listenerutil

package module
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 21, 2021 License: MPL-2.0 Imports: 25 Imported by: 8

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidParameter = errors.New("invalid parameter")
)

Functions

func OrigRemoteAddrFromCtx added in v0.1.3 

func OrigRemoteAddrFromCtx(ctx context.Context) (string, bool)

OrigRemoteAddrFromCtx attempts to get the original remote address value from the context provided

func ParseSingleIPTemplate added in v0.1.2 

func ParseSingleIPTemplate(ipTmpl string) (string, error)

ParseSingleIPTemplate is used as a helper function to parse out a single IP address from a config parameter.

func TLSConfig 

func TLSConfig(
	l *ListenerConfig,
	props map[string]string,
	ui cli.Ui) (*tls.Config, reloadutil.ReloadFunc, error)

func TrustedFromXForwardedFor added in v0.1.3 

func TrustedFromXForwardedFor(r *http.Request, l *ListenerConfig) (trustedAddress *Addr, remoteAddress *Addr, e error)

TrustedFromXForwardedFor will use the XForwardedFor* listener config settings to determine how/if X-Forwarded-For are trusted/allowed for an inbound request. Important: return values of nil, nil, nil are valid and simply means that no "trusted" header was found and no error was raised as well. Errors can be raised for a number of conditions based on the listener config settings, especially when the config setting for XForwardedForRejectNotPresent is set to true which means if a "trusted" header can't be found the request should be rejected.

func UnixSocketListener 

func UnixSocketListener(path string, unixSocketsConfig *UnixSocketsConfig) (net.Listener, error)

func WrapForwardedForHandler added in v0.1.3 

func WrapForwardedForHandler(h http.Handler, l *ListenerConfig, respErrFn ErrResponseFn) (http.Handler, error)

WrapForwaredForHandler is an http middleware handler which uses the XForwardedFor* listener config settings to determine how/if X-Forwarded-For are trusted/allowed for an inbound request. In the end, if a "trusted" X-Forwarded-For header is found, then the request RemoteAddr will be overwritten with it before the request is served.

Types

type Addr added in v0.1.3 

type Addr struct {
	Host string
	Port string
}

Addr represents only the Host and Port of a TCP address.

type ErrResponseFn added in v0.1.3 

type ErrResponseFn func(w http.ResponseWriter, status int, err error)

ErrResponseFn provides a func to call whenever WrapForwardedForHandler encounters an error

type Listener 

type Listener struct {
	net.Listener
	Config ListenerConfig
}

type ListenerConfig 

type ListenerConfig struct {
	RawConfig map[string]interface{}

	Type       string
	Purpose    []string    `hcl:"-"`
	PurposeRaw interface{} `hcl:"purpose"`

	Address                 string        `hcl:"address"`
	ClusterAddress          string        `hcl:"cluster_address"`
	MaxRequestSize          int64         `hcl:"-"`
	MaxRequestSizeRaw       interface{}   `hcl:"max_request_size"`
	MaxRequestDuration      time.Duration `hcl:"-"`
	MaxRequestDurationRaw   interface{}   `hcl:"max_request_duration"`
	RequireRequestHeader    bool          `hcl:"-"`
	RequireRequestHeaderRaw interface{}   `hcl:"require_request_header"`

	TLSDisable                       bool        `hcl:"-"`
	TLSDisableRaw                    interface{} `hcl:"tls_disable"`
	TLSCertFile                      string      `hcl:"tls_cert_file"`
	TLSKey                           string      `hcl:"tls_key"`
	TLSKeyFile                       string      `hcl:"tls_key_file"` // Deprecated: Please use TLSKey.
	TLSMinVersion                    string      `hcl:"tls_min_version"`
	TLSMaxVersion                    string      `hcl:"tls_max_version"`
	TLSCipherSuites                  []uint16    `hcl:"-"`
	TLSCipherSuitesRaw               string      `hcl:"tls_cipher_suites"`
	TLSPreferServerCipherSuites      bool        `hcl:"-"`
	TLSPreferServerCipherSuitesRaw   interface{} `hcl:"tls_prefer_server_cipher_suites"`
	TLSRequireAndVerifyClientCert    bool        `hcl:"-"`
	TLSRequireAndVerifyClientCertRaw interface{} `hcl:"tls_require_and_verify_client_cert"`
	TLSClientCA                      string      `hcl:"tls_client_ca"`
	TLSClientCAFile                  string      `hcl:"tls_client_ca_file"` // Deprecated: Please use TLSClientCA.
	TLSDisableClientCerts            bool        `hcl:"-"`
	TLSDisableClientCertsRaw         interface{} `hcl:"tls_disable_client_certs"`

	HTTPReadTimeout          time.Duration `hcl:"-"`
	HTTPReadTimeoutRaw       interface{}   `hcl:"http_read_timeout"`
	HTTPReadHeaderTimeout    time.Duration `hcl:"-"`
	HTTPReadHeaderTimeoutRaw interface{}   `hcl:"http_read_header_timeout"`
	HTTPWriteTimeout         time.Duration `hcl:"-"`
	HTTPWriteTimeoutRaw      interface{}   `hcl:"http_write_timeout"`
	HTTPIdleTimeout          time.Duration `hcl:"-"`
	HTTPIdleTimeoutRaw       interface{}   `hcl:"http_idle_timeout"`

	ProxyProtocolBehavior           string                        `hcl:"proxy_protocol_behavior"`
	ProxyProtocolAuthorizedAddrs    []*sockaddr.SockAddrMarshaler `hcl:"-"`
	ProxyProtocolAuthorizedAddrsRaw interface{}                   `hcl:"proxy_protocol_authorized_addrs"`

	XForwardedForAuthorizedAddrs        []*sockaddr.SockAddrMarshaler `hcl:"-"`
	XForwardedForAuthorizedAddrsRaw     interface{}                   `hcl:"x_forwarded_for_authorized_addrs"`
	XForwardedForHopSkips               int64                         `hcl:"-"`
	XForwardedForHopSkipsRaw            interface{}                   `hcl:"x_forwarded_for_hop_skips"`
	XForwardedForRejectNotPresent       bool                          `hcl:"-"`
	XForwardedForRejectNotPresentRaw    interface{}                   `hcl:"x_forwarded_for_reject_not_present"`
	XForwardedForRejectNotAuthorized    bool                          `hcl:"-"`
	XForwardedForRejectNotAuthorizedRaw interface{}                   `hcl:"x_forwarded_for_reject_not_authorized"`

	SocketMode  string `hcl:"socket_mode"`
	SocketUser  string `hcl:"socket_user"`
	SocketGroup string `hcl:"socket_group"`

	Telemetry ListenerTelemetry `hcl:"telemetry"`

	// RandomPort is used only for some testing purposes
	RandomPort bool `hcl:"-"`

	CorsEnabledRaw                           interface{} `hcl:"cors_enabled"`
	CorsEnabled                              *bool       `hcl:"-"`
	CorsDisableDefaultAllowedOriginValuesRaw interface{} `hcl:"cors_disable_default_allowed_origin_values"`
	CorsDisableDefaultAllowedOriginValues    *bool       `hcl:"-"`
	CorsAllowedOrigins                       []string    `hcl:"cors_allowed_origins"`
	CorsAllowedHeaders                       []string    `hcl:"-"`
	CorsAllowedHeadersRaw                    []string    `hcl:"cors_allowed_headers"`
}

ListenerConfig is the listener configuration for the server.

func ParseListeners 

func ParseListeners(list *ast.ObjectList) ([]*ListenerConfig, error)

func (*ListenerConfig) GoString 

func (l *ListenerConfig) GoString() string

type ListenerTelemetry 

type ListenerTelemetry struct {
	UnauthenticatedMetricsAccess    bool        `hcl:"-"`
	UnauthenticatedMetricsAccessRaw interface{} `hcl:"unauthenticated_metrics_access"`
}

type UnixSocketsConfig 

type UnixSocketsConfig struct {
	User  string `hcl:"user"`
	Mode  string `hcl:"mode"`
	Group string `hcl:"group"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.