|
1 | | -import { BLOCK_PAGE_ENABLED, LIST_ITEM_SIZE } from "./constants.js"; |
| 1 | +import { BLOCK_PAGE_ENABLED, DEBUG, LIST_ITEM_SIZE } from "./constants.js"; |
2 | 2 | import { requestGateway } from "./helpers.js"; |
3 | 3 |
|
4 | 4 | /** |
@@ -140,6 +140,25 @@ export const deleteZeroTrustListsAtOnce = async (lists) => { |
140 | 140 | export const getZeroTrustRules = () => |
141 | 141 | requestGateway("/rules", { method: "GET" }); |
142 | 142 |
|
| 143 | +/** |
| 144 | + * Upserts a Zero Trust rule. |
| 145 | + * If a rule with the same name exists, will update it. Otherwise create a new rule. |
| 146 | + * @param {string} wirefilterExpression The expression to be used for the rule. |
| 147 | + * @param {string} name The name of the rule. |
| 148 | + * @param {string[]} filters The filters to be used for the rule. Default is ["dns"]. Possible values are ["dns", "http", "l4", "egress"]. |
| 149 | + * @returns {Promise<Object>} |
| 150 | + */ |
| 151 | +export const upsertZeroTrustRule = async (wirefilterExpression, name = "CGPS Filter Lists", filters = ["dns"]) => { |
| 152 | + const { result: existingRules} = await getZeroTrustRules(); |
| 153 | + const existingRule = existingRules.find(rule => rule.name === name); |
| 154 | + if (existingRule) { |
| 155 | + if (DEBUG) console.log(`Found "${existingRule.name}" in rules, updating...`); |
| 156 | + return updateZeroTrustRule(existingRule.id, wirefilterExpression, name, filters); |
| 157 | + } |
| 158 | + if (DEBUG) console.log(`No existing rule named "${existingRule.name}", creating...`); |
| 159 | + return createZeroTrustRule(wirefilterExpression, name, filters); |
| 160 | +} |
| 161 | + |
143 | 162 | /** |
144 | 163 | * Creates a Zero Trust rule. |
145 | 164 | * |
@@ -172,6 +191,39 @@ export const createZeroTrustRule = async (wirefilterExpression, name = "CGPS Fil |
172 | 191 | } |
173 | 192 | }; |
174 | 193 |
|
| 194 | +/** |
| 195 | + * Updates a Zero Trust rule. |
| 196 | + * |
| 197 | + * API docs: https://developers.cloudflare.com/api/operations/zero-trust-gateway-rules-update-zero-trust-gateway-rule |
| 198 | + * @param {number} id The ID of the rule to be updated. |
| 199 | + * @param {string} wirefilterExpression The expression to be used for the rule. |
| 200 | + * @param {string} name The name of the rule. |
| 201 | + * @param {string[]} filters The filters to be used for the rule. |
| 202 | + * @returns {Promise<Object>} |
| 203 | + */ |
| 204 | +export const updateZeroTrustRule = async (id, wirefilterExpression, name = "CGPS Filter Lists", filters = ["dns"]) => { |
| 205 | + try { |
| 206 | + await requestGateway(`/rules/${id}`, { |
| 207 | + method: "PUT", |
| 208 | + body: JSON.stringify({ |
| 209 | + // Name and action are required fields, even if they haven't changed. |
| 210 | + // And enabled must always be set to true, otherwise the rule will be disabled if omitted. |
| 211 | + name, |
| 212 | + action: "block", |
| 213 | + enabled: true, |
| 214 | + rule_settings: { "block_page_enabled": BLOCK_PAGE_ENABLED, "block_reason": "Blocked by CGPS, check your filter lists if this was a mistake." }, |
| 215 | + filters, |
| 216 | + traffic: wirefilterExpression, |
| 217 | + }), |
| 218 | + }); |
| 219 | + |
| 220 | + console.log("Updated existing rule successfully"); |
| 221 | + } catch (err) { |
| 222 | + console.error(`Error occurred while updating rule - ${err.toString()}`); |
| 223 | + throw err; |
| 224 | + } |
| 225 | +}; |
| 226 | + |
175 | 227 | /** |
176 | 228 | * Deletes a Zero Trust rule. |
177 | 229 | * |
|
0 commit comments