@nodeart/cloudflare-provisioning 1.0.6 → 1.0.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cloudflare.js +119 -16
- package/package.json +1 -1
package/cloudflare.js
CHANGED
|
@@ -804,22 +804,125 @@ class CloudFlare {
|
|
|
804
804
|
return response
|
|
805
805
|
}
|
|
806
806
|
|
|
807
|
-
async uploadTlsClientAuth ({ clientKey, clientCert, caCert }) {
|
|
808
|
-
|
|
809
|
-
await
|
|
810
|
-
|
|
811
|
-
|
|
812
|
-
|
|
813
|
-
|
|
814
|
-
|
|
815
|
-
|
|
816
|
-
|
|
817
|
-
|
|
818
|
-
|
|
819
|
-
|
|
820
|
-
|
|
821
|
-
|
|
822
|
-
|
|
807
|
+
async uploadTlsClientAuth ({ clientKey, clientCert, caCert, clear }) {
|
|
808
|
+
if (clear) {
|
|
809
|
+
await this.clearCustomCerts()
|
|
810
|
+
}
|
|
811
|
+
|
|
812
|
+
if (clientKey && clientCert && caCert) {
|
|
813
|
+
try {
|
|
814
|
+
await fs.access(clientKey, fs.constants.R_OK)
|
|
815
|
+
await fs.access(clientCert, fs.constants.R_OK)
|
|
816
|
+
await fs.access(caCert, fs.constants.R_OK)
|
|
817
|
+
} catch (e) {
|
|
818
|
+
throw new Error(`Cancelling cert upload for domain ${this.domain}. Cannot access file: ${e?.message}`)
|
|
819
|
+
}
|
|
820
|
+
|
|
821
|
+
const clientKeyContents = await fs.readFile(clientKey, 'utf8')
|
|
822
|
+
const clientCertContents = await fs.readFile(clientCert, 'utf8')
|
|
823
|
+
const caCertContents = await fs.readFile(caCert, 'utf8')
|
|
824
|
+
|
|
825
|
+
await this.uploadCertAndKey(clientCertContents, clientKeyContents)
|
|
826
|
+
await this.uploadCaCert(caCertContents)
|
|
827
|
+
await this.enableTLSClientAuth()
|
|
828
|
+
}
|
|
829
|
+
}
|
|
830
|
+
|
|
831
|
+
async clearCustomCerts () {
|
|
832
|
+
console.log('Initiating certificate clear...')
|
|
833
|
+
const clientCertIds = await this.getClientCerts()
|
|
834
|
+
const caCertIds = await this.getCaCerts()
|
|
835
|
+
|
|
836
|
+
console.log(`Client certificates found: ${clientCertIds?.join(', ')}`)
|
|
837
|
+
console.log(`CA certificates found: ${caCertIds?.join(', ')}`)
|
|
838
|
+
|
|
839
|
+
for (const cert of clientCertIds) {
|
|
840
|
+
try {
|
|
841
|
+
await this.deleteClientCert(cert)
|
|
842
|
+
} catch (e) {
|
|
843
|
+
console.error(`Failed to delete Client cert: ${e?.message}`)
|
|
844
|
+
}
|
|
845
|
+
}
|
|
846
|
+
|
|
847
|
+
for (const cert of caCertIds) {
|
|
848
|
+
try {
|
|
849
|
+
await this.deleteCaCert(cert)
|
|
850
|
+
} catch (e) {
|
|
851
|
+
console.error(`Failed to delete Client cert: ${e?.message}`)
|
|
852
|
+
}
|
|
853
|
+
}
|
|
854
|
+
}
|
|
855
|
+
|
|
856
|
+
async getClientCerts () {
|
|
857
|
+
const url = CLOUDFLARE_API_URL + `zones/${this.zoneId}/origin_tls_client_auth`
|
|
858
|
+
const { statusCode, body } = await request(url, {
|
|
859
|
+
method: 'GET',
|
|
860
|
+
headers: {
|
|
861
|
+
...this.authorizationHeaders,
|
|
862
|
+
'Content-Type': 'application/json'
|
|
863
|
+
}
|
|
864
|
+
})
|
|
865
|
+
const response = await body.json()
|
|
866
|
+
|
|
867
|
+
if (statusCode !== 200) {
|
|
868
|
+
throw new Error(`Could not get client certificate IDs: ${statusCode}, error: ${JSON.stringify(response)}`)
|
|
869
|
+
}
|
|
870
|
+
|
|
871
|
+
return response?.result?.map((cert) => cert?.id) ?? []
|
|
872
|
+
}
|
|
873
|
+
|
|
874
|
+
async getCaCerts () {
|
|
875
|
+
const url = CLOUDFLARE_API_URL + `zones/${this.zoneId}/acm/custom_trust_store`
|
|
876
|
+
const { statusCode, body } = await request(url, {
|
|
877
|
+
method: 'GET',
|
|
878
|
+
headers: {
|
|
879
|
+
...this.authorizationHeaders,
|
|
880
|
+
'Content-Type': 'application/json'
|
|
881
|
+
}
|
|
882
|
+
})
|
|
883
|
+
const response = await body.json()
|
|
884
|
+
|
|
885
|
+
if (statusCode !== 200) {
|
|
886
|
+
throw new Error(`Could not get CA certificate IDs: ${statusCode}, error: ${JSON.stringify(response)}`)
|
|
887
|
+
}
|
|
888
|
+
|
|
889
|
+
return response?.result?.map((cert) => cert?.id) ?? []
|
|
890
|
+
}
|
|
891
|
+
|
|
892
|
+
async deleteClientCert (certId) {
|
|
893
|
+
const url = CLOUDFLARE_API_URL + `zones/${this.zoneId}/origin_tls_client_auth/${certId}`
|
|
894
|
+
const { statusCode, body } = await request(url, {
|
|
895
|
+
method: 'DELETE',
|
|
896
|
+
headers: {
|
|
897
|
+
...this.authorizationHeaders,
|
|
898
|
+
'Content-Type': 'application/json'
|
|
899
|
+
}
|
|
900
|
+
})
|
|
901
|
+
const response = await body.json()
|
|
902
|
+
|
|
903
|
+
if (statusCode !== 200) {
|
|
904
|
+
throw new Error(`Could not delete client certificate ID ${certId}: ${statusCode}, error: ${JSON.stringify(response)}`)
|
|
905
|
+
}
|
|
906
|
+
|
|
907
|
+
console.log(`Deleted client certificate ID ${certId}`)
|
|
908
|
+
}
|
|
909
|
+
|
|
910
|
+
async deleteCaCert (certId) {
|
|
911
|
+
const url = CLOUDFLARE_API_URL + `zones/${this.zoneId}/acm/custom_trust_store/${certId}`
|
|
912
|
+
const { statusCode, body } = await request(url, {
|
|
913
|
+
method: 'DELETE',
|
|
914
|
+
headers: {
|
|
915
|
+
...this.authorizationHeaders,
|
|
916
|
+
'Content-Type': 'application/json'
|
|
917
|
+
}
|
|
918
|
+
})
|
|
919
|
+
const response = await body.json()
|
|
920
|
+
|
|
921
|
+
if (statusCode !== 200) {
|
|
922
|
+
throw new Error(`Could not delete CA certificate ID ${certId}: ${statusCode}, error: ${JSON.stringify(response)}`)
|
|
923
|
+
}
|
|
924
|
+
|
|
925
|
+
console.log(`Deleted CA certificate ID ${certId}`)
|
|
823
926
|
}
|
|
824
927
|
|
|
825
928
|
async uploadCertAndKey (clientCert, clientKey) {
|