app

package
v0.0.0-...-5c79d48 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 15, 2024 License: AGPL-3.0 Imports: 40 Imported by: 0

Documentation

Overview

Package app connections to applications over a reverse tunnel and forwards HTTP requests to them.

Index

Constants

View Source
const (
	// CookieName is the name of the application session cookie.
	CookieName = "__Host-grv_app_session"

	// SubjectCookieName is the name of the application session subject cookie.
	SubjectCookieName = "__Host-grv_app_session_subject"

	// AuthStateCookieName is the name of the state cookie used during the
	// initial authentication flow.
	AuthStateCookieName = "__Host-grv_app_auth_state"
)

Variables

This section is empty.

Functions

func HasClientCert

func HasClientCert(r *http.Request) bool

HasClientCert checks if the request has a client certificate.

func HasFragment

func HasFragment(r *http.Request) bool

HasFragment checks if the request is coming to the fragment authentication endpoint.

func HasName

func HasName(r *http.Request, proxyPublicAddrs []utils.NetAddr) (string, bool)

HasName checks if the client is attempting to connect to a host that is different than the public address of the proxy. If it is, it redirects back to the application launcher in the Web UI.

func HasSessionCookie

func HasSessionCookie(r *http.Request) bool

HasSessionCookie checks if an application specific cookie exists.

func Match

func Match(ctx context.Context, authClient Getter, fn Matcher) ([]types.AppServer, error)

Match will match a list of applications with the passed in matcher function. Matcher functions that can match on public address and name are available. The resulting list is shuffled before it is returned.

func MatchOne

func MatchOne(ctx context.Context, authClient Getter, fn Matcher) (types.AppServer, error)

MatchOne will match a single AppServer with the provided matcher function. If no AppServer are matched, it will return an error.

func MetaRedirect

func MetaRedirect(w http.ResponseWriter, redirectURL string) error

MetaRedirect issues a "meta refresh" redirect.

func ResolveFQDN

func ResolveFQDN(ctx context.Context, clt Getter, tunnel reversetunnelclient.Tunnel, proxyDNSNames []string, fqdn string) (types.AppServer, string, error)

ResolveFQDN makes a best effort attempt to resolve FQDN to an application running a root or leaf cluster.

Note: This function can incorrectly resolve application names. For example, if you have an application named "acme" within both the root and leaf cluster, this method will always return "acme" running within the root cluster. Always supply public address and cluster name to deterministically resolve an application.

func SetRedirectPageHeaders

func SetRedirectPageHeaders(h http.Header, nonce string)

Types

type Getter

type Getter interface {
	// GetApplicationServers returns registered application servers.
	GetApplicationServers(context.Context, string) ([]types.AppServer, error)

	// GetClusterName returns cluster name
	GetClusterName(opts ...services.MarshalOption) (types.ClusterName, error)
}

Getter returns a list of registered apps and the local cluster name.

type Handler

type Handler struct {
	// contains filtered or unexported fields
}

Handler is an application handler.

func NewHandler

func NewHandler(ctx context.Context, c *HandlerConfig) (*Handler, error)

NewHandler returns a new application handler.

func (*Handler) HandleConnection

func (h *Handler) HandleConnection(ctx context.Context, clientConn net.Conn) error

HandleConnection handles connections from plain TCP applications.

func (*Handler) HealthCheckAppServer

func (h *Handler) HealthCheckAppServer(ctx context.Context, publicAddr string, clusterName string) error

HealthCheckAppServer establishes a connection to a AppServer that can handle application requests. Can be used to ensure the proxy can handle application requests before they arrive.

func (*Handler) ServeHTTP

func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP hands the request to the request router.

type HandlerConfig

type HandlerConfig struct {
	// Clock is used to control time in tests.
	Clock clockwork.Clock
	// AuthClient is a direct client to auth.
	AuthClient auth.ClientI
	// AccessPoint is caching client to auth.
	AccessPoint auth.ProxyAccessPoint
	// ProxyClient holds connections to leaf clusters.
	ProxyClient reversetunnelclient.Tunnel
	// ProxyPublicAddrs contains web proxy public addresses.
	ProxyPublicAddrs []utils.NetAddr
	// CipherSuites is the list of TLS cipher suites that have been configured
	// for this process.
	CipherSuites []uint16
	// WebPublicAddr
	WebPublicAddr string
}

HandlerConfig is the configuration for an application handler.

func (*HandlerConfig) CheckAndSetDefaults

func (c *HandlerConfig) CheckAndSetDefaults() error

CheckAndSetDefaults validates configuration.

type Matcher

type Matcher func(context.Context, types.AppServer) bool

Matcher allows matching on different properties of an application.

func MatchAll

func MatchAll(matchers ...Matcher) Matcher

MatchAll matches if all the Matcher functions return true.

func MatchHealthy

func MatchHealthy(proxyClient reversetunnelclient.Tunnel, clusterName string) Matcher

MatchHealthy tries to establish a connection with the server using the `dialAppServer` function. The app server is matched if the function call doesn't return any error.

func MatchName

func MatchName(name string) Matcher

MatchName matches on the name of an application.

func MatchPublicAddr

func MatchPublicAddr(publicAddr string) Matcher

MatchPublicAddr matches on the public address of an application.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL