listenerutil

package module
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 8, 2024 License: MPL-2.0 Imports: 25 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrInvalidParameter = errors.New("invalid parameter")
)

Functions

func OrigRemoteAddrFromCtx

func OrigRemoteAddrFromCtx(ctx context.Context) (string, bool)

OrigRemoteAddrFromCtx attempts to get the original remote address value from the context provided

func ParseSingleIPTemplate

func ParseSingleIPTemplate(ipTmpl string) (string, error)

ParseSingleIPTemplate is used as a helper function to parse out a single IP address from a config parameter.

func TLSConfig

func TLSConfig(
	l *ListenerConfig,
	props map[string]string,
	ui cli.Ui) (*tls.Config, reloadutil.ReloadFunc, error)

func TrustedFromXForwardedFor

func TrustedFromXForwardedFor(r *http.Request, l *ListenerConfig) (trustedAddress *Addr, remoteAddress *Addr, e error)

TrustedFromXForwardedFor will use the XForwardedFor* listener config settings to determine how/if X-Forwarded-For are trusted/allowed for an inbound request. Important: return values of nil, nil, nil are valid and simply means that no "trusted" header was found and no error was raised as well. Errors can be raised for a number of conditions based on the listener config settings, especially when the config setting for XForwardedForRejectNotPresent is set to true which means if a "trusted" header can't be found the request should be rejected.

func UnixSocketListener

func UnixSocketListener(path string, unixSocketsConfig *UnixSocketsConfig) (net.Listener, error)

func WrapCustomHeadersHandler

func WrapCustomHeadersHandler(h http.Handler, config *ListenerConfig, isUiRequest uiRequestFunc) http.Handler

WrapCustomHeadersHandler wraps the handler to pass a custom ResponseWriter struct to all later wrappers and handlers to assign custom headers by status code. This wrapper must be the outermost wrapper to function correctly.

func WrapForwardedForHandler

func WrapForwardedForHandler(h http.Handler, l *ListenerConfig, respErrFn ErrResponseFn) (http.Handler, error)

WrapForwaredForHandler is an http middleware handler which uses the XForwardedFor* listener config settings to determine how/if X-Forwarded-For are trusted/allowed for an inbound request. In the end, if a "trusted" X-Forwarded-For header is found, then the request RemoteAddr will be overwritten with it before the request is served.

Types

type Addr

type Addr struct {
	Host string
	Port string
}

Addr represents only the Host and Port of a TCP address.

type ErrResponseFn

type ErrResponseFn func(w http.ResponseWriter, status int, err error)

ErrResponseFn provides a func to call whenever WrapForwardedForHandler encounters an error

type Listener

type Listener struct {
	net.Listener
	Config ListenerConfig
}

type ListenerConfig

type ListenerConfig struct {
	RawConfig map[string]interface{}

	Type       string
	Purpose    []string    `hcl:"-"`
	PurposeRaw interface{} `hcl:"purpose"`

	Address                 string        `hcl:"address"`
	ClusterAddress          string        `hcl:"cluster_address"`
	MaxRequestSize          int64         `hcl:"-"`
	MaxRequestSizeRaw       interface{}   `hcl:"max_request_size"`
	MaxRequestDuration      time.Duration `hcl:"-"`
	MaxRequestDurationRaw   interface{}   `hcl:"max_request_duration"`
	RequireRequestHeader    bool          `hcl:"-"`
	RequireRequestHeaderRaw interface{}   `hcl:"require_request_header"`

	TLSDisable                       bool        `hcl:"-"`
	TLSDisableRaw                    interface{} `hcl:"tls_disable"`
	TLSCertFile                      string      `hcl:"tls_cert_file"`
	TLSKeyFile                       string      `hcl:"tls_key_file"`
	TLSMinVersion                    string      `hcl:"tls_min_version"`
	TLSMaxVersion                    string      `hcl:"tls_max_version"`
	TLSCipherSuites                  []uint16    `hcl:"-"`
	TLSCipherSuitesRaw               string      `hcl:"tls_cipher_suites"`
	TLSPreferServerCipherSuites      bool        `hcl:"-"`
	TLSPreferServerCipherSuitesRaw   interface{} `hcl:"tls_prefer_server_cipher_suites"`
	TLSRequireAndVerifyClientCert    bool        `hcl:"-"`
	TLSRequireAndVerifyClientCertRaw interface{} `hcl:"tls_require_and_verify_client_cert"`
	TLSClientCAFile                  string      `hcl:"tls_client_ca_file"`
	TLSDisableClientCerts            bool        `hcl:"-"`
	TLSDisableClientCertsRaw         interface{} `hcl:"tls_disable_client_certs"`

	HTTPReadTimeout          time.Duration `hcl:"-"`
	HTTPReadTimeoutRaw       interface{}   `hcl:"http_read_timeout"`
	HTTPReadHeaderTimeout    time.Duration `hcl:"-"`
	HTTPReadHeaderTimeoutRaw interface{}   `hcl:"http_read_header_timeout"`
	HTTPWriteTimeout         time.Duration `hcl:"-"`
	HTTPWriteTimeoutRaw      interface{}   `hcl:"http_write_timeout"`
	HTTPIdleTimeout          time.Duration `hcl:"-"`
	HTTPIdleTimeoutRaw       interface{}   `hcl:"http_idle_timeout"`

	ProxyProtocolBehavior           string                        `hcl:"proxy_protocol_behavior"`
	ProxyProtocolAuthorizedAddrs    []*sockaddr.SockAddrMarshaler `hcl:"-"`
	ProxyProtocolAuthorizedAddrsRaw interface{}                   `hcl:"proxy_protocol_authorized_addrs"`

	XForwardedForAuthorizedAddrs        []*sockaddr.SockAddrMarshaler `hcl:"-"`
	XForwardedForAuthorizedAddrsRaw     interface{}                   `hcl:"x_forwarded_for_authorized_addrs"`
	XForwardedForHopSkips               int64                         `hcl:"-"`
	XForwardedForHopSkipsRaw            interface{}                   `hcl:"x_forwarded_for_hop_skips"`
	XForwardedForRejectNotPresent       bool                          `hcl:"-"`
	XForwardedForRejectNotPresentRaw    interface{}                   `hcl:"x_forwarded_for_reject_not_present"`
	XForwardedForRejectNotAuthorized    bool                          `hcl:"-"`
	XForwardedForRejectNotAuthorizedRaw interface{}                   `hcl:"x_forwarded_for_reject_not_authorized"`

	SocketMode  string `hcl:"socket_mode"`
	SocketUser  string `hcl:"socket_user"`
	SocketGroup string `hcl:"socket_group"`

	Telemetry ListenerTelemetry `hcl:"telemetry"`

	// RandomPort is used only for some testing purposes
	RandomPort bool `hcl:"-"`

	CorsEnabledRaw                           interface{} `hcl:"cors_enabled"`
	CorsEnabled                              *bool       `hcl:"-"`
	CorsDisableDefaultAllowedOriginValuesRaw interface{} `hcl:"cors_disable_default_allowed_origin_values"`
	CorsDisableDefaultAllowedOriginValues    *bool       `hcl:"-"`
	CorsAllowedOrigins                       []string    `hcl:"cors_allowed_origins"`
	CorsAllowedHeaders                       []string    `hcl:"-"`
	CorsAllowedHeadersRaw                    []string    `hcl:"cors_allowed_headers"`

	// Custom Http response headers
	CustomApiResponseHeaders    map[int]http.Header `hcl:"-"`
	CustomApiResponseHeadersRaw interface{}         `hcl:"custom_api_response_headers"`
	CustomUiResponseHeaders     map[int]http.Header `hcl:"-"`
	CustomUiResponseHeadersRaw  interface{}         `hcl:"custom_ui_response_headers"`
}

ListenerConfig is the listener configuration for the server.

func ParseListeners

func ParseListeners(list *ast.ObjectList, opt ...Option) ([]*ListenerConfig, error)

ParseListeners parses the list of listeners into a slice of ListenerConfig structs. Supported options:

  • WithDefaultUiContentSecurityPolicyHeader

func (*ListenerConfig) GoString

func (l *ListenerConfig) GoString() string

type ListenerTelemetry

type ListenerTelemetry struct {
	UnauthenticatedMetricsAccess    bool        `hcl:"-"`
	UnauthenticatedMetricsAccessRaw interface{} `hcl:"unauthenticated_metrics_access"`
}

type Option

type Option func(*options) error

Option - how Options are passed as arguments

func WithDefaultUiContentSecurityPolicyHeader

func WithDefaultUiContentSecurityPolicyHeader(cspHeader string) Option

WithDefaultUiContentSecurityPolicyHeader provides a default value for the UI listener's Content-Security-Policy header.

type ResponseWriter

type ResponseWriter struct {
	// Embed ResponseController so we automatically implement
	// http.Hijacker, SetReadDeadline and SetWriteDeadline.
	*http.ResponseController
	// contains filtered or unexported fields
}

func (*ResponseWriter) Flush

func (w *ResponseWriter) Flush()

We need to wrap the ResponseController Flush method to implement http.Flusher, since it doesn't normally return an error.

func (*ResponseWriter) Header

func (w *ResponseWriter) Header() http.Header

func (*ResponseWriter) Push

func (w *ResponseWriter) Push(target string, opts *http.PushOptions) error

Implement http.Pusher if available.

func (*ResponseWriter) Unwrap

func (w *ResponseWriter) Unwrap() http.ResponseWriter

Provide Unwrap for users of http.ResponseController

func (*ResponseWriter) Write

func (w *ResponseWriter) Write(data []byte) (int, error)

func (*ResponseWriter) WriteHeader

func (w *ResponseWriter) WriteHeader(statusCode int)

type UnixSocketsConfig

type UnixSocketsConfig struct {
	User  string `hcl:"user"`
	Mode  string `hcl:"mode"`
	Group string `hcl:"group"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL