From d859d0a44fbcd8c42c16d04801f37821c724ec9a Mon Sep 17 00:00:00 2001
From: tigerbot <seth.gibelyou@daplie.com>
Date: Wed, 26 Jul 2017 11:44:08 -0600
Subject: [PATCH] added docs for the tunnel client

---
 README.md                    | 20 ++++++++++++++++++--
 lib/tunnel-client-manager.js | 19 +++++++++++++++----
 2 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 8c5345f..1eddfff 100644
--- a/README.md
+++ b/README.md
@@ -347,9 +347,25 @@ tunnel_server:
     - 'api.tunnel.example.com'
 ```
 
-### tunnel\_client
+### tunnel
 
-TODO
+The tunnel client is meant to be run from behind a firewalls, carrier-grade NAT,
+or otherwise inaccessible devices to allow them to be accessed publicly on the
+internet.
+
+It has no options per se, but is rather a list of tokens that can be used to
+connect to tunnel servers. If the token does not have an `aud` field it must be
+provided in an object with the token provided in the `jwt` field and the tunnel
+server url provided in the `tunnelUrl` field.
+
+Example config:
+
+```yml
+tunnel:
+  - 'some.jwt_encoded.token'
+  - jwt: 'other.jwt_encoded.token'
+    tunnelUrl: 'wss://api.tunnel.example.com/'
+```
 
 ### ddns
 
diff --git a/lib/tunnel-client-manager.js b/lib/tunnel-client-manager.js
index f170a11..cd7d3e1 100644
--- a/lib/tunnel-client-manager.js
+++ b/lib/tunnel-client-manager.js
@@ -102,6 +102,9 @@ module.exports.create = function (deps, config) {
   }
 
   function addToken(data) {
+    if (!data.jwt) {
+      return PromiseA.reject(new Error("missing 'jwt' from tunnel data"));
+    }
     if (!data.tunnelUrl) {
       var decoded;
       try {
@@ -170,11 +173,19 @@ module.exports.create = function (deps, config) {
     return activeTunnels[data.tunnelUrl].clear(data.jwt);
   }
 
-  if (typeof config.tunnel === 'string') {
-    config.tunnel.split(',').forEach(function (jwt) {
-      addToken({ jwt: jwt, owner: 'config' });
-    });
+  var confTokens = config.tunnel;
+  if (typeof confTokens === 'string') {
+    confTokens = confTokens.split(',');
   }
+  confTokens.forEach(function (jwt) {
+    if (typeof jwt === 'object') {
+      jwt.owner = 'config';
+      addToken(jwt);
+    } else {
+      addToken({ jwt: jwt, owner: 'config' });
+    }
+  });
+
   storage.all().then(function (stored) {
     stored.forEach(function (result) {
       addToken(result);