proxy

package
v0.6.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 3, 2020 License: Apache-2.0 Imports: 34 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// HeaderJWT is the header key containing JWT signed user details.
	HeaderJWT = "x-pomerium-jwt-assertion"
	// HeaderUserID is the header key containing the user's id.
	HeaderUserID = "x-pomerium-authenticated-user-id"
	// HeaderEmail is the header key containing the user's email.
	HeaderEmail = "x-pomerium-authenticated-user-email"
	// HeaderGroups is the header key containing the user's groups.
	HeaderGroups = "x-pomerium-authenticated-user-groups"
)

Variables

This section is empty.

Functions

func SetResponseHeaders added in v0.4.0 

func SetResponseHeaders(headers map[string]string) func(next http.Handler) http.Handler

SetResponseHeaders sets a map of response headers.

func ValidateOptions added in v0.0.5 

func ValidateOptions(o config.Options) error

ValidateOptions checks that proper configuration settings are set to create a proper Proxy instance

Types

type Proxy 

type Proxy struct {
	// SharedKey used to mutually authenticate service communication
	SharedKey string

	AuthorizeClient client.Authorizer

	Handler http.Handler
	// contains filtered or unexported fields
}

Proxy stores all the information associated with proxying a request.

func New added in v0.0.2 

func New(opts config.Options) (*Proxy, error)

New takes a Proxy service from options and a validation function. Function returns an error if options fail to validate.

func (*Proxy) AuthenticateSession added in v0.4.0 

func (p *Proxy) AuthenticateSession(next http.Handler) http.Handler

AuthenticateSession is middleware to enforce a valid authentication session state is retrieved from the users's request context.

func (*Proxy) AuthorizeSession added in v0.4.0 

func (p *Proxy) AuthorizeSession(next http.Handler) http.Handler

AuthorizeSession is middleware to enforce a user is authorized for a request. Session state is retrieved from the users's request context.

func (*Proxy) Callback added in v0.5.0 

func (p *Proxy) Callback(w http.ResponseWriter, r *http.Request) error

Callback handles the result of a successful call to the authenticate service and is responsible setting returned per-route session.

func (*Proxy) Impersonate added in v0.0.5 

func (p *Proxy) Impersonate(w http.ResponseWriter, r *http.Request) error

Impersonate takes the result of a form and adds user impersonation details to the user's current user sessions state if the user is currently an administrative user. Requests are redirected back to the user dashboard.

func (*Proxy) ProgrammaticCallback added in v0.5.1 

func (p *Proxy) ProgrammaticCallback(w http.ResponseWriter, r *http.Request) error

ProgrammaticCallback handles a successful call to the authenticate service. In addition to returning the individual route session (JWT) it also returns the refresh token.

func (*Proxy) ProgrammaticLogin added in v0.5.0 

func (p *Proxy) ProgrammaticLogin(w http.ResponseWriter, r *http.Request) error

ProgrammaticLogin returns a signed url that can be used to login using the authenticate service.

func (*Proxy) RobotsTxt 

func (p *Proxy) RobotsTxt(w http.ResponseWriter, _ *http.Request)

RobotsTxt sets the User-Agent header in the response to be "Disallow"

func (*Proxy) ServeHTTP added in v0.6.0 

func (p *Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request)

func (*Proxy) SignOut 

func (p *Proxy) SignOut(w http.ResponseWriter, r *http.Request)

SignOut redirects the request to the sign out url. It's the responsibility of the authenticate service to revoke the remote session and clear the local session state.

func (*Proxy) SignRequest added in v0.4.0 

func (p *Proxy) SignRequest(signer encoding.Marshaler) func(next http.Handler) http.Handler

SignRequest is middleware that signs a JWT that contains a user's id, email, and group. Session state is retrieved from the users's request context

func (*Proxy) UpdateOptions added in v0.0.5 

func (p *Proxy) UpdateOptions(o config.Options) error

UpdateOptions updates internal structures based on config.Options

func (*Proxy) UpdatePolicies added in v0.0.5 

func (p *Proxy) UpdatePolicies(opts *config.Options) error

UpdatePolicies updates the H basedon the configured policies

func (*Proxy) UserDashboard added in v0.0.5 

func (p *Proxy) UserDashboard(w http.ResponseWriter, r *http.Request) error

UserDashboard lets users investigate, and refresh their current session. It also contains certain administrative actions like user impersonation. Nota bene: This endpoint does authentication, not authorization.

func (*Proxy) Verify added in v0.4.0 

func (p *Proxy) Verify(verifyOnly bool) http.Handler

Verify checks a user's credentials for an arbitrary host. If the user is properly authenticated and is authorized to access the supplied host, a `200` http status code is returned. If the user is not authenticated, they will be redirected to the authenticate service to sign in with their identity provider. If the user is unauthorized, a `401` error is returned.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.