@nodeart/cloudflare-provisioning 1.0.2 → 1.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cloudflare.js +60 -11
- package/index.js +2 -2
- package/package.json +3 -3
- package/template.js +3 -3
package/cloudflare.js
CHANGED
|
@@ -5,8 +5,9 @@ const { request } = require('undici')
|
|
|
5
5
|
const CLOUDFLARE_API_URL = 'https://api.cloudflare.com/client/v4/'
|
|
6
6
|
|
|
7
7
|
class CloudFlare {
|
|
8
|
-
constructor (zoneId, options) {
|
|
8
|
+
constructor (zoneId, domain, options) {
|
|
9
9
|
this.zoneId = zoneId
|
|
10
|
+
this.domain = domain
|
|
10
11
|
|
|
11
12
|
this.authorizationHeaders = null
|
|
12
13
|
if (options.email !== undefined && options.apiKey !== undefined) {
|
|
@@ -189,6 +190,26 @@ class CloudFlare {
|
|
|
189
190
|
return response
|
|
190
191
|
}
|
|
191
192
|
|
|
193
|
+
async getFirewallRules () {
|
|
194
|
+
const url = CLOUDFLARE_API_URL + `zones/${this.zoneId}/firewall/rules`
|
|
195
|
+
|
|
196
|
+
const { statusCode, body } = await request(url, {
|
|
197
|
+
method: 'GET',
|
|
198
|
+
headers: {
|
|
199
|
+
...this.authorizationHeaders,
|
|
200
|
+
'Content-Type': 'application/json'
|
|
201
|
+
}
|
|
202
|
+
})
|
|
203
|
+
|
|
204
|
+
const response = await body.json()
|
|
205
|
+
|
|
206
|
+
if (statusCode !== 200) {
|
|
207
|
+
throw new Error(`Could not get firewall rules: ${statusCode}, error: ${JSON.stringify(response)}`)
|
|
208
|
+
}
|
|
209
|
+
|
|
210
|
+
return response
|
|
211
|
+
}
|
|
212
|
+
|
|
192
213
|
async createFirewallRule (firewallRule) {
|
|
193
214
|
const url = CLOUDFLARE_API_URL + `zones/${this.zoneId}/firewall/rules`
|
|
194
215
|
|
|
@@ -210,15 +231,43 @@ class CloudFlare {
|
|
|
210
231
|
return response
|
|
211
232
|
}
|
|
212
233
|
|
|
213
|
-
async
|
|
214
|
-
const
|
|
234
|
+
async updateFirewallRule (id, firewallRule) {
|
|
235
|
+
const url = CLOUDFLARE_API_URL + `zones/${this.zoneId}/firewall/rules/${id}`
|
|
215
236
|
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
237
|
+
const { statusCode, body } = await request(url, {
|
|
238
|
+
method: 'PATCH',
|
|
239
|
+
headers: {
|
|
240
|
+
...this.authorizationHeaders,
|
|
241
|
+
'Content-Type': 'application/json'
|
|
242
|
+
},
|
|
243
|
+
body: JSON.stringify(firewallRule)
|
|
244
|
+
})
|
|
219
245
|
|
|
220
|
-
|
|
221
|
-
|
|
246
|
+
const response = await body.json()
|
|
247
|
+
|
|
248
|
+
if (statusCode !== 200) {
|
|
249
|
+
throw new Error(`Could not update a firewall rule: ${statusCode}, error: ${JSON.stringify(response)}`)
|
|
250
|
+
}
|
|
251
|
+
|
|
252
|
+
return response
|
|
253
|
+
}
|
|
254
|
+
|
|
255
|
+
async rewriteFirewallRules (firewallRules) {
|
|
256
|
+
const currentFirewallRules = await this.getFirewallRules()
|
|
257
|
+
|
|
258
|
+
for (const firewallRule of firewallRules) {
|
|
259
|
+
const currentFirewallRule = currentFirewallRules.result.find(
|
|
260
|
+
rule => rule.description === firewallRule.description
|
|
261
|
+
)
|
|
262
|
+
|
|
263
|
+
try {
|
|
264
|
+
if (currentFirewallRule) {
|
|
265
|
+
await this.updateFirewallRule(currentFirewallRule.id, firewallRule)
|
|
266
|
+
} else {
|
|
267
|
+
await this.createFirewallRule(firewallRule)
|
|
268
|
+
}
|
|
269
|
+
} catch (error) {
|
|
270
|
+
console.error(`Could not update firewall rule for domain ${this.domain}: ${JSON.stringify(firewallRule)}, error: ${error}`)
|
|
222
271
|
}
|
|
223
272
|
}
|
|
224
273
|
}
|
|
@@ -476,7 +525,7 @@ class CloudFlare {
|
|
|
476
525
|
await this.createPageRule(pageRule)
|
|
477
526
|
}
|
|
478
527
|
} catch (error) {
|
|
479
|
-
console.log(`Could not update or create page rule: ${error.message}\n`)
|
|
528
|
+
console.log(`Could not update or create page rule for domain ${this.domain}: ${error.message}\n`)
|
|
480
529
|
}
|
|
481
530
|
}
|
|
482
531
|
}
|
|
@@ -530,7 +579,7 @@ class CloudFlare {
|
|
|
530
579
|
const workerRoute = workerRoutes[i]
|
|
531
580
|
|
|
532
581
|
if (result.status === 'rejected') {
|
|
533
|
-
console.log(`Could not create worker route ${JSON.stringify(workerRoute)}: ${result.reason}\n`)
|
|
582
|
+
console.log(`Could not create worker route for domain ${this.domain} ${JSON.stringify(workerRoute)}: ${result.reason}\n`)
|
|
534
583
|
}
|
|
535
584
|
}
|
|
536
585
|
}
|
|
@@ -583,7 +632,7 @@ class CloudFlare {
|
|
|
583
632
|
const routeId = routeIds[i]
|
|
584
633
|
|
|
585
634
|
if (result.status === 'rejected') {
|
|
586
|
-
console.log(`Could not delete worker route ${routeId}: ${result.reason}\n`)
|
|
635
|
+
console.log(`Could not delete worker route for domain ${this.domain} ${routeId}: ${result.reason}\n`)
|
|
587
636
|
}
|
|
588
637
|
}
|
|
589
638
|
}
|
package/index.js
CHANGED
|
@@ -9,7 +9,7 @@ const cloudflareSettingsHandlers = {
|
|
|
9
9
|
emailObfuscation: CloudFlare.prototype.setEmailObfuscation,
|
|
10
10
|
brotli: CloudFlare.prototype.setBrotli,
|
|
11
11
|
dnsRecords: CloudFlare.prototype.rewriteDNSRecords,
|
|
12
|
-
firewallRules: CloudFlare.prototype.
|
|
12
|
+
firewallRules: CloudFlare.prototype.rewriteFirewallRules,
|
|
13
13
|
polish: CloudFlare.prototype.setPolish,
|
|
14
14
|
minify: CloudFlare.prototype.setMinify,
|
|
15
15
|
http2Prioritization: CloudFlare.prototype.setHTTP2Prioritization,
|
|
@@ -52,7 +52,7 @@ async function applyCloudflareSettings (config) {
|
|
|
52
52
|
? { email: accountEmail, apiKey: accountKey }
|
|
53
53
|
: { token: site.token }
|
|
54
54
|
|
|
55
|
-
const cloudFlare = new CloudFlare(zoneId, options)
|
|
55
|
+
const cloudFlare = new CloudFlare(zoneId, site.domain, options)
|
|
56
56
|
const domainSettings = substituteDomainName(settings, site.domain)
|
|
57
57
|
|
|
58
58
|
for (const [key, value] of Object.entries(domainSettings)) {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@nodeart/cloudflare-provisioning",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.4",
|
|
4
4
|
"description": "",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"scripts": {
|
|
@@ -11,10 +11,10 @@
|
|
|
11
11
|
"author": "",
|
|
12
12
|
"license": "ISC",
|
|
13
13
|
"devDependencies": {
|
|
14
|
-
"husky": "^8.0.
|
|
14
|
+
"husky": "^8.0.2",
|
|
15
15
|
"standard": "^17.0.0"
|
|
16
16
|
},
|
|
17
17
|
"dependencies": {
|
|
18
|
-
"undici": "^5.
|
|
18
|
+
"undici": "^5.10.0"
|
|
19
19
|
}
|
|
20
20
|
}
|
package/template.js
CHANGED
|
@@ -56,17 +56,17 @@ module.exports = {
|
|
|
56
56
|
},
|
|
57
57
|
dataExportCache: {
|
|
58
58
|
targets: [{ target: 'url', constraint: { operator: 'matches', value: 'https://www.$DOMAIN/export/*' } }],
|
|
59
|
-
actions: [{ id: 'cache_level', value: 'bypass' }],
|
|
59
|
+
actions: [{ id: 'cache_level', value: 'bypass' }, { id: 'origin_error_page_pass_thru', value: 'on' }],
|
|
60
60
|
status: 'active'
|
|
61
61
|
},
|
|
62
62
|
rootForward: {
|
|
63
|
-
targets: [{ target: 'url', constraint: { operator: 'matches', value: '
|
|
63
|
+
targets: [{ target: 'url', constraint: { operator: 'matches', value: '$DOMAIN/*' } }],
|
|
64
64
|
actions: [{ id: 'forwarding_url', value: { status_code: 301, url: 'https://www.$DOMAIN/$1' } }],
|
|
65
65
|
status: 'active'
|
|
66
66
|
},
|
|
67
67
|
ia: {
|
|
68
68
|
targets: [{ target: 'url', constraint: { operator: 'matches', value: '*ia.$DOMAIN/*' } }],
|
|
69
|
-
actions: [{ id: 'disable_security' }, { id: 'cache_level', value: 'bypass' }],
|
|
69
|
+
actions: [{ id: 'disable_security' }, { id: 'cache_level', value: 'bypass' }, { id: 'ssl', value: 'flexible' }],
|
|
70
70
|
status: 'active'
|
|
71
71
|
}
|
|
72
72
|
},
|