Hithomelabs/CFTunnels
8
0
Fork 4
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Hithomelabs:main
Branches Tags
Hithomelabs:main
Hithomelabs:test
Hithomelabs:ingress
hitanshu:ISSUE-114
hitanshu:feature/approve-reject-request
hitanshu:feature/api_design_refactor
hitanshu:feature/swagger-oauth-env-config
hitanshu:ISSUE-33
hitanshu:ISSUE-44
hitanshu:ISSUE-43
hitanshu:prod_deploy
hitanshu:workflows
hitanshu:oidc
hitanshu:tags
hitanshu:test
hitanshu:profiles
hitanshu:open-api
hitanshu:docker_compose
hitanshu:ingress
hitanshu:ci
hitanshu:main
Hithomelabs:0.21.0
Hithomelabs:0.20.4
Hithomelabs:0.20.3
Hithomelabs:0.20.2
Hithomelabs:0.20.1
Hithomelabs:0.20.0
Hithomelabs:0.19.0
Hithomelabs:0.18.5
Hithomelabs:0.18.4
Hithomelabs:0.18.3
Hithomelabs:0.18.2
Hithomelabs:0.18.1
Hithomelabs:0.18.0
Hithomelabs:0.17.1
Hithomelabs:0.17.0
Hithomelabs:0.16.11
Hithomelabs:0.16.10
Hithomelabs:0.16.9
Hithomelabs:0.16.8
Hithomelabs:0.16.7
Hithomelabs:0.16.6
Hithomelabs:0.16.5
Hithomelabs:0.16.4
Hithomelabs:0.16.3
Hithomelabs:0.16.2
Hithomelabs:0.16.1
Hithomelabs:0.16.0
Hithomelabs:0.15.1
Hithomelabs:0.15.0
Hithomelabs:0.13.2
Hithomelabs:0.14.0
Hithomelabs:0.13.1
Hithomelabs:0.13.0
Hithomelabs:0.12.1
Hithomelabs:0.12.0
Hithomelabs:0.11.1
Hithomelabs:0.11.0
Hithomelabs:0.10.6
Hithomelabs:0.10.5
Hithomelabs:0.10.4
Hithomelabs:0.10.3
Hithomelabs:0.10.2
Hithomelabs:0.10.1
Hithomelabs:0.10.0
Hithomelabs:0.9.1
Hithomelabs:0.9.0
Hithomelabs:0.8.1
Hithomelabs:0.8.0
Hithomelabs:0.7.1
Hithomelabs:0.7.0
Hithomelabs:0.6.2
Hithomelabs:0.6.1
Hithomelabs:0.6.0
Hithomelabs:0.5.2
Hithomelabs:0.5.1
Hithomelabs:0.5.0
Hithomelabs:0.4.1
Hithomelabs:0.4.0
Hithomelabs:0.3.17
Hithomelabs:0.3.16
Hithomelabs:0.3.15
Hithomelabs:0.3.14
Hithomelabs:0.3.13
Hithomelabs:0.3.12
Hithomelabs:0.3.11
Hithomelabs:0.3.10
Hithomelabs:0.3.9
Hithomelabs:0.3.8
Hithomelabs:0.3.7
Hithomelabs:0.3.6
Hithomelabs:0.3.5
Hithomelabs:0.3.4
..
compare: hitanshu:docker_compose
Branches Tags
hitanshu:ISSUE-114
hitanshu:feature/approve-reject-request
hitanshu:feature/api_design_refactor
hitanshu:feature/swagger-oauth-env-config
hitanshu:ISSUE-33
hitanshu:ISSUE-44
hitanshu:ISSUE-43
hitanshu:prod_deploy
hitanshu:workflows
hitanshu:oidc
hitanshu:tags
hitanshu:test
hitanshu:profiles
hitanshu:open-api
hitanshu:docker_compose
hitanshu:ingress
hitanshu:ci
hitanshu:main
Hithomelabs:main
Hithomelabs:test
Hithomelabs:ingress
Hithomelabs:0.21.0
Hithomelabs:0.20.4
Hithomelabs:0.20.3
Hithomelabs:0.20.2
Hithomelabs:0.20.1
Hithomelabs:0.20.0
Hithomelabs:0.19.0
Hithomelabs:0.18.5
Hithomelabs:0.18.4
Hithomelabs:0.18.3
Hithomelabs:0.18.2
Hithomelabs:0.18.1
Hithomelabs:0.18.0
Hithomelabs:0.17.1
Hithomelabs:0.17.0
Hithomelabs:0.16.11
Hithomelabs:0.16.10
Hithomelabs:0.16.9
Hithomelabs:0.16.8
Hithomelabs:0.16.7
Hithomelabs:0.16.6
Hithomelabs:0.16.5
Hithomelabs:0.16.4
Hithomelabs:0.16.3
Hithomelabs:0.16.2
Hithomelabs:0.16.1
Hithomelabs:0.16.0
Hithomelabs:0.15.1
Hithomelabs:0.15.0
Hithomelabs:0.13.2
Hithomelabs:0.14.0
Hithomelabs:0.13.1
Hithomelabs:0.13.0
Hithomelabs:0.12.1
Hithomelabs:0.12.0
Hithomelabs:0.11.1
Hithomelabs:0.11.0
Hithomelabs:0.10.6
Hithomelabs:0.10.5
Hithomelabs:0.10.4
Hithomelabs:0.10.3
Hithomelabs:0.10.2
Hithomelabs:0.10.1
Hithomelabs:0.10.0
Hithomelabs:0.9.1
Hithomelabs:0.9.0
Hithomelabs:0.8.1
Hithomelabs:0.8.0
Hithomelabs:0.7.1
Hithomelabs:0.7.0
Hithomelabs:0.6.2
Hithomelabs:0.6.1
Hithomelabs:0.6.0
Hithomelabs:0.5.2
Hithomelabs:0.5.1
Hithomelabs:0.5.0
Hithomelabs:0.4.1
Hithomelabs:0.4.0
Hithomelabs:0.3.17
Hithomelabs:0.3.16
Hithomelabs:0.3.15
Hithomelabs:0.3.14
Hithomelabs:0.3.13
Hithomelabs:0.3.12
Hithomelabs:0.3.11
Hithomelabs:0.3.10
Hithomelabs:0.3.9
Hithomelabs:0.3.8
Hithomelabs:0.3.7
Hithomelabs:0.3.6
Hithomelabs:0.3.5
Hithomelabs:0.3.4

No commits in common. "main" and "docker_compose" have entirely different histories.
main ... docker_com

56 changed files with 211 additions and 3172 deletions
Show Stats Expand all files Collapse all files

26
.gitea/workflows/integration_test.yaml
View File

@ -1,26 +0,0 @@
name: Daily cloudflare API integration test
on:
push:
branches: [ main ]
schedule:
- cron: '0 */12 * * *' # Every hour
workflow_dispatch:
jobs:
cloudflare-api-test:
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: JDK setup
uses: actions/setup-java@v4
with:
distribution: 'zulu'
java-version: '17'
- name: Run integration tests with Cloudflare API
env:
SPRING_PROFILES_ACTIVE: integration
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
CLOUDFLARE_API_KEY: ${{ secrets.CLOUDFLARE_API_KEY }}
CLOUDFLARE_EMAIL: hitanshu98@gmail.com
run: ./gradlew integrationTestOnly

57
.gitea/workflows/prod_image_tag_promote.yaml
View File

@ -1,57 +0,0 @@
name: Promote image with tag test to prod
run-name: Build started by $ {{gitea.actor}}
on:
push:
branches: [main]
jobs:
tag:
runs-on: ubuntu-latest
outputs:
new_version: ${{ steps.new_version.outputs.new_version }}
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get new version
id: new_version
run: |
VERSION=$(git describe --tags --abbrev=0)
echo ${VERSION}
MAJOR=$(echo ${VERSION} | cut -d "." -f 1)
MINOR=$(echo ${VERSION} | cut -d "." -f 2)
PATCH=0
NEW_MINOR=$(( ${MINOR} + 1))
echo ${NEW_MINOR}
echo "new_version=$(echo "${MAJOR}.${NEW_MINOR}.${PATCH}")" >> $GITHUB_OUTPUT
build_tag_push:
runs-on: ubuntu-latest
needs: tag
container:
image: catthehacker/ubuntu:act-latest
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Create and push tag
run: |
echo "NEW_VERSION=${{ needs.tag.outputs.new_version }}"
git config --global user.name "${{gitea.actor}}"
git config --global user.email "${{ gitea.actor }}@users.noreply.github.com"
git tag -a ${{ needs.tag.outputs.new_version }} -m "Pushing new version ${{ needs.tag.outputs.new_version }}"
git push origin ${{ needs.tag.outputs.new_version }}
- name: Log in to Gitea Docker Registry
uses: docker/login-action@v3
with:
registry: 'http://192.168.0.100:8928'
username: hitanshu
password: ${{ secrets.TOKEN }}
- name: Tag prod image
run: |
docker tag 192.168.0.100:8928/hithomelabs/cftunnels:test 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }}
docker tag 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }} 192.168.0.100:8928/hithomelabs/cftunnels:prod
- name: Push to Gitea Registry
run: |
docker push 192.168.0.100:8928/hithomelabs/cftunnels:prod
docker push 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }}

2
.gitea/workflows/test_build.yml
View File

@ -17,4 +17,4 @@ jobs:
- name: Validate Gradle Wrapper - name: Validate Gradle Wrapper
uses: gradle/actions/wrapper-validation@v3 uses: gradle/actions/wrapper-validation@v3
- name: Gradle build - name: Gradle build
run: ./gradlew build --info run: ./gradlew build --debug

46
.gitea/workflows/test_image_build_push.yml
View File

@ -1,41 +1,15 @@
name: sample gradle build and test name: sample gradle build and test
run-name: Build started by ${{ gitea.actor }} run-name: Build started by $ {{gitea.actor}}
on: on:
push: push:
branches: [test] branches: [test]
jobs: build:
tag:
runs-on: ubuntu-latest runs-on: ubuntu-latest
outputs:
new_version: ${{ steps.new_version.outputs.new_version }}
steps:
- name: Check out repository code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get new version
id: new_version
run: |
VERSION=$(git describe --tags --abbrev=0)
echo "Current version: ${VERSION}"
MAJOR=$(echo ${VERSION} | cut -d "." -f 1)
MINOR=$(echo ${VERSION} | cut -d "." -f 2)
PATCH=$(echo ${VERSION} | cut -d "." -f 3)
NEW_PATCH=$((PATCH + 1))
NEW_VERSION="${MAJOR}.${MINOR}.${NEW_PATCH}"
echo "New version: ${NEW_VERSION}"
echo "new_version=${NEW_VERSION}" >> $GITHUB_OUTPUT
build_tag_push:
runs-on: ubuntu-latest
needs: tag
container: container:
image: catthehacker/ubuntu:act-latest image: catthehacker/ubuntu:act-latest
steps: steps:
- name: Check out repository code - name: Check out repository code
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
fetch-depth: 0
- name: JDK setup - name: JDK setup
uses: actions/setup-java@v4 uses: actions/setup-java@v4
with: with:
@ -43,13 +17,6 @@ jobs:
java-version: '17' java-version: '17'
- name: Validate Gradle Wrapper - name: Validate Gradle Wrapper
uses: gradle/actions/wrapper-validation@v3 uses: gradle/actions/wrapper-validation@v3
- name: Create and push tag
run: |
echo "New version: ${{ needs.tag.outputs.new_version }}"
git config --global user.name "${{ gitea.actor }}"
git config --global user.email "${{ gitea.actor }}@users.noreply.github.com"
git tag -a "${{ needs.tag.outputs.new_version }}" -m "Pushing new version ${{ needs.tag.outputs.new_version }}"
git push origin "${{ needs.tag.outputs.new_version }}"
- name: Log in to Gitea Docker Registry - name: Log in to Gitea Docker Registry
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
@ -57,11 +24,6 @@ jobs:
username: hitanshu username: hitanshu
password: ${{ secrets.TOKEN }} password: ${{ secrets.TOKEN }}
- name: Gradle build - name: Gradle build
run: ./gradlew bootBuildImage --imageName=192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }} run: ./gradlew bootBuildImage --imageName=192.168.0.100:8928/hithomelabs/cftunnels:test
- name: Tag image as test
run: docker tag 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }} 192.168.0.100:8928/hithomelabs/cftunnels:test
- name: Push to Gitea Registry - name: Push to Gitea Registry
run: | run: docker push 192.168.0.100:8928/hithomelabs/cftunnels:test
docker push 192.168.0.100:8928/hithomelabs/cftunnels:test
docker push 192.168.0.100:8928/hithomelabs/cftunnels:${{ needs.tag.outputs.new_version }}

3
.gitignore vendored
View File

@ -1,12 +1,9 @@
HELP.md HELP.md
.gradle .gradle
.run
build/ build/
.env*
!gradle/wrapper/gradle-wrapper.jar !gradle/wrapper/gradle-wrapper.jar
!**/src/main/**/build/ !**/src/main/**/build/
!**/src/test/**/build/ !**/src/test/**/build/
CFTunnels/
### STS ### ### STS ###
.apt_generated .apt_generated

11
CFTunnels/Get tunnels.bru Normal file
View File

@ -0,0 +1,11 @@
meta {
name: Get tunnels
type: http
seq: 4
}
get {
url: {{base_url}}cloudflare/tunnels
body: none
auth: none
}

11
CFTunnels/Tunnel.bru Normal file
View File

@ -0,0 +1,11 @@
meta {
name: Tunnel
type: http
seq: 5
}
get {
url: {{base_url}}cloudflare/tunnel/{{tunnel_id}}
body: none
auth: none
}

19
CFTunnels/Write ingress.bru Normal file
View File

@ -0,0 +1,19 @@
meta {
name: Write ingress
type: http
seq: 2
}
put {
url: {{base_url}}cloudflare/tunnel/{{tunnel_id}}/add
body: json
auth: none
}
body:json {
{
"service": "http://192.168.0.100:3457",
"hostname": "random.hithomelabs.com",
"originRequest": {}
}
}

9
CFTunnels/bruno.json Normal file
View File

@ -0,0 +1,9 @@
{
"version": "1",
"name": "CFTunnels",
"type": "collection",
"ignore": [
"node_modules",
".git"
]
}

19
CFTunnels/delete mapping.bru Normal file
View File

@ -0,0 +1,19 @@
meta {
name: delete mapping
type: http
seq: 3
}
put {
url: {{base_url}}cloudflare/tunnel/{{tunnel_id}}/delete
body: json
auth: none
}
body:json {
{
"service": "http://192.168.0.100:6000",
"hostname": "random.hithomelabs.com",
"originRequest": {}
}
}

4
CFTunnels/environments/CFTunnels Local.bru Normal file
View File

@ -0,0 +1,4 @@
vars {
tunnel_id: 50df9101-f625-4618-b7c5-100338a57124
base_url: http://localhost:8080/
}

4
CFTunnels/environments/CFTunnels.bru Normal file
View File

@ -0,0 +1,4 @@
vars {
tunnel_id: 50df9101-f625-4618-b7c5-100338a57124
base_url: https://testcf.hithomelabs.com/
}

186
README.md
View File

@ -1,186 +0,0 @@
# CFTunnels - Cloudflare Tunnels Management API
> **Note**: All pull requests should be raised against the `test` branch.
A Spring Boot REST API for managing Cloudflare Tunnels with ingress mappings and an approval workflow.
## Overview
CFTunnels provides a programmatic way to manage Cloudflare Tunnel configurations, allowing teams to:
- View and manage Cloudflare Tunnels
- Add, modify, and delete ingress mappings
- Request mapping changes through an approval workflow
- Track tunnel configurations locally
## Features
- **Tunnel Management**: Create, update, and delete Cloudflare tunnels
- **Ingress Mappings**: Add custom ingress rules to tunnel configurations
- **Approval Workflow**: Request/approve/reject mapping changes
- **Security**: OIDC-based authentication with role-based access
- **API Documentation**: OpenAPI/Swagger documentation
## Technology Stack
- Java 17
- Spring Boot 3.x
- Spring Data JPA
- Spring Security with OIDC
- H2 Database (configurable for PostgreSQL)
- Cloudflare API v4
## Prerequisites
- Java 17 or higher
- Cloudflare account with API key
- OIDC provider (e.g., Google, Okta, Auth0)
## Configuration
Copy `.env.example` to `.env` and configure:
```bash
cp .env.example .env
```
### Required Environment Variables
| Variable | Description |
|---------|-------------|
| `CLOUDFLARE_ACCOUNT_ID` | Cloudflare Account ID |
| `CLOUDFLARE_API_KEY` | Cloudflare API Key |
| `CLOUDFLARE_EMAIL` | Cloudflare account email |
| `SPRING_PROFILES_ACTIVE` | Environment (local, dev, prod) |
### Security Configuration
OIDC settings in `application.properties`:
```properties
spring.security.oauth2.client.registration.<provider>.client-id=your-client-id
spring.security.oauth2.client.registration.<provider>.client-secret=your-client-secret
spring.security.oauth2.client.provider.<provider>.issuer-uri=https://your-oidc-provider
```
## Running Locally
### Using Gradle
```bash
./gradlew bootRun
```
### Using Docker
```bash
docker-compose up --build
```
The API will be available at `http://localhost:8080`
## API Documentation
Once running, access:
- **Swagger UI**: `http://localhost:8080/swagger-ui.html`
- **OpenAPI JSON**: `http://localhost:8080/v3/api-docs`
## API Endpoints
### Base URL: `/cloudflare`
| Method | Endpoint | Description | Required Role |
|--------|----------|-------------|---------------|
| GET | `/whoami` | Get current user info | USER |
| GET | `/tunnels` | List all Cloudflare tunnels | USER |
| GET | `/configured/tunnels` | List locally configured tunnels | USER |
| GET | `/requests` | List all mapping requests | USER |
| GET | `/tunnels/{tunnelId}/mappings` | Get tunnel configuration | DEVELOPER |
| POST | `/tunnels/{tunnelId}/mappings` | Add ingress mapping | ADMIN |
| DELETE | `/tunnels/{tunnelId}/mappings` | Delete ingress mapping | DEVELOPER |
| POST | `/tunnels/configure/{tunnelId}/requests` | Create mapping request | DEVELOPER |
| PUT | `/requests/{requestId}/approve` | Approve mapping request | APPROVER |
| PUT | `/requests/{requestId}/reject` | Reject mapping request | APPROVER |
| PUT | `/tunnels/configure/{tunnelId}` | Configure tunnel for environment | ADMIN |
## Role-Based Access
| Role | Permissions |
|------|-------------|
| USER | View tunnels and requests |
| DEVELOPER | Create/modify/delete mappings, create requests |
| APPROVER | Approve/reject requests |
| ADMIN | Full access including tunnel configuration |
## Example Usage
### List all tunnels
```bash
curl -H "Authorization: Bearer $TOKEN" \
http://localhost:8080/cloudflare/tunnels
```
### Add an ingress mapping
```bash
curl -X POST \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"hostname": "api.example.com",
"service": "http://localhost:8080",
"originRequest": {"noTLSVerify": true}
}' \
http://localhost:8080/cloudflare/tunnels/{tunnelId}/mappings
```
## Project Structure
```
CFTunnels/
├── src/main/java/com/hithomelabs/CFTunnels/
│ ├── CfTunnelsApplication.java # Main application
│ ├── Config/ # Configuration classes
│ ├── Controllers/ # REST controllers
│ │ └── TunnelController.java # Main API controller
│ ├── Entity/ # JPA entities
│ │ ├── Mapping.java # Ingress mapping
│ │ ├── Protocol.java # Protocol enum
│ │ ├── Request.java # Mapping request
│ │ ├── Tunnel.java # Tunnel entity
│ │ └── User.java # User entity
│ ├── Models/ # DTOs
│ ├── Repositories/ # JPA repositories
│ └── Services/ # Business logic
│ ├── CloudflareAPIService.java # Cloudflare API
│ └── MappingRequestService.java # Request workflow
└── src/main/resources/
├── application.properties # Main config
└── schema.sql # Database schema
```
## Testing
Run tests with:
```bash
./gradlew test
```
Run integration tests:
```bash
./gradlew integrationTest
```
## License
Private - All rights reserved
## References
- [Cloudflare Tunnel Documentation](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/)
- [Cloudflare API v4](https://api.cloudflare.com/)
- [Spring Boot Documentation](https://docs.spring.io/spring-boot/docs/current/reference/)

35
build.gradle
View File

@ -13,48 +13,15 @@ java {
} }
} }
test {
systemProperty 'spring.profiles.active', 'ci'
useJUnitPlatform {
excludeTags 'integration'
}
testLogging {
events "passed", "skipped", "failed", "standardOut", "standardError"
exceptionFormat "full" // shows full stack trace
showStandardStreams = true // shows println/log output
}
}
tasks.register('integrationTestOnly', Test) {
useJUnitPlatform {
includeTags 'integration'
}
description = 'Runs only integration tests tagged with @Tag("integration")'
group = 'verification'
testLogging {
events "passed", "skipped", "failed"
exceptionFormat "full"
showStandardStreams = true
}
}
repositories { repositories {
mavenCentral() mavenCentral()
} }
dependencies { dependencies {
implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: '2.8.5' implementation group: 'org.springdoc', name: 'springdoc-openapi-starter-webmvc-ui', version: '2.0.3'
implementation group: 'org.springframework.boot', name:'spring-boot-starter-oauth2-client', version: '3.5.5'
implementation 'org.springframework.boot:spring-boot-starter-web' implementation 'org.springframework.boot:spring-boot-starter-web'
compileOnly 'org.projectlombok:lombok:1.18.30'
annotationProcessor 'org.projectlombok:lombok:1.18.30'
testImplementation 'org.springframework.boot:spring-boot-starter-test' testImplementation 'org.springframework.boot:spring-boot-starter-test'
testImplementation 'org.springframework.security:spring-security-test'
testRuntimeOnly 'org.junit.platform:junit-platform-launcher' testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
runtimeOnly 'org.postgresql:postgresql'
implementation 'org.hibernate.validator:hibernate-validator'
runtimeOnly 'com.h2database:h2'
} }
tasks.named('test') { tasks.named('test') {

24
docker-compose.yaml
View File

@ -2,31 +2,11 @@ services:
app: app:
image: gitea.hithomelabs.com/hithomelabs/cftunnels:${ENV} image: gitea.hithomelabs.com/hithomelabs/cftunnels:${ENV}
container_name: cftunnels_${ENV} container_name: cftunnels_${ENV}
ports:
- ${HOST_PORT}:8080
environment: environment:
- CLOUDFLARE_ACCOUNT_ID=${CLOUDFLARE_ACCOUNT_ID} - CLOUDFLARE_ACCOUNT_ID=${CLOUDFLARE_ACCOUNT_ID}
- CLOUDFLARE_API_KEY=${CLOUDFLARE_API_KEY} - CLOUDFLARE_API_KEY=${CLOUDFLARE_API_KEY}
- CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL} - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
- ENV=${ENV} - ENV=${ENV}
- OAUTH_CLIENT_ID=${OAUTH_CLIENT_ID}
- OAUTH_CLIENT_SECRET=${OAUTH_CLIENT_SECRET}
- HOST_PORT=${HOST_PORT}
- POSTGRES_USER=${POSTGRES_USERNAME}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- SWAGGER_OAUTH_CLIENT_ID=${SWAGGER_OAUTH_CLIENT_ID}
env_file:
- stack.env
restart: unless-stopped
postgres:
image: postgres:15-alpine
container_name: cftunnel-db-${ENV}
environment:
POSTGRES_DB: cftunnel
POSTGRES_USER: ${POSTGRES_USERNAME}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
restart: unless-stopped
ports: ports:
- "${DB_PORT}:5432" - 5002:8080
volumes: restart: unless-stopped
- ${DB_PATH}:/var/lib/postgresql/data

1
settings.gradle Normal file
View File

@ -0,0 +1 @@
rootProject.name = 'CFTunnels'

36
src/main/java/com/hithomelabs/CFTunnels/CfTunnelsApplication.java
View File

@ -2,44 +2,10 @@ package com.hithomelabs.CFTunnels;
import org.springframework.boot.SpringApplication; import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.SpringBootApplication;
/**
* Main Spring Boot application class for Cloudflare Tunnels API.
*
* <p>This application provides a RESTful API for managing Cloudflare Tunnels,
* allowing users to create tunnel mappings to services with an approval workflow.</p>
*
* <p><b>Features:</b></p>
* <ul>
* <li>Create, update, and delete Cloudflare tunnels</li>
* <li>Add ingress mappings to tunnels</li>
* <li>Request/approval workflow for mapping changes</li>
* <li>OIDC-based authentication with role-based access</li>
* </ul>
*
* <p><b>Technology Stack:</b></p>
* <ul>
* <li>Java 17</li>
* <li>Spring Boot 3.x</li>
* <li>Spring Data JPA</li>
* <li>Spring Security with OIDC</li>
* <li>H2 Database (configurable for PostgreSQL)</li>
* <li>Cloudflare API</li>
* </ul>
*
* <p>Access the API documentation at:
* {@code /swagger-ui.html} for the Swagger/OpenAPI UI</p>
*
* @see <a href="https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-negative">Cloudflare Tunnel Documentation</a>
* @since 1.0.0
*/
@SpringBootApplication @SpringBootApplication
public class CfTunnelsApplication { public class CfTunnelsApplication {
/**
* Main entry point for the application.
*
* @param args command line arguments passed to the application
*/
public static void main(String[] args) { public static void main(String[] args) {
SpringApplication.run(CfTunnelsApplication.class, args); SpringApplication.run(CfTunnelsApplication.class, args);
} }

28
src/main/java/com/hithomelabs/CFTunnels/Config/AuthoritiesToGroupMapping.java
View File

@ -1,28 +0,0 @@
package com.hithomelabs.CFTunnels.Config;
import com.hithomelabs.CFTunnels.Models.Authorities;
import com.hithomelabs.CFTunnels.Models.Groups;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
@Configuration
public class AuthoritiesToGroupMapping {
public Map<String, Set<GrantedAuthority>> getAuthorityForGroup(){
HashMap<String, Set<GrantedAuthority>> mappings = new HashMap<>();
mappings.put(Groups.GITEA_USER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_USER))));
mappings.put(Groups.POWER_USER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_USER))));
mappings.put(Groups.HOMELAB_DEVELOPER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_DEVELOPER))));
mappings.put(Groups.SYSTEM_ADMIN, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_APPROVER), new SimpleGrantedAuthority(Authorities.ROLE_ADMIN))));
return mappings;
}
}

36
src/main/java/com/hithomelabs/CFTunnels/Config/CloudflareConfig.java
View File

@ -3,47 +3,11 @@ package com.hithomelabs.CFTunnels.Config;
import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
/**
* Configuration class for Cloudflare API credentials.
*
* <p>Loads Cloudflare configuration from application properties
* using the {@code cloudflare.*} prefix.</p>
*
* <p><b>Example configuration in application.properties:</b></p>
* <pre>
* cloudflare.account-id=your-account-id
* cloudflare.api-key=your-api-key
* cloudflare.email=your@email.com
* </pre>
*
* @see <a href="https://api.cloudflare.com/">Cloudflare API Documentation</a>
*/
@Configuration @Configuration
@ConfigurationProperties(prefix = "cloudflare") @ConfigurationProperties(prefix = "cloudflare")
public class CloudflareConfig { public class CloudflareConfig {
/**
* Cloudflare account ID.
*
* <p>Found in the Cloudflare Dashboard under
* Overview > Account ID</p>
*/
private String accountId; private String accountId;
/**
* Cloudflare API Key.
*
* <p>Generated in Cloudflare Dashboard under
* Profile > API Tokens > Global API Key</p>
*/
private String apiKey; private String apiKey;
/**
* Cloudflare account email.
*
* <p>The email address associated with your
* Cloudflare account.</p>
*/
private String email; private String email;
// Getters and Setters // Getters and Setters

45
src/main/java/com/hithomelabs/CFTunnels/Config/CustomOidcUserConfiguration.java
View File

@ -1,45 +0,0 @@
package com.hithomelabs.CFTunnels.Config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
@Configuration
public class CustomOidcUserConfiguration extends OidcUserService {
@Autowired
AuthoritiesToGroupMapping authoritiesToGroupMapping;
@Override
public OidcUser loadUser(OidcUserRequest userRequest) {
// * * Delegate to the default implementation for loading user and claims
OidcUser oidcUser = super.loadUser(userRequest);
// * * Copy existing authorities (e.g. scopes authorities)
Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
// * * Extract your custom claim (change "roles" to your claim name)
List<String> groups = oidcUser.getClaimAsStringList("groups");
if (groups != null) {
groups.forEach(group ->
mappedAuthorities.addAll(authoritiesToGroupMapping.getAuthorityForGroup().get(group))
);
}
// * * Return a new DefaultOidcUser with merged authorities
return new DefaultOidcUser(
mappedAuthorities,
oidcUser.getIdToken(),
oidcUser.getUserInfo()
);
}
}

54
src/main/java/com/hithomelabs/CFTunnels/Config/OpenApiConfig.java
View File

@ -1,54 +0,0 @@
package com.hithomelabs.CFTunnels.Config;
import io.swagger.v3.oas.models.Components;
import io.swagger.v3.oas.models.OpenAPI;
import io.swagger.v3.oas.models.security.*;
import io.swagger.v3.oas.models.servers.Server;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import java.util.ArrayList;
@Configuration
@Profile("!integration")
public class OpenApiConfig {
@Value("${api.baseUrl}")
private String baseUrl;
@Value("${springdoc.swagger-ui.oauth.authorization-url}")
private String authorizationUri;
@Value("${springdoc.swagger-ui.oauth.token-url}")
private String tokenUri;
@Bean
public OpenAPI openAPI() {
Server httpsServer = new Server().url(baseUrl);
OpenAPI openApi = new OpenAPI();
ArrayList<Server> servers = new ArrayList<>();
servers.add(httpsServer);
openApi.setServers(servers);
openApi.addSecurityItem(new SecurityRequirement().addList("oidcAuth"))
.components(new Components()
.addSecuritySchemes("oidcAuth",
new SecurityScheme()
.type(SecurityScheme.Type.OAUTH2)
.flows(new OAuthFlows()
.authorizationCode(new OAuthFlow()
.authorizationUrl(authorizationUri)
.tokenUrl(tokenUri)
.scopes(new Scopes()
.addString("openid", "OpenID scope")
.addString("profile", "OpenID profile")
.addString("email", "OpenID email"))
)
)
)
)
.addSecurityItem(new SecurityRequirement().addList("oidcAuth"));
return openApi;
}
}

41
src/main/java/com/hithomelabs/CFTunnels/Config/Security/SecuirtyConfig.java
View File

@ -1,41 +0,0 @@
package com.hithomelabs.CFTunnels.Config.Security;
import com.hithomelabs.CFTunnels.Config.CustomOidcUserConfiguration;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
@EnableMethodSecurity(
prePostEnabled = true,
securedEnabled = true,
jsr250Enabled = true
)
public class SecuirtyConfig {
@Autowired
private CustomOidcUserConfiguration customOidcUserConfiguration;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(auth -> auth
//.requestMatchers( "/v3/api-docs/**", "/swagger-ui/**", "/swagger-ui.html" ).permitAll()
.anyRequest().authenticated()
).csrf(csrf -> csrf.disable())
.with(new OAuth2LoginConfigurer<>(),
oauth2 -> oauth2.userInfoEndpoint(u -> u.oidcUserService(customOidcUserConfiguration)));
return http.build();
}
}

375
src/main/java/com/hithomelabs/CFTunnels/Controllers/TunnelController.java
View File

@ -1,84 +1,30 @@
package com.hithomelabs.CFTunnels.Controllers; package com.hithomelabs.CFTunnels.Controllers;
import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.core.JsonProcessingException;
import com.hithomelabs.CFTunnels.Config.AuthoritiesToGroupMapping; import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.hithomelabs.CFTunnels.Config.CloudflareConfig; import com.hithomelabs.CFTunnels.Config.CloudflareConfig;
import com.hithomelabs.CFTunnels.Config.RestTemplateConfig; import com.hithomelabs.CFTunnels.Config.RestTemplateConfig;
import com.hithomelabs.CFTunnels.Entity.Request;
import com.hithomelabs.CFTunnels.Entity.Tunnel;
import com.hithomelabs.CFTunnels.Entity.User;
import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader; import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
import com.hithomelabs.CFTunnels.Models.Config; import com.hithomelabs.CFTunnels.Models.Config;
import com.hithomelabs.CFTunnels.Models.Ingress; import com.hithomelabs.CFTunnels.Models.Ingress;
import com.hithomelabs.CFTunnels.Models.TunnelResponse; import com.hithomelabs.CFTunnels.Models.TunnelResponse;
import com.hithomelabs.CFTunnels.Models.TunnelsResponse;
import com.hithomelabs.CFTunnels.Repositories.UserRepository;
import com.hithomelabs.CFTunnels.Services.CloudflareAPIService;
import com.hithomelabs.CFTunnels.Services.MappingRequestService;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.error.ErrorController;
import org.springframework.dao.DataAccessException;
import org.springframework.http.*; import org.springframework.http.*;
import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import org.springframework.web.client.RestTemplate; import org.springframework.web.client.RestTemplate;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.NoSuchElementException;
import java.util.UUID;
/**
* REST Controller for managing Cloudflare Tunnels.
*
* <p>This controller provides the public API for managing Cloudflare Tunnels
* and their ingress mappings. All endpoints require authentication via OIDC
* and are protected by role-based access control.</p>
*
* <p><b>Base URL:</b> {@code /cloudflare}</p>
*
* <p><b>Authentication:</b> OIDC-based with role-based access</p>
*
* <p><b>Available Roles:</b></p>
* <ul>
* <li>USER - View tunnels and requests</li>
* <li>DEVELOPER - Create/modify/delete mappings</li>
* <li>APPROVER - Approve/reject requests</li>
* <li>ADMIN - Full tunnel configuration access</li>
* </ul>
*
* <p><b>Example Usage:</b></p>
* <pre>
* # Get all tunnels (requires USER role)
* curl -H "Authorization: Bearer &lt;token&gt;" \
* https://api.example.com/cloudflare/tunnels
*
* # Add a mapping (requires ADMIN role)
* curl -X POST -H "Authorization: Bearer &lt;token&gt;" \
* -H "Content-Type: application/json" \
* -d '{"hostname":"api.example.com","service":"http://localhost:8080"}' \
* https://api.example.com/cloudflare/tunnels/{tunnelId}/mappings
* </pre>
*
* @see CloudflareAPIService
* @see MappingRequestService
*/
@RestController @RestController
@RequestMapping("/cloudflare") @RequestMapping("/cloudflare")
public class TunnelController implements ErrorController { public class TunnelController {
private final RestTemplate restTemplate = new RestTemplate(); private final RestTemplate restTemplate = new RestTemplate();
private static final String ERROR_PATH = "/error";
@Autowired
private AuthoritiesToGroupMapping authoritiesToGroupMapping;
@Autowired @Autowired
private CloudflareConfig cloudflareConfig; private CloudflareConfig cloudflareConfig;
@ -88,59 +34,15 @@ public class TunnelController implements ErrorController {
@Autowired @Autowired
private RestTemplateConfig restTemplateConfig; private RestTemplateConfig restTemplateConfig;
@Autowired
CloudflareAPIService cloudflareAPIService;
@Autowired
MappingRequestService mappingRequestService;
@Autowired
private UserRepository userRepository;
/**
* Current environment (loaded from spring.profiles.active).
*/
@Value("${spring.profiles.active}")
private String environment;
/**
* Get current user information.
*
* <p>Returns the authenticated user's username and roles.</p>
*
* @param oidcUser The authenticated OIDC user
* @return Map containing username and roles
* @throws SecurityException if authentication fails
*/
@PreAuthorize("hasAnyRole('USER')")
@GetMapping("/whoami")
public Map<String,Object> whoAmI(@AuthenticationPrincipal OidcUser oidcUser) {
List<String> authorities = oidcUser.getAuthorities().stream()
.map(GrantedAuthority::getAuthority)
.toList();
return Map.of(
"username", oidcUser.getPreferredUsername(),
"roles", authorities
);
}
/**
* Get all tunnels from Cloudflare API.
*
* <p>Fetches the complete list of tunnels from Cloudflare,
* including their status and configuration from the Cloudflare API.</p>
*
* @return Map containing list of all tunnels
* @throws SecurityException if user lacks required role
* @see <a href="https://api.cloudflare.com/#cfd_tunnel-get-tunnels">Cloudflare API</a>
*/
@PreAuthorize("hasAnyRole('USER')")
@GetMapping("/tunnels") @GetMapping("/tunnels")
@Operation( security = { @SecurityRequirement(name = "oidcAuth") } )
public ResponseEntity<Map<String,Object>> getTunnels(){ public ResponseEntity<Map<String,Object>> getTunnels(){
ResponseEntity<TunnelsResponse> responseEntity = cloudflareAPIService.getCloudflareTunnels(); // * * Resource URL to hit get request at
String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel";
HttpEntity<String> httpEntity = new HttpEntity<>("",authKeyEmailHeader.getHttpHeaders());
ResponseEntity<Map> responseEntity = restTemplate.exchange(url, HttpMethod.GET, httpEntity, Map.class);
Map<String, Object> jsonResponse = new HashMap<>(); Map<String, Object> jsonResponse = new HashMap<>();
jsonResponse.put("status", "success"); jsonResponse.put("status", "success");
jsonResponse.put("data", responseEntity.getBody()); jsonResponse.put("data", responseEntity.getBody());
@ -148,68 +50,15 @@ public class TunnelController implements ErrorController {
return ResponseEntity.ok(jsonResponse); return ResponseEntity.ok(jsonResponse);
} }
/** @GetMapping("/tunnel/{tunnelId}")
* Get locally configured tunnels. public ResponseEntity<Map<String,Object>> getTunnelConfigurations(@PathVariable String tunnelId) throws JsonProcessingException {
*
* <p>Returns the tunnels that have been configured locally
* with environment associations.</p>
*
* @return Map containing list of configured tunnels
* @throws SecurityException if user lacks required role
* @see CloudflareAPIService#getAllConfiguredTunnels()
*/
@PreAuthorize("hasAnyRole('USER')")
@GetMapping("/configured/tunnels")
public ResponseEntity<Map<String,Object>> getConfiguredTunnels(){
try {
List<Tunnel> tunnels = cloudflareAPIService.getAllConfiguredTunnels();
Map<String, Object> jsonResponse = new HashMap<>();
jsonResponse.put("status", "success");
jsonResponse.put("data", tunnels);
return ResponseEntity.ok(jsonResponse);
} catch (DataAccessException e) {
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build();
}
}
/** // * * Resource URL to hit get request at
* Get all mapping requests. String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel/" + tunnelId + "/configurations";
*
* <p>Returns all pending, approved, and rejected mapping requests.</p>
*
* @return Map containing list of all requests
* @throws SecurityException if user lacks required role
*/
@PreAuthorize("hasAnyRole('USER')")
@GetMapping("/requests")
public ResponseEntity<Map<String,Object>> getAllRequests() {
try {
List<Request> requests = mappingRequestService.getAllRequests();
Map<String, Object> jsonResponse = new HashMap<>();
jsonResponse.put("status", "success");
jsonResponse.put("data", requests);
return ResponseEntity.ok(jsonResponse);
} catch (DataAccessException e) {
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build();
}
}
/** HttpEntity<String> httpEntity = new HttpEntity<>("",authKeyEmailHeader.getHttpHeaders());
* Get tunnel configuration from Cloudflare. ResponseEntity<Map> responseEntity = restTemplate.exchange(url, HttpMethod.GET, httpEntity, Map.class);
*
* <p>Fetches the complete configuration for a specific tunnel,
* including all ingress rules.</p>
*
* @param tunnelId The Cloudflare tunnel ID (UUID)
* @return Map containing tunnel configuration
* @throws SecurityException if user lacks required role
* @see <a href="https://api.cloudflare.com/#cfd_tunnel-get-tunnel-config">Cloudflare API</a>
*/
@PreAuthorize("hasAnyRole('DEVELOPER')")
@GetMapping("/tunnels/{tunnelId}/mappings")
public ResponseEntity<Map<String,Object>> getTunnelConfigurations(@PathVariable String tunnelId) {
ResponseEntity<Map> responseEntity = cloudflareAPIService.getCloudflareTunnelConfigurations(tunnelId, restTemplate, Map.class);
Map<String, Object> jsonResponse = new HashMap<>(); Map<String, Object> jsonResponse = new HashMap<>();
jsonResponse.put("status", "success"); jsonResponse.put("status", "success");
jsonResponse.put("data", responseEntity.getBody()); jsonResponse.put("data", responseEntity.getBody());
@ -217,41 +66,28 @@ public class TunnelController implements ErrorController {
return ResponseEntity.ok(jsonResponse); return ResponseEntity.ok(jsonResponse);
} }
/** // 50df9101-f625-4618-b7c5-100338a57124
* Add an ingress mapping to a tunnel. @PutMapping("/tunnel/{tunnelId}/add")
*
* <p>Adds a new ingress rule to the tunnel configuration.
* The new rule is inserted at the second-to-last position,
* before any catch-all rule.</p>
*
* @param tunnelId The Cloudflare tunnel ID (UUID)
* @param ingress The ingress rule to add
* @return Map containing the updated configuration
* @throws SecurityException if user lacks required role
* @throws JsonProcessingException if JSON processing fails
*
* @example
* {
* "hostname": "api.example.com",
* "service": "http://localhost:8080",
* "originRequest": {"noTLSVerify": true}
* }
*/
@PreAuthorize("hasAnyRole('ADMIN')")
@PostMapping("/tunnels/{tunnelId}/mappings")
public ResponseEntity<Map<String, Object>> addTunnelconfiguration(@PathVariable String tunnelId, @RequestBody Ingress ingress) throws JsonProcessingException { public ResponseEntity<Map<String, Object>> addTunnelconfiguration(@PathVariable String tunnelId, @RequestBody Ingress ingress) throws JsonProcessingException {
ResponseEntity<TunnelResponse> responseEntity = cloudflareAPIService.getCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class); String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel/" + tunnelId + "/configurations";
// Inserting new ingress value at second-to last position in list // * * Getting existing public hostname mappings
HttpHeaders httpHeaders = authKeyEmailHeader.getHttpHeaders();
HttpEntity<String> httpEntity = new HttpEntity<>("",httpHeaders);
ResponseEntity<TunnelResponse> responseEntity = restTemplateConfig.restTemplate().exchange(url, HttpMethod.GET, httpEntity, TunnelResponse.class);
// * * Inserting new ingress value at second-to last position in list
Config config = responseEntity.getBody().getResult().getConfig(); Config config = responseEntity.getBody().getResult().getConfig();
List<Ingress> response_ingress = config.getIngress(); List<Ingress> response_ingress = config.getIngress();
response_ingress.add(response_ingress.size()-1, ingress); response_ingress.add(response_ingress.size()-1, ingress);
// Hitting put endpoint // * * Hitting put endpoint
ResponseEntity<TunnelResponse> response = cloudflareAPIService.putCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class, config); httpHeaders.setContentType(MediaType.APPLICATION_JSON);
HttpEntity<Config> entity = new HttpEntity<>(config, httpHeaders);
ResponseEntity<Map> response = restTemplateConfig.restTemplate().exchange(url, HttpMethod.PUT, entity, Map.class);
// Displaying response // * * Displaying response
Map<String, Object> jsonResponse = new HashMap<>(); Map<String, Object> jsonResponse = new HashMap<>();
jsonResponse.put("status", response.getStatusCode().toString()); jsonResponse.put("status", response.getStatusCode().toString());
jsonResponse.put("data", response.getBody()); jsonResponse.put("data", response.getBody());
@ -259,32 +95,27 @@ public class TunnelController implements ErrorController {
return ResponseEntity.ok(jsonResponse); return ResponseEntity.ok(jsonResponse);
} }
/** @PutMapping("/tunnel/{tunnelId}/delete")
* Delete an ingress mapping from a tunnel.
*
* <p>Removes an ingress rule by hostname from the tunnel configuration.</p>
*
* @param tunnelId The Cloudflare tunnel ID (UUID)
* @param ingress Ingress containing hostname to delete (only hostname field is used)
* @return Map containing the result
* @throws SecurityException if user lacks required role
* @throws JsonProcessingException if JSON processing fails
*/
@PreAuthorize("hasAnyRole('DEVELOPER')")
@DeleteMapping("/tunnels/{tunnelId}/mappings")
public ResponseEntity<Map<String, Object>> deleteTunnelConfiguration(@PathVariable String tunnelId, @RequestBody Ingress ingress) throws JsonProcessingException { public ResponseEntity<Map<String, Object>> deleteTunnelConfiguration(@PathVariable String tunnelId, @RequestBody Ingress ingress) throws JsonProcessingException {
ResponseEntity<TunnelResponse> responseEntity = cloudflareAPIService.getCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class); String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel/" + tunnelId + "/configurations";
// Deleting the selected ingress value // * * Getting existing public hostname mappings
HttpHeaders httpHeaders = authKeyEmailHeader.getHttpHeaders();
HttpEntity<String> httpEntity = new HttpEntity<>("",httpHeaders);
ResponseEntity<TunnelResponse> responseEntity = restTemplateConfig.restTemplate().exchange(url, HttpMethod.GET, httpEntity, TunnelResponse.class);
// * * Deleting the selected ingress value
Config config = responseEntity.getBody().getResult().getConfig(); Config config = responseEntity.getBody().getResult().getConfig();
List<Ingress> response_ingress = config.getIngress(); List<Ingress> response_ingress = config.getIngress();
Boolean result = Ingress.deleteByHostName(response_ingress, ingress.getHostname()); Boolean result = Ingress.deleteByHostName(response_ingress, ingress.getHostname());
// Hitting put endpoint // * * Hitting put endpoint
ResponseEntity<TunnelResponse> response = cloudflareAPIService.putCloudflareTunnelConfigurations(tunnelId, restTemplateConfig.restTemplate(), TunnelResponse.class, config); httpHeaders.setContentType(MediaType.APPLICATION_JSON);
HttpEntity<Config> entity = new HttpEntity<>(config, httpHeaders);
ResponseEntity<Map> response = restTemplateConfig.restTemplate().exchange(url, HttpMethod.PUT, entity, Map.class);
// Displaying response // * * Displaying response
Map<String, Object> jsonResponse = new HashMap<>(); Map<String, Object> jsonResponse = new HashMap<>();
if (result){ if (result){
@ -298,124 +129,4 @@ public class TunnelController implements ErrorController {
return ResponseEntity.ok(jsonResponse); return ResponseEntity.ok(jsonResponse);
} }
/**
* Create a mapping change request.
*
* <p>Creates a new request for changing tunnel ingress mappings.
* The request starts in PENDING status and must be approved
* before the changes are applied.</p>
*
* @param tunnelId The Cloudflare tunnel ID (UUID)
* @param oidcUser The authenticated user
* @param ingess The ingress configuration to request
* @return The created request with PENDING status
* @throws SecurityException if user lacks required role
* @see MappingRequestService#createMappingRequest(String, Ingress, OidcUser)
*/
@PreAuthorize("hasAnyRole('DEVELOPER')")
@PostMapping("/tunnels/configure/{tunnelId}/requests")
public ResponseEntity<Request> createTunnelMappingRequest(@PathVariable String tunnelId, @AuthenticationPrincipal OidcUser oidcUser, @RequestBody Ingress ingess){
Request request = mappingRequestService.createMappingRequest(tunnelId, ingess, oidcUser);
if(request.getId() != null)
return ResponseEntity.status(HttpStatus.CREATED).body(request);
return ResponseEntity.status(HttpStatus.BAD_REQUEST).build();
}
/**
* Approve a mapping request.
*
* <p>Approves a pending mapping request. If approved, the
* mapping will be applied to the Cloudflare tunnel.</p>
*
* @param requestId The ID of the request to approve
* @param oidcUser The approver (must have APPROVER role)
* @return The updated request with APPROVED status
* @throws SecurityException if user lacks required role
*/
@PreAuthorize("hasAnyRole('APPROVER')")
@PutMapping("/requests/{requestId}/approve")
public ResponseEntity<Request> approveMappingRequest(@PathVariable UUID requestId, @AuthenticationPrincipal OidcUser oidcUser) {
try {
User approver = userRepository.findByEmail(oidcUser.getEmail())
.orElseThrow(() -> new RuntimeException("Approver not found"));
Request request = mappingRequestService.approveRequest(requestId, approver);
return ResponseEntity.ok(request);
} catch (NoSuchElementException e) {
return ResponseEntity.status(HttpStatus.NOT_FOUND).build();
} catch (IllegalStateException e) {
return ResponseEntity.status(HttpStatus.CONFLICT).build();
} catch (RuntimeException e) {
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build();
}
}
/**
* Reject a mapping request.
*
* <p>Rejects a pending mapping request. No changes
* will be made to the tunnel.</p>
*
* @param requestId The ID of the request to reject
* @param oidcUser The rejecter (must have APPROVER role)
* @return The updated request with REJECTED status
* @throws SecurityException if user lacks required role
*/
@PreAuthorize("hasAnyRole('APPROVER')")
@PutMapping("/requests/{requestId}/reject")
public ResponseEntity<Request> rejectMappingRequest(@PathVariable UUID requestId, @AuthenticationPrincipal OidcUser oidcUser) {
try {
User rejecter = userRepository.findByEmail(oidcUser.getEmail())
.orElseThrow(() -> new RuntimeException("Rejecter not found"));
Request request = mappingRequestService.rejectRequest(requestId, rejecter);
return ResponseEntity.ok(request);
} catch (NoSuchElementException e) {
return ResponseEntity.status(HttpStatus.NOT_FOUND).build();
} catch (IllegalStateException e) {
return ResponseEntity.status(HttpStatus.CONFLICT).build();
} catch (RuntimeException e) {
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build();
}
}
/**
* Configure a tunnel for the current environment.
*
* <p>Creates a local configuration entry for a tunnel,
* associating it with the current environment (from spring.profiles.active).</p>
*
* <p><b>Response Codes:</b></p>
* <ul>
* <li>200 - Created/updated with new tunnel</li>
* <li>204 - No changes needed</li>
* <li>404 - Tunnel not found in Cloudflare</li>
* </ul>
*
* @param tunnelId The Cloudflare tunnel ID (UUID)
* @param user The authenticated user
* @return The tunnel configuration
* @throws SecurityException if user lacks required role
*/
@PreAuthorize("hasAnyRole('ADMIN')")
@PutMapping("/tunnels/configure/{tunnelId}")
public ResponseEntity<Tunnel> configureTunnelForEnvironment(@PathVariable String tunnelId, @AuthenticationPrincipal OidcUser user) {
/*
* Returns 200 if an object is created or updated with a new representation of the object
* Returns 204 if the object state did not need any changing.
* Returns 404 if the tunnelId is not valid
*/
try {
Tunnel tunnel = cloudflareAPIService.createOrUpdateTunnel(tunnelId, environment);
if (tunnel == null)
return ResponseEntity.status(HttpStatus.NO_CONTENT).build();
else
return ResponseEntity.ok(tunnel);
} catch (NoSuchElementException e) {
return ResponseEntity.status(HttpStatus.NOT_FOUND).build();
} catch (RuntimeException e) {
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build();
}
}
} }

86
src/main/java/com/hithomelabs/CFTunnels/Entity/Mapping.java
View File

@ -1,86 +0,0 @@
package com.hithomelabs.CFTunnels.Entity;
import jakarta.persistence.*;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import java.util.UUID;
/**
* JPA Entity representing an ingress mapping configuration for a Cloudflare Tunnel.
*
* <p>A mapping defines how incoming traffic should be routed through the tunnel
* to your internal services. It specifies the protocol, port, and subdomain
* where the service will be accessible.</p>
*
* <p>Database Table: {@code mappings}</p>
*
* <p><b>Example Usage:</b></p>
* <pre>
* Mapping mapping = new Mapping();
* mapping.setPort(8080);
* mapping.setProtocol(Protocol.HTTP);
* mapping.setSubdomain("api");
* </pre>
*
* @see Tunnel
* @see Protocol
* @see Request
*/
@Entity
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Table(name = "mappings")
public class Mapping {
/**
* Unique identifier for this mapping (auto-generated UUID).
*/
@Id
@GeneratedValue
@Column(columnDefinition = "uuid", nullable = false, unique = true)
private UUID id;
/**
* Port number where the internal service is running.
*
* <p>Example: 8080 for a Spring Boot application's default port.</p>
*/
@Column(nullable = false)
private int port;
/**
* Protocol used for the connection.
*
* <p>Supported values: HTTP, HTTPS, TCP, SSH</p>
* @see Protocol
*/
@Enumerated(EnumType.STRING)
@Column(length = 10, nullable = false)
private Protocol protocol;
/**
* Subdomain prefix for accessing this service.
*
* <p>Example: "api" would make the service available at
* {@code api.yourdomain.com}</p>
*/
@Column(length = 50, nullable = false)
private String subdomain;
/**
* The tunnel this mapping is associated with.
*
* <p>Each mapping belongs to exactly one tunnel.
* This is a lazy-loaded relationship to optimize performance.</p>
*
* @see Tunnel
*/
@ManyToOne(fetch = FetchType.LAZY)
@JoinColumn(name = "tunnel_id", nullable = false)
private Tunnel tunnel;
}

43
src/main/java/com/hithomelabs/CFTunnels/Entity/Protocol.java
View File

@ -1,43 +0,0 @@
package com.hithomelabs.CFTunnels.Entity;
/**
* Enum representing supported protocols for Cloudflare Tunnel ingress mappings.
*
* <p>Cloudflare Tunnel supports multiple protocols for routing traffic
* to your internal services. This enum defines the available options.</p>
*
* <p><b>Supported Protocols:</b></p>
* <ul>
* <li>{@link #HTTP} - Standard HTTP protocol (port 80)</li>
* <li>{@link #HTTPS} - Secure HTTP protocol (port 443)</li>
* <li>{@link #TCP} - Raw TCP connections</li>
* <li>{@link #SSH} - SSH protocol for remote access</li>
* </ul>
*
* @see Mapping
*/
public enum Protocol {
/**
* HTTP protocol for web services.
* Typically used with internal services running on port 80.
*/
HTTP,
/**
* HTTPS protocol for secure web services.
* Use this for services with TLS/SSL certificates.
*/
HTTPS,
/**
* Raw TCP protocol for non-HTTP services.
* Useful for databases, message queues, or custom protocols.
*/
TCP,
/**
* SSH protocol for secure shell access.
* Enables secure remote access to servers.
*/
SSH
}

120
src/main/java/com/hithomelabs/CFTunnels/Entity/Request.java
View File

@ -1,120 +0,0 @@
package com.hithomelabs.CFTunnels.Entity;
import jakarta.persistence.*;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import java.util.UUID;
/**
* JPA Entity representing a mapping change request in the approval workflow.
*
* <p>This entity tracks requests to add or modify tunnel ingress mappings.
* It implements an approval workflow where:</p>
* <ul>
* <li>Users create requests (status: PENDING)</li>
* <li>Approvers review and approve/reject (status: APPROVED/REJECTED)</li>
* </ul>
*
* <p><b>Database Table:</b> {@code requests}</p>
*
* <p><b>Workflow:</b></p>
* <pre>
* 1. User submits mapping request via REST API
* 2. Request is created with PENDING status
* 3. APPROVER role reviews the request
* 4. If approved: mapping is applied to Cloudflare tunnel
* 5. If rejected: request is marked REJECTED
* </pre>
*
* @see Mapping
* @see User
* @see RequestStatus
*/
@Entity
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Table(name = "requests")
public class Request {
/**
* Unique identifier for this request (auto-generated UUID).
*/
@Id
@GeneratedValue
@Column(columnDefinition = "uuid", unique = true, nullable = false)
private UUID id;
/**
* The mapping configuration being requested.
*
* <p>This is a one-to-one relationship - each request
* contains exactly one mapping configuration.</p>
*
* @see Mapping
*/
@OneToOne
@JoinColumn(name = "mapping_id", unique = true, nullable = false)
private Mapping mapping;
/**
* User who created this request.
*
* <p>This field is required and tracks accountability.</p>
*
* @see User
*/
@ManyToOne
@JoinColumn(name = "created_by", nullable = false)
private User createdBy;
/**
* User who approved or rejected this request.
*
* <p>This is null until the request is processed.</p>
*
* @see User
*/
@ManyToOne
@JoinColumn(name = "accepted_by")
private User acceptedBy;
/**
* Status of the mapping request in the workflow.
*
* @see RequestStatus
*/
public enum RequestStatus {
/**
* Request is waiting for approval.
*/
PENDING,
/**
* Request has been approved.
* The mapping should now be applied to the tunnel.
*/
APPROVED,
/**
* Request has been rejected.
* No changes will be made to the tunnel.
*/
REJECTED
}
/**
* Current status of this request.
*
* <p>Initially set to PENDING when created.</p>
*
* @see RequestStatus
*/
@Enumerated(EnumType.STRING)
@Column(length = 10, nullable = false)
private RequestStatus status;
}

67
src/main/java/com/hithomelabs/CFTunnels/Entity/Tunnel.java
View File

@ -1,67 +0,0 @@
package com.hithomelabs.CFTunnels.Entity;
import jakarta.persistence.*;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import java.util.UUID;
/**
* JPA Entity representing a Cloudflare Tunnel configuration.
*
* <p>This entity stores the locally cached configuration of a Cloudflare Tunnel,
* linking the tunnel's unique identifier from Cloudflare with its local
* environment name for easier reference and management.</p>
*
* <p>The entity is uniquely constrained by tunnel ID and environment name,
* ensuring only one configuration exists per tunnel per environment.</p>
*
* <p><b>Database Table:</b> {@code tunnels}</p>
*
* <p><b>Relationships:</b></p>
* <ul>
* <li>One Tunnel has many Mappings (via tunnel_id foreign key)</li>
* </ul>
*
* @see Mapping
* @see Request
*/
@Entity
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Table(name = "tunnels")
public class Tunnel {
/**
* Unique identifier for the tunnel (UUID).
*
* <p>This corresponds to the Cloudflare-assigned tunnel ID
* and serves as the primary key for this entity.</p>
*/
@Id
@Column(columnDefinition = "uuid", insertable = false, updatable = false, nullable = false)
private UUID id;
/**
* Environment name associated with this tunnel configuration.
*
* <p>Examples: "production", "staging", "development"</p>
* <p>Each tunnel can be configured for multiple environments.</p>
*/
@Column(length = 10, unique = true, nullable = false)
private String environment;
/**
* Display name of the tunnel as configured in Cloudflare.
*
* <p>This is the user-friendly name assigned to the tunnel
* when it was created in Cloudflare Zero Trust Dashboard
* or via the Cloudflare API.</p>
*/
@Column(length = 50, unique = true, nullable = false)
private String name;
}

68
src/main/java/com/hithomelabs/CFTunnels/Entity/User.java
View File

@ -1,68 +0,0 @@
package com.hithomelabs.CFTunnels.Entity;
import jakarta.persistence.*;
import jakarta.validation.constraints.Size;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import java.util.UUID;
/**
* JPA Entity representing a user in the system.
*
* <p>This entity stores user information synced from the OIDC provider
* during authentication. Users are assigned roles that determine their
* access levels to the API endpoints.</p>
*
* <p><b>Database Table:</b> {@code users}</p>
*
* <p><b>Roles:</b></p>
* <ul>
* <li>USER - Basic access to view tunnels</li>
* <li>DEVELOPER - Can create/modify mappings</li>
* <li>APPROVER - Can approve/reject requests</li>
* <li>ADMIN - Full access including tunnel configuration</li>
* </ul>
*
* @see Request
* @see Mapping
*/
@Entity
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Table(name = "users")
public class User {
/**
* Unique identifier for the user (UUID).
*
* <p>This corresponds to the user's ID in the OIDC provider.</p>
*/
@Id
@GeneratedValue
@Column(columnDefinition = "uuid", insertable = false, updatable = false, nullable = false)
private UUID id;
/**
* User's display name.
*
* <p>This is typically the full name from the OIDC provider.</p>
*/
@Column(length = 50, nullable = false)
@Size(max = 50)
private String name;
/**
* User's email address.
*
* <p>Used as the unique identifier for authentication
* and for associating users with their roles.</p>
*/
@Column(length = 50, nullable = false)
@Size(max = 50)
private String email;
}

5
src/main/java/com/hithomelabs/CFTunnels/Exceptions/ExternalServiceException.java
View File

@ -1,5 +0,0 @@
package com.hithomelabs.CFTunnels.Exceptions;
public class ExternalServiceException extends RuntimeException {
public ExternalServiceException(String message) { super(message); }
}

10
src/main/java/com/hithomelabs/CFTunnels/Models/Authorities.java
View File

@ -1,10 +0,0 @@
package com.hithomelabs.CFTunnels.Models;
public class Authorities {
public static final String ROLE_ADMIN = "ROLE_ADMIN";
public static final String ROLE_DEVELOPER = "ROLE_DEVELOPER";
public static final String ROLE_USER = "ROLE_USER";
public static final String ROLE_APPROVER = "ROLE_APPROVER";
}

10
src/main/java/com/hithomelabs/CFTunnels/Models/Groups.java
View File

@ -1,10 +0,0 @@
package com.hithomelabs.CFTunnels.Models;
public class Groups {
public static final String HOMELAB_DEVELOPER = "homelab developer";
public static final String SYSTEM_ADMIN = "authentik Admins";
public static final String POWER_USER = "arr premium";
public static final String GITEA_USER = "gitrestricted";
}

110
src/main/java/com/hithomelabs/CFTunnels/Models/Ingress.java
View File

@ -1,95 +1,49 @@
package com.hithomelabs.CFTunnels.Models; package com.hithomelabs.CFTunnels.Models;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
/**
* Model representing an ingress rule for a Cloudflare Tunnel.
*
* <p>Ingress rules define how incoming requests should be routed through
* the tunnel to your internal services. Each rule specifies:</p>
* <ul>
* <li>{@link #hostname} - The domain/subdomain to match</li>
* <li>{@link #service} - The internal service URL</li>
* <li>{@link #originRequest} - Optional settings for origin requests</li>
* <li>{@link #path} - Optional path prefix to match</li>
* </ul>
*
* <p><b>Example JSON:</b></p>
* <pre>
* {
* "hostname": "api.example.com",
* "service": "http://localhost:8080",
* "originRequest": {
* "noTLSVerify": true
* },
* "path": "/api"
* }
* </pre>
*
* @see <a href="https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/routing/ingress/">Cloudflare Ingress Docs</a>
*/
@NoArgsConstructor
@AllArgsConstructor
@Getter
@Setter
public class Ingress { public class Ingress {
/**
* The target service URL.
*
* <p>Format: {@code protocol://host:port}</p>
* <p>Example: {@code http://localhost:8080}</p>
*/
private String service; private String service;
/**
* Hostname pattern to match for this ingress rule.
*
* <p>Can be a full domain (api.example.com) or use wildcards
* (*.example.com) to match subdomains.</p>
* <p>If null, this rule acts as a catch-all.</p>
*/
private String hostname; private String hostname;
/**
* Optional settings for requests to the origin server.
*
* <p>Supported options:</p>
* <ul>
* <li>noTLSVerify - Skip TLS verification</li>
* <li>connectTimeout - Connection timeout in seconds</li>
* <li>tlsTimeout - TLS handshake timeout</li>
* <li>httpHostHeader - Host header to send</li>
* </ul>
*/
private Map<String, Object> originRequest; private Map<String, Object> originRequest;
/**
* Optional path to match before routing.
*
* <p>Example: "/api" would only route requests with
* paths starting with /api to this service.</p>
*/
private String path; private String path;
/**
* Removes an ingress rule by hostname from a list. public String getPath() {
* return path;
* <p>This utility method finds and removes the first ingress }
* matching the given hostname.</p>
* public void setPath(String path) {
* @param ingressList List of ingress rules to modify this.path = path;
* @param toBeDeleted Hostname of the rule to remove }
* @return true if an ingress was removed, false otherwise
*/
public static boolean deleteByHostName(List<Ingress> ingressList, String toBeDeleted){ public static boolean deleteByHostName(List<Ingress> ingressList, String toBeDeleted){
return ingressList.removeIf(ingress -> ingress.getHostname() != null && ingress.getHostname().equals(toBeDeleted)); return ingressList.removeIf(ingress -> ingress.getHostname() != null && ingress.getHostname().equals(toBeDeleted));
} }
public String getService() {
return service;
}
public void setService(String service) {
this.service = service;
}
public String getHostname() {
return hostname;
}
public void setHostname(String hostname) {
this.hostname = hostname;
}
public Map<String, Object> getOriginRequest() {
return originRequest;
}
public void setOriginRequest(Map<String, Object> originRequest) {
this.originRequest = originRequest;
}
} }

50
src/main/java/com/hithomelabs/CFTunnels/Models/TunnelResponse.java
View File

@ -1,17 +1,8 @@
package com.hithomelabs.CFTunnels.Models; package com.hithomelabs.CFTunnels.Models;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
public class TunnelResponse { public class TunnelResponse {
private List<Map<String, Object>> errors; private List<Map<String, Object>> errors;
@ -21,4 +12,45 @@ public class TunnelResponse {
private Boolean success; private Boolean success;
private Result result; private Result result;
public Result getResult() {
return result;
}
public void setResult(Result result) {
this.result = result;
}
public List<Map<String, Object>> getErrors() {
return errors;
}
public void setErrors(List<Map<String, Object>> errors) {
this.errors = errors;
}
public List<Map<String, Object>> getMessages() {
return messages;
}
public void setMessages(List<Map<String, Object>> messages) {
this.messages = messages;
}
public boolean isSuccess() {
return success;
}
public void setSuccess(boolean success) {
this.success = success;
}
public Boolean getSuccess() {
return success;
}
public void setSuccess(Boolean success) {
this.success = success;
}
} }

19
src/main/java/com/hithomelabs/CFTunnels/Models/TunnelResult.java
View File

@ -1,19 +0,0 @@
package com.hithomelabs.CFTunnels.Models;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
@JsonIgnoreProperties(ignoreUnknown = true)
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
public class TunnelResult {
private String id;
private String name;
}

28
src/main/java/com/hithomelabs/CFTunnels/Models/TunnelsResponse.java
View File

@ -1,28 +0,0 @@
package com.hithomelabs.CFTunnels.Models;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import java.util.List;
import java.util.Map;
@JsonIgnoreProperties(ignoreUnknown = true)
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
public class TunnelsResponse {
private List<TunnelResult> result;
private List<Map<String, Object>> errors;
private List<Map<String, Object>> messages;
private Boolean success;
}

11
src/main/java/com/hithomelabs/CFTunnels/Repositories/MappingRepository.java
View File

@ -1,11 +0,0 @@
package com.hithomelabs.CFTunnels.Repositories;
import com.hithomelabs.CFTunnels.Entity.Mapping;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;
import java.util.UUID;
@Repository
public interface MappingRepository extends JpaRepository<Mapping, UUID> {
}

24
src/main/java/com/hithomelabs/CFTunnels/Repositories/RequestRepository.java
View File

@ -1,24 +0,0 @@
package com.hithomelabs.CFTunnels.Repositories;
import com.hithomelabs.CFTunnels.Entity.Request;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.Pageable;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.query.Param;
import org.springframework.stereotype.Repository;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
@Repository
public interface RequestRepository extends JpaRepository<Request, UUID> {
Page<Request> findByStatus(Request.RequestStatus status, Pageable pageable);
@Query("SELECT r FROM Request r JOIN FETCH r.mapping m JOIN FETCH m.tunnel JOIN FETCH r.createdBy LEFT JOIN FETCH r.acceptedBy")
List<Request> findAllWithDetails();
@Query("SELECT r FROM Request r JOIN FETCH r.mapping m JOIN FETCH m.tunnel JOIN FETCH r.createdBy LEFT JOIN FETCH r.acceptedBy WHERE r.id = :id")
Optional<Request> findByIdWithDetails(@Param("id") UUID id);
}

12
src/main/java/com/hithomelabs/CFTunnels/Repositories/TunnelRepository.java
View File

@ -1,12 +0,0 @@
package com.hithomelabs.CFTunnels.Repositories;
import com.hithomelabs.CFTunnels.Entity.Tunnel;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;
import java.util.Optional;
import java.util.UUID;
@Repository
public interface TunnelRepository extends JpaRepository<Tunnel, UUID> {
}

14
src/main/java/com/hithomelabs/CFTunnels/Repositories/UserRepository.java
View File

@ -1,14 +0,0 @@
package com.hithomelabs.CFTunnels.Repositories;
import com.hithomelabs.CFTunnels.Entity.User;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;
import java.util.Optional;
import java.util.UUID;
@Repository
public interface UserRepository extends JpaRepository<User, UUID> {
Optional<User> findByEmail(String email);
}

203
src/main/java/com/hithomelabs/CFTunnels/Services/CloudflareAPIService.java
View File

@ -1,203 +0,0 @@
package com.hithomelabs.CFTunnels.Services;
import com.hithomelabs.CFTunnels.Config.CloudflareConfig;
import com.hithomelabs.CFTunnels.Entity.Tunnel;
import com.hithomelabs.CFTunnels.Exceptions.ExternalServiceException;
import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
import com.hithomelabs.CFTunnels.Models.Config;
import com.hithomelabs.CFTunnels.Models.Ingress;
import com.hithomelabs.CFTunnels.Models.TunnelResponse;
import com.hithomelabs.CFTunnels.Models.TunnelResult;
import com.hithomelabs.CFTunnels.Models.TunnelsResponse;
import com.hithomelabs.CFTunnels.Repositories.TunnelRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.DataAccessException;
import org.springframework.http.*;
import org.springframework.stereotype.Service;
import org.springframework.web.client.RestTemplate;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Optional;
import java.util.UUID;
/**
* Service for interacting with the Cloudflare Tunnel API.
*
* <p>This service provides methods to manage Cloudflare Tunnels,
* including fetching tunnel configurations, creating/updating tunnels,
* and adding ingress mappings. It handles all communication with the
* Cloudflare API using the configured credentials.</p>
*
* <p><b>API Endpoints Used:</b></p>
* <ul>
* <li>GET /accounts/{accountId}/cfd_tunnel - List all tunnels</li>
* <li>GET /accounts/{accountId}/cfd_tunnel/{tunnelId}/configurations - Get tunnel config</li>
* <li>PUT /accounts/{accountId}/cfd_tunnel/{tunnelId}/configurations - Update tunnel config</li>
* </ul>
*
* @see CloudflareConfig
* @see Tunnel
* @see Ingress
*/
@Service
public class CloudflareAPIService {
/**
* Configuration for Cloudflare API credentials and settings.
* Loaded from application.properties using the {@code cloudflare.*} prefix.
*/
@Autowired
CloudflareConfig cloudflareConfig;
/**
* Header provider for Cloudflare API authentication.
* Generates the X-Auth-Key and X-Auth-Email headers.
*/
@Autowired
AuthKeyEmailHeader authKeyEmailHeader;
/**
* HTTP client for making API requests.
*/
@Autowired
RestTemplate restTemplate;
/**
* Repository for storing tunnel configurations locally.
*/
@Autowired
TunnelRepository tunnelRepository;
/**
* Fetches all Cloudflare tunnels from the API.
*
* @return Response containing the list of tunnels from Cloudflare
* @see TunnelsResponse
*/
public ResponseEntity<TunnelsResponse> getCloudflareTunnels() {
String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel";
HttpEntity<String> httpEntity = new HttpEntity<>("", authKeyEmailHeader.getHttpHeaders());
ResponseEntity<TunnelsResponse> responseEntity = restTemplate.exchange(url, HttpMethod.GET, httpEntity, TunnelsResponse.class);
return responseEntity;
}
/**
* Fetches the configuration for a specific tunnel.
*
* @param tunnelId The Cloudflare tunnel ID (UUID string)
* @param restTemplate HTTP client to use for the request
* @param responseType Class to deserialize the response into
* @param <T> Response type
* @return Response containing the tunnel configuration
*/
public <T> ResponseEntity<T> getCloudflareTunnelConfigurations(String tunnelId, RestTemplate restTemplate, Class<T> responseType) {
// Resource URL to hit get request at
String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel/" + tunnelId + "/configurations";
HttpEntity<String> httpEntity = new HttpEntity<>("",authKeyEmailHeader.getHttpHeaders());
ResponseEntity<T> responseEntity = restTemplate.exchange(url, HttpMethod.GET, httpEntity, responseType);
return responseEntity;
}
/**
* Updates the configuration for a specific tunnel.
*
* <p>This method is used to add, modify, or remove ingress mappings
* by providing a complete configuration object.</p>
*
* @param tunnelId The Cloudflare tunnel ID (UUID string)
* @param restTemplate HTTP client to use for the request
* @param responseType Class to deserialize the response into
* @param config The new configuration to apply
* @param <T> Response type
* @return Response containing the updated tunnel configuration
*/
public <T> ResponseEntity<T> putCloudflareTunnelConfigurations(String tunnelId, RestTemplate restTemplate, Class<T> responseType, Config config) {
// Resource URL to hit get request at
String url = "https://api.cloudflare.com/client/v4/accounts/" + cloudflareConfig.getAccountId() + "/cfd_tunnel/" + tunnelId + "/configurations";
HttpHeaders httpHeaders = authKeyEmailHeader.getHttpHeaders();
httpHeaders.setContentType(MediaType.APPLICATION_JSON);
HttpEntity<Config> entity = new HttpEntity<>(config, httpHeaders);
ResponseEntity<T> responseEntity = restTemplate.exchange(url, HttpMethod.PUT, entity, responseType);
return responseEntity;
}
/**
* Converts a Cloudflare API tunnel result to a local Tunnel entity.
*
* @param tunnelResult The tunnel result from Cloudflare API
* @param env The environment name to associate
* @return New Tunnel entity instance
*/
private Tunnel getTunnelFromTunnelResponse(TunnelResult tunnelResult, String env){
return new Tunnel(UUID.fromString(tunnelResult.getId()), env, tunnelResult.getName());
}
/**
* Creates or updates a tunnel's local configuration.
*
* <p>This method fetches the tunnel from Cloudflare API, validates it exists,
* and stores a local copy with the environment association.</p>
*
* @param tunnelId The Cloudflare tunnel ID
* @param environment Environment name (e.g., "production", "staging")
* @return The created or updated Tunnel entity
* @throws ExternalServiceException if Cloudflare API returns an error
* @throws NoSuchElementException if the tunnel doesn't exist in Cloudflare
*/
public Tunnel createOrUpdateTunnel(String tunnelId, String environment) throws ExternalServiceException, NoSuchElementException {
ResponseEntity<TunnelsResponse> responseEntity = getCloudflareTunnels();
if (responseEntity.getStatusCode().isError())
throw new ExternalServiceException("Cloudflare API error: " + responseEntity.getStatusCode());
TunnelResult tunnelResult = responseEntity.getBody().getResult().stream().filter(t -> t.getId().equals(tunnelId)).findFirst().orElse(null);
if (tunnelResult == null)
throw new NoSuchElementException();
Tunnel toBeConfigured = getTunnelFromTunnelResponse(tunnelResult, environment);
Tunnel fromDatabase = tunnelRepository.findById(UUID.fromString(tunnelId)).orElse(null);
if (fromDatabase != null)
tunnelRepository.deleteById(UUID.fromString(tunnelId));
tunnelRepository.save(toBeConfigured);
return toBeConfigured;
}
/**
* Retrieves all tunnels that have been locally configured.
*
* @return List of locally configured tunnels
*/
public List<Tunnel> getAllConfiguredTunnels() {
return tunnelRepository.findAll();
}
/**
* Adds an ingress mapping to an existing tunnel.
*
* <p>The new ingress is inserted at the second-to-last position in the
* ingress list (Cloudflare requires a catch-all rule at the end).</p>
*
* @param tunnelId The Cloudflare tunnel ID
* @param ingress The ingress configuration to add
* @return Response with the updated tunnel configuration
*/
public ResponseEntity<TunnelResponse> addTunnelIngress(String tunnelId, Ingress ingress) {
ResponseEntity<TunnelResponse> currentConfig = getCloudflareTunnelConfigurations(tunnelId, restTemplate, TunnelResponse.class);
Config config = currentConfig.getBody().getResult().getConfig();
List<Ingress> ingressList = config.getIngress();
ingressList.add(ingressList.size() - 1, ingress);
return putCloudflareTunnelConfigurations(tunnelId, restTemplate, TunnelResponse.class, config);
}
}

152
src/main/java/com/hithomelabs/CFTunnels/Services/MappingRequestService.java
View File

@ -1,152 +0,0 @@
package com.hithomelabs.CFTunnels.Services;
import com.hithomelabs.CFTunnels.Entity.Mapping;
import com.hithomelabs.CFTunnels.Entity.Protocol;
import com.hithomelabs.CFTunnels.Entity.Request;
import com.hithomelabs.CFTunnels.Entity.Tunnel;
import com.hithomelabs.CFTunnels.Entity.User;
import com.hithomelabs.CFTunnels.Models.Ingress;
import com.hithomelabs.CFTunnels.Repositories.MappingRepository;
import com.hithomelabs.CFTunnels.Repositories.RequestRepository;
import com.hithomelabs.CFTunnels.Repositories.TunnelRepository;
import com.hithomelabs.CFTunnels.Repositories.UserRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.UUID;
@Service
public class MappingRequestService {
@Autowired
UserRepository userRepository;
@Autowired
MappingRepository mappingRepository;
@Autowired
RequestRepository requestRepository;
@Autowired
TunnelRepository tunnelRepository;
@Autowired
CloudflareAPIService cloudflareAPIService;
public Mapping createMapping(UUID tunnelId, Ingress ingress){
Tunnel tunnel = tunnelRepository.findById(tunnelId).orElseThrow(() -> new RuntimeException("Tunnel not found"));
Mapping mapping = createMappingFromTunnelIngress(tunnel, ingress);
return mappingRepository.save(mapping);
}
public Request createRequest(Mapping mapping, User user){
Request request = new Request();
request.setMapping(mapping);
request.setCreatedBy(user);
request.setStatus(Request.RequestStatus.PENDING);
return requestRepository.save(request);
}
public Request createMappingRequest(String tunnelId, Ingress ingress, OidcUser oidcUser){
User user = userRepository.findByEmail(oidcUser.getEmail()).orElseGet(()-> mapUser(oidcUser));
Mapping mapping = createMapping(UUID.fromString(tunnelId), ingress);
return createRequest(mapping, user);
}
@Transactional(readOnly = true)
public List<Request> getAllRequests() {
return requestRepository.findAllWithDetails();
}
public User mapUser(OidcUser oidcUser){
String email = oidcUser.getEmail();
String name = oidcUser.getNickName();
User user = new User();
user.setEmail(email);
user.setName(name);
userRepository.save(user);
return user;
}
public Mapping createMappingFromTunnelIngress(Tunnel tunnel, Ingress ingress){
Mapping mapping = new Mapping();
mapping.setTunnel(tunnel);
String serviceString = ingress.getService().toLowerCase();
Protocol protocol = parseProtocol(serviceString);
mapping.setProtocol(protocol);
mapping.setPort(Integer.parseInt(ingress.getService().split(":")[2]));
mapping.setSubdomain(ingress.getHostname().split("\\.")[0]);
return mapping;
}
private Protocol parseProtocol(String serviceString) {
if (serviceString.startsWith("https://")) {
return Protocol.HTTPS;
} else if (serviceString.startsWith("tcp://")) {
return Protocol.TCP;
} else if (serviceString.startsWith("ssh://")) {
return Protocol.SSH;
}
return Protocol.HTTP;
}
@Transactional
public Request approveRequest(UUID requestId, User approver) {
Request request = requestRepository.findByIdWithDetails(requestId)
.orElseThrow(() -> new NoSuchElementException("Request not found"));
if (request.getStatus() != Request.RequestStatus.PENDING) {
throw new IllegalStateException("Request is not in PENDING status");
}
Mapping mapping = request.getMapping();
Tunnel tunnel = mapping.getTunnel();
Ingress ingress = createIngressFromMapping(mapping);
ResponseEntity<?> response = cloudflareAPIService.addTunnelIngress(
tunnel.getId().toString(),
ingress
);
if (!response.getStatusCode().is2xxSuccessful()) {
throw new RuntimeException("Failed to add mapping to Cloudflare");
}
request.setStatus(Request.RequestStatus.APPROVED);
request.setAcceptedBy(approver);
return requestRepository.save(request);
}
@Transactional
public Request rejectRequest(UUID requestId, User rejecter) {
Request request = requestRepository.findByIdWithDetails(requestId)
.orElseThrow(() -> new NoSuchElementException("Request not found"));
if (request.getStatus() != Request.RequestStatus.PENDING) {
throw new IllegalStateException("Request is not in PENDING status");
}
request.setStatus(Request.RequestStatus.REJECTED);
request.setAcceptedBy(rejecter);
return requestRepository.save(request);
}
private static final String SERVER_IP = "192.168.0.100";
private Ingress createIngressFromMapping(Mapping mapping) {
Tunnel tunnel = mapping.getTunnel();
String protocol = mapping.getProtocol().name().toLowerCase();
String service = protocol + "://" + SERVER_IP + ":" + mapping.getPort();
String hostname = mapping.getSubdomain() + ".hithomelabs.com";
return new Ingress(service, hostname, null, null);
}
}

7
src/main/resources/application-ci.properties
View File

@ -1,7 +0,0 @@
api.baseUrl=https://testcf.hithomelabs.com
spring.datasource.url=jdbc:h2:mem:testdb
spring.datasource.driver-class-name=org.h2.Driver
spring.datasource.username=sa
spring.datasource.password=
spring.jpa.hibernate.ddl-auto=none

9
src/main/resources/application-integration.properties
View File

@ -1,9 +0,0 @@
cloudflare.accountId=${CLOUDFLARE_ACCOUNT_ID}
cloudflare.apiKey=${CLOUDFLARE_API_KEY}
cloudflare.email=${CLOUDFLARE_EMAIL}
spring.datasource.url=jdbc:h2:mem:testdb
spring.datasource.driver-class-name=org.h2.Driver
spring.datasource.username=sa
spring.datasource.password=
spring.jpa.hibernate.ddl-auto=none

12
src/main/resources/application-local.properties
View File

@ -1,12 +0,0 @@
api.baseUrl=http://localhost:8080
management.health.db.enabled=true
management.endpoints.web.exposure.include=health
management.endpoint.health.show-details=always
logging.level.org.hibernate.SQL=DEBUG
debug=true
spring.jpa.hibernate.ddl-auto=update
spring.jpa.show-sql=true
spring.datasource.url=jdbc:postgresql://localhost:5432/cftunnel

12
src/main/resources/application-prod.properties
View File

@ -1,12 +0,0 @@
api.baseUrl=https://cftunnels.hithomelabs.com
# Production Database Configuration
spring.datasource.url=jdbc:postgresql://postgres:5432/cftunnel
spring.datasource.username=${POSTGRES_USERNAME}
spring.datasource.password=${POSTGRES_PASSWORD}
spring.datasource.driver-class-name=org.postgresql.Driver
# JPA Configuration
spring.jpa.hibernate.ddl-auto=create-drop
spring.jpa.show-sql=false
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect

12
src/main/resources/application-test.properties
View File

@ -1,12 +0,0 @@
api.baseUrl=https://testcf.hithomelabs.com
# Test Database Configuration - Same as Production
spring.datasource.url=jdbc:postgresql://postgres:5432/cftunnel
spring.datasource.username=${POSTGRES_USERNAME}
spring.datasource.password=${POSTGRES_PASSWORD}
spring.datasource.driver-class-name=org.postgresql.Driver
# JPA Configuration
spring.jpa.hibernate.ddl-auto=update
spring.jpa.show-sql=true
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect

34
src/main/resources/application.properties
View File

@ -2,37 +2,3 @@ spring.application.name=CFTunnels
cloudflare.accountId=${CLOUDFLARE_ACCOUNT_ID} cloudflare.accountId=${CLOUDFLARE_ACCOUNT_ID}
cloudflare.apiKey=${CLOUDFLARE_API_KEY} cloudflare.apiKey=${CLOUDFLARE_API_KEY}
cloudflare.email=${CLOUDFLARE_EMAIL} cloudflare.email=${CLOUDFLARE_EMAIL}
spring.profiles.active=${ENV:default}
# Making sure app works behind a reverse proxy
server.forward-headers-strategy=framework
spring.security.oauth2.client.registration.cftunnels.client-id=${OAUTH_CLIENT_ID}
spring.security.oauth2.client.registration.cftunnels.client-secret=${OAUTH_CLIENT_SECRET}
spring.security.oauth2.client.registration.cftunnels.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.cftunnels.redirect-uri={baseUrl}/login/oauth2/code/cftunnels
spring.security.oauth2.client.registration.cftunnels.scope=openid,profile,email,offline_access,cftunnels
spring.security.oauth2.client.provider.cftunnels.authorization-uri=https://auth.hithomelabs.com/application/o/authorize/
spring.security.oauth2.client.provider.cftunnels.token-uri=https://auth.hithomelabs.com/application/o/token/
spring.security.oauth2.client.provider.cftunnels.user-info-uri=https://auth.hithomelabs.com/application/o/userinfo/
spring.security.oauth2.client.provider.cftunnels.jwk-set-uri=https://auth.hithomelabs.com/application/o/cftunnels/jwks/
spring.security.oauth2.client.provider.cftunnels.issuer-uri=https://auth.hithomelabs.com/application/o/cftunnels/
springdoc.swagger-ui.oauth.client-id=${SWAGGER_OAUTH_CLIENT_ID}
springdoc.swagger-ui.oauth.client-secret= # leave empty for public client
springdoc.swagger-ui.oauth.use-pkce=true
springdoc.swagger-ui.oauth.scopes=openid,profile,email
springdoc.swagger-ui.oauth.authorization-url=https://auth.hithomelabs.com/application/o/authorize/
springdoc.swagger-ui.oauth.token-url=https://auth.hithomelabs.com/application/o/token/
spring.datasource.url=jdbc:postgresql://192.168.0.100:5432/cftunnel
spring.datasource.username=${POSTGRES_USERNAME}
spring.datasource.password=${POSTGRES_PASSWORD}
spring.datasource.driver-class-name=org.postgresql.Driver
spring.sql.init.mode=never
spring.jpa.hibernate.ddl-auto=update
spring.jpa.show-sql=true
spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
spring.jpa.open-in-view=false

29
src/main/resources/schema.sql
View File

@ -1,29 +0,0 @@
CREATE EXTENSION IF NOT EXISTS "pgcrypto";
CREATE TABLE IF NOT EXISTS tunnels (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
environment VARCHAR(10) NOT NULL,
cf_tunnel_id UUID UNIQUE NOT NULL
);
CREATE TABLE IF NOT EXISTS users (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name VARCHAR(50) NOT NULL
);
CREATE TABLE IF NOT EXISTS mappings (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
tunnel_id UUID NOT NULL REFERENCES tunnels(id) ON DELETE CASCADE,
port INT NOT NULL,
subdomain VARCHAR(50) NOT NULL
-- UNIQUE (tunnel_id, port),
-- UNIQUE (tunnel_id, subdomain)
);
CREATE TABLE IF NOT EXISTS requests (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
mapping_id UUID NOT NULL REFERENCES mappings(id) ON DELETE CASCADE,
created_by UUID NOT NULL REFERENCES users(id) ON DELETE RESTRICT,
accepted_by UUID REFERENCES users(id) ON DELETE SET NULL,
status VARCHAR(20) NOT NULL CHECK (status IN ('PENDING', 'APPROVED', 'REJECTED'))
);

495
src/test/java/com/hithomelabs/CFTunnels/Controllers/TunnelControllerTest.java
View File

@ -1,495 +0,0 @@
package com.hithomelabs.CFTunnels.Controllers;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.hithomelabs.CFTunnels.Config.AuthoritiesToGroupMapping;
import com.hithomelabs.CFTunnels.Config.CloudflareConfig;
import com.hithomelabs.CFTunnels.Config.RestTemplateConfig;
import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
import com.hithomelabs.CFTunnels.Entity.Request;
import com.hithomelabs.CFTunnels.Entity.Tunnel;
import com.hithomelabs.CFTunnels.Models.Authorities;
import com.hithomelabs.CFTunnels.Models.Config;
import com.hithomelabs.CFTunnels.Models.Groups;
import com.hithomelabs.CFTunnels.Models.TunnelResponse;
import com.hithomelabs.CFTunnels.Models.TunnelResult;
import com.hithomelabs.CFTunnels.Models.TunnelsResponse;
import com.hithomelabs.CFTunnels.Repositories.UserRepository;
import com.hithomelabs.CFTunnels.Services.CloudflareAPIService;
import com.hithomelabs.CFTunnels.Services.MappingRequestService;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
import org.springframework.http.*;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.test.context.bean.override.mockito.MockitoBean;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.result.MockMvcResultMatchers;
import org.springframework.web.client.RestTemplate;
import java.io.IOException;
import java.time.Instant;
import java.util.*;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.PageImpl;
import org.springframework.data.domain.PageRequest;
import static com.hithomelabs.CFTunnels.TestUtils.Util.getClassPathDataResource;
import static org.hamcrest.core.IsIterableContaining.hasItem;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.when;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.oauth2Login;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
import static org.hamcrest.Matchers.not;
@WebMvcTest(TunnelController.class)
class TunnelControllerTest {
@Autowired
MockMvc mockMvc;
@MockitoBean
AuthoritiesToGroupMapping authoritiesToGroupMapping;
@MockitoBean
CloudflareConfig cloudflareConfig;
@MockitoBean
AuthKeyEmailHeader authKeyEmailHeader;
@MockitoBean
RestTemplate restTemplate;
@MockitoBean
CloudflareAPIService cloudflareAPIService;
@MockitoBean
RestTemplateConfig restTemplateConfig;
@MockitoBean
MappingRequestService mappingRequestService;
@MockitoBean
UserRepository userRepository;
private static final String tunnelResponseSmallIngressFile = "tunnelResponseSmallIngress.json";
private static final String tunnelResponseLargeIngressFile = "tunnelResponseLargeIngress.json";
private static final String withAdditionalIngress;
static {
try {
withAdditionalIngress = getClassPathDataResource(tunnelResponseLargeIngressFile);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
public static final String withoutAdditionalIngress;
static {
try {
withoutAdditionalIngress = getClassPathDataResource(tunnelResponseSmallIngressFile);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
private static final String ingressJson = """
{
"service": "http://192.168.0.100:3457",
"hostname": "random.hithomelabs.com",
"originRequest": {}
}
""";
private DefaultOidcUser buildOidcUser(String username, String role) {
when(authoritiesToGroupMapping.getAuthorityForGroup()).thenReturn(Map.of(Groups.GITEA_USER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_USER))),
Groups.POWER_USER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_USER))),
Groups.HOMELAB_DEVELOPER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_DEVELOPER))),
Groups.SYSTEM_ADMIN, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_APPROVER), new SimpleGrantedAuthority(Authorities.ROLE_ADMIN)))));
Map<String, Set<GrantedAuthority>> roleAuthorityMapping = authoritiesToGroupMapping.getAuthorityForGroup();
List<GrantedAuthority> authorities = roleAuthorityMapping.get(role).stream().toList();
OidcIdToken idToken = new OidcIdToken(
"mock-token",
Instant.now(),
Instant.now().plusSeconds(3600),
Map.of("preferred_username", username, "sub", username)
);
return new DefaultOidcUser(authorities, idToken, "preferred_username");
}
private DefaultOidcUser buildOidcUserWithEmail(String username, String role, String email) {
when(authoritiesToGroupMapping.getAuthorityForGroup()).thenReturn(Map.of(Groups.GITEA_USER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_USER))),
Groups.POWER_USER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_USER))),
Groups.HOMELAB_DEVELOPER, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_DEVELOPER))),
Groups.SYSTEM_ADMIN, new HashSet<>(Set.of(new SimpleGrantedAuthority(Authorities.ROLE_APPROVER), new SimpleGrantedAuthority(Authorities.ROLE_ADMIN)))));
Map<String, Set<GrantedAuthority>> roleAuthorityMapping = authoritiesToGroupMapping.getAuthorityForGroup();
List<GrantedAuthority> authorities = roleAuthorityMapping.get(role).stream().toList();
OidcIdToken idToken = new OidcIdToken(
"mock-token",
Instant.now(),
Instant.now().plusSeconds(3600),
Map.of("preferred_username", username, "sub", username, "email", email)
);
return new DefaultOidcUser(authorities, idToken, "preferred_username");
}
@Test
@DisplayName("should return appropriate user roles when use belongs to group GITEA_USER")
public void testWhoAmI_user() throws Exception {
mockMvc.perform(get("/cloudflare/whoami")
.with(oauth2Login().oauth2User(buildOidcUser("username", Groups.GITEA_USER))))
.andExpect(status().isOk())
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.username").value("username"))
.andExpect(jsonPath("$.roles", hasItem("ROLE_USER")));
}
@Test
@DisplayName("should hit tunnels endpoint successfully with ROLE_USER")
public void testGetTunnelsForRoleUser() throws Exception {
when(cloudflareConfig.getAccountId()).thenReturn("abc123");
HttpHeaders headers = new HttpHeaders();
headers.set("X-Auth-Email", "me@example.com");
when(authKeyEmailHeader.getHttpHeaders()).thenReturn(headers);
List<TunnelResult> tunnelResults = List.of(new TunnelResult("50df9101-f625-4618-b7c5-100338a57124", "test-tunnel"));
TunnelsResponse tunnelsResponse = new TunnelsResponse(tunnelResults, null, null, true);
ResponseEntity<TunnelsResponse> mockResponse = new ResponseEntity<>(tunnelsResponse, HttpStatus.OK);
when(cloudflareAPIService.getCloudflareTunnels()).thenReturn(mockResponse);
mockMvc.perform(get("/cloudflare/tunnels")
.with(oauth2Login().oauth2User(buildOidcUser("username", Groups.GITEA_USER))))
.andExpect(status().isOk())
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.data.result[0].id").value("50df9101-f625-4618-b7c5-100338a57124"));
}
@Test
@DisplayName("should return list of configured tunnels from database")
void getConfiguredTunnels() throws Exception {
List<Tunnel> tunnels = List.of(
new Tunnel(UUID.fromString("50df9101-f625-4618-b7c5-100338a57124"), "dev", "devtunnel"),
new Tunnel(UUID.fromString("60df9101-f625-4618-b7c5-100338a57125"), "prod", "prodtunnel")
);
when(cloudflareAPIService.getAllConfiguredTunnels()).thenReturn(tunnels);
mockMvc.perform(get("/cloudflare/configured/tunnels")
.with(oauth2Login().oauth2User(buildOidcUser("username", Groups.GITEA_USER))))
.andExpect(status().isOk())
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.status").value("success"))
.andExpect(jsonPath("$.data[*].name", hasItem("devtunnel")))
.andExpect(jsonPath("$.data[*].name", hasItem("prodtunnel")));
}
@Test
@DisplayName("should return list of requests")
void getAllRequests_Success() throws Exception {
List<com.hithomelabs.CFTunnels.Entity.Request> requests = Arrays.asList(
createTestRequest(UUID.randomUUID(), com.hithomelabs.CFTunnels.Entity.Request.RequestStatus.PENDING),
createTestRequest(UUID.randomUUID(), com.hithomelabs.CFTunnels.Entity.Request.RequestStatus.APPROVED)
);
when(mappingRequestService.getAllRequests()).thenReturn(requests);
mockMvc.perform(get("/cloudflare/requests")
.with(oauth2Login().oauth2User(buildOidcUser("username", Groups.GITEA_USER))))
.andExpect(status().isOk())
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.status").value("success"))
.andExpect(jsonPath("$.data").isArray())
.andExpect(jsonPath("$.data.length()").value(2));
}
@Test
@DisplayName("should create mapping request successfully")
void createTunnelMappingRequest_Success() throws Exception {
UUID tunnelId = UUID.randomUUID();
com.hithomelabs.CFTunnels.Entity.Request createdRequest = new com.hithomelabs.CFTunnels.Entity.Request();
createdRequest.setId(UUID.randomUUID());
createdRequest.setStatus(com.hithomelabs.CFTunnels.Entity.Request.RequestStatus.PENDING);
when(mappingRequestService.createMappingRequest(any(String.class), any(com.hithomelabs.CFTunnels.Models.Ingress.class), any())).thenReturn(createdRequest);
mockMvc.perform(post("/cloudflare/tunnels/configure/{tunnelId}/requests", tunnelId.toString())
.with(oauth2Login().oauth2User(buildOidcUser("developer", Groups.HOMELAB_DEVELOPER)))
.with(csrf())
.contentType(MediaType.APPLICATION_JSON)
.content(ingressJson))
.andExpect(status().isCreated())
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.status").value("PENDING"));
}
@Test
@DisplayName("should approve mapping request successfully")
void approveMappingRequest_Success() throws Exception {
UUID requestId = UUID.randomUUID();
com.hithomelabs.CFTunnels.Entity.User approverUser = new com.hithomelabs.CFTunnels.Entity.User();
approverUser.setEmail("approver@example.com");
approverUser.setName("Approver");
com.hithomelabs.CFTunnels.Entity.Request approvedRequest = new com.hithomelabs.CFTunnels.Entity.Request();
approvedRequest.setId(requestId);
approvedRequest.setStatus(com.hithomelabs.CFTunnels.Entity.Request.RequestStatus.APPROVED);
when(mappingRequestService.approveRequest(eq(requestId), any(com.hithomelabs.CFTunnels.Entity.User.class)))
.thenReturn(approvedRequest);
when(userRepository.findByEmail("approver@example.com"))
.thenReturn(java.util.Optional.of(approverUser));
mockMvc.perform(put("/cloudflare/requests/{requestId}/approve", requestId)
.with(oauth2Login().oauth2User(buildOidcUserWithEmail("approver", Groups.SYSTEM_ADMIN, "approver@example.com")))
.with(csrf()))
.andExpect(status().isOk())
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.status").value("APPROVED"));
}
@Test
@DisplayName("should return 404 when request not found")
void approveMappingRequest_NotFound() throws Exception {
UUID requestId = UUID.randomUUID();
com.hithomelabs.CFTunnels.Entity.User approverUser = new com.hithomelabs.CFTunnels.Entity.User();
approverUser.setEmail("approver@example.com");
approverUser.setName("Approver");
when(mappingRequestService.approveRequest(eq(requestId), any(com.hithomelabs.CFTunnels.Entity.User.class)))
.thenThrow(new NoSuchElementException("Request not found"));
when(userRepository.findByEmail("approver@example.com"))
.thenReturn(java.util.Optional.of(approverUser));
mockMvc.perform(put("/cloudflare/requests/{requestId}/approve", requestId)
.with(oauth2Login().oauth2User(buildOidcUserWithEmail("approver", Groups.SYSTEM_ADMIN, "approver@example.com")))
.with(csrf()))
.andExpect(status().isNotFound());
}
@Test
@DisplayName("should return 500 when mapping creation fails")
void approveMappingRequest_InternalServerError() throws Exception {
UUID requestId = UUID.randomUUID();
com.hithomelabs.CFTunnels.Entity.User approverUser = new com.hithomelabs.CFTunnels.Entity.User();
approverUser.setEmail("approver@example.com");
approverUser.setName("Approver");
when(mappingRequestService.approveRequest(eq(requestId), any(com.hithomelabs.CFTunnels.Entity.User.class)))
.thenThrow(new RuntimeException("Failed to add mapping to Cloudflare"));
when(userRepository.findByEmail("approver@example.com"))
.thenReturn(java.util.Optional.of(approverUser));
mockMvc.perform(put("/cloudflare/requests/{requestId}/approve", requestId)
.with(oauth2Login().oauth2User(buildOidcUserWithEmail("approver", Groups.SYSTEM_ADMIN, "approver@example.com")))
.with(csrf()))
.andExpect(status().isInternalServerError());
}
@Test
@DisplayName("should reject mapping request successfully")
void rejectMappingRequest_Success() throws Exception {
UUID requestId = UUID.randomUUID();
com.hithomelabs.CFTunnels.Entity.User rejecterUser = new com.hithomelabs.CFTunnels.Entity.User();
rejecterUser.setEmail("rejecter@example.com");
rejecterUser.setName("Rejecter");
com.hithomelabs.CFTunnels.Entity.Request rejectedRequest = new com.hithomelabs.CFTunnels.Entity.Request();
rejectedRequest.setId(requestId);
rejectedRequest.setStatus(com.hithomelabs.CFTunnels.Entity.Request.RequestStatus.REJECTED);
when(mappingRequestService.rejectRequest(eq(requestId), any(com.hithomelabs.CFTunnels.Entity.User.class)))
.thenReturn(rejectedRequest);
when(userRepository.findByEmail("rejecter@example.com"))
.thenReturn(java.util.Optional.of(rejecterUser));
mockMvc.perform(put("/cloudflare/requests/{requestId}/reject", requestId)
.with(oauth2Login().oauth2User(buildOidcUserWithEmail("rejecter", Groups.SYSTEM_ADMIN, "rejecter@example.com")))
.with(csrf()))
.andExpect(status().isOk())
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.status").value("REJECTED"));
}
@Test
@DisplayName("should return 404 when rejecting non-existent request")
void rejectMappingRequest_NotFound() throws Exception {
UUID requestId = UUID.randomUUID();
com.hithomelabs.CFTunnels.Entity.User rejecterUser = new com.hithomelabs.CFTunnels.Entity.User();
rejecterUser.setEmail("rejecter@example.com");
rejecterUser.setName("Rejecter");
when(mappingRequestService.rejectRequest(eq(requestId), any(com.hithomelabs.CFTunnels.Entity.User.class)))
.thenThrow(new NoSuchElementException("Request not found"));
when(userRepository.findByEmail("rejecter@example.com"))
.thenReturn(java.util.Optional.of(rejecterUser));
mockMvc.perform(put("/cloudflare/requests/{requestId}/reject", requestId)
.with(oauth2Login().oauth2User(buildOidcUserWithEmail("rejecter", Groups.SYSTEM_ADMIN, "rejecter@example.com")))
.with(csrf()))
.andExpect(status().isNotFound());
}
@Test
@DisplayName("should return 409 when rejecting already processed request")
void rejectMappingRequest_Conflict() throws Exception {
UUID requestId = UUID.randomUUID();
com.hithomelabs.CFTunnels.Entity.User rejecterUser = new com.hithomelabs.CFTunnels.Entity.User();
rejecterUser.setEmail("rejecter@example.com");
rejecterUser.setName("Rejecter");
when(mappingRequestService.rejectRequest(eq(requestId), any(com.hithomelabs.CFTunnels.Entity.User.class)))
.thenThrow(new IllegalStateException("Request is not in PENDING status"));
when(userRepository.findByEmail("rejecter@example.com"))
.thenReturn(java.util.Optional.of(rejecterUser));
mockMvc.perform(put("/cloudflare/requests/{requestId}/reject", requestId)
.with(oauth2Login().oauth2User(buildOidcUserWithEmail("rejecter", Groups.SYSTEM_ADMIN, "rejecter@example.com")))
.with(csrf()))
.andExpect(status().isConflict());
}
@Test
void getTunnelConfigurations() throws Exception {
Map<String, Object> tunnelData = Map.of("config", Map.of("result", "success", "ingress", "sample ingress object"));
ResponseEntity<Map> mockResponse = new ResponseEntity<>(tunnelData, HttpStatus.OK);
when(cloudflareAPIService.getCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(Map.class))).thenReturn(mockResponse);
mockMvc.perform(get("/cloudflare/tunnels/{tunnelId}/mappings", "sampleTunnelId")
.with(oauth2Login().oauth2User(buildOidcUser("username", Groups.HOMELAB_DEVELOPER))))
.andExpect(status().isOk())
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.data.config.ingress").value("sample ingress object"));
}
@Test
void addTunnelconfiguration() throws Exception {
when(restTemplateConfig.restTemplate()).thenReturn(new RestTemplate());
ObjectMapper mapper = new ObjectMapper();
TunnelResponse tunnelStateBefore = mapper.readValue(withoutAdditionalIngress, TunnelResponse.class);
ResponseEntity<TunnelResponse> tunnelResponseBefore = new ResponseEntity<>(tunnelStateBefore, HttpStatus.OK);
when(cloudflareAPIService.getCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(TunnelResponse.class))).thenReturn(tunnelResponseBefore);
TunnelResponse expectedTunnelConfig = mapper.readValue(withAdditionalIngress, TunnelResponse.class);
ResponseEntity<TunnelResponse> expectedHttpTunnelResponse = new ResponseEntity<>(expectedTunnelConfig, HttpStatus.OK);
when(cloudflareAPIService.putCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(TunnelResponse.class), any(Config.class))).thenReturn(expectedHttpTunnelResponse);
mockMvc.perform(post("/cloudflare/tunnels/{tunnelId}/mappings", "sampleTunnelId")
.with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
.with(csrf())
.contentType(MediaType.APPLICATION_JSON)
.content(ingressJson))
.andExpect(status().isOk())
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.data.result.config.ingress[*].hostname", hasItem("random.hithomelabs.com")));
}
private Request createTestRequest(UUID id, Request.RequestStatus status) {
Request request = new Request();
request.setId(id);
request.setStatus(status);
return request;
}
@Test
void deleteTunnelConfiguration() throws Exception {
when(restTemplateConfig.restTemplate()).thenReturn(new RestTemplate());
ObjectMapper mapper = new ObjectMapper();
TunnelResponse tunnelStateBefore = mapper.readValue(withAdditionalIngress, TunnelResponse.class);
ResponseEntity<TunnelResponse> tunnelResponseBefore = new ResponseEntity<>(tunnelStateBefore, HttpStatus.OK);
when(cloudflareAPIService.getCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(TunnelResponse.class))).thenReturn(tunnelResponseBefore);
TunnelResponse expectedTunnelConfig = mapper.readValue(withoutAdditionalIngress, TunnelResponse.class);
ResponseEntity<TunnelResponse> expectedHttpTunnelResponse = new ResponseEntity<>(expectedTunnelConfig, HttpStatus.OK);
when(cloudflareAPIService.putCloudflareTunnelConfigurations(eq("sampleTunnelId"), any(RestTemplate.class), eq(TunnelResponse.class), any(Config.class))).thenReturn(expectedHttpTunnelResponse);
mockMvc.perform(delete("/cloudflare/tunnels/{tunnelId}/mappings", "sampleTunnelId")
.with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
.with(csrf())
.contentType(MediaType.APPLICATION_JSON)
.content(ingressJson))
.andExpect(status().isOk())
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.data.result.config.ingress[*].hostname", not(hasItem("random.hithomelabs.com"))));
}
@Test
@DisplayName("should return 200 OK with tunnel when tunnel is successfully updated")
void configureTunnelForEnvironment_Success() throws Exception {
Tunnel tunnel = new Tunnel(UUID.randomUUID(), "dev", "test-tunnel");
when(cloudflareAPIService.createOrUpdateTunnel(eq("test-tunnel-id"), any(String.class))).thenReturn(tunnel);
mockMvc.perform(put("/cloudflare/tunnels/configure/{tunnelId}", "test-tunnel-id")
.with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
.with(csrf()))
.andExpect(status().isOk())
.andExpect(MockMvcResultMatchers.content().contentType(MediaType.APPLICATION_JSON))
.andExpect(jsonPath("$.name").value("test-tunnel"))
.andExpect(jsonPath("$.environment").value("dev"));
}
@Test
@DisplayName("should return 204 NO_CONTENT when tunnel does not need changes")
void configureTunnelForEnvironment_NoContent() throws Exception {
when(cloudflareAPIService.createOrUpdateTunnel(eq("test-tunnel-id"), any(String.class))).thenReturn(null);
mockMvc.perform(put("/cloudflare/tunnels/configure/{tunnelId}", "test-tunnel-id")
.with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
.with(csrf()))
.andExpect(status().isNoContent());
}
@Test
@DisplayName("should return 404 NOT_FOUND when tunnelId is not valid")
void configureTunnelForEnvironment_NotFound() throws Exception {
when(cloudflareAPIService.createOrUpdateTunnel(eq("invalid-tunnel-id"), any(String.class)))
.thenThrow(new NoSuchElementException("Tunnel not found"));
mockMvc.perform(put("/cloudflare/tunnels/configure/{tunnelId}", "invalid-tunnel-id")
.with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
.with(csrf()))
.andExpect(status().isNotFound());
}
@Test
@DisplayName("should return 500 INTERNAL_SERVER_ERROR when runtime exception occurs")
void configureTunnelForEnvironment_InternalServerError() throws Exception {
when(cloudflareAPIService.createOrUpdateTunnel(eq("test-tunnel-id"), any(String.class)))
.thenThrow(new RuntimeException("Internal error"));
mockMvc.perform(put("/cloudflare/tunnels/configure/{tunnelId}", "test-tunnel-id")
.with(oauth2Login().oauth2User(buildOidcUser("admin", Groups.SYSTEM_ADMIN)))
.with(csrf()))
.andExpect(status().isInternalServerError());
}
}

108
src/test/java/com/hithomelabs/CFTunnels/Integration/CoudflareApiIntegrationTest.java
View File

@ -1,108 +0,0 @@
package com.hithomelabs.CFTunnels.Integration;
import com.hithomelabs.CFTunnels.Config.CloudflareConfig;
import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
import com.hithomelabs.CFTunnels.Models.Config;
import com.hithomelabs.CFTunnels.Models.Ingress;
import com.hithomelabs.CFTunnels.Models.TunnelResponse;
import com.hithomelabs.CFTunnels.Models.TunnelResult;
import com.hithomelabs.CFTunnels.Models.TunnelsResponse;
import com.hithomelabs.CFTunnels.Services.CloudflareAPIService;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.web.client.RestTemplate;
import java.util.List;
import static org.junit.jupiter.api.Assertions.*;
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@ActiveProfiles("integration")
@Tag("integration")
public class CoudflareApiIntegrationTest {
@Autowired
RestTemplate restTemplate;
@Autowired
AuthKeyEmailHeader authKeyEmailHeader;
@Autowired
CloudflareConfig cloudflareConfig;
@Autowired
CloudflareAPIService cloudflareAPIService;
private static final String DEV_TUNNEL_ID = "50df9101-f625-4618-b7c5-100338a57124";
@Test
@DisplayName("Calls cloudflare cfd tunnels API and checks that dev tunnel should be a part of the response")
public void testGetTunnelsTest() {
ResponseEntity<TunnelsResponse> response = cloudflareAPIService.getCloudflareTunnels();
assertEquals(HttpStatus.OK, response.getStatusCode());
List<TunnelResult> tunnelList = response.getBody().getResult();
boolean hasName = tunnelList.stream()
.anyMatch(tunnel -> "devtunnel".equals(tunnel.getName()));
assertTrue(hasName);
}
@Test
@DisplayName("Calls cloudflare API to get mappings for devtunnel tunnel")
public void testTunnelConfigurations() {
ResponseEntity<TunnelResponse> responseEntity = cloudflareAPIService.getCloudflareTunnelConfigurations(DEV_TUNNEL_ID, restTemplate, TunnelResponse.class);
// * * Check if status code is 200
assertEquals(HttpStatus.OK, responseEntity.getStatusCode());
// * * Checking if mapping for devdocker exists
TunnelResponse tunnelResponse = responseEntity.getBody();
boolean hasMatch = tunnelResponse.getResult().getConfig().getIngress().stream()
.anyMatch(ingress -> "devdocker.hithomelabs.com".equals(ingress.getHostname()));
assertTrue(hasMatch);
}
@Test
@DisplayName("Inserts and deletes a mapping using Cloudflare API")
public void testAddAndDeleteMapping() {
ResponseEntity<TunnelResponse> beforeMapping = cloudflareAPIService.getCloudflareTunnelConfigurations(DEV_TUNNEL_ID, restTemplate, TunnelResponse.class);
assertEquals(HttpStatus.OK, beforeMapping.getStatusCode());
Ingress ingress = new Ingress();
ingress.setHostname("random.hithomelabs.com");
ingress.setService("http://192.168.0.100:3457");
Config beforeInsertConfig = beforeMapping.getBody().getResult().getConfig();
List<Ingress> beforeInsert = beforeInsertConfig.getIngress();
beforeInsert.add(beforeInsert.size() - 1, ingress);
ResponseEntity<TunnelResponse> afterInsert = cloudflareAPIService.putCloudflareTunnelConfigurations(DEV_TUNNEL_ID, restTemplate, TunnelResponse.class, beforeInsertConfig);
assertEquals(HttpStatus.OK, afterInsert.getStatusCode());
Config afterInsertConfig = afterInsert.getBody().getResult().getConfig();
List<Ingress> ingressList = afterInsertConfig.getIngress();
boolean hasIngress = ingressList.get(ingressList.size() - 2 ).getHostname().equals("random.hithomelabs.com");
assertTrue(hasIngress);
Boolean deleteSuccess = Ingress.deleteByHostName(ingressList, ingress.getHostname());
assertTrue(deleteSuccess);
ResponseEntity<TunnelResponse> afterDelete = cloudflareAPIService.putCloudflareTunnelConfigurations(DEV_TUNNEL_ID, restTemplate, TunnelResponse.class, afterInsertConfig);
assertEquals(HttpStatus.OK, afterDelete.getStatusCode());
assertFalse(afterDelete.getBody().getResult().getConfig().getIngress().stream().anyMatch(anyIngress -> "random.hithomelabs.com".equals(anyIngress.getHostname())));
}
}

179
src/test/java/com/hithomelabs/CFTunnels/Repositories/RequestRepositoryTest.java
View File

@ -1,179 +0,0 @@
package com.hithomelabs.CFTunnels.Repositories;
import com.hithomelabs.CFTunnels.Entity.Mapping;
import com.hithomelabs.CFTunnels.Entity.Protocol;
import com.hithomelabs.CFTunnels.Entity.Request;
import com.hithomelabs.CFTunnels.Entity.Tunnel;
import com.hithomelabs.CFTunnels.Entity.User;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
import org.springframework.boot.test.autoconfigure.jdbc.AutoConfigureTestDatabase;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.TestPropertySource;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
import static org.assertj.core.api.Assertions.assertThat;
@DataJpaTest
@AutoConfigureTestDatabase(replace = AutoConfigureTestDatabase.Replace.ANY)
@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_EACH_TEST_METHOD)
@TestPropertySource(properties = {
"spring.jpa.hibernate.ddl-auto=create-drop",
"spring.jpa.show-sql=false",
"spring.sql.init.mode=never"
})
class RequestRepositoryTest {
@Autowired
private RequestRepository requestRepository;
@Autowired
private TunnelRepository tunnelRepository;
@Autowired
private MappingRepository mappingRepository;
@Autowired
private UserRepository userRepository;
private Tunnel tunnel;
private User createdByUser;
private User acceptedByUser;
private Mapping mapping;
@BeforeEach
void setUp() {
tunnel = new Tunnel();
tunnel.setId(UUID.randomUUID());
tunnel.setEnvironment("test");
tunnel.setName("test-tunnel");
tunnel = tunnelRepository.save(tunnel);
createdByUser = new User();
createdByUser.setEmail("creator@example.com");
createdByUser.setName("Creator User");
createdByUser = userRepository.save(createdByUser);
acceptedByUser = new User();
acceptedByUser.setEmail("approver@example.com");
acceptedByUser.setName("Approver User");
acceptedByUser = userRepository.save(acceptedByUser);
mapping = new Mapping();
mapping.setTunnel(tunnel);
mapping.setPort(8080);
mapping.setProtocol(Protocol.HTTP);
mapping.setSubdomain("test-subdomain");
mapping = mappingRepository.save(mapping);
}
@Test
@DisplayName("findAllWithDetails should return requests with all relationships loaded")
void findAllWithDetails_ShouldReturnRequestsWithAllRelationships() {
Request request = new Request();
request.setMapping(mapping);
request.setCreatedBy(createdByUser);
request.setAcceptedBy(acceptedByUser);
request.setStatus(Request.RequestStatus.PENDING);
requestRepository.save(request);
List<Request> results = requestRepository.findAllWithDetails();
assertThat(results).hasSize(1);
Request result = results.get(0);
assertThat(result.getMapping()).isNotNull();
assertThat(result.getMapping().getTunnel()).isNotNull();
assertThat(result.getCreatedBy()).isNotNull();
assertThat(result.getAcceptedBy()).isNotNull();
}
@Test
@DisplayName("findByIdWithDetails should return request with all relationships loaded")
void findByIdWithDetails_ShouldReturnRequestWithAllRelationships() {
Request request = new Request();
request.setMapping(mapping);
request.setCreatedBy(createdByUser);
request.setAcceptedBy(acceptedByUser);
request.setStatus(Request.RequestStatus.PENDING);
UUID requestId = requestRepository.save(request).getId();
Optional<Request> result = requestRepository.findByIdWithDetails(requestId);
assertThat(result).isPresent();
assertThat(result.get().getMapping()).isNotNull();
assertThat(result.get().getMapping().getTunnel()).isNotNull();
assertThat(result.get().getCreatedBy()).isNotNull();
assertThat(result.get().getAcceptedBy()).isNotNull();
}
@Test
@DisplayName("findByIdWithDetails should return empty for non-existent id")
void findByIdWithDetails_ShouldReturnEmptyForNonExistentId() {
Optional<Request> result = requestRepository.findByIdWithDetails(UUID.randomUUID());
assertThat(result).isEmpty();
}
@Test
@DisplayName("findAllWithDetails should return empty list when no requests exist")
void findAllWithDetails_ShouldReturnEmptyListWhenNoRequests() {
List<Request> results = requestRepository.findAllWithDetails();
assertThat(results).isEmpty();
}
@Test
@DisplayName("findAllWithDetails should handle multiple requests with different statuses")
void findAllWithDetails_ShouldHandleMultipleRequests() {
Mapping mapping1 = new Mapping();
mapping1.setTunnel(tunnel);
mapping1.setPort(8080);
mapping1.setProtocol(Protocol.HTTP);
mapping1.setSubdomain("pending-subdomain");
mapping1 = mappingRepository.save(mapping1);
Mapping mapping2 = new Mapping();
mapping2.setTunnel(tunnel);
mapping2.setPort(8081);
mapping2.setProtocol(Protocol.HTTP);
mapping2.setSubdomain("approved-subdomain");
mapping2 = mappingRepository.save(mapping2);
Mapping mapping3 = new Mapping();
mapping3.setTunnel(tunnel);
mapping3.setPort(8082);
mapping3.setProtocol(Protocol.HTTP);
mapping3.setSubdomain("rejected-subdomain");
mapping3 = mappingRepository.save(mapping3);
Request pendingRequest = new Request();
pendingRequest.setMapping(mapping1);
pendingRequest.setCreatedBy(createdByUser);
pendingRequest.setStatus(Request.RequestStatus.PENDING);
requestRepository.save(pendingRequest);
Request approvedRequest = new Request();
approvedRequest.setMapping(mapping2);
approvedRequest.setCreatedBy(createdByUser);
approvedRequest.setAcceptedBy(acceptedByUser);
approvedRequest.setStatus(Request.RequestStatus.APPROVED);
requestRepository.save(approvedRequest);
Request rejectedRequest = new Request();
rejectedRequest.setMapping(mapping3);
rejectedRequest.setCreatedBy(createdByUser);
rejectedRequest.setAcceptedBy(acceptedByUser);
rejectedRequest.setStatus(Request.RequestStatus.REJECTED);
requestRepository.save(rejectedRequest);
List<Request> results = requestRepository.findAllWithDetails();
assertThat(results).hasSize(3);
}
}

265
src/test/java/com/hithomelabs/CFTunnels/Services/CloudflareAPIServiceTest.java
View File

@ -1,265 +0,0 @@
package com.hithomelabs.CFTunnels.Services;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.hithomelabs.CFTunnels.Config.CloudflareConfig;
import com.hithomelabs.CFTunnels.Entity.Tunnel;
import com.hithomelabs.CFTunnels.Exceptions.ExternalServiceException;
import com.hithomelabs.CFTunnels.Headers.AuthKeyEmailHeader;
import com.hithomelabs.CFTunnels.Models.Config;
import com.hithomelabs.CFTunnels.Models.Ingress;
import com.hithomelabs.CFTunnels.Models.TunnelResponse;
import com.hithomelabs.CFTunnels.Models.TunnelResult;
import com.hithomelabs.CFTunnels.Models.TunnelsResponse;
import com.hithomelabs.CFTunnels.Repositories.TunnelRepository;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.http.*;
import org.springframework.web.client.RestTemplate;
import java.io.IOException;
import java.util.List;
import java.util.NoSuchElementException;
import java.util.Optional;
import java.util.UUID;
import static com.hithomelabs.CFTunnels.TestUtils.Util.getClassPathDataResource;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
@ExtendWith(MockitoExtension.class)
class CloudflareAPIServiceTest {
@InjectMocks
private CloudflareAPIService cloudflareAPIService;
@Mock
AuthKeyEmailHeader authKeyEmailHeader;
@Mock
private RestTemplate restTemplate;
@Mock
CloudflareConfig cloudflareConfig;
@Mock
TunnelRepository tunnelRepository;
private static final String tunnelResponseLargeIngressFile = "tunnelResponseLargeIngress.json";
private static final String bigTunnelResponse;
static {
try {
bigTunnelResponse = getClassPathDataResource(tunnelResponseLargeIngressFile);
} catch (IOException e) {
throw new RuntimeException(e);
}
}
@Test
void testGetCloudflareTunnels() {
when(cloudflareConfig.getAccountId()).thenReturn("account-123");
when(authKeyEmailHeader.getHttpHeaders()).thenReturn(new HttpHeaders());
List<TunnelResult> tunnelResults = List.of(new TunnelResult("t1", "test-tunnel"));
TunnelsResponse mockBody = new TunnelsResponse(tunnelResults, null, null, true);
ResponseEntity<TunnelsResponse> mockResponse = new ResponseEntity<>(mockBody, HttpStatus.OK);
when(restTemplate.exchange(
any(String.class),
eq(HttpMethod.GET),
any(HttpEntity.class),
eq(TunnelsResponse.class)
)).thenReturn(mockResponse);
ResponseEntity<TunnelsResponse> response = cloudflareAPIService.getCloudflareTunnels();
assertEquals(HttpStatus.OK, response.getStatusCode());
}
@Test
void getCloudflareTunnelConfigurations() throws JsonProcessingException {
when(cloudflareConfig.getAccountId()).thenReturn("account-123");
when(authKeyEmailHeader.getHttpHeaders()).thenReturn(new HttpHeaders());
TunnelResponse tunnelResponse = new ObjectMapper().readValue(bigTunnelResponse, TunnelResponse.class);
ResponseEntity<TunnelResponse> tunnelResponseResponseEntity = new ResponseEntity<>(tunnelResponse, HttpStatus.OK);
when(restTemplate.exchange(
any(String.class),
eq(HttpMethod.GET),
any(HttpEntity.class),
eq(TunnelResponse.class)
)).thenReturn(tunnelResponseResponseEntity);
ResponseEntity<TunnelResponse> response = cloudflareAPIService.getCloudflareTunnelConfigurations("sampleTunnelID", restTemplate, TunnelResponse.class);
assertEquals(HttpStatus.OK, response.getStatusCode());
assertEquals(response.getBody().getResult().getConfig().getIngress().get(0).getHostname(), "giteabkp.hithomelabs.com");
}
@Test
void putCloudflareTunnelConfigurations() throws JsonProcessingException {
when(cloudflareConfig.getAccountId()).thenReturn("account-123");
when(authKeyEmailHeader.getHttpHeaders()).thenReturn(new HttpHeaders());
TunnelResponse tunnelResponse = new ObjectMapper().readValue(bigTunnelResponse, TunnelResponse.class);
ResponseEntity<TunnelResponse> tunnelResponseResponseEntity = new ResponseEntity<>(tunnelResponse, HttpStatus.OK);
Config config = tunnelResponse.getResult().getConfig();
when(restTemplate.exchange(
any(String.class),
eq(HttpMethod.PUT),
any(HttpEntity.class),
eq(TunnelResponse.class)
)).thenReturn(tunnelResponseResponseEntity);
ResponseEntity<TunnelResponse> response = cloudflareAPIService.putCloudflareTunnelConfigurations("sampleTunnelID", restTemplate, TunnelResponse.class, config);
assertEquals(HttpStatus.OK, response.getStatusCode());
assertEquals(response.getBody().getResult().getConfig().getIngress().get(2).getHostname(), "random.hithomelabs.com");
}
@Test
void createOrUpdateTunnel_Success() {
String tunnelId = "50df9101-f625-4618-b7c5-100338a57124";
String environment = "dev";
List<TunnelResult> tunnelResults = List.of(new TunnelResult(tunnelId, "devtunnel"));
TunnelsResponse mockBody = new TunnelsResponse(tunnelResults, null, null, true);
ResponseEntity<TunnelsResponse> mockResponse = new ResponseEntity<>(mockBody, HttpStatus.OK);
when(restTemplate.exchange(
any(String.class),
eq(HttpMethod.GET),
any(HttpEntity.class),
eq(TunnelsResponse.class)
)).thenReturn(mockResponse);
when(tunnelRepository.findById(UUID.fromString(tunnelId))).thenReturn(Optional.empty());
Tunnel result = cloudflareAPIService.createOrUpdateTunnel(tunnelId, environment);
assertEquals(UUID.fromString(tunnelId), result.getId());
assertEquals("devtunnel", result.getName());
assertEquals(environment, result.getEnvironment());
verify(tunnelRepository).save(any(Tunnel.class));
}
@Test
void createOrUpdateTunnel_UpdatesExistingTunnel() {
String tunnelId = "50df9101-f625-4618-b7c5-100338a57124";
String environment = "prod";
List<TunnelResult> tunnelResults = List.of(new TunnelResult(tunnelId, "devtunnel"));
TunnelsResponse mockBody = new TunnelsResponse(tunnelResults, null, null, true);
ResponseEntity<TunnelsResponse> mockResponse = new ResponseEntity<>(mockBody, HttpStatus.OK);
when(restTemplate.exchange(
any(String.class),
eq(HttpMethod.GET),
any(HttpEntity.class),
eq(TunnelsResponse.class)
)).thenReturn(mockResponse);
Tunnel existingTunnel = new Tunnel(UUID.fromString(tunnelId), "dev", "oldname");
when(tunnelRepository.findById(UUID.fromString(tunnelId))).thenReturn(Optional.of(existingTunnel));
cloudflareAPIService.createOrUpdateTunnel(tunnelId, environment);
verify(tunnelRepository).deleteById(UUID.fromString(tunnelId));
verify(tunnelRepository).save(any(Tunnel.class));
}
@Test
void createOrUpdateTunnel_ThrowsExternalServiceExceptionOnApiError() {
String tunnelId = "50df9101-f625-4618-b7c5-100338a57124";
ResponseEntity<TunnelsResponse> mockResponse = new ResponseEntity<>(null, HttpStatus.INTERNAL_SERVER_ERROR);
when(restTemplate.exchange(
any(String.class),
eq(HttpMethod.GET),
any(HttpEntity.class),
eq(TunnelsResponse.class)
)).thenReturn(mockResponse);
assertThrows(ExternalServiceException.class, () ->
cloudflareAPIService.createOrUpdateTunnel(tunnelId, "dev")
);
}
@Test
void createOrUpdateTunnel_ThrowsNoSuchElementExceptionWhenTunnelNotFound() {
String tunnelId = "50df9101-f625-4618-b7c5-100338a57124";
List<TunnelResult> tunnelResults = List.of(new TunnelResult("other-tunnel-id", "othertunnel"));
TunnelsResponse mockBody = new TunnelsResponse(tunnelResults, null, null, true);
ResponseEntity<TunnelsResponse> mockResponse = new ResponseEntity<>(mockBody, HttpStatus.OK);
when(restTemplate.exchange(
any(String.class),
eq(HttpMethod.GET),
any(HttpEntity.class),
eq(TunnelsResponse.class)
)).thenReturn(mockResponse);
assertThrows(NoSuchElementException.class, () ->
cloudflareAPIService.createOrUpdateTunnel(tunnelId, "dev")
);
}
@Test
void getAllConfiguredTunnels_ReturnsAllTunnels() {
List<Tunnel> tunnels = List.of(
new Tunnel(UUID.fromString("50df9101-f625-4618-b7c5-100338a57124"), "dev", "devtunnel"),
new Tunnel(UUID.fromString("60df9101-f625-4618-b7c5-100338a57125"), "prod", "prodtunnel")
);
when(tunnelRepository.findAll()).thenReturn(tunnels);
List<Tunnel> result = cloudflareAPIService.getAllConfiguredTunnels();
assertEquals(2, result.size());
assertEquals("devtunnel", result.get(0).getName());
assertEquals("prodtunnel", result.get(1).getName());
}
@Test
void addTunnelIngress_Success() throws JsonProcessingException {
String tunnelId = "50df9101-f625-4618-b7c5-100338a57124";
Ingress ingress = new Ingress("http://192.168.0.100:8080", "test.hithomelabs.com", null, null);
when(cloudflareConfig.getAccountId()).thenReturn("account-123");
when(authKeyEmailHeader.getHttpHeaders()).thenReturn(new HttpHeaders());
TunnelResponse tunnelResponse = new ObjectMapper().readValue(bigTunnelResponse, TunnelResponse.class);
ResponseEntity<TunnelResponse> getResponse = new ResponseEntity<>(tunnelResponse, HttpStatus.OK);
when(restTemplate.exchange(
any(String.class),
eq(HttpMethod.GET),
any(HttpEntity.class),
eq(TunnelResponse.class)
)).thenReturn(getResponse);
ResponseEntity<TunnelResponse> putResponse = new ResponseEntity<>(tunnelResponse, HttpStatus.OK);
when(restTemplate.exchange(
any(String.class),
eq(HttpMethod.PUT),
any(HttpEntity.class),
eq(TunnelResponse.class)
)).thenReturn(putResponse);
ResponseEntity<TunnelResponse> result = cloudflareAPIService.addTunnelIngress(tunnelId, ingress);
assertEquals(HttpStatus.OK, result.getStatusCode());
}
}

17
src/test/java/com/hithomelabs/CFTunnels/TestUtils/Util.java
View File

@ -1,17 +0,0 @@
package com.hithomelabs.CFTunnels.TestUtils;
import org.springframework.core.io.ClassPathResource;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
public class Util {
public static String getClassPathDataResource(String filename) throws IOException {
return Files.readString(
new ClassPathResource(String.format("data/%s", filename)).getFile().toPath(),
StandardCharsets.UTF_8);
}
}

38
src/test/resources/data/tunnelResponseLargeIngress.json
View File

@ -1,38 +0,0 @@
{
"success": true,
"errors": [],
"messages": [],
"result": {
"tunnel_id": "50df9101-f625-4618-b7c5-100338a57124",
"version": 63,
"config": {
"ingress": [
{
"service": "http://192.168.0.100:8928",
"hostname": "giteabkp.hithomelabs.com",
"originRequest": {}
},
{
"service": "https://192.168.0.100:9442",
"hostname": "devdocker.hithomelabs.com",
"originRequest": {
"noTLSVerify": true
}
},
{
"service": "http://192.168.0.100:3457",
"hostname": "random.hithomelabs.com",
"originRequest": {}
},
{
"service": "http_status:404"
}
],
"warp-routing": {
"enabled": false
}
},
"source": "cloudflare",
"created_at": "2025-10-24T18:17:26.914217Z"
}
}

33
src/test/resources/data/tunnelResponseSmallIngress.json
View File

@ -1,33 +0,0 @@
{
"success": true,
"errors": [],
"messages": [],
"result": {
"tunnel_id": "50df9101-f625-4618-b7c5-100338a57124",
"version": 63,
"config": {
"ingress": [
{
"service": "http://192.168.0.100:8928",
"hostname": "giteabkp.hithomelabs.com",
"originRequest": {}
},
{
"service": "https://192.168.0.100:9442",
"hostname": "devdocker.hithomelabs.com",
"originRequest": {
"noTLSVerify": true
}
},
{
"service": "http_status:404"
}
],
"warp-routing": {
"enabled": false
}
},
"source": "cloudflare",
"created_at": "2025-10-24T18:17:26.914217Z"
}
}

13
src/test/resources/docker-compose.yaml
View File

@ -1,13 +0,0 @@
services:
postgres:
image: postgres:15-alpine
container_name: cftunnel-db-${ENV}
environment:
POSTGRES_DB: cftunnel
POSTGRES_USER: ${POSTGRES_USERNAME}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
restart: unless-stopped
ports:
- "${DB_PORT}:5432"
volumes:
- ${DB_PATH}:/var/lib/postgresql/data