listenerutil

package module
v0.1.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 27, 2023 License: MPL-2.0 Imports: 25 Imported by: 9

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidParameter = errors.New("invalid parameter")
)

Functions

func OrigRemoteAddrFromCtx added in v0.1.3 

func OrigRemoteAddrFromCtx(ctx context.Context) (string, bool)

OrigRemoteAddrFromCtx attempts to get the original remote address value from the context provided

func ParseSingleIPTemplate added in v0.1.2 

func ParseSingleIPTemplate(ipTmpl string) (string, error)

ParseSingleIPTemplate is used as a helper function to parse out a single IP address from a config parameter.

func TLSConfig 

func TLSConfig(
	l *ListenerConfig,
	props map[string]string,
	ui cli.Ui) (*tls.Config, reloadutil.ReloadFunc, error)

func TrustedFromXForwardedFor added in v0.1.3 

func TrustedFromXForwardedFor(r *http.Request, l *ListenerConfig) (trustedAddress *Addr, remoteAddress *Addr, e error)

TrustedFromXForwardedFor will use the XForwardedFor* listener config settings to determine how/if X-Forwarded-For are trusted/allowed for an inbound request. Important: return values of nil, nil, nil are valid and simply means that no "trusted" header was found and no error was raised as well. Errors can be raised for a number of conditions based on the listener config settings, especially when the config setting for XForwardedForRejectNotPresent is set to true which means if a "trusted" header can't be found the request should be rejected.

func UnixSocketListener 

func UnixSocketListener(path string, unixSocketsConfig *UnixSocketsConfig) (net.Listener, error)

func WrapCustomHeadersHandler added in v0.1.5 

func WrapCustomHeadersHandler(h http.Handler, config *ListenerConfig, isUiRequest uiRequestFunc) http.Handler

WrapCustomHeadersHandler wraps the handler to pass a custom ResponseWriter struct to all later wrappers and handlers to assign custom headers by status code. This wrapper must be the outermost wrapper to function correctly.

func WrapForwardedForHandler added in v0.1.3 

func WrapForwardedForHandler(h http.Handler, l *ListenerConfig, respErrFn ErrResponseFn) (http.Handler, error)

WrapForwaredForHandler is an http middleware handler which uses the XForwardedFor* listener config settings to determine how/if X-Forwarded-For are trusted/allowed for an inbound request. In the end, if a "trusted" X-Forwarded-For header is found, then the request RemoteAddr will be overwritten with it before the request is served.

Types

type Addr added in v0.1.3 

type Addr struct {
	Host string
	Port string
}

Addr represents only the Host and Port of a TCP address.

type ErrResponseFn added in v0.1.3 

type ErrResponseFn func(w http.ResponseWriter, status int, err error)

ErrResponseFn provides a func to call whenever WrapForwardedForHandler encounters an error

type Listener 

type Listener struct {
	net.Listener
	Config ListenerConfig
}

type ListenerConfig 

type ListenerConfig struct {
	RawConfig map[string]interface{}

	Type       string
	Purpose    []string    `hcl:"-"`
	PurposeRaw interface{} `hcl:"purpose"`

	Address                 string        `hcl:"address"`
	ClusterAddress          string        `hcl:"cluster_address"`
	MaxRequestSize          int64         `hcl:"-"`
	MaxRequestSizeRaw       interface{}   `hcl:"max_request_size"`
	MaxRequestDuration      time.Duration `hcl:"-"`
	MaxRequestDurationRaw   interface{}   `hcl:"max_request_duration"`
	RequireRequestHeader    bool          `hcl:"-"`
	RequireRequestHeaderRaw interface{}   `hcl:"require_request_header"`

	TLSDisable                       bool        `hcl:"-"`
	TLSDisableRaw                    interface{} `hcl:"tls_disable"`
	TLSCertFile                      string      `hcl:"tls_cert_file"`
	TLSKeyFile                       string      `hcl:"tls_key_file"`
	TLSMinVersion                    string      `hcl:"tls_min_version"`
	TLSMaxVersion                    string      `hcl:"tls_max_version"`
	TLSCipherSuites                  []uint16    `hcl:"-"`
	TLSCipherSuitesRaw               string      `hcl:"tls_cipher_suites"`
	TLSPreferServerCipherSuites      bool        `hcl:"-"`
	TLSPreferServerCipherSuitesRaw   interface{} `hcl:"tls_prefer_server_cipher_suites"`
	TLSRequireAndVerifyClientCert    bool        `hcl:"-"`
	TLSRequireAndVerifyClientCertRaw interface{} `hcl:"tls_require_and_verify_client_cert"`
	TLSClientCAFile                  string      `hcl:"tls_client_ca_file"`
	TLSDisableClientCerts            bool        `hcl:"-"`
	TLSDisableClientCertsRaw         interface{} `hcl:"tls_disable_client_certs"`

	HTTPReadTimeout          time.Duration `hcl:"-"`
	HTTPReadTimeoutRaw       interface{}   `hcl:"http_read_timeout"`
	HTTPReadHeaderTimeout    time.Duration `hcl:"-"`
	HTTPReadHeaderTimeoutRaw interface{}   `hcl:"http_read_header_timeout"`
	HTTPWriteTimeout         time.Duration `hcl:"-"`
	HTTPWriteTimeoutRaw      interface{}   `hcl:"http_write_timeout"`
	HTTPIdleTimeout          time.Duration `hcl:"-"`
	HTTPIdleTimeoutRaw       interface{}   `hcl:"http_idle_timeout"`

	ProxyProtocolBehavior           string                        `hcl:"proxy_protocol_behavior"`
	ProxyProtocolAuthorizedAddrs    []*sockaddr.SockAddrMarshaler `hcl:"-"`
	ProxyProtocolAuthorizedAddrsRaw interface{}                   `hcl:"proxy_protocol_authorized_addrs"`

	XForwardedForAuthorizedAddrs        []*sockaddr.SockAddrMarshaler `hcl:"-"`
	XForwardedForAuthorizedAddrsRaw     interface{}                   `hcl:"x_forwarded_for_authorized_addrs"`
	XForwardedForHopSkips               int64                         `hcl:"-"`
	XForwardedForHopSkipsRaw            interface{}                   `hcl:"x_forwarded_for_hop_skips"`
	XForwardedForRejectNotPresent       bool                          `hcl:"-"`
	XForwardedForRejectNotPresentRaw    interface{}                   `hcl:"x_forwarded_for_reject_not_present"`
	XForwardedForRejectNotAuthorized    bool                          `hcl:"-"`
	XForwardedForRejectNotAuthorizedRaw interface{}                   `hcl:"x_forwarded_for_reject_not_authorized"`

	SocketMode  string `hcl:"socket_mode"`
	SocketUser  string `hcl:"socket_user"`
	SocketGroup string `hcl:"socket_group"`

	Telemetry ListenerTelemetry `hcl:"telemetry"`

	// RandomPort is used only for some testing purposes
	RandomPort bool `hcl:"-"`

	CorsEnabledRaw                           interface{} `hcl:"cors_enabled"`
	CorsEnabled                              *bool       `hcl:"-"`
	CorsDisableDefaultAllowedOriginValuesRaw interface{} `hcl:"cors_disable_default_allowed_origin_values"`
	CorsDisableDefaultAllowedOriginValues    *bool       `hcl:"-"`
	CorsAllowedOrigins                       []string    `hcl:"cors_allowed_origins"`
	CorsAllowedHeaders                       []string    `hcl:"-"`
	CorsAllowedHeadersRaw                    []string    `hcl:"cors_allowed_headers"`

	// Custom Http response headers
	CustomApiResponseHeaders    map[int]http.Header `hcl:"-"`
	CustomApiResponseHeadersRaw interface{}         `hcl:"custom_api_response_headers"`
	CustomUiResponseHeaders     map[int]http.Header `hcl:"-"`
	CustomUiResponseHeadersRaw  interface{}         `hcl:"custom_ui_response_headers"`
}

ListenerConfig is the listener configuration for the server.

func ParseListeners 

func ParseListeners(list *ast.ObjectList, opt ...Option) ([]*ListenerConfig, error)

ParseListeners parses the list of listeners into a slice of ListenerConfig structs. Supported options:

  • WithDefaultUiContentSecurityPolicyHeader

func (*ListenerConfig) GoString 

func (l *ListenerConfig) GoString() string

type ListenerTelemetry 

type ListenerTelemetry struct {
	UnauthenticatedMetricsAccess    bool        `hcl:"-"`
	UnauthenticatedMetricsAccessRaw interface{} `hcl:"unauthenticated_metrics_access"`
}

type Option added in v0.1.7 

type Option func(*options) error

Option - how Options are passed as arguments

func WithDefaultUiContentSecurityPolicyHeader added in v0.1.7 

func WithDefaultUiContentSecurityPolicyHeader(cspHeader string) Option

WithDefaultUiContentSecurityPolicyHeader provides a default value for the UI listener's Content-Security-Policy header.

type ResponseWriter added in v0.1.5 

type ResponseWriter struct {
	// Embed ResponseController so we automatically implement
	// http.Hijacker, SetReadDeadline and SetWriteDeadline.
	*http.ResponseController
	// contains filtered or unexported fields
}

func (*ResponseWriter) Flush added in v0.1.5 

func (w *ResponseWriter) Flush()

We need to wrap the ResponseController Flush method to implement http.Flusher, since it doesn't normally return an error.

func (*ResponseWriter) Header added in v0.1.5 

func (w *ResponseWriter) Header() http.Header

func (*ResponseWriter) Push added in v0.1.5 

func (w *ResponseWriter) Push(target string, opts *http.PushOptions) error

Implement http.Pusher if available.

func (*ResponseWriter) Unwrap added in v0.1.5 

func (w *ResponseWriter) Unwrap() http.ResponseWriter

Provide Unwrap for users of http.ResponseController

func (*ResponseWriter) Write added in v0.1.5 

func (w *ResponseWriter) Write(data []byte) (int, error)

func (*ResponseWriter) WriteHeader added in v0.1.5 

func (w *ResponseWriter) WriteHeader(statusCode int)

type UnixSocketsConfig 

type UnixSocketsConfig struct {
	User  string `hcl:"user"`
	Mode  string `hcl:"mode"`
	Group string `hcl:"group"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.