vm-skills/cloudflare-tunnel-manager/scripts/_common.sh

#!/usr/bin/env bash
set -euo pipefail

log_info(){ echo "[INFO]  $(date -Iseconds) $*"; }
log_warn(){ echo "[WARN]  $(date -Iseconds) $*" >&2; }
log_error(){ echo "[ERROR] $(date -Iseconds) $*" >&2; }
die(){ log_error "$*"; exit 1; }

need(){ command -v "$1" >/dev/null 2>&1 || die "Missing required tool: $1"; }

json_escape() {
  local s="$1"
  s="${s//\\/\\\\}"
  s="${s//\"/\\\"}"
  s="${s//$'\n'/\\n}"
  s="${s//$'\r'/\\r}"
  s="${s//$'\t'/\\t}"
  printf "%s" "$s"
}

confirm_gate() {
  : "${DRY_RUN:=1}"
  : "${REQUIRE_CONFIRM:=1}"
  : "${CONFIRM_PHRASE:=I UNDERSTAND THIS CAN CHANGE DNS AND TUNNEL ROUTES}"

  [[ "$DRY_RUN" == "0" ]] || die "DRY_RUN=$DRY_RUN (set DRY_RUN=0 to apply)."
  if [[ "$REQUIRE_CONFIRM" == "1" ]]; then
    echo "Type to confirm:"
    echo "  $CONFIRM_PHRASE"
    read -r input
    [[ "$input" == "$CONFIRM_PHRASE" ]] || die "Confirmation phrase mismatch."
  fi
}

# Minimal wrapper: prefer explicit token env var over stored login
cf_env_check() {
  : "${CF_API_TOKEN:=}"
  : "${CF_ACCOUNT_ID:=}"
  [[ -n "$CF_API_TOKEN" ]] || die "CF_API_TOKEN is required."
  [[ -n "$CF_ACCOUNT_ID" ]] || die "CF_ACCOUNT_ID is required."
}