Documentation ¶
Index ¶
- Variables
- func OrigRemoteAddrFromCtx(ctx context.Context) (string, bool)
- func ParseSingleIPTemplate(ipTmpl string) (string, error)
- func TLSConfig(l *ListenerConfig, props map[string]string, ui cli.Ui) (*tls.Config, reloadutil.ReloadFunc, error)
- func TrustedFromXForwardedFor(r *http.Request, l *ListenerConfig) (trustedAddress *Addr, remoteAddress *Addr, e error)
- func UnixSocketListener(path string, unixSocketsConfig *UnixSocketsConfig) (net.Listener, error)
- func WrapCustomHeadersHandler(h http.Handler, config *ListenerConfig, isUiRequest uiRequestFunc) http.Handler
- func WrapForwardedForHandler(h http.Handler, l *ListenerConfig, respErrFn ErrResponseFn) (http.Handler, error)
- type Addr
- type ErrResponseFn
- type Listener
- type ListenerConfig
- type ListenerTelemetry
- type Option
- type ResponseWriter
- func (w *ResponseWriter) Flush()
- func (w *ResponseWriter) Header() http.Header
- func (w *ResponseWriter) Push(target string, opts *http.PushOptions) error
- func (w *ResponseWriter) Unwrap() http.ResponseWriter
- func (w *ResponseWriter) Write(data []byte) (int, error)
- func (w *ResponseWriter) WriteHeader(statusCode int)
- type UnixSocketsConfig
Constants ¶
This section is empty.
Variables ¶
var (
ErrInvalidParameter = errors.New("invalid parameter")
)
Functions ¶
func OrigRemoteAddrFromCtx ¶
OrigRemoteAddrFromCtx attempts to get the original remote address value from the context provided
func ParseSingleIPTemplate ¶
ParseSingleIPTemplate is used as a helper function to parse out a single IP address from a config parameter.
func TLSConfig ¶
func TLSConfig( l *ListenerConfig, props map[string]string, ui cli.Ui) (*tls.Config, reloadutil.ReloadFunc, error)
func TrustedFromXForwardedFor ¶
func TrustedFromXForwardedFor(r *http.Request, l *ListenerConfig) (trustedAddress *Addr, remoteAddress *Addr, e error)
TrustedFromXForwardedFor will use the XForwardedFor* listener config settings to determine how/if X-Forwarded-For are trusted/allowed for an inbound request. Important: return values of nil, nil, nil are valid and simply means that no "trusted" header was found and no error was raised as well. Errors can be raised for a number of conditions based on the listener config settings, especially when the config setting for XForwardedForRejectNotPresent is set to true which means if a "trusted" header can't be found the request should be rejected.
func UnixSocketListener ¶
func UnixSocketListener(path string, unixSocketsConfig *UnixSocketsConfig) (net.Listener, error)
func WrapCustomHeadersHandler ¶
func WrapCustomHeadersHandler(h http.Handler, config *ListenerConfig, isUiRequest uiRequestFunc) http.Handler
WrapCustomHeadersHandler wraps the handler to pass a custom ResponseWriter struct to all later wrappers and handlers to assign custom headers by status code. This wrapper must be the outermost wrapper to function correctly.
func WrapForwardedForHandler ¶
func WrapForwardedForHandler(h http.Handler, l *ListenerConfig, respErrFn ErrResponseFn) (http.Handler, error)
WrapForwaredForHandler is an http middleware handler which uses the XForwardedFor* listener config settings to determine how/if X-Forwarded-For are trusted/allowed for an inbound request. In the end, if a "trusted" X-Forwarded-For header is found, then the request RemoteAddr will be overwritten with it before the request is served.
Types ¶
type ErrResponseFn ¶
type ErrResponseFn func(w http.ResponseWriter, status int, err error)
ErrResponseFn provides a func to call whenever WrapForwardedForHandler encounters an error
type Listener ¶
type Listener struct { net.Listener Config ListenerConfig }
type ListenerConfig ¶
type ListenerConfig struct { RawConfig map[string]interface{} Type string Purpose []string `hcl:"-"` PurposeRaw interface{} `hcl:"purpose"` Address string `hcl:"address"` ClusterAddress string `hcl:"cluster_address"` MaxRequestSize int64 `hcl:"-"` MaxRequestSizeRaw interface{} `hcl:"max_request_size"` MaxRequestDuration time.Duration `hcl:"-"` MaxRequestDurationRaw interface{} `hcl:"max_request_duration"` RequireRequestHeader bool `hcl:"-"` RequireRequestHeaderRaw interface{} `hcl:"require_request_header"` TLSDisable bool `hcl:"-"` TLSDisableRaw interface{} `hcl:"tls_disable"` TLSCertFile string `hcl:"tls_cert_file"` TLSKeyFile string `hcl:"tls_key_file"` TLSMinVersion string `hcl:"tls_min_version"` TLSMaxVersion string `hcl:"tls_max_version"` TLSCipherSuites []uint16 `hcl:"-"` TLSCipherSuitesRaw string `hcl:"tls_cipher_suites"` TLSPreferServerCipherSuites bool `hcl:"-"` TLSPreferServerCipherSuitesRaw interface{} `hcl:"tls_prefer_server_cipher_suites"` TLSRequireAndVerifyClientCert bool `hcl:"-"` TLSRequireAndVerifyClientCertRaw interface{} `hcl:"tls_require_and_verify_client_cert"` TLSClientCAFile string `hcl:"tls_client_ca_file"` TLSDisableClientCerts bool `hcl:"-"` TLSDisableClientCertsRaw interface{} `hcl:"tls_disable_client_certs"` HTTPReadTimeout time.Duration `hcl:"-"` HTTPReadTimeoutRaw interface{} `hcl:"http_read_timeout"` HTTPReadHeaderTimeout time.Duration `hcl:"-"` HTTPReadHeaderTimeoutRaw interface{} `hcl:"http_read_header_timeout"` HTTPWriteTimeout time.Duration `hcl:"-"` HTTPWriteTimeoutRaw interface{} `hcl:"http_write_timeout"` HTTPIdleTimeout time.Duration `hcl:"-"` HTTPIdleTimeoutRaw interface{} `hcl:"http_idle_timeout"` ProxyProtocolBehavior string `hcl:"proxy_protocol_behavior"` ProxyProtocolAuthorizedAddrs []*sockaddr.SockAddrMarshaler `hcl:"-"` ProxyProtocolAuthorizedAddrsRaw interface{} `hcl:"proxy_protocol_authorized_addrs"` XForwardedForAuthorizedAddrs []*sockaddr.SockAddrMarshaler `hcl:"-"` XForwardedForAuthorizedAddrsRaw interface{} `hcl:"x_forwarded_for_authorized_addrs"` XForwardedForHopSkips int64 `hcl:"-"` XForwardedForHopSkipsRaw interface{} `hcl:"x_forwarded_for_hop_skips"` XForwardedForRejectNotPresent bool `hcl:"-"` XForwardedForRejectNotPresentRaw interface{} `hcl:"x_forwarded_for_reject_not_present"` XForwardedForRejectNotAuthorized bool `hcl:"-"` XForwardedForRejectNotAuthorizedRaw interface{} `hcl:"x_forwarded_for_reject_not_authorized"` SocketMode string `hcl:"socket_mode"` SocketUser string `hcl:"socket_user"` SocketGroup string `hcl:"socket_group"` Telemetry ListenerTelemetry `hcl:"telemetry"` // RandomPort is used only for some testing purposes RandomPort bool `hcl:"-"` CorsEnabledRaw interface{} `hcl:"cors_enabled"` CorsEnabled *bool `hcl:"-"` CorsDisableDefaultAllowedOriginValuesRaw interface{} `hcl:"cors_disable_default_allowed_origin_values"` CorsDisableDefaultAllowedOriginValues *bool `hcl:"-"` CorsAllowedOrigins []string `hcl:"cors_allowed_origins"` CorsAllowedHeaders []string `hcl:"-"` CorsAllowedHeadersRaw []string `hcl:"cors_allowed_headers"` // Custom Http response headers CustomApiResponseHeaders map[int]http.Header `hcl:"-"` CustomApiResponseHeadersRaw interface{} `hcl:"custom_api_response_headers"` CustomUiResponseHeaders map[int]http.Header `hcl:"-"` CustomUiResponseHeadersRaw interface{} `hcl:"custom_ui_response_headers"` }
ListenerConfig is the listener configuration for the server.
func ParseListeners ¶
func ParseListeners(list *ast.ObjectList, opt ...Option) ([]*ListenerConfig, error)
ParseListeners parses the list of listeners into a slice of ListenerConfig structs. Supported options:
- WithDefaultUiContentSecurityPolicyHeader
func (*ListenerConfig) GoString ¶
func (l *ListenerConfig) GoString() string
type ListenerTelemetry ¶
type ListenerTelemetry struct { UnauthenticatedMetricsAccess bool `hcl:"-"` UnauthenticatedMetricsAccessRaw interface{} `hcl:"unauthenticated_metrics_access"` }
type Option ¶
type Option func(*options) error
Option - how Options are passed as arguments
func WithDefaultUiContentSecurityPolicyHeader ¶
WithDefaultUiContentSecurityPolicyHeader provides a default value for the UI listener's Content-Security-Policy header.
type ResponseWriter ¶
type ResponseWriter struct { // Embed ResponseController so we automatically implement // http.Hijacker, SetReadDeadline and SetWriteDeadline. *http.ResponseController // contains filtered or unexported fields }
func (*ResponseWriter) Flush ¶
func (w *ResponseWriter) Flush()
We need to wrap the ResponseController Flush method to implement http.Flusher, since it doesn't normally return an error.
func (*ResponseWriter) Header ¶
func (w *ResponseWriter) Header() http.Header
func (*ResponseWriter) Push ¶
func (w *ResponseWriter) Push(target string, opts *http.PushOptions) error
Implement http.Pusher if available.
func (*ResponseWriter) Unwrap ¶
func (w *ResponseWriter) Unwrap() http.ResponseWriter
Provide Unwrap for users of http.ResponseController
func (*ResponseWriter) WriteHeader ¶
func (w *ResponseWriter) WriteHeader(statusCode int)