ADD: Ability to set cloudflare configs in API calls (#29)

* ADD: Ability to override environment variables for CF

Currently, each instance of the application can only use one CF account by setting details in the environment variables.
Now you can define a cloudflare_email and cloudflare_api_key params and they will override the environment variables on each call.

* DEL: console logging that shouldn't be there

* UPDATE: Remove all references to the environment variables

Author: maxehmookau

README.md

@@ -61,7 +61,9 @@ POST /certificate_request
 	"auth_token": "CHOSEN AUTH TOKEN",
 	"domains": ["www.substrakt.com", "substrakt.com"],
 	"zone": "CLOUDFLARE DOMAIN ZONE",
-	"heroku_app_name": "NAME OF HEROKU APP"
+	"heroku_app_name": "NAME OF HEROKU APP",
+	"cloudflare_api_key": "API KEY OF CLOUDFLARE ACCOUNT",
+	"cloudflare_email": "CLOUDFLARE EMAIL ADDRESS"
 }
 ```
 

app.json

@@ -8,12 +8,6 @@
   "website": "https://substrakt.com/",
   "repository": "https://github.com/substrakt/letsencrypt-heroku",
   "env": {
-    "CLOUDFLARE_API_KEY": {
-      "description": "Your CloudFlare API Key."
-    },
-    "CLOUDFLARE_EMAIL": {
-      "description": "The email address for your CloudFlare account."
-    },
     "HEROKU_OAUTH_KEY": {
       "description": "A valid OAuth key to access your Heroku appications."
     },

app.rb

@@ -23,7 +23,7 @@
     status 200
     token = SecureRandom.hex
     $redis.setex("status_#{token}", 3600, "queued")
-    CloudflareChallengeWorker.perform_async(@request_payload["zone"], @request_payload["domains"], token, @request_payload["heroku_app_name"], false)
+    CloudflareChallengeWorker.perform_async(@request_payload["zone"], @request_payload["domains"], token, @request_payload["heroku_app_name"], false, { email: @request_payload['cloudflare_email'], api_key: @request_payload['cloudflare_api_key'] })
     { status: 'queued', uuid: token, url: "#{request.env['rack.url_scheme']}://#{request.env['HTTP_HOST']}/certificate_request/#{token}?auth_token=#{ENV['AUTH_TOKEN']}" }.to_json
   else
     status 422
@@ -56,9 +56,9 @@ def authenticate!
 end
 
 def perform_preflight_check
-  check = PreflightCheck.new(heroku_token: ENV['HEROKU_OAUTH_KEY'], cloudflare_token: ENV['CLOUDFLARE_API_KEY'], cloudflare_email: ENV['CLOUDFLARE_EMAIL'])
+  check = PreflightCheck.new(heroku_token: ENV['HEROKU_OAUTH_KEY'])
 
-  if check.check_cloudflare == false || check.check_heroku == false
-    halt 422, "Could not connect to Heroku or Cloudflare."
+  if check.check_heroku == false
+    halt 422, "Could not connect to Heroku."
   end
 end

lib/cloudflare_challenge.rb

@@ -3,14 +3,11 @@
 
 class CloudflareChallenge
 
-  class NoCloudflareAPIKey < StandardError; end;
-  class NoCloudflareEmail < StandardError; end;
-
-  attr_reader :zone, :domains, :client, :challenges, :token
+  attr_reader :zone, :domains, :client, :challenges, :token, :email, :api_key
 
   def initialize(options = {})
-    raise NoCloudflareAPIKey if ENV['CLOUDFLARE_API_KEY'].blank?
-    raise NoCloudflareEmail  if ENV['CLOUDFLARE_EMAIL'].blank?
+    @email   = options[:email]
+    @api_key = options[:api_key]
 
     @zone    = options[:zone]
     @domains = options[:domains]
@@ -22,7 +19,7 @@ def initialize(options = {})
   end
 
   def create_challenge_records
-    cf = CloudFlare::connection(ENV['CLOUDFLARE_API_KEY'], ENV['CLOUDFLARE_EMAIL'])
+    cf = CloudFlare::connection(@api_key, @email)
     @challenges.each do |challenge|
       cf.rec_new(@zone, 'TXT', "_acme-challenge.#{challenge.domain}", challenge.dns01.record_content, 1)
     end

test/certificate_generator_test.rb

@@ -3,8 +3,6 @@
 class CertificateGeneratorTest < MiniTest::Test
 
   def setup
-    ENV['CLOUDFLARE_API_KEY'] = '547348956734789576'
-    ENV['CLOUDFLARE_EMAIL']   = '[email protected]'
     ENV['CONTACT_EMAIL']      = '[email protected]'
   end
 
@@ -16,6 +14,8 @@ def test_generate_certificate
     VCR.use_cassette('new-certificate-debug') do
       a = CertificateGenerator.new(challenge: CloudflareChallenge.new(zone: 'substrakt.com',
                                                                       domains: ['www.substrakt.com', 'substrakt.com'],
+                                                                      api_key: 'fsdfdsf',
+                                                                      email: '[email protected]',
                                                                       client: AcmeClientRegistration.new(debug: true).client))
       assert_equal Acme::Client::Certificate, a.certificate.class
     end

test/cloudflare_challenge_test.rb

@@ -3,9 +3,7 @@
 class CloudflareChallengeTest < MiniTest::Test
 
   def setup
-    ENV['CLOUDFLARE_API_KEY'] = '547348956734789576'
-    ENV['CLOUDFLARE_EMAIL']   = '[email protected]'
-    ENV['CONTACT_EMAIL']      = '[email protected]'
+    ENV['CONTACT_EMAIL'] = '[email protected]'
   end
 
   def teardown
@@ -16,29 +14,33 @@ def test_create_an_instance
     VCR.use_cassette('acme-new-authz') do
       a = CloudflareChallenge.new(zone: 'substrakt.com',
                                   domains: ['www.substrakt.com', 'substrakt.com'],
+                                  api_key: 'fsdfdsf',
+                                  email: '[email protected]',
                                   client: AcmeClientRegistration.new(debug: true).client)
       assert_equal CloudflareChallenge, a.class
     end
   end
 
-  def test_raise_an_exception_if_CLOUDFLARE_API_KEY_is_missing
+  def test_create_an_instance_with_custom_auth
+    ENV['CLOUDFLARE_EMAIL']   = nil
     ENV['CLOUDFLARE_API_KEY'] = nil
-    assert_raises CloudflareChallenge::NoCloudflareAPIKey do
-      CloudflareChallenge.new
-    end
-  end
-
-  def test_raise_an_exception_if_CLOUDFLARE_EMAIL_is_missing
-    ENV['CLOUDFLARE_EMAIL'] = nil
-    assert_raises CloudflareChallenge::NoCloudflareEmail do
-      CloudflareChallenge.new
+    VCR.use_cassette('acme-new-authz') do
+      a = CloudflareChallenge.new(zone: 'substrakt.com',
+                                  domains: ['www.substrakt.com', 'substrakt.com'],
+                                  api_key: 'fdhsufgdjshfgsd',
+                                  email: '[email protected]',
+                                  client: AcmeClientRegistration.new(debug: true).client)
+      assert_equal '[email protected]', a.email
+      assert_equal 'fdhsufgdjshfgsd', a.api_key
     end
   end
 
   def test_set_zone
     VCR.use_cassette('acme-new-authz') do
       a = CloudflareChallenge.new(zone: 'substrakt.com',
                                   domains: ['www.substrakt.com', 'substrakt.com'],
+                                  api_key: 'fsdfdsf',
+                                  email: '[email protected]',
                                   client: AcmeClientRegistration.new(debug: true).client)
       assert_equal 'substrakt.com', a.zone
     end
@@ -48,6 +50,8 @@ def test_set_domains
     VCR.use_cassette('acme-new-authz') do
       a = CloudflareChallenge.new(zone: 'substrakt.com',
                                   domains: ['www.substrakt.com', 'substrakt.com'],
+                                  api_key: 'fsdfdsf',
+                                  email: '[email protected]',
                                   client: AcmeClientRegistration.new(debug: true).client)
       assert_equal ['www.substrakt.com', 'substrakt.com'], a.domains
     end
@@ -57,6 +61,8 @@ def test_add_challenge_records_to_cloudflare
     VCR.use_cassette('acme-new-authz') do
       a = CloudflareChallenge.new(zone: 'substrakt.com',
                                   domains: ['www.substrakt.com', 'substrakt.com'],
+                                  api_key: 'fsdfdsf',
+                                  email: '[email protected]',
                                   client: AcmeClientRegistration.new(debug: true).client)
       assert_equal ['www.substrakt.com', 'substrakt.com'], a.create_challenge_records
     end
@@ -66,6 +72,8 @@ def test_get_list_of_challenges
     VCR.use_cassette('acme-new-authz') do
       a = CloudflareChallenge.new(zone: 'substrakt.com',
                                   domains: ['www.substrakt.com', 'substrakt.com'],
+                                  api_key: 'fsdfdsf',
+                                  email: '[email protected]',
                                   client: AcmeClientRegistration.new(debug: true).client)
       assert_equal Challenge, a.challenges.first.class
     end
@@ -75,6 +83,8 @@ def test_verification
     VCR.use_cassette('acme-challenge-debug') do
       a = CloudflareChallenge.new(zone: 'substrakt.com',
                                   domains: ['max123.substrakt.com', 'max345.substrakt.com'],
+                                  api_key: 'fsdfdsf',
+                                  email: '[email protected]',
                                   client: AcmeClientRegistration.new(debug: true).client)
       assert_equal true, a.verify
     end

test/logger_test.rb

@@ -20,6 +20,8 @@ def test_log_with_generator
     VCR.use_cassette('new-certificate-debug') do
       a = CertificateGenerator.new(challenge: CloudflareChallenge.new(zone: 'substrakt.com',
                                                                       domains: ['www.substrakt.com', 'substrakt.com'],
+                                                                      api_key: 'fsdfdsf',
+                                                                      email: '[email protected]',
                                                                       client: AcmeClientRegistration.new(debug: true).client))
       assert_equal "[Zone: substrakt.com - Domains: www.substrakt.com, substrakt.com] ----> This is a test message", Logger.log('This is a test message', generator: a)
     end
@@ -29,6 +31,8 @@ def test_a_log_with_generator_should_also_write_to_redis
     VCR.use_cassette('new-certificate-debug') do
       a = CertificateGenerator.new(challenge: CloudflareChallenge.new(zone: 'substrakt.com',
                                                                       token: 'testingtesting',
+                                                                      api_key: 'fsdfdsf',
+                                                                      email: '[email protected]',
                                                                       domains: ['www.substrakt.com', 'substrakt.com'],
                                                                       client: AcmeClientRegistration.new(debug: true).client))
       Logger.log('Test message', generator: a)

test/test_helper.rb

@@ -1,4 +1,5 @@
 ENV['RACK_ENV'] = 'test'
+ENV['ENVIRONMENT'] = 'test'
 require 'minitest/autorun'
 require 'rack/test'
 require 'vcr'

workers/cloudflare_challenge_worker.rb

@@ -10,14 +10,16 @@ class CloudflareChallengeWorker
 
   sidekiq_options :retry => false
 
-  def perform(zone, domains, token, app_name, debug = true)
+  def perform(zone, domains, token, app_name, debug = true, cloudflare = {})
     $redis = Redis.new(url: ENV['REDIS_URL'])
     $redis.setex("status_#{token}", 3600, "started")
     Logger.log("Starting challenge creation on zone: #{zone}, with domains: #{domains}.")
     Logger.log("Debug is #{debug ? 'ON' : 'OFF'}")
     a = CloudflareChallenge.new(zone: zone,
                             domains: domains,
                             token: token,
+                            email: cloudflare["email"],
+                            api_key: cloudflare["api_key"],
                             client: AcmeClientRegistration.new(debug: debug).client)
 
     begin