skyfffire
/
core-chain


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280
							package cloudflare

import (
	"encoding/json"
	"net/url"
	"strconv"
	"time"

	"github.com/pkg/errors"
)

// AccessRule represents a firewall access rule.
type AccessRule struct {
	ID            string                  `json:"id,omitempty"`
	Notes         string                  `json:"notes,omitempty"`
	AllowedModes  []string                `json:"allowed_modes,omitempty"`
	Mode          string                  `json:"mode,omitempty"`
	Configuration AccessRuleConfiguration `json:"configuration,omitempty"`
	Scope         AccessRuleScope         `json:"scope,omitempty"`
	CreatedOn     time.Time               `json:"created_on,omitempty"`
	ModifiedOn    time.Time               `json:"modified_on,omitempty"`
}

// AccessRuleConfiguration represents the configuration of a firewall
// access rule.
type AccessRuleConfiguration struct {
	Target string `json:"target,omitempty"`
	Value  string `json:"value,omitempty"`
}

// AccessRuleScope represents the scope of a firewall access rule.
type AccessRuleScope struct {
	ID    string `json:"id,omitempty"`
	Email string `json:"email,omitempty"`
	Name  string `json:"name,omitempty"`
	Type  string `json:"type,omitempty"`
}

// AccessRuleResponse represents the response from the firewall access
// rule endpoint.
type AccessRuleResponse struct {
	Result AccessRule `json:"result"`
	Response
	ResultInfo `json:"result_info"`
}

// AccessRuleListResponse represents the response from the list access rules
// endpoint.
type AccessRuleListResponse struct {
	Result []AccessRule `json:"result"`
	Response
	ResultInfo `json:"result_info"`
}

// ListUserAccessRules returns a slice of access rules for the logged-in user.
//
// This takes an AccessRule to allow filtering of the results returned.
//
// API reference: https://api.cloudflare.com/#user-level-firewall-access-rule-list-access-rules
func (api *API) ListUserAccessRules(accessRule AccessRule, page int) (*AccessRuleListResponse, error) {
	return api.listAccessRules("/user", accessRule, page)
}

// CreateUserAccessRule creates a firewall access rule for the logged-in user.
//
// API reference: https://api.cloudflare.com/#user-level-firewall-access-rule-create-access-rule
func (api *API) CreateUserAccessRule(accessRule AccessRule) (*AccessRuleResponse, error) {
	return api.createAccessRule("/user", accessRule)
}

// UserAccessRule returns the details of a user's account access rule.
//
// API reference: https://api.cloudflare.com/#user-level-firewall-access-rule-list-access-rules
func (api *API) UserAccessRule(accessRuleID string) (*AccessRuleResponse, error) {
	return api.retrieveAccessRule("/user", accessRuleID)
}

// UpdateUserAccessRule updates a single access rule for the logged-in user &
// given access rule identifier.
//
// API reference: https://api.cloudflare.com/#user-level-firewall-access-rule-update-access-rule
func (api *API) UpdateUserAccessRule(accessRuleID string, accessRule AccessRule) (*AccessRuleResponse, error) {
	return api.updateAccessRule("/user", accessRuleID, accessRule)
}

// DeleteUserAccessRule deletes a single access rule for the logged-in user and
// access rule identifiers.
//
// API reference: https://api.cloudflare.com/#user-level-firewall-access-rule-update-access-rule
func (api *API) DeleteUserAccessRule(accessRuleID string) (*AccessRuleResponse, error) {
	return api.deleteAccessRule("/user", accessRuleID)
}

// ListZoneAccessRules returns a slice of access rules for the given zone
// identifier.
//
// This takes an AccessRule to allow filtering of the results returned.
//
// API reference: https://api.cloudflare.com/#firewall-access-rule-for-a-zone-list-access-rules
func (api *API) ListZoneAccessRules(zoneID string, accessRule AccessRule, page int) (*AccessRuleListResponse, error) {
	return api.listAccessRules("/zones/"+zoneID, accessRule, page)
}

// CreateZoneAccessRule creates a firewall access rule for the given zone
// identifier.
//
// API reference: https://api.cloudflare.com/#firewall-access-rule-for-a-zone-create-access-rule
func (api *API) CreateZoneAccessRule(zoneID string, accessRule AccessRule) (*AccessRuleResponse, error) {
	return api.createAccessRule("/zones/"+zoneID, accessRule)
}

// ZoneAccessRule returns the details of a zone's access rule.
//
// API reference: https://api.cloudflare.com/#firewall-access-rule-for-a-zone-list-access-rules
func (api *API) ZoneAccessRule(zoneID string, accessRuleID string) (*AccessRuleResponse, error) {
	return api.retrieveAccessRule("/zones/"+zoneID, accessRuleID)
}

// UpdateZoneAccessRule updates a single access rule for the given zone &
// access rule identifiers.
//
// API reference: https://api.cloudflare.com/#firewall-access-rule-for-a-zone-update-access-rule
func (api *API) UpdateZoneAccessRule(zoneID, accessRuleID string, accessRule AccessRule) (*AccessRuleResponse, error) {
	return api.updateAccessRule("/zones/"+zoneID, accessRuleID, accessRule)
}

// DeleteZoneAccessRule deletes a single access rule for the given zone and
// access rule identifiers.
//
// API reference: https://api.cloudflare.com/#firewall-access-rule-for-a-zone-delete-access-rule
func (api *API) DeleteZoneAccessRule(zoneID, accessRuleID string) (*AccessRuleResponse, error) {
	return api.deleteAccessRule("/zones/"+zoneID, accessRuleID)
}

// ListAccountAccessRules returns a slice of access rules for the given
// account identifier.
//
// This takes an AccessRule to allow filtering of the results returned.
//
// API reference: https://api.cloudflare.com/#account-level-firewall-access-rule-list-access-rules
func (api *API) ListAccountAccessRules(accountID string, accessRule AccessRule, page int) (*AccessRuleListResponse, error) {
	return api.listAccessRules("/accounts/"+accountID, accessRule, page)
}

// CreateAccountAccessRule creates a firewall access rule for the given
// account identifier.
//
// API reference: https://api.cloudflare.com/#account-level-firewall-access-rule-create-access-rule
func (api *API) CreateAccountAccessRule(accountID string, accessRule AccessRule) (*AccessRuleResponse, error) {
	return api.createAccessRule("/accounts/"+accountID, accessRule)
}

// AccountAccessRule returns the details of an account's access rule.
//
// API reference: https://api.cloudflare.com/#account-level-firewall-access-rule-access-rule-details
func (api *API) AccountAccessRule(accountID string, accessRuleID string) (*AccessRuleResponse, error) {
	return api.retrieveAccessRule("/accounts/"+accountID, accessRuleID)
}

// UpdateAccountAccessRule updates a single access rule for the given
// account & access rule identifiers.
//
// API reference: https://api.cloudflare.com/#account-level-firewall-access-rule-update-access-rule
func (api *API) UpdateAccountAccessRule(accountID, accessRuleID string, accessRule AccessRule) (*AccessRuleResponse, error) {
	return api.updateAccessRule("/accounts/"+accountID, accessRuleID, accessRule)
}

// DeleteAccountAccessRule deletes a single access rule for the given
// account and access rule identifiers.
//
// API reference: https://api.cloudflare.com/#account-level-firewall-access-rule-delete-access-rule
func (api *API) DeleteAccountAccessRule(accountID, accessRuleID string) (*AccessRuleResponse, error) {
	return api.deleteAccessRule("/accounts/"+accountID, accessRuleID)
}

func (api *API) listAccessRules(prefix string, accessRule AccessRule, page int) (*AccessRuleListResponse, error) {
	// Construct a query string
	v := url.Values{}
	if page <= 0 {
		page = 1
	}
	v.Set("page", strconv.Itoa(page))
	// Request as many rules as possible per page - API max is 100
	v.Set("per_page", "100")
	if accessRule.Notes != "" {
		v.Set("notes", accessRule.Notes)
	}
	if accessRule.Mode != "" {
		v.Set("mode", accessRule.Mode)
	}
	if accessRule.Scope.Type != "" {
		v.Set("scope_type", accessRule.Scope.Type)
	}
	if accessRule.Configuration.Value != "" {
		v.Set("configuration_value", accessRule.Configuration.Value)
	}
	if accessRule.Configuration.Target != "" {
		v.Set("configuration_target", accessRule.Configuration.Target)
	}
	v.Set("page", strconv.Itoa(page))
	query := "?" + v.Encode()

	uri := prefix + "/firewall/access_rules/rules" + query
	res, err := api.makeRequest("GET", uri, nil)
	if err != nil {
		return nil, errors.Wrap(err, errMakeRequestError)
	}

	response := &AccessRuleListResponse{}
	err = json.Unmarshal(res, &response)
	if err != nil {
		return nil, errors.Wrap(err, errUnmarshalError)
	}
	return response, nil
}

func (api *API) createAccessRule(prefix string, accessRule AccessRule) (*AccessRuleResponse, error) {
	uri := prefix + "/firewall/access_rules/rules"
	res, err := api.makeRequest("POST", uri, accessRule)
	if err != nil {
		return nil, errors.Wrap(err, errMakeRequestError)
	}

	response := &AccessRuleResponse{}
	err = json.Unmarshal(res, &response)
	if err != nil {
		return nil, errors.Wrap(err, errUnmarshalError)
	}

	return response, nil
}

func (api *API) retrieveAccessRule(prefix, accessRuleID string) (*AccessRuleResponse, error) {
	uri := prefix + "/firewall/access_rules/rules/" + accessRuleID

	res, err := api.makeRequest("GET", uri, nil)

	if err != nil {
		return nil, errors.Wrap(err, errMakeRequestError)
	}

	response := &AccessRuleResponse{}
	err = json.Unmarshal(res, &response)
	if err != nil {
		return nil, errors.Wrap(err, errUnmarshalError)
	}

	return response, nil
}

func (api *API) updateAccessRule(prefix, accessRuleID string, accessRule AccessRule) (*AccessRuleResponse, error) {
	uri := prefix + "/firewall/access_rules/rules/" + accessRuleID
	res, err := api.makeRequest("PATCH", uri, accessRule)
	if err != nil {
		return nil, errors.Wrap(err, errMakeRequestError)
	}

	response := &AccessRuleResponse{}
	err = json.Unmarshal(res, &response)
	if err != nil {
		return nil, errors.Wrap(err, errUnmarshalError)
	}
	return response, nil
}

func (api *API) deleteAccessRule(prefix, accessRuleID string) (*AccessRuleResponse, error) {
	uri := prefix + "/firewall/access_rules/rules/" + accessRuleID
	res, err := api.makeRequest("DELETE", uri, nil)
	if err != nil {
		return nil, errors.Wrap(err, errMakeRequestError)
	}

	response := &AccessRuleResponse{}
	err = json.Unmarshal(res, &response)
	if err != nil {
		return nil, errors.Wrap(err, errUnmarshalError)
	}

	return response, nil
}