/access_rules/rules", params: params)
+  end
+
+  ##
+  # create firewall access rule
+  def create(mode:, configuration:, notes: nil)
+    valid_value_check(:mode, mode, VALID_MODES)
+    if configuration.is_a?(Hash)
+      unless configuration.keys.map(&:to_sym).sort == [:target, :value]
+        raise 'configuration must contain valid a valid target and value'
+      end
+    else
+      raise 'configuration must be a valid configuration object'
+    end
+
+    data         = {mode: mode, configuration: configuration}
+    data[:notes] = notes unless notes.nil?
+
+    cf_post(path: "/zones/#{zone_id}/firewall/access_rules/rules", data: data)
+  end
+
+  ##
+  # updates firewall_access_rule
+  def update(id:, mode: nil, notes: nil)
+    id_check('id', id)
+    valid_value_check(:mode, mode, VALID_MODES) unless mode.nil?
+
+    data         = {}
+    data[:mode]  = mode unless mode.nil?
+    data[:notes] = notes unless notes.nil?
+
+    cf_patch(path: "/zones/#{zone_id}/firewall/access_rules/rules/#{id}", data: data)
+  end
+
+  ##
+  # delete a firewall access rule
+  def delete(id:, cascade: 'none')
+    id_check('id', id)
+    valid_value_check(:cascade, cascade, VALID_CASCADES)
+
+    cf_delete(path: "/zones/#{zone_id}/firewall/access_rules/rules/#{id}")
+  end
+end

data/lib/cloudflare_client/zone/firewall/waf_package.rb

@@ -0,0 +1,46 @@
+class CloudflareClient::Zone::Firewall::WAFPackage < CloudflareClient::Zone::Firewall
+  require_relative './waf_package/base.rb'
+  Dir[File.expand_path('../waf_package/*.rb', __FILE__)].each {|f| require f}
+
+  VALID_ORDERS        = %w[status name].freeze
+  VALID_SENSITIVITIES = %w[high low off].freeze
+  VALID_ACTION_MODES  = %w[simulate block challenge].freeze
+
+  ##
+  # lists waf_rule_packages
+  def list(name: nil, page: 1, per_page: 50, order: 'status', direction: 'desc', match: 'all')
+    params        = {page: page, per_page: per_page}
+    params[:name] = name unless name.nil?
+
+    valid_value_check(:order, order, VALID_ORDERS)
+    params[:order] = order
+
+    valid_value_check(:direction, direction, VALID_DIRECTIONS)
+    params[:direction] = direction
+
+    valid_value_check(:match, match, VALID_MATCHES)
+    params[:match] = match
+
+    cf_get(path: "/zones/#{zone_id}/firewall/waf/packages", params: params)
+  end
+
+  ##
+  # shows details of a single package
+  def show(id:)
+    id_check('id', id)
+
+    cf_get(path: "/zones/#{zone_id}/firewall/waf/packages/#{id}")
+  end
+
+  ##
+  # changes the sensitivity and action for an anomaly detection type WAF rule package
+  def update(id:, sensitivity: 'high', action_mode: 'challange')
+    id_check('id', id)
+    valid_value_check(:sensitivity, sensitivity, VALID_SENSITIVITIES)
+    valid_value_check(:action_mode, action_mode, VALID_ACTION_MODES)
+
+    data = {sensitivity: sensitivity, action_mode: action_mode}
+
+    cf_patch(path: "/zones/#{zone_id}/firewall/waf/packages/#{id}", data: data)
+  end
+end