urlutil

package
v0.21.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 15, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package urlutil provides utility functions for working with go urls.

Index

Constants

View Source 
const (
	WebAuthnURLPath    = "/.pomerium/webauthn"
	DeviceEnrolledPath = "/.pomerium/device-enrolled"
)

Device paths

View Source 
const (
	QueryCallbackURI        = "pomerium_callback_uri"
	QueryDeviceCredentialID = "pomerium_device_credential_id"
	QueryDeviceType         = "pomerium_device_type"
	QueryEnrollmentToken    = "pomerium_enrollment_token" //nolint
	QueryExpiry             = "pomerium_expiry"
	QueryIdentityProfile    = "pomerium_identity_profile"
	QueryIdentityProviderID = "pomerium_idp_id"
	QueryIsProgrammatic     = "pomerium_programmatic"
	QueryIssued             = "pomerium_issued"
	QueryPomeriumJWT        = "pomerium_jwt"
	QueryRedirectURI        = "pomerium_redirect_uri"
	QuerySession            = "pomerium_session"
	QuerySessionEncrypted   = "pomerium_session_encrypted"
	QuerySessionState       = "pomerium_session_state"
)

Common query parameters used to set and send data between Pomerium services over HTTP calls and redirects. They are typically used in conjunction with a HMAC to ensure authenticity.

View Source 
const (
	QueryHmacExpiry    = "pomerium_expiry"
	QueryHmacIssued    = "pomerium_issued"
	QueryHmacSignature = "pomerium_signature"
)

URL signature based query params used for verifying the authenticity of a URL.

View Source 
const DefaultDeviceType = "any"

DefaultDeviceType is the default device type when none is specified.

View Source 
const (
	// DefaultLeeway defines the default leeway for matching NotBefore/Expiry claims.
	DefaultLeeway = 1.0 * time.Minute
)
View Source 
const HPKEPublicKeyPath = "/.well-known/pomerium/hpke-public-key"

HPKEPublicKeyPath is the well-known path to the HPKE public key

Variables

View Source 
var (
	// ErrExpired indicates that token is used after expiry time indicated in exp claim.
	ErrExpired = errors.New("internal/urlutil: validation failed, url hmac is expired")

	// ErrIssuedInTheFuture indicates that the issued field is in the future.
	ErrIssuedInTheFuture = errors.New("internal/urlutil: validation field, url hmac issued in the future")

	// ErrNumericDateMalformed indicates a malformed unix timestamp was found while parsing.
	ErrNumericDateMalformed = errors.New("internal/urlutil: malformed unix timestamp field")
)
View Source 
var ErrMissingRedirectURI = errors.New("missing " + QueryRedirectURI)

ErrMissingRedirectURI indicates the pomerium_redirect_uri was missing from the query string.

Functions

func BuildTimeParameters added in v0.21.0 

func BuildTimeParameters(params url.Values, expiry time.Duration)

BuildTimeParameters adds the issued and expiry timestamps to the query parameters.

func DeepCopy added in v0.2.0 

func DeepCopy(u *url.URL) (*url.URL, error)

DeepCopy creates a deep copy of a *url.URL

func GetAbsoluteURL added in v0.4.0 

func GetAbsoluteURL(r *http.Request) *url.URL

GetAbsoluteURL returns the current handler's absolute url. https://stackoverflow.com/a/23152483

func GetCallbackURL added in v0.15.6 

func GetCallbackURL(r *http.Request, encodedSessionJWT string) (*url.URL, error)

GetCallbackURL gets the proxy's callback URL from a request and a base64url encoded + encrypted session state JWT.

func GetCallbackURLForRedirectURI added in v0.17.0 

func GetCallbackURLForRedirectURI(r *http.Request, encodedSessionJWT, rawRedirectURI string) (*url.URL, error)

GetCallbackURLForRedirectURI gets the proxy's callback URL from a request and a base64url encoded + encrypted session state JWT.

func GetDomainsForURL added in v0.10.0 

func GetDomainsForURL(u *url.URL) []string

GetDomainsForURL returns the available domains for given url.

For standard HTTP (80)/HTTPS (443) ports, it returns `example.com` and `example.com:<port>`. Otherwise, return the URL.Host value.

func GetExternalRequest added in v0.17.1 

func GetExternalRequest(internalURL, externalURL *url.URL, r *http.Request) *http.Request

GetExternalRequest modifies a request so that it appears to be for an external URL instead of an internal URL.

func GetServerNamesForURL added in v0.21.0 

func GetServerNamesForURL(u *url.URL) []string

GetServerNamesForURL returns the TLS server names for the given URL. The server name is the URL hostname.

func IsLoopback added in v0.13.4 

func IsLoopback(u *url.URL) bool

IsLoopback returns true if the given URL corresponds with a loopback address.

func IsRedirectAllowed added in v0.13.4 

func IsRedirectAllowed(redirectURL *url.URL, whitelistDomains []string) bool

IsRedirectAllowed returns true if the redirect URL is whitelisted.

func IsTCP added in v0.12.0 

func IsTCP(u *url.URL) bool

IsTCP returns whether or not the given URL is for TCP via HTTP Connect.

func Join added in v0.15.6 

func Join(elements ...string) string

Join joins elements of a URL with '/'.

func MatchesServerName added in v0.21.0 

func MatchesServerName(u url.URL, serverName string) bool

MatchesServerName returnes true if the url's host matches the given server name.

func MustParseAndValidateURL added in v0.16.2 

func MustParseAndValidateURL(rawURL string) url.URL

MustParseAndValidateURL parses the URL via ParseAndValidateURL but panics if there is an error. (useful for testing)

func ParseAndValidateURL added in v0.1.0 

func ParseAndValidateURL(rawurl string) (*url.URL, error)

ParseAndValidateURL wraps standard library's default url.Parse because it's much more lenient about what type of urls it accepts than pomerium.

func RedirectURL added in v0.17.0 

func RedirectURL(r *http.Request) (string, bool)

RedirectURL returns the redirect URL from the query string or a cookie.

func SignOutURL added in v0.17.0 

func SignOutURL(r *http.Request, authenticateURL *url.URL, key []byte) string

SignOutURL returns the /.pomerium/sign_out URL.

func StripPort 

func StripPort(hostport string) string

StripPort returns a host, without any port number.

If Host is an IPv6 literal with a port number, Hostname returns the IPv6 literal without the square brackets. IPv6 literals may include a zone identifier.

func ValidateTimeParameters added in v0.21.0 

func ValidateTimeParameters(params url.Values) error

ValidateTimeParameters validates that the issued and expiry timestamps in the query parameters are valid.

func ValidateURL added in v0.4.0 

func ValidateURL(u *url.URL) error

ValidateURL wraps standard library's default url.Parse because it's much more lenient about what type of urls it accepts than pomerium.

func WebAuthnURL added in v0.17.0 

func WebAuthnURL(r *http.Request, authenticateURL *url.URL, key []byte, values url.Values) string

WebAuthnURL returns the /.pomerium/webauthn URL.

Types

type SignedURL added in v0.5.1 

type SignedURL struct {
	// contains filtered or unexported fields
}

SignedURL is a shared-key HMAC wrapped URL.

func NewSignedURL added in v0.5.1 

func NewSignedURL(key []byte, uri *url.URL) *SignedURL

NewSignedURL creates a new copy of a URL that can be signed with a shared key.

N.B. It is the user's responsibility to make sure the key is 256 bits and the url is not nil.

func (*SignedURL) Sign added in v0.5.1 

func (su *SignedURL) Sign() *url.URL

Sign creates a shared-key HMAC signed URL.

func (*SignedURL) String added in v0.5.1 

func (su *SignedURL) String() string

String implements the stringer interface and returns a signed URL string.

func (*SignedURL) Validate added in v0.5.1 

func (su *SignedURL) Validate() error

Validate checks to see if a signed URL is valid.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.