Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add leaked credentials check feature #3634

Merged
merged 12 commits into from
Nov 21, 2024
3 changes: 3 additions & 0 deletions .changelog/3634.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
leaked_credential_check: add new methods to interact with leaked credential check cloudfare API
```
2 changes: 2 additions & 0 deletions errors.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ const (
errInvalidResourceContainerAccess = "requested resource container (%q) is not supported for this endpoint"
errRequiredAccountLevelResourceContainer = "this endpoint requires using an account level resource container and identifiers"
errRequiredZoneLevelResourceContainer = "this endpoint requires using a zone level resource container and identifiers"
errMissingDetectionID = "required missing detection ID"
)

var (
Expand All @@ -45,6 +46,7 @@ var (

ErrRequiredAccountLevelResourceContainer = errors.New(errRequiredAccountLevelResourceContainer)
ErrRequiredZoneLevelResourceContainer = errors.New(errRequiredZoneLevelResourceContainer)
ErrMissingDetectionID = errors.New(errMissingDetectionID)
)

type ErrorType string
Expand Down
190 changes: 190 additions & 0 deletions leaked_credential_check.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,190 @@
package cloudflare

import (
"context"
"fmt"
"net/http"

"github.com/goccy/go-json"
)

type LeakedCredentialCheckGetStatusParams struct{}

type LeakedCredentialCheckStatus struct {
Enabled bool `json:"enabled"`
jacobbednarz marked this conversation as resolved.
Show resolved Hide resolved
}

type LeakCredentialCheckStatusResponse struct {
Response
Result LeakedCredentialCheckStatus `json:"result"`
}

type LeakCredentialCheckSetStatusParams struct {
Enabled bool `json:"enabled"`
jacobbednarz marked this conversation as resolved.
Show resolved Hide resolved
}

type LeakedCredentialCheckListDetectionsParams struct{}

type LeakedCredentialCheckDetectionEntry struct {
ID string `json:"id"`
Username string `json:"username"`
Password string `json:"password"`
}

type LeakedCredentialCheckListDetectionsResponse struct {
Response
Result []LeakedCredentialCheckDetectionEntry `json:"result"`
}

type LeakedCredentialCheckCreateDetectionParams struct {
Username string `json:"username"`
Password string `json:"password"`
}

type LeakedCredentialCheckCreateDetectionResponse struct {
Response
Result LeakedCredentialCheckDetectionEntry `json:"result"`
}

type LeakedCredentialCheckDeleteDetectionParams struct {
DetectionID string
}

type LeakedCredentialCheckDeleteDetectionResponse struct {
Response
Result []struct{} `json:"result"`
}

type LeakedCredentialCheckUpdateDetectionParams struct {
LeakedCredentialCheckDetectionEntry
}
type LeakedCredentialCheckUpdateDetectionResponse struct {
Response
Result LeakedCredentialCheckDetectionEntry
}

// LeakCredentialCheckGetStatus returns whether Leaked credential check is enabled or not. It is false by default.
//
// API reference: https://developers.cloudflare.com/api/operations/waf-product-api-leaked-credentials-get-status
func (api *API) LeakedCredentialCheckGetStatus(ctx context.Context, rc *ResourceContainer, params LeakedCredentialCheckGetStatusParams) (LeakedCredentialCheckStatus, error) {
if rc.Identifier == "" {
return LeakedCredentialCheckStatus{}, ErrMissingZoneID
}

uri := fmt.Sprintf("/zones/%s/leaked-credential-checks", rc.Identifier)
res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
if err != nil {
return LeakedCredentialCheckStatus{}, err
}
result := LeakCredentialCheckStatusResponse{}
if err := json.Unmarshal(res, &result); err != nil {
return LeakedCredentialCheckStatus{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
}
return result.Result, nil
}

// LeakedCredentialCheckSetStatus enable or disable the Leak Credential Check. Returns the status.
//
// API reference: https://developers.cloudflare.com/api/operations/waf-product-api-leaked-credentials-set-status
func (api *API) LeakedCredentialCheckSetStatus(ctx context.Context, rc *ResourceContainer, params LeakCredentialCheckSetStatusParams) (LeakedCredentialCheckStatus, error) {
if rc.Identifier == "" {
return LeakedCredentialCheckStatus{}, ErrMissingZoneID
}

uri := fmt.Sprintf("/zones/%s/leaked-credential-checks", rc.Identifier)
res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
if err != nil {
return LeakedCredentialCheckStatus{}, err
}
result := LeakCredentialCheckStatusResponse{}
if err := json.Unmarshal(res, &result); err != nil {
return LeakedCredentialCheckStatus{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
}
return result.Result, nil
}

// LeakedCredentialCheckListDetections lists user-defined detection patterns for Leaked Credential Checks.
//
// API reference: https://developers.cloudflare.com/api/operations/waf-product-api-leaked-credentials-list-detections
func (api *API) LeakedCredentialCheckListDetections(ctx context.Context, rc *ResourceContainer, params LeakedCredentialCheckListDetectionsParams) ([]LeakedCredentialCheckDetectionEntry, error) {
if rc.Identifier == "" {
return []LeakedCredentialCheckDetectionEntry{}, ErrMissingZoneID
}

uri := fmt.Sprintf("/zones/%s/leaked-credential-checks/detections", rc.Identifier)
res, err := api.makeRequestContext(ctx, http.MethodGet, uri, params)
if err != nil {
return []LeakedCredentialCheckDetectionEntry{}, err
}
result := LeakedCredentialCheckListDetectionsResponse{}
if err := json.Unmarshal(res, &result); err != nil {
return []LeakedCredentialCheckDetectionEntry{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
}
return result.Result, nil
}

// LeakedCredentialCheckCreateDetection creates user-defined detection pattern for Leaked Credential Checks
//
// API reference: https://developers.cloudflare.com/api/operations/waf-product-api-leaked-credentials-create-detection
func (api *API) LeakedCredentialCheckCreateDetection(ctx context.Context, rc *ResourceContainer, params LeakedCredentialCheckCreateDetectionParams) (LeakedCredentialCheckDetectionEntry, error) {
if rc.Identifier == "" {
return LeakedCredentialCheckDetectionEntry{}, ErrMissingZoneID
}

uri := fmt.Sprintf("/zones/%s/leaked-credential-checks/detections", rc.Identifier)
res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
if err != nil {
return LeakedCredentialCheckDetectionEntry{}, err
}
result := LeakedCredentialCheckCreateDetectionResponse{}
if err := json.Unmarshal(res, &result); err != nil {
return LeakedCredentialCheckDetectionEntry{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
}
return result.Result, nil
}

// LeakedCredentialCheckDeleteDetection removes user-defined detection pattern for Leaked Credential Checks
//
// API reference: https://developers.cloudflare.com/api/operations/waf-product-api-leaked-credentials-delete-detection
func (api *API) LeakedCredentialCheckDeleteDetection(ctx context.Context, rc *ResourceContainer, params LeakedCredentialCheckDeleteDetectionParams) (LeakedCredentialCheckDeleteDetectionResponse, error) {
if rc.Identifier == "" {
return LeakedCredentialCheckDeleteDetectionResponse{}, ErrMissingZoneID
}
if params.DetectionID == "" {
return LeakedCredentialCheckDeleteDetectionResponse{}, ErrMissingDetectionID
}

uri := fmt.Sprintf("/zones/%s/leaked-credential-checks/detections/%s", rc.Identifier, params.DetectionID)
res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
if err != nil {
return LeakedCredentialCheckDeleteDetectionResponse{}, err
}
result := LeakedCredentialCheckDeleteDetectionResponse{}
if err := json.Unmarshal(res, &result); err != nil {
return LeakedCredentialCheckDeleteDetectionResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
}
return result, nil
}

// LeakedCredentialCheckUpdateDetection updates user-defined detection pattern for Leaked Credential Checks. Returns updated detection.
//
// API reference: https://developers.cloudflare.com/api/operations/waf-product-api-leaked-credentials-update-detection
func (api *API) LeakedCredentialCheckUpdateDetection(ctx context.Context, rc *ResourceContainer, params LeakedCredentialCheckUpdateDetectionParams) (LeakedCredentialCheckDetectionEntry, error) {
if rc.Identifier == "" {
return LeakedCredentialCheckDetectionEntry{}, ErrMissingZoneID
}
if params.ID == "" {
return LeakedCredentialCheckDetectionEntry{}, ErrMissingDetectionID
}

uri := fmt.Sprintf("/zones/%s/leaked-credential-checks/detections/%s", rc.Identifier, params.ID)
res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
if err != nil {
return LeakedCredentialCheckDetectionEntry{}, err
}
result := LeakedCredentialCheckUpdateDetectionResponse{}
if err := json.Unmarshal(res, &result); err != nil {
return LeakedCredentialCheckDetectionEntry{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
}
return result.Result, nil
}
Loading
Loading