#!/bin/bash source ~/.bashrc # Test Cloudflare API Connection Script # Tests connectivity and authentication to Cloudflare using .env credentials set -e # Colors for output RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' # Load environment variables from .env if it exists if [ -f .env ]; then set -a source <(grep -v '^#' .env | grep -v '^$' | sed 's/#.*$//' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | grep '=') set +a fi # Cloudflare configuration (support multiple variable names) CLOUDFLARE_API_TOKEN="${CLOUDFLARE_API_TOKEN:-${CLOUDFLARE_API_KEY:-}}" CLOUDFLARE_TUNNEL_TOKEN="${CLOUDFLARE_TUNNEL_TOKEN:-}" CLOUDFLARE_ACCOUNT_EMAIL="${CLOUDFLARE_ACCOUNT_EMAIL:-}" CLOUDFLARE_ACCOUNT_ID="${CLOUDFLARE_ACCOUNT_ID:-}" CLOUDFLARE_ZONE_ID="${CLOUDFLARE_ZONE_ID:-}" CLOUDFLARE_DOMAIN="${CLOUDFLARE_DOMAIN:-}" log_info() { echo -e "${GREEN}[INFO]${NC} $1" } log_warn() { echo -e "${YELLOW}[WARN]${NC} $1" } log_error() { echo -e "${RED}[ERROR]${NC} $1" } log_test() { echo -e "${BLUE}[TEST]${NC} $1" } test_cloudflare_api() { log_test "Testing Cloudflare API connection..." if [ -z "$CLOUDFLARE_API_TOKEN" ]; then log_error "CLOUDFLARE_API_TOKEN not set (check .env file)" return 1 fi # Test API token authentication log_test " Testing API token authentication..." local api_response=$(curl -s -X GET "https://api.cloudflare.com/client/v4/user/tokens/verify" \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ -H "Content-Type: application/json" 2>&1) if echo "$api_response" | grep -q '"success":true'; then echo -e " ${GREEN}✓${NC} API token authentication successful" # Extract account information local account_id=$(echo "$api_response" | grep -o '"id":"[^"]*' | head -1 | cut -d'"' -f4) local account_email=$(echo "$api_response" | grep -o '"email":"[^"]*' | cut -d'"' -f4) local status=$(echo "$api_response" | grep -o '"status":"[^"]*' | cut -d'"' -f4) echo " Account ID: $account_id" echo " Account Email: $account_email" echo " Status: $status" # Test account information retrieval log_test " Testing account information retrieval..." local account_response=$(curl -s -X GET "https://api.cloudflare.com/client/v4/accounts" \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ -H "Content-Type: application/json" 2>&1) if echo "$account_response" | grep -q '"success":true'; then echo -e " ${GREEN}✓${NC} Account information retrieved" local account_count=$(echo "$account_response" | grep -o '"id":"[^"]*' | wc -l) echo " Accounts found: $account_count" else echo -e " ${YELLOW}⚠${NC} Could not retrieve account information" fi # Test Zero Trust API (if available) log_test " Testing Zero Trust API access..." local zero_trust_response=$(curl -s -X GET "https://api.cloudflare.com/client/v4/accounts/$account_id/gateway/locations" \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ -H "Content-Type: application/json" 2>&1) if echo "$zero_trust_response" | grep -q '"success":true'; then echo -e " ${GREEN}✓${NC} Zero Trust API accessible" elif echo "$zero_trust_response" | grep -q '"errors"'; then local error_code=$(echo "$zero_trust_response" | grep -o '"code":[0-9]*' | head -1 | cut -d':' -f2) if [ "$error_code" = "10004" ]; then echo -e " ${YELLOW}⚠${NC} Zero Trust not enabled (error 10004)" log_info " Enable Zero Trust in Cloudflare Dashboard to use Tunnel features" else echo -e " ${YELLOW}⚠${NC} Zero Trust API error (code: $error_code)" fi else echo -e " ${YELLOW}⚠${NC} Zero Trust API test inconclusive" fi # Test Tunnel API (if Zero Trust enabled) if [ -n "$CLOUDFLARE_ACCOUNT_ID" ]; then local account_id_for_tunnel="$CLOUDFLARE_ACCOUNT_ID" else local account_id_for_tunnel="$account_id" fi log_test " Testing Tunnel API access..." local tunnel_response=$(curl -s -X GET "https://api.cloudflare.com/client/v4/accounts/$account_id_for_tunnel/cfd_tunnel" \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ -H "Content-Type: application/json" 2>&1) if echo "$tunnel_response" | grep -q '"success":true'; then echo -e " ${GREEN}✓${NC} Tunnel API accessible" local tunnel_count=$(echo "$tunnel_response" | grep -o '"id":"[^"]*' | wc -l) echo " Existing tunnels: $tunnel_count" elif echo "$tunnel_response" | grep -q '"errors"'; then local error_code=$(echo "$tunnel_response" | grep -o '"code":[0-9]*' | head -1 | cut -d':' -f2) if [ "$error_code" = "10004" ]; then echo -e " ${YELLOW}⚠${NC} Zero Trust required for Tunnel API" else echo -e " ${YELLOW}⚠${NC} Tunnel API error (code: $error_code)" fi else echo -e " ${YELLOW}⚠${NC} Tunnel API test inconclusive" fi # Test DNS API (if zone ID provided) if [ -n "$CLOUDFLARE_ZONE_ID" ]; then log_test " Testing DNS API with Zone ID..." local dns_response=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID" \ -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ -H "Content-Type: application/json" 2>&1) if echo "$dns_response" | grep -q '"success":true'; then echo -e " ${GREEN}✓${NC} Zone access successful" local zone_name=$(echo "$dns_response" | grep -o '"name":"[^"]*' | cut -d'"' -f4) local zone_status=$(echo "$dns_response" | grep -o '"status":"[^"]*' | cut -d'"' -f4) echo " Zone: $zone_name" echo " Status: $zone_status" else echo -e " ${RED}✗${NC} Zone access failed" echo " Response: $dns_response" fi else log_warn " CLOUDFLARE_ZONE_ID not set, skipping DNS zone test" fi return 0 else echo -e " ${RED}✗${NC} API token authentication failed" if echo "$api_response" | grep -q '"errors"'; then local error_msg=$(echo "$api_response" | grep -o '"message":"[^"]*' | head -1 | cut -d'"' -f4) echo " Error: $error_msg" else echo " Response: $api_response" fi return 1 fi } main() { echo "=========================================" echo "Cloudflare API Connection Test" echo "=========================================" echo "" # Check if .env file exists if [ ! -f .env ]; then log_warn ".env file not found. Using environment variables or defaults." log_warn "Create .env from .env.example and configure credentials." echo "" fi # Validate required variables if [ -z "$CLOUDFLARE_API_TOKEN" ] && [ -z "$CLOUDFLARE_API_KEY" ]; then log_error "CLOUDFLARE_API_TOKEN or CLOUDFLARE_API_KEY not set" log_info "Set it in .env file or as environment variable:" log_info " export CLOUDFLARE_API_TOKEN=your-api-token" log_info " or export CLOUDFLARE_API_KEY=your-api-key" log_info "Get token from: https://dash.cloudflare.com/profile/api-tokens" exit 1 fi echo "Configuration:" if [ -n "$CLOUDFLARE_API_TOKEN" ]; then echo " API Token: ${CLOUDFLARE_API_TOKEN:0:10}*** (hidden)" elif [ -n "$CLOUDFLARE_API_KEY" ]; then echo " API Key: ${CLOUDFLARE_API_KEY:0:10}*** (hidden)" fi if [ -n "$CLOUDFLARE_TUNNEL_TOKEN" ]; then echo " Tunnel Token: ${CLOUDFLARE_TUNNEL_TOKEN:0:10}*** (hidden)" fi if [ -n "$CLOUDFLARE_ACCOUNT_ID" ]; then echo " Account ID: $CLOUDFLARE_ACCOUNT_ID" fi if [ -n "$CLOUDFLARE_ACCOUNT_EMAIL" ]; then echo " Account Email: $CLOUDFLARE_ACCOUNT_EMAIL" fi if [ -n "$CLOUDFLARE_ZONE_ID" ]; then echo " Zone ID: $CLOUDFLARE_ZONE_ID" fi if [ -n "$CLOUDFLARE_DOMAIN" ]; then echo " Domain: $CLOUDFLARE_DOMAIN" fi echo "" # Test connection test_cloudflare_api local result=$? echo "" echo "=========================================" echo "Test Summary" echo "=========================================" if [ $result -eq 0 ]; then echo -e "${GREEN}✓${NC} Cloudflare API: Connection successful" log_info "Cloudflare API is ready for use!" exit 0 else echo -e "${RED}✗${NC} Cloudflare API: Connection failed" log_error "Check your API token and permissions." exit 1 fi } main "$@"