@nodeart/cloudflare-provisioning 1.0.5 → 1.0.7

package/cloudflare.js

@@ -208,7 +208,7 @@ class CloudFlare {
       throw new Error(`Could not get firewall rules: ${statusCode}, error: ${JSON.stringify(response)}`)
     }
 
-    const { id, rules } = response
+    const { id, rules } = response?.result ?? {}
     if (!id) {
       throw new Error(`Could not get firewall rules ruleset ID: got ${id}, received value: ${JSON.stringify(response)}`)
     }
@@ -325,7 +325,7 @@ class CloudFlare {
         throw new Error(`Could not create redirect ruleset: ${statusCode}, error: ${JSON.stringify(createResponse)}`)
       }
 
-      const { id, rules } = createResponse
+      const { id, rules } = createResponse?.result ?? {}
       if (!id) {
         throw new Error(`Could not get redirect rules ruleset ID: got ${id}, received value: ${JSON.stringify(response)}`)
       }
@@ -336,7 +336,7 @@ class CloudFlare {
         throw new Error(`Could not get redirect rules: ${statusCode}, error: ${JSON.stringify(response)}`)
       }
 
-      const { id, rules } = response
+      const { id, rules } = response?.result ?? {}
       if (!id) {
         throw new Error(`Could not get redirect rules ruleset ID: got ${id}, received value: ${JSON.stringify(response)}`)
       }
@@ -804,29 +804,124 @@ class CloudFlare {
     return response
   }
 
-  async uploadTlsClientAuth ({ clientKey, clientCert, caCert }) {
-    try {
-      await fs.access(clientKey, fs.constants.R_OK)
-      await fs.access(clientCert, fs.constants.R_OK)
-      await fs.access(caCert, fs.constants.R_OK)
-    } catch (e) {
-      throw new Error(`Cannot access file: ${e?.message}`)
+  async uploadTlsClientAuth ({ clientKey, clientCert, caCert, clear }) {
+    if (clear) {
+      await this.clearCustomCerts()
     }
 
-    const clientKeyContents = await fs.readFile(clientKey, 'utf8')
-    const clientCertContents = await fs.readFile(clientCert, 'utf8')
-    const caCertContents = await fs.readFile(caCert, 'utf8')
+    if (clientKey && clientCert && caCert) {
+      try {
+        await fs.access(clientKey, fs.constants.R_OK)
+        await fs.access(clientCert, fs.constants.R_OK)
+        await fs.access(caCert, fs.constants.R_OK)
+      } catch (e) {
+        throw new Error(`Cancelling cert upload for domain ${this.domain}. Cannot access file: ${e?.message}`)
+      }
+
+      const clientKeyContents = await fs.readFile(clientKey, 'utf8')
+      const clientCertContents = await fs.readFile(clientCert, 'utf8')
+      const caCertContents = await fs.readFile(caCert, 'utf8')
+
+      await this.uploadCertAndKey(clientCertContents, clientKeyContents)
+      await this.uploadCaCert(caCertContents)
+      await this.enableTLSClientAuth()
+    }
+  }
+
+  async clearCustomCerts () {
+    const clientCertIds = await this.getClientCerts()
+    const caCertIds = await this.getCaCerts()
+
+    for (const cert of clientCertIds) {
+      try {
+        await this.deleteClientCert(cert)
+      } catch (e) {
+        console.error(`Failed to delete Client cert: ${e?.message}`)
+      }
+    }
+
+    for (const cert of caCertIds) {
+      try {
+        await this.deleteCaCert(cert)
+      } catch (e) {
+        console.error(`Failed to delete Client cert: ${e?.message}`)
+      }
+    }
+  }
+
+  async getClientCerts () {
+    const url = CLOUDFLARE_API_URL + `zones/${this.zoneId}/origin_tls_client_auth`
+    const { statusCode, body } = await request(url, {
+      method: 'GET',
+      headers: {
+        ...this.authorizationHeaders,
+        'Content-Type': 'application/json'
+      }
+    })
+    const response = await body.json()
+
+    if (statusCode !== 200) {
+      throw new Error(`Could not get client certificate IDs: ${statusCode}, error: ${JSON.stringify(response)}`)
+    }
+
+    return response?.result?.map((cert) => cert?.id) ?? []
+  }
+
+  async getCaCerts () {
+    const url = CLOUDFLARE_API_URL + `zones/${this.zoneId}/acm/custom_trust_store`
+    const { statusCode, body } = await request(url, {
+      method: 'GET',
+      headers: {
+        ...this.authorizationHeaders,
+        'Content-Type': 'application/json'
+      }
+    })
+    const response = await body.json()
+
+    if (statusCode !== 200) {
+      throw new Error(`Could not get CA certificate IDs: ${statusCode}, error: ${JSON.stringify(response)}`)
+    }
 
-    await this.uploadCertAndKey(clientCertContents, clientKeyContents)
-    await this.uploadCaCert(caCertContents)
-    await this.enableTLSClientAuth()
+    return response?.result?.map((cert) => cert?.id) ?? []
+  }
+
+  async deleteClientCert (certId) {
+    const url = CLOUDFLARE_API_URL + `zones/${this.zoneId}/origin_tls_client_auth/${certId}`
+    const { statusCode, body } = await request(url, {
+      method: 'DELETE',
+      headers: {
+        ...this.authorizationHeaders,
+        'Content-Type': 'application/json'
+      }
+    })
+    const response = await body.json()
+
+    if (statusCode !== 200) {
+      throw new Error(`Could not delete client certificate ID ${certId}: ${statusCode}, error: ${JSON.stringify(response)}`)
+    }
+  }
+
+  async deleteCaCert (certId) {
+    const url = CLOUDFLARE_API_URL + `zones/${this.zoneId}/acm/custom_trust_store/${certId}`
+    const { statusCode, body } = await request(url, {
+      method: 'DELETE',
+      headers: {
+        ...this.authorizationHeaders,
+        'Content-Type': 'application/json'
+      }
+    })
+    const response = await body.json()
+
+    if (statusCode !== 200) {
+      throw new Error(`Could not delete CA certificate ID ${certId}: ${statusCode}, error: ${JSON.stringify(response)}`)
+    }
   }
 
   async uploadCertAndKey (clientCert, clientKey) {
     const url = CLOUDFLARE_API_URL + `zones/${this.zoneId}/origin_tls_client_auth`
     const payload = {
-      certificate: clientCert,
-      private_key: clientKey
+      certificate: clientCert.replace(/\r?\n/g, '\n'),
+      private_key: clientKey.replace(/\r?\n/g, '\n')
     }
 
     const { statusCode, body } = await request(url, {
@@ -840,15 +935,20 @@ class CloudFlare {
 
     const response = await body.json()
 
-    if (statusCode !== 200) {
-      throw new Error(`Could not upload certificate and private key: ${statusCode}, error: ${JSON.stringify(response)}`)
+    if (statusCode !== 200 && statusCode !== 201) {
+      const errors = response?.errors ?? []
+      if (errors.find((error) => error.code === 1406 && error.message === 'This certificate already exists for this zone.')) {
+        console.log(`This certificate already exists for domain ${this.domain}. Continuing...`)
+      } else {
+        throw new Error(`Could not upload certificate and private key: ${statusCode}, error: ${JSON.stringify(response)}`)
+      }
     }
   }
 
   async uploadCaCert (caCert) {
     const url = CLOUDFLARE_API_URL + `zones/${this.zoneId}/acm/custom_trust_store`
     const payload = {
-      certificate: caCert
+      certificate: caCert.replace(/\r?\n/g, '\n')
     }
 
     const { statusCode, body } = await request(url, {
@@ -862,8 +962,13 @@ class CloudFlare {
 
     const response = await body.json()
 
-    if (statusCode !== 200) {
-      throw new Error(`Could not upload CA certificate: ${statusCode}, error: ${JSON.stringify(response)}`)
+    if (statusCode !== 200 && statusCode !== 201) {
+      const errors = response?.errors ?? []
+      if (errors.find((error) => error.code === 1406 && error.message === 'This certificate already exists for this zone.')) {
+        console.log(`This CA certificate already exists for domain ${this.domain}. Continuing...`)
+      } else {
+        throw new Error(`Could not upload CA certificate: ${statusCode}, error: ${JSON.stringify(response)}`)
+      }
     }
   }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nodeart/cloudflare-provisioning",
-  "version": "1.0.5",
+  "version": "1.0.7",
   "description": "",
   "main": "index.js",
   "scripts": {