cloudflare_client_rb 4.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 53055d6f6789ba960ef43045e6b102ffb4e97baf
+  data.tar.gz: 3ef8b8314e81ae120c8c3711b75997d56e5f0e0e
+SHA512:
+  metadata.gz: ba0a7b3a325441795cbfe180f351a8385bf5770b79c9b8b6008770438f9fbe4497af207ded9bc20f207482769c6418dee161e1b4311e669a2632031a60f4d468
+  data.tar.gz: f26ff45885f8efb43349310c4ea943522742b0dbbd320154e531104c2e2846b0c1b339af79c605656bc09c9e148beb779eb687e415a9640f6b73df897dd19000

data/lib/cloudflare_client.rb

@@ -0,0 +1,211 @@
+##
+# General class for the client
+class CloudflareClient
+  require 'json'
+  require 'faraday'
+  require 'date'
+  require 'byebug'
+  Dir[File.expand_path('../cloudflare_client/*.rb', __FILE__)].each { |f| require f }
+
+  API_BASE             = 'https://api.cloudflare.com/client/v4'.freeze
+  VALID_BUNDLE_METHODS = %w[ubiquitous optimal force].freeze
+  VALID_DIRECTIONS     = %w[asc desc].freeze
+  VALID_MATCHES        = %w[any all].freeze
+
+  POSSIBLE_API_SETTINGS = %w[
+    advanced_ddos
+    always_online
+    automatic_https_rewrites
+    browser_cache_ttl
+    browser_check
+    cache_level
+    challenge_ttl
+    development_mode
+    email_obfuscation
+    hotlink_protection
+    ip_geolocation
+    ipv6
+    minify
+    mobile_redirect
+    mirage
+    origin_error_page_pass_thru
+    opportunistic_encryption
+    polish
+    webp
+    prefetch_preload
+    response_buffering
+    rocket_loader
+    security_header
+    security_level
+    server_side_exclude
+    sort_query_string_for_cache
+    ssl
+    tls_1_2_only
+    tls_1_3
+    tls_client_auth
+    true_client_ip_header
+    waf
+    http2
+    pseudo_ipv4
+    websockets
+  ].freeze
+
+  def initialize(auth_key: nil, email: nil)
+    raise('Missing auth_key') if auth_key.nil?
+    raise('missing email') if email.nil?
+    @cf_client ||= build_client(auth_key: auth_key, email: email)
+  end
+
+  #TODO: add the time based stuff
+
+  #TODO: cloudflare IPs
+  #TODO: AML
+  #TODO: load balancer monitors
+  #TODO: load balancer pools
+  #TODO: org load balancer monitors
+  #TODO: org load balancer pools
+  #TODO: load balancers
+
+  private
+
+  def bundle_method_check(bundle_method)
+    unless VALID_BUNDLE_METHODS.include?(bundle_method)
+      raise("valid bundle methods are #{VALID_BUNDLE_METHODS.flatten}")
+    end
+  end
+
+  def date_rfc3339?(ts)
+    begin
+      DateTime.rfc3339(ts)
+    rescue ArgumentError
+      return false
+    end
+    true
+  end
+
+  def iso8601_check(name, ts)
+    DateTime.iso8601(ts)
+  rescue ArgumentError
+    raise "#{name} must be a valid iso8601 timestamp"
+  end
+
+  def timestamp_check(name, ts)
+    Time.at(ts).to_datetime
+  rescue TypeError
+    raise "#{name} must be a valid unix timestamp"
+  end
+
+  def id_check(name, id)
+    raise "#{name} required" if id.nil?
+  end
+
+  def valid_value_check(name, value, valid_values)
+    raise "#{name} must be one of #{valid_values}" unless valid_values.include?(value)
+  end
+
+  def non_empty_array_check(name, array)
+    raise "#{name} must be an array of #{name}" unless array.is_a?(Array) && !array.empty?
+  end
+
+  def non_empty_hash_check(name, hash)
+    raise "#{name} must be an hash of #{name}" unless hash.is_a?(Hash) && !hash.empty?
+  end
+
+  def basic_type_check(name, value, type)
+    raise "#{name} must be a #{type}" unless value.is_a?(type)
+  end
+
+  def max_length_check(name, value, max_length=32)
+    raise "the length of #{name} must not exceed #{max_length}" unless value.length <= max_length
+  end
+
+  def range_check(name, value, min=nil, max=nil)
+    if min && max
+      raise "#{name} must be between #{min} and #{max}" unless value >= min && value <= max
+    elsif min
+      raise "#{name} must be equal or larger than #{min}" unless value >= min
+    elsif max
+      raise "#{name} must be equal or less than #{max}" unless value <= max
+    end
+  end
+
+  def build_client(params)
+    raise('Missing auth_key') if params[:auth_key].nil?
+    raise('Missing auth email') if params[:email].nil?
+    # we need multipart form encoding for some of these operations
+    client                                      = Faraday.new(url: API_BASE) do |conn|
+      conn.request :multipart
+      conn.request :url_encoded
+      conn.adapter :net_http
+    end
+    client.headers['X-Auth-Key']                = params[:auth_key]
+    client.headers['X-Auth-User-Service-Key	'] = params[:auth_key] #FIXME, is this always the same?
+    client.headers['X-Auth-Email']              = params[:email]
+    client.headers['Content-Type']              = 'application/json'
+    client
+  end
+
+  def cf_post(path: nil, data: {})
+    raise('No data to post') if data.empty?
+    result = @cf_client.post do |request|
+      request.url(API_BASE + path) unless path.nil?
+      request.body = data.to_json
+    end
+    raise(JSON.parse(result.body).dig('errors').first.to_s) unless result.status == 200
+    JSON.parse(result.body, symbolize_names: true)
+  end
+
+  def cf_get(path: nil, params: {}, raw: nil, extra_headers: {})
+    result = @cf_client.get do |request|
+      request.headers.merge!(extra_headers) unless extra_headers.empty?
+      request.url(API_BASE + path) unless path.nil?
+      unless params.nil?
+        request.params = params if params.values.any? { |i| !i.nil? }
+      end
+    end
+    raise(JSON.parse(result.body).dig('errors').first.to_s) unless result.status == 200
+    unless raw.nil?
+      return result.body
+    end
+    # we ask for compressed logs.  uncompress if we get them
+    # as the user can always ask for raw stuff
+    if result.headers["content-encoding"] == 'gzip'
+      return Zlib::GzipReader.new(StringIO.new(result.body.to_s)).read
+    end
+    JSON.parse(result.body, symbolize_names: true)
+  end
+
+  def cf_put(path: nil, data: nil)
+    result = @cf_client.put do |request|
+      request.url(API_BASE + path) unless path.nil?
+      request.body = data.to_json unless data.nil?
+    end
+    raise(JSON.parse(result.body).dig('errors').first.to_s) unless result.status == 200
+    JSON.parse(result.body, symbolize_names: true)
+  end
+
+  def cf_patch(path: nil, data: {})
+    valid_response_codes = [200, 202]
+    result               = @cf_client.patch do |request|
+      request.url(API_BASE + path) unless path.nil?
+      request.body = data.to_json unless data.empty?
+    end
+    raise(JSON.parse(result.body).dig('errors').first.to_s) unless valid_response_codes.include?(result.status)
+    JSON.parse(result.body, symbolize_names: true)
+  end
+
+  def cf_delete(path: nil, data: {})
+    result = @cf_client.delete do |request|
+      request.url(API_BASE + path) unless path.nil?
+      request.body = data.to_json unless data.empty?
+    end
+    raise(JSON.parse(result.body).dig('errors').first.to_s) unless result.status == 200
+    JSON.parse(result.body, symbolize_names: true)
+  end
+
+  def valid_setting?(name = nil)
+    return false if name.nil?
+    return false unless POSSIBLE_API_SETTINGS.include?(name)
+    true
+  end
+end

data/lib/cloudflare_client/certificate.rb

@@ -0,0 +1,40 @@
+class CloudflareClient::Certificate < CloudflareClient
+  VALID_REQUESTED_VALIDITIES = [7, 30, 90, 365, 730, 1095, 5475].freeze
+  VALID_REQUEST_TYPES        = %w[origin-rsa origin-ecc keyless-certificate].freeze
+
+  ##
+  # cloudflare CA
+
+  ##
+  # list certificates
+  def list(zone_id: nil)
+    cf_get(path: '/certificates', params: {zone_id: zone_id})
+  end
+
+  ##
+  # create a certificate
+  def create(hostnames:, requested_validity: 5475, request_type: 'origin-rsa', csr: nil)
+    non_empty_array_check(:hostnames, hostnames)
+    valid_value_check(:requested_validity, requested_validity, VALID_REQUESTED_VALIDITIES)
+    valid_value_check(:request_type, request_type, VALID_REQUEST_TYPES)
+
+    data       = {hostnames: hostnames, requested_validity: requested_validity, request_type: request_type}
+    data[:csr] = csr unless csr.nil?
+
+    cf_post(path: '/certificates', data: data)
+  end
+
+  ##
+  # details of a certificate
+  def show(id:)
+    id_check(:id, id)
+    cf_get(path: "/certificates/#{id}")
+  end
+
+  ##
+  # revoke a cert
+  def revoke(id:)
+    id_check(:id, id)
+    cf_delete(path: "/certificates/#{id}")
+  end
+end

data/lib/cloudflare_client/organization.rb

@@ -0,0 +1,26 @@
+class CloudflareClient::Organization < CloudflareClient
+  Dir[File.expand_path('../organization/*.rb', __FILE__)].each {|f| require f}
+
+  attr_reader :org_id
+
+  ##
+  # Organization based operations
+  def initialize(args)
+    @org_id = args.delete(:org_id)
+    id_check(:org_id, org_id)
+    super
+  end
+
+  ##
+  # get an org's details
+  def show
+    cf_get(path: "/organizations/#{org_id}")
+  end
+
+  ##
+  # update a given org (only supports name)
+  def update(name: nil)
+    data = name.nil? ? {} : {name: name}
+    cf_patch(path: "/organizations/#{org_id}", data: data)
+  end
+end

data/lib/cloudflare_client/organization/access_rule.rb

@@ -0,0 +1,76 @@
+class CloudflareClient::Organization::AccessRule < CloudflareClient::Organization
+  VALID_MODES          = %w[block challenge whitelist].freeze
+  VALID_CONFIG_TARGETS = %w[ip ip_range country_code].freeze
+  VALID_ORDERS         = %w[configuration_target configuration_value mode].freeze
+
+  ##
+  # org level firewall rules
+  #
+
+  ##
+  # list access rules
+  def list(notes: nil, mode: nil, match: 'all', configuration_value: nil, order: nil, page: 1, per_page: 50, configuration_target: nil, direction: 'desc')
+    params = {page: page, per_page: per_page}
+
+    unless notes.nil?
+      basic_type_check(:notes, notes, String)
+      params[:notes] = notes
+    end
+
+    unless mode.nil?
+      valid_value_check(:mode, mode, VALID_MODES)
+      params[:mode] = mode
+    end
+
+    unless match.nil?
+      valid_value_check(:match, match, VALID_MATCHES)
+      params[:match] = match
+    end
+
+    params[:configuration_value] = configuration_value unless configuration_value.nil?
+
+    #FIXME: check this against the api
+    unless order.nil?
+      valid_value_check(:order, order, VALID_ORDERS)
+      params[:order] = order
+    end
+
+    unless configuration_target.nil?
+      valid_value_check(:configuration_target, configuration_target, VALID_CONFIG_TARGETS)
+      params[:configuration_target] = configuration_target
+    end
+
+    unless direction.nil?
+      valid_value_check(:direction, direction, VALID_DIRECTIONS)
+      params[:direction] = direction
+    end
+
+    cf_get(path: "/organizations/#{org_id}/firewall/access_rules/rules", params: params)
+  end
+
+  ##
+  # create access rule
+  def create(mode:, configuration:, notes: nil)
+    non_empty_hash_check(:configuration, configuration)
+    valid_value_check(:mode, mode, VALID_MODES)
+
+    #TODO: validate config objects?
+    data         = {mode: mode, configuration: configuration}
+    data[:notes] = notes unless notes.nil?
+
+    cf_post(path: "/organizations/#{org_id}/firewall/access_rules/rules", data: data)
+  end
+
+  ##
+  # update access rule
+  # def update
+  #
+  # end
+
+  ##
+  # delete org access rule
+  def delete(id:)
+    id_check('id', id)
+    cf_delete(path: "/organizations/#{org_id}/firewall/access_rules/rules/#{id}")
+  end
+end

data/lib/cloudflare_client/organization/invite.rb

@@ -0,0 +1,53 @@
+class CloudflareClient::Organization::Invite < CloudflareClient::Organization
+  ##
+  # org invites
+
+  ##
+  # create an org invite
+  def create(email:, roles:, auto_accept: nil)
+    basic_type_check(:email, email, String)
+    max_length_check(:email, email, 90)
+    non_empty_array_check(:roles, roles)
+
+    data = {invited_member_email: email, roles: roles}
+
+    unless auto_accept.nil?
+      valid_value_check(:auto_accept, auto_accept, [true, false])
+      data[:auto_accept] = auto_accept
+    end
+
+    cf_post(path: "/organizations/#{org_id}/invites", data: data)
+  end
+
+  ##
+  # org invites
+  def list
+    cf_get(path: "/organizations/#{org_id}/invites")
+  end
+
+  ##
+  # org invite details
+  def show(id:)
+    id_check(:id, id)
+
+    cf_get(path: "/organizations/#{org_id}/invites/#{id}")
+  end
+
+  ##
+  # update an organization invites roles
+  def update(id:, roles:)
+    id_check(:id, id)
+    non_empty_array_check(:roles, roles)
+
+    data = {roles: roles}
+
+    cf_patch(path: "/organizations/#{org_id}/invites/#{id}", data: data)
+  end
+
+  ##
+  # cancel an organization invite
+  def delete(id:)
+    id_check(:id, id)
+    cf_delete(path: "/organizations/#{org_id}/invites/#{id}")
+  end
+end

data/lib/cloudflare_client/organization/member.rb

@@ -0,0 +1,37 @@
+class CloudflareClient::Organization::Member < CloudflareClient::Organization
+  ##
+  # org members
+
+  ##
+  # list org members
+  def list
+    cf_get(path: "/organizations/#{org_id}/members")
+  end
+
+  ##
+  # org member details
+  def show(id:)
+    id_check(:id, id)
+
+    cf_get(path: "/organizations/#{org_id}/members/#{id}")
+  end
+
+  ##
+  # update org member roles
+  def update(id:, roles:)
+    id_check(:id, id)
+    non_empty_array_check(:roles, roles)
+
+    data = {roles: roles}
+
+    cf_patch(path: "/organizations/#{org_id}/members/#{id}", data: data)
+  end
+
+  ##
+  # remove org member
+  def delete(id:)
+    id_check(:id, id)
+
+    cf_delete(path: "/organizations/#{org_id}/members/#{id}")
+  end
+end