urlutil

Documentation

Index

• Constants
• Variables
• func DeepCopy(u *url.URL) (*url.URL, error)
• func GetAbsoluteURL(r *http.Request) *url.URL
• func ParseAndValidateURL(rawurl string) (*url.URL, error)
• func StripPort(hostport string) string
• func ValidateURL(u *url.URL) error
• type SignedURL
  • func NewSignedURL(key string, uri *url.URL) *SignedURL
  • func (su *SignedURL) Sign() *url.URL
  • func (su *SignedURL) String() string
  • func (su *SignedURL) Validate() error

Constants

const (
	QueryCallbackURI       = "pomerium_callback_uri"
	QueryImpersonateEmail  = "pomerium_impersonate_email"
	QueryImpersonateGroups = "pomerium_impersonate_groups"
	QueryImpersonateAction = "pomerium_impersonate_action"
	QueryIsProgrammatic    = "pomerium_programmatic"
	QueryForwardAuth       = "pomerium_forward_auth"
	QueryPomeriumJWT       = "pomerium_jwt"
	QuerySessionEncrypted  = "pomerium_session_encrypted"
	QueryRedirectURI       = "pomerium_redirect_uri"
	QueryRefreshToken      = "pomerium_refresh_token"
	QueryAccessTokenID     = "pomerium_session_access_token_id"
	QueryAudience          = "pomerium_session_audience"
)

Common query parameters used to set and send data between Pomerium services over HTTP calls and redirects. They are typically used in conjunction with a HMAC to ensure authenticity.

const (
	QueryHmacExpiry    = "pomerium_expiry"
	QueryHmacIssued    = "pomerium_issued"
	QueryHmacSignature = "pomerium_signature"
	QueryHmacURI       = "pomerium_uri"
)

URL signature based query params used for verifying the authenticity of a URL.

const (
	// DefaultLeeway defines the default leeway for matching NotBefore/Expiry claims.
	DefaultLeeway = 1.0 * time.Minute
)

Variables

var (
	// ErrExpired indicates that token is used after expiry time indicated in exp claim.
	ErrExpired = errors.New("internal/urlutil: validation failed, url hmac is expired")

	// ErrIssuedInTheFuture indicates that the issued field is in the future.
	ErrIssuedInTheFuture = errors.New("internal/urlutil: validation field, url hmac issued in the future")

	// ErrNumericDateMalformed indicates a malformed unix timestamp was found while parsing.
	ErrNumericDateMalformed = errors.New("internal/urlutil: malformed unix timestamp field")
)

Functions

func DeepCopy

func DeepCopy(u *url.URL) (*url.URL, error)

func GetAbsoluteURL

func GetAbsoluteURL(r *http.Request) *url.URL

GetAbsoluteURL returns the current handler's absolute url. https://stackoverflow.com/a/23152483

func ParseAndValidateURL

func ParseAndValidateURL(rawurl string) (*url.URL, error)

ParseAndValidateURL wraps standard library's default url.Parse because it's much more lenient about what type of urls it accepts than pomerium.

func StripPort

func StripPort(hostport string) string

StripPort returns a host, without any port number.

If Host is an IPv6 literal with a port number, Hostname returns the IPv6 literal without the square brackets. IPv6 literals may include a zone identifier.

func ValidateURL

func ValidateURL(u *url.URL) error

ValidateURL wraps standard library's default url.Parse because it's much more lenient about what type of urls it accepts than pomerium.

Types

type SignedURL

type SignedURL struct {
	// contains filtered or unexported fields
}

SignedURL is a shared-key HMAC wrapped URL.

func NewSignedURL

func NewSignedURL(key string, uri *url.URL) *SignedURL

NewSignedURL creates a new copy of a URL that can be signed with a shared key.

N.B. It is the user's responsibility to make sure the key is 256 bits and

the url is not nil.

func (*SignedURL) Sign

func (su *SignedURL) Sign() *url.URL

Sign creates a shared-key HMAC signed URL.

func (*SignedURL) String

func (su *SignedURL) String() string

String implements the stringer interface and returns a signed URL string.

func (*SignedURL) Validate

func (su *SignedURL) Validate() error

Validate checks to see if a signed URL is valid.