Documentation ¶
Overview ¶
Package tsweb contains code used in various Tailscale webservers.
Index ¶
- Variables
- func AcceptsEncoding(r *http.Request, enc string) bool
- func AddBrowserHeaders(w http.ResponseWriter)
- func AllowDebugAccess(r *http.Request) bool
- func BrowserHeaderHandler(h http.Handler) http.Handler
- func BrowserHeaderHandlerFunc(h http.HandlerFunc) http.HandlerFunc
- func DefaultCertDir(leafDir string) string
- func IsProd443(addr string) bool
- func Protected(h http.Handler) http.Handler
- func StdHandler(h ReturnHandler, opts HandlerOptions) http.Handler
- func VarzHandler(w http.ResponseWriter, r *http.Request)
- type AccessLogRecord
- type DebugHandler
- func (d *DebugHandler) Handle(slug, desc string, handler http.Handler)
- func (d *DebugHandler) HandleSilent(slug string, handler http.Handler)
- func (d *DebugHandler) KV(k string, v any)
- func (d *DebugHandler) KVFunc(k string, v func() any)
- func (d *DebugHandler) Section(f func(w io.Writer, r *http.Request))
- func (d *DebugHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
- func (d *DebugHandler) URL(url, desc string)
- type ErrorHandlerFunc
- type HTTPError
- type HandlerOptions
- type Port80Handler
- type RequestID
- type ReturnHandler
- type ReturnHandlerFunc
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var DevMode bool
DevMode controls whether extra output in shown, for when the binary is being run in dev mode.
Functions ¶
func AcceptsEncoding ¶
AcceptsEncoding reports whether r accepts the named encoding ("gzip", "br", etc).
func AddBrowserHeaders ¶
func AddBrowserHeaders(w http.ResponseWriter)
AddBrowserHeaders sets various HTTP security headers for browser-facing endpoints.
The specific headers:
- require HTTPS access (HSTS)
- disallow iframe embedding
- mitigate MIME confusion attacks
These headers are based on https://infosec.mozilla.org/guidelines/web_security
func AllowDebugAccess ¶
AllowDebugAccess reports whether r should be permitted to access various debug endpoints.
func BrowserHeaderHandler ¶
BrowserHeaderHandler wraps the provided http.Handler with a call to AddBrowserHeaders.
func BrowserHeaderHandlerFunc ¶
func BrowserHeaderHandlerFunc(h http.HandlerFunc) http.HandlerFunc
BrowserHeaderHandlerFunc wraps the provided http.HandlerFunc with a call to AddBrowserHeaders.
func DefaultCertDir ¶
func Protected ¶
Protected wraps a provided debug handler, h, returning a Handler that enforces AllowDebugAccess and returns forbidden replies for unauthorized requests.
func StdHandler ¶
func StdHandler(h ReturnHandler, opts HandlerOptions) http.Handler
StdHandler converts a ReturnHandler into a standard http.Handler. Handled requests are logged using opts.Logf, as are any errors. Errors are handled as specified by the Handler interface.
func VarzHandler ¶
func VarzHandler(w http.ResponseWriter, r *http.Request)
VarzHandler writes expvar values as Prometheus metrics. TODO: migrate all users to varz.Handler or promvarz.Handler and remove this.
Types ¶
type AccessLogRecord ¶
type AccessLogRecord struct { // Timestamp at which request processing started. When time.Time `json:"when"` // Time it took to finish processing the request. It does not // include the entire lifetime of the underlying connection in // cases like connection hijacking, only the lifetime of the HTTP // request handler. Seconds float64 `json:"duration,omitempty"` // The client's ip:port. RemoteAddr string `json:"remote_addr,omitempty"` // The HTTP protocol version, usually "HTTP/1.1 or HTTP/2". Proto string `json:"proto,omitempty"` // Whether the request was received over TLS. TLS bool `json:"tls,omitempty"` // The target hostname in the request. Host string `json:"host,omitempty"` // The HTTP method invoked. Method string `json:"method,omitempty"` // The unescaped request URI, including query parameters. RequestURI string `json:"request_uri,omitempty"` // The client's user-agent UserAgent string `json:"user_agent,omitempty"` // Where the client was before making this request. Referer string `json:"referer,omitempty"` // The HTTP response code sent to the client. Code int `json:"code,omitempty"` // Number of bytes sent in response body to client. If the request // was hijacked, only includes bytes sent up to the point of // hijacking. Bytes int `json:"bytes,omitempty"` // Error encountered during request processing. Err string `json:"err,omitempty"` // RequestID is a unique ID for this request. When a request fails due to an // error, the ID is generated and displayed to the client immediately after // the error text, as well as logged here. This makes it easier to correlate // support requests with server logs. If a RequestID generator is not // configured, RequestID will be empty. RequestID RequestID `json:"request_id,omitempty"` }
AccessLogRecord is a record of one HTTP request served.
func (AccessLogRecord) String ¶
func (m AccessLogRecord) String() string
String returns m as a JSON string.
type DebugHandler ¶
type DebugHandler struct {
// contains filtered or unexported fields
}
DebugHandler is an http.Handler that serves a debugging "homepage", and provides helpers to register more debug endpoints and reports.
The rendered page consists of three sections: informational key/value pairs, links to other pages, and additional program-specific HTML. Callers can add to these sections using the KV, URL and Section helpers respectively.
Additionally, the Handle method offers a shorthand for correctly registering debug handlers and cross-linking them from /debug/.
func Debugger ¶
func Debugger(mux *http.ServeMux) *DebugHandler
Debugger returns the DebugHandler registered on mux at /debug/, creating it if necessary.
func (*DebugHandler) Handle ¶
func (d *DebugHandler) Handle(slug, desc string, handler http.Handler)
Handle registers handler at /debug/<slug> and creates a descriptive entry in /debug/ for it.
Example ¶
mux := http.NewServeMux() dbg := Debugger(mux) // Registers /debug/flushcache with the given handler, and adds a // link to /debug/ with the description "Flush caches". dbg.Handle("flushcache", "Flush caches", http.HandlerFunc(http.NotFound))
Output:
func (*DebugHandler) HandleSilent ¶
func (d *DebugHandler) HandleSilent(slug string, handler http.Handler)
HandleSilent registers handler at /debug/<slug>. It does not create a descriptive entry in /debug/ for it. This should be used sparingly, for things that need to be registered but would pollute the list of debug links.
func (*DebugHandler) KV ¶
func (d *DebugHandler) KV(k string, v any)
KV adds a key/value list item to /debug/.
Example ¶
mux := http.NewServeMux() dbg := Debugger(mux) // Adds two list items to /debug/, showing that the condition is // red and there are 42 donuts. dbg.KV("Condition", "red") dbg.KV("Donuts", 42)
Output:
func (*DebugHandler) KVFunc ¶
func (d *DebugHandler) KVFunc(k string, v func() any)
KVFunc adds a key/value list item to /debug/. v is called on every render of /debug/.
Example ¶
mux := http.NewServeMux() dbg := Debugger(mux) // Adds an count of page renders to /debug/. Note this example // isn't concurrency-safe. views := 0 dbg.KVFunc("Debug pageviews", func() any { views = views + 1 return views }) dbg.KV("Donuts", 42)
Output:
func (*DebugHandler) Section ¶
func (d *DebugHandler) Section(f func(w io.Writer, r *http.Request))
Section invokes f on every render of /debug/ to add supplemental HTML to the page body.
Example ¶
mux := http.NewServeMux() dbg := Debugger(mux) // Adds a section to /debug/ that dumps the HTTP request of the // visitor. dbg.Section(func(w io.Writer, r *http.Request) { io.WriteString(w, "<h3>Dump of your HTTP request</h3>") fmt.Fprintf(w, "<code>%#v</code>", r) })
Output:
func (*DebugHandler) ServeHTTP ¶
func (d *DebugHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP implements http.Handler.
func (*DebugHandler) URL ¶
func (d *DebugHandler) URL(url, desc string)
URL adds a URL and description list item to /debug/.
Example ¶
mux := http.NewServeMux() dbg := Debugger(mux) // Links to the Tailscale website from /debug/. dbg.URL("https://www.tailscale.com", "Homepage")
Output:
type ErrorHandlerFunc ¶
type ErrorHandlerFunc func(http.ResponseWriter, *http.Request, HTTPError)
ErrorHandlerFunc is called to present a error response.
type HTTPError ¶
type HTTPError struct { Code int // HTTP response code to send to client; 0 means 500 Msg string // Response body to send to client Err error // Detailed error to log on the server RequestID RequestID // Optional identifier to connect client-visible errors with server logs Header http.Header // Optional set of HTTP headers to set in the response }
HTTPError is an error with embedded HTTP response information.
It is the error type to be (optionally) used by Handler.ServeHTTPReturn.
type HandlerOptions ¶
type HandlerOptions struct { QuietLoggingIfSuccessful bool // if set, do not log successfully handled HTTP requests (200 and 304 status codes) Logf logger.Logf Now func() time.Time // if nil, defaults to time.Now GenerateRequestID func(*http.Request) RequestID // if nil, no request IDs are generated // If non-nil, StatusCodeCounters maintains counters // of status codes for handled responses. // The keys are "1xx", "2xx", "3xx", "4xx", and "5xx". StatusCodeCounters *expvar.Map // If non-nil, StatusCodeCountersFull maintains counters of status // codes for handled responses. // The keys are HTTP numeric response codes e.g. 200, 404, ... StatusCodeCountersFull *expvar.Map // OnError is called if the handler returned a HTTPError. This // is intended to be used to present pretty error pages if // the user agent is determined to be a browser. OnError ErrorHandlerFunc }
type Port80Handler ¶
type Port80Handler struct { Main http.Handler // FQDN is used to redirect incoming requests to https://<FQDN>. // If it is not set, the hostname is calculated from the incoming // request. FQDN string }
Port80Handler is the handler to be given to autocert.Manager.HTTPHandler. The inner handler is the mux returned by NewMux containing registered /debug handlers.
func (Port80Handler) ServeHTTP ¶
func (h Port80Handler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type RequestID ¶
type RequestID string
RequestID is an opaque identifier for a HTTP request, used to correlate user-visible errors with backend server logs. If present in a HTTPError, the RequestID will be printed alongside the message text and logged in the AccessLogRecord. If an HTTPError has no RequestID (or a non-HTTPError error is returned), but the StdHandler has a RequestID generator function, then a RequestID will be generated before responding to the client and logging the error.
In the event that there is no ErrorHandlerFunc and a non-HTTPError is returned to a StdHandler, the response body will be formatted like "internal server error\n{RequestID}\n".
There is no particular format required for a RequestID, but ideally it should be obvious to an end-user that it is something to record for support purposes. One possible example for a RequestID format is: REQ-{server identifier}-{timestamp}-{random hex string}.
type ReturnHandler ¶
type ReturnHandler interface { // ServeHTTPReturn is like http.Handler.ServeHTTP, except that // it can choose to return an error instead of writing to its // http.ResponseWriter. // // If ServeHTTPReturn returns an error, it caller should handle // an error by serving an HTTP 500 response to the user. The // error details should not be sent to the client, as they may // contain sensitive information. If the error is an // HTTPError, though, callers should use the HTTP response // code and message as the response to the client. ServeHTTPReturn(http.ResponseWriter, *http.Request) error }
ReturnHandler is like net/http.Handler, but the handler can return an error instead of writing to its ResponseWriter.
type ReturnHandlerFunc ¶
type ReturnHandlerFunc func(http.ResponseWriter, *http.Request) error
ReturnHandlerFunc is an adapter to allow the use of ordinary functions as ReturnHandlers. If f is a function with the appropriate signature, ReturnHandlerFunc(f) is a ReturnHandler that calls f.
func (ReturnHandlerFunc) ServeHTTPReturn ¶
func (f ReturnHandlerFunc) ServeHTTPReturn(w http.ResponseWriter, r *http.Request) error
ServeHTTPReturn calls f(w, r).
Directories ¶
Path | Synopsis |
---|---|
Package promvarz combines Prometheus metrics exported by our expvar converter (tsweb/varz) with metrics exported by the official Prometheus client.
|
Package promvarz combines Prometheus metrics exported by our expvar converter (tsweb/varz) with metrics exported by the official Prometheus client. |
Package varz contains code to export metrics in Prometheus format.
|
Package varz contains code to export metrics in Prometheus format. |