Affected by GO-2023-1723 and 5 other vulnerabilities

GO-2023-1723: SpiceDB binding metrics port to untrusted networks and can leak command-line flags in github.com/authzed/spicedb

GO-2023-2166: SpiceDB leaks information in log files when URI cannot be parsed in github.com/authzed/spicedb

GO-2024-2597: Integer overflow in chunking helper causes dispatching to miss elements or panic in github.com/authzed/spicedb

GO-2024-2716: SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used in github.com/authzed/spicedb

GO-2024-2939: SpiceDB exclusions can result in no permission returned when permission expected in github.com/authzed/spicedb

GO-2024-3131: SpiceDB having multiple caveats on resources of the same type may improperly result in no permission in github.com/authzed/spicedb

gateway

package

v1.7.0 Latest Latest Go to latest Published: Apr 27, 2022 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Package gateway implements an HTTP server that forwards JSON requests to an upstream SpiceDB gRPC server.

This section is empty.

This section is empty.

func NewHandler(ctx context.Context, upstreamAddr, upstreamTLSCertPath string) (http.Handler, error)

NewHandler creates an REST gateway HTTP Handler with the provided upstream configuration.

func OtelAnnotator(ctx context.Context, r *http.Request) metadata.MD

OtelAnnotator propagates the OpenTelemetry tracing context to the outgoing gRPC metadata.

This section is empty.