// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details. import * as Core from "../../core"; import { APIResource } from "../../resource"; import { isRequestOptions } from "../../core"; import { CloudflareError } from "../../error"; import * as AccessRulesAPI from "./access-rules"; import { V4PagePaginationArray, type V4PagePaginationArrayParams } from "../../pagination"; export class AccessRules extends APIResource { /** * Creates a new IP Access rule for an account or zone. The rule will apply to all * zones in the account or zone. * * Note: To create an IP Access rule that applies to a single zone, refer to the * [IP Access rules for a zone](#ip-access-rules-for-a-zone) endpoints. */ create( params: AccessRuleCreateParams, options?: Core.RequestOptions, ): Core.APIPromise { const { account_id, zone_id, ...body } = params; if (!account_id && !zone_id) { throw new CloudflareError('You must provide either account_id or zone_id.'); } if (account_id && zone_id) { throw new CloudflareError('You cannot provide both account_id and zone_id.'); } const { accountOrZone, accountOrZoneId } = account_id ? { accountOrZone: 'accounts', accountOrZoneId: account_id, } : { accountOrZone: 'zones', accountOrZoneId: zone_id, }; return ( this._client.post(`/${accountOrZone}/${accountOrZoneId}/firewall/access_rules/rules`, { body, ...options, }) as Core.APIPromise<{ result: AccessRuleCreateResponse }> )._thenUnwrap((obj) => obj.result); } /** * Fetches IP Access rules of an account or zone. These rules apply to all the * zones in the account or zone. You can filter the results using several optional * parameters. */ list( params?: AccessRuleListParams, options?: Core.RequestOptions, ): Core.PagePromise; list( options?: Core.RequestOptions, ): Core.PagePromise; list( params: AccessRuleListParams | Core.RequestOptions = {}, options?: Core.RequestOptions, ): Core.PagePromise { if (isRequestOptions(params)) { return this.list({}, params); } const { account_id, zone_id, ...query } = params; if (!account_id && !zone_id) { throw new CloudflareError('You must provide either account_id or zone_id.'); } if (account_id && zone_id) { throw new CloudflareError('You cannot provide both account_id and zone_id.'); } const { accountOrZone, accountOrZoneId } = account_id ? { accountOrZone: 'accounts', accountOrZoneId: account_id, } : { accountOrZone: 'zones', accountOrZoneId: zone_id, }; return this._client.getAPIList( `/${accountOrZone}/${accountOrZoneId}/firewall/access_rules/rules`, AccessRuleListResponsesV4PagePaginationArray, { query, ...options }, ); } /** * Deletes an existing IP Access rule defined. * * Note: This operation will affect all zones in the account or zone. */ delete( identifier: unknown, params: AccessRuleDeleteParams, options?: Core.RequestOptions, ): Core.APIPromise { const { body, account_id, zone_id } = params; if (!account_id && !zone_id) { throw new CloudflareError('You must provide either account_id or zone_id.'); } if (account_id && zone_id) { throw new CloudflareError('You cannot provide both account_id and zone_id.'); } const { accountOrZone, accountOrZoneId } = account_id ? { accountOrZone: 'accounts', accountOrZoneId: account_id, } : { accountOrZone: 'zones', accountOrZoneId: zone_id, }; return ( this._client.delete(`/${accountOrZone}/${accountOrZoneId}/firewall/access_rules/rules/${identifier}`, { body: body, ...options, }) as Core.APIPromise<{ result: AccessRuleDeleteResponse | null }> )._thenUnwrap((obj) => obj.result); } /** * Updates an IP Access rule defined. * * Note: This operation will affect all zones in the account or zone. */ edit( identifier: unknown, params: AccessRuleEditParams, options?: Core.RequestOptions, ): Core.APIPromise { const { account_id, zone_id, ...body } = params; if (!account_id && !zone_id) { throw new CloudflareError('You must provide either account_id or zone_id.'); } if (account_id && zone_id) { throw new CloudflareError('You cannot provide both account_id and zone_id.'); } const { accountOrZone, accountOrZoneId } = account_id ? { accountOrZone: 'accounts', accountOrZoneId: account_id, } : { accountOrZone: 'zones', accountOrZoneId: zone_id, }; return ( this._client.patch(`/${accountOrZone}/${accountOrZoneId}/firewall/access_rules/rules/${identifier}`, { body, ...options, }) as Core.APIPromise<{ result: AccessRuleEditResponse }> )._thenUnwrap((obj) => obj.result); } /** * Fetches the details of an IP Access rule defined. */ get( identifier: unknown, params?: AccessRuleGetParams, options?: Core.RequestOptions, ): Core.APIPromise; get(identifier: unknown, options?: Core.RequestOptions): Core.APIPromise; get( identifier: unknown, params: AccessRuleGetParams | Core.RequestOptions = {}, options?: Core.RequestOptions, ): Core.APIPromise { if (isRequestOptions(params)) { return this.get(identifier, {}, params); } const { account_id, zone_id } = params; if (!account_id && !zone_id) { throw new CloudflareError('You must provide either account_id or zone_id.'); } if (account_id && zone_id) { throw new CloudflareError('You cannot provide both account_id and zone_id.'); } const { accountOrZone, accountOrZoneId } = account_id ? { accountOrZone: 'accounts', accountOrZoneId: account_id, } : { accountOrZone: 'zones', accountOrZoneId: zone_id, }; return ( this._client.get( `/${accountOrZone}/${accountOrZoneId}/firewall/access_rules/rules/${identifier}`, options, ) as Core.APIPromise<{ result: AccessRuleGetResponse }> )._thenUnwrap((obj) => obj.result); } } export class AccessRuleListResponsesV4PagePaginationArray extends V4PagePaginationArray {} export interface AccessRuleCIDRConfiguration { /** * The configuration target. You must set the target to `ip_range` when specifying * an IP address range in the rule. */ target?: 'ip_range'; /** * The IP address range to match. You can only use prefix lengths `/16` and `/24` * for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. */ value?: string; } export interface AccessRuleIPConfiguration { /** * The configuration target. You must set the target to `ip` when specifying an IP * address in the rule. */ target?: 'ip'; /** * The IP address to match. This address will be compared to the IP address of * incoming requests. */ value?: string; } export interface ASNConfiguration { /** * The configuration target. You must set the target to `asn` when specifying an * Autonomous System Number (ASN) in the rule. */ target?: 'asn'; /** * The AS number to match. */ value?: string; } export interface CountryConfiguration { /** * The configuration target. You must set the target to `country` when specifying a * country code in the rule. */ target?: 'country'; /** * The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to * [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). */ value?: string; } export interface IPV6Configuration { /** * The configuration target. You must set the target to `ip6` when specifying an * IPv6 address in the rule. */ target?: 'ip6'; /** * The IPv6 address to match. */ value?: string; } export type AccessRuleCreateResponse = unknown | string | null; export type AccessRuleListResponse = unknown; export interface AccessRuleDeleteResponse { /** * Identifier */ id: string; } export type AccessRuleEditResponse = unknown | string | null; export type AccessRuleGetResponse = unknown | string | null; export interface AccessRuleCreateParams { /** * Body param: The rule configuration. */ configuration: | AccessRuleIPConfiguration | IPV6Configuration | AccessRuleCIDRConfiguration | ASNConfiguration | CountryConfiguration; /** * Body param: The action to apply to a matched request. */ mode: 'block' | 'challenge' | 'whitelist' | 'js_challenge' | 'managed_challenge'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: An informative summary of the rule, typically used as a reminder or * explanation. */ notes?: string; } export interface AccessRuleListParams extends V4PagePaginationArrayParams { /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Query param: The direction used to sort returned rules. */ direction?: 'asc' | 'desc'; /** * Query param: */ 'egs-pagination'?: AccessRuleListParams.EgsPagination; /** * Query param: */ filters?: AccessRuleListParams.Filters; /** * Query param: The field used to sort returned rules. */ order?: 'configuration.target' | 'configuration.value' | 'mode'; } export namespace AccessRuleListParams { export interface EgsPagination { json?: EgsPagination.Json; } export namespace EgsPagination { export interface Json { /** * The page number of paginated results. */ page?: number; /** * The maximum number of results per page. You can only set the value to `1` or to * a multiple of 5 such as `5`, `10`, `15`, or `20`. */ per_page?: number; } } export interface Filters { /** * The target to search in existing rules. */ 'configuration.target'?: 'ip' | 'ip_range' | 'asn' | 'country'; /** * The target value to search for in existing rules: an IP address, an IP address * range, or a country code, depending on the provided `configuration.target`. * Notes: You can search for a single IPv4 address, an IP address range with a * subnet of '/16' or '/24', or a two-letter ISO-3166-1 alpha-2 country code. */ 'configuration.value'?: string; /** * When set to `all`, all the search requirements must match. When set to `any`, * only one of the search requirements has to match. */ match?: 'any' | 'all'; /** * The action to apply to a matched request. */ mode?: 'block' | 'challenge' | 'whitelist' | 'js_challenge' | 'managed_challenge'; /** * The string to search for in the notes of existing IP Access rules. Notes: For * example, the string 'attack' would match IP Access rules with notes 'Attack * 26/02' and 'Attack 27/02'. The search is case insensitive. */ notes?: string; } } export interface AccessRuleDeleteParams { /** * Body param: */ body: unknown; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; } export interface AccessRuleEditParams { /** * Body param: The rule configuration. */ configuration: | AccessRuleIPConfiguration | IPV6Configuration | AccessRuleCIDRConfiguration | ASNConfiguration | CountryConfiguration; /** * Body param: The action to apply to a matched request. */ mode: 'block' | 'challenge' | 'whitelist' | 'js_challenge' | 'managed_challenge'; /** * Path param: The Account ID to use for this endpoint. Mutually exclusive with the * Zone ID. */ account_id?: string; /** * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the * Account ID. */ zone_id?: string; /** * Body param: An informative summary of the rule, typically used as a reminder or * explanation. */ notes?: string; } export interface AccessRuleGetParams { /** * The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. */ account_id?: string; /** * The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. */ zone_id?: string; } export namespace AccessRules { export import AccessRuleCIDRConfiguration = AccessRulesAPI.AccessRuleCIDRConfiguration; export import AccessRuleIPConfiguration = AccessRulesAPI.AccessRuleIPConfiguration; export import ASNConfiguration = AccessRulesAPI.ASNConfiguration; export import CountryConfiguration = AccessRulesAPI.CountryConfiguration; export import IPV6Configuration = AccessRulesAPI.IPV6Configuration; export import AccessRuleCreateResponse = AccessRulesAPI.AccessRuleCreateResponse; export import AccessRuleListResponse = AccessRulesAPI.AccessRuleListResponse; export import AccessRuleDeleteResponse = AccessRulesAPI.AccessRuleDeleteResponse; export import AccessRuleEditResponse = AccessRulesAPI.AccessRuleEditResponse; export import AccessRuleGetResponse = AccessRulesAPI.AccessRuleGetResponse; export import AccessRuleListResponsesV4PagePaginationArray = AccessRulesAPI.AccessRuleListResponsesV4PagePaginationArray; export import AccessRuleCreateParams = AccessRulesAPI.AccessRuleCreateParams; export import AccessRuleListParams = AccessRulesAPI.AccessRuleListParams; export import AccessRuleDeleteParams = AccessRulesAPI.AccessRuleDeleteParams; export import AccessRuleEditParams = AccessRulesAPI.AccessRuleEditParams; export import AccessRuleGetParams = AccessRulesAPI.AccessRuleGetParams; }