Documentation ¶
Overview ¶
SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0
SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0
SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0
SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0
SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0
SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0
SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0
SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0
SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0
SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0
SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0
Index ¶
- Variables
- func AddressKey() string
- func ConnectionState(ctx context.Context) (cs tls.ConnectionState, present bool)
- func NewServerChain(o Options, l *zap.Logger, fbs ...sallusthttp.FieldBuilder) alice.Chain
- func NewTlsConfig(t *Tls, extra ...PeerVerifier) (*tls.Config, error)
- func OnStart(o Options, s Interface, logger *zap.Logger, onExit func()) func(context.Context) error
- func OnStop(s Interface, logger *zap.Logger) func(context.Context) error
- func ServerKey() string
- func SetConnectionState(ctx context.Context, cs tls.ConnectionState) context.Context
- func UseTrackingWriter(next http.Handler) http.Handler
- type Busy
- type ChainFactory
- type ChainFactoryFunc
- type ConfiguredPeerVerifier
- type Constant
- type ConstantHandler
- type Interface
- type Listener
- type MissingValueError
- type MissingVariableError
- type Options
- type PeerVerifier
- type PeerVerifierFunc
- type PeerVerifiers
- type PeerVerifyError
- type PeerVerifyOptions
- type Releasable
- type ResponseHeaders
- type ServerIn
- type ServerNotConfiguredError
- type Tls
- type TlsConn
- type TrackingWriter
- type Unmarshal
Constants ¶
This section is empty.
Variables ¶
var ( ErrTlsCertificateRequired = errors.New("Both a certificateFile and keyFile are required") ErrUnableToAddClientCACertificate = errors.New("Unable to add client CA certificate") )
var ( // ErrHijackerNotSupported is returned by TrackingWriter.Hijack when the underlying // http.ResponseWriter does not implement http.Hijacker. ErrHijackerNotSupported = errors.New("http.Hijacker is not supported") )
Functions ¶
func AddressKey ¶
func AddressKey() string
AddressKey is the logging key for the server's bind address
func ConnectionState ¶ added in v0.4.19
func ConnectionState(ctx context.Context) (cs tls.ConnectionState, present bool)
ConnectionState returns the tls.ConnectionState from the given context.
func NewServerChain ¶
func NewServerChain(o Options, l *zap.Logger, fbs ...sallusthttp.FieldBuilder) alice.Chain
NewServerChain produces the standard constructor chain for a server, primarily using configuration.
func NewTlsConfig ¶
func NewTlsConfig(t *Tls, extra ...PeerVerifier) (*tls.Config, error)
NewTlsConfig produces a *tls.Config from a set of configuration options. If the supplied set of options is nil, this function returns nil with no error.
If supplied, the PeerVerifier strategies will be executed as part of peer verification. This allows application-layer logic to be injected.
func SetConnectionState ¶ added in v0.4.19
SetConnectionState associates a tls.ConnectionState with the given context.
Types ¶
type Busy ¶ added in v0.3.1
Busy is an Alice-style decorator that enforces a maximum number of concurrent HTTP transactions
type ChainFactory ¶
ChainFactory is a creation strategy for server-specific alice.Chains that will decorate the server handler. Chains created by this factory will be appended to the core chain created by NewServerChain.
This interface is useful when particular servers need custom chains based on configuration. The most common example of this is metrics, as server metrics might need the name of the server as a label.
type ChainFactoryFunc ¶
type ConfiguredPeerVerifier ¶ added in v0.2.0
type ConfiguredPeerVerifier struct {
// contains filtered or unexported fields
}
ConfiguredPeerVerifier is a PeerVerifier strategy synthesized from a PeerVerifyOptions. This type is the built-in PeerVerifier strategy for this package.
func NewConfiguredPeerVerifier ¶ added in v0.2.0
func NewConfiguredPeerVerifier(pvo PeerVerifyOptions) *ConfiguredPeerVerifier
NewConfiguredPeerVerifier returns a ConfiguredPeerVerifier from a set of options. If the given options do not represent any constraints, i.e. if every field is unset, then this function returns nil.
func (*ConfiguredPeerVerifier) Verify ¶ added in v0.2.0
func (cpv *ConfiguredPeerVerifier) Verify(peerCert *x509.Certificate, _ [][]*x509.Certificate) error
type Constant ¶ added in v0.3.1
type Constant struct { // StatusCode is the HTTP response code returned from all transactions. If unset, http.StatusOK is assumed. StatusCode int // Header describes any response HTTP headers. If a Body is supplied, the Content-Length header is automatically inserted. // If a Content-Type header is desired, use this field. Header http.Header // Body is the constant body returned by all HTTP responses. If unset, no body is written. Note that the // Content-Length header is always written. If no Body is set, Content-Length will be zero. Body []byte }
Constant describes the available options for creating a ConstantHandler
func (Constant) NewHandler ¶ added in v0.3.1
func (c Constant) NewHandler() *ConstantHandler
NewHandler produces a ConstantHandler from a set of options. Headers are preprocessed and canoncilized. Each invocation of this method produces a distinct ConstantHandler that is unaffected by changes to the defining Constant instance.
type ConstantHandler ¶ added in v0.3.1
type ConstantHandler struct {
// contains filtered or unexported fields
}
ConstantHandler is an http.Handler that produces constant content described by a ConstantOptions
func (*ConstantHandler) ServeHTTP ¶ added in v0.3.1
func (ch *ConstantHandler) ServeHTTP(response http.ResponseWriter, _ *http.Request)
type Interface ¶
type Interface interface { // Serve handles both TLS and non-TLS listeners. Code in this package takes care of creating // a *tls.Config and TLS listener. Serve(l net.Listener) error // Shutdown gracefully shuts down the server Shutdown(context.Context) error }
Interface is the expected behavior of a server
type Listener ¶ added in v0.3.1
type Listener struct {
// contains filtered or unexported fields
}
Listener is a configurable net.Listener that provides the following features via options
func NewListener ¶
func NewListener(ctx context.Context, o Options, lcfg net.ListenConfig, tcfg *tls.Config) (*Listener, error)
NewListener constructs a net.Listener appropriate for the server configuration. This function binds to the address specified in the options or an autoselected address if that field is one of the values mentioned at https://godoc.org/net#Listen.
type MissingValueError ¶
MissingValueError indicates a missing header or parameter in a request (or both)
func (MissingValueError) Error ¶
func (mve MissingValueError) Error() string
func (MissingValueError) StatusCode ¶
func (mve MissingValueError) StatusCode() int
type MissingVariableError ¶
type MissingVariableError struct {
Variable string
}
MissingVariableError indicates a missing URI variable, which is a misconfiguration
func (MissingVariableError) Error ¶
func (mve MissingVariableError) Error() string
func (MissingVariableError) StatusCode ¶
func (mve MissingVariableError) StatusCode() int
type Options ¶
type Options struct { Address string Network string Tls *Tls LogConnectionState bool DisableHTTPKeepAlives bool MaxHeaderBytes int IdleTimeout time.Duration ReadHeaderTimeout time.Duration ReadTimeout time.Duration WriteTimeout time.Duration MaxConcurrentRequests int DisableTCPKeepAlives bool TCPKeepAlivePeriod time.Duration Header http.Header DisableTracking bool DisableHandlerLogger bool }
Options represent the configurable options for creating a server, typically unmarshalled from an external source.
type PeerVerifier ¶ added in v0.2.0
type PeerVerifier interface {
Verify(peerCert *x509.Certificate, verifiedChains [][]*x509.Certificate) error
}
PeerVerifier is a verification strategy for a peer (client) certificate.
type PeerVerifierFunc ¶ added in v0.2.0
type PeerVerifierFunc func(*x509.Certificate, [][]*x509.Certificate) error
func (PeerVerifierFunc) Verify ¶ added in v0.2.0
func (pvf PeerVerifierFunc) Verify(peerCert *x509.Certificate, verifiedChains [][]*x509.Certificate) error
type PeerVerifiers ¶ added in v0.2.0
type PeerVerifiers []PeerVerifier
PeerVerifiers is a sequence of verification strategies. All of the verifiers must return nil errors for a given peer cert to be considered valid.
func NewPeerVerifiers ¶ added in v0.2.0
func NewPeerVerifiers(pvo PeerVerifyOptions, extra ...PeerVerifier) PeerVerifiers
NewPeerVerifiers constructs a chain of verification strategies merged from a set of options with an extra set of application-layer strategies. The extra verifiers are run first. This function will return an empty chain of verifiers if both (1) the options do not have any constraints, and (2) there are no extra verifiers.
func (PeerVerifiers) Verify ¶ added in v0.2.0
func (pvs PeerVerifiers) Verify(peerCert *x509.Certificate, verifiedChains [][]*x509.Certificate) error
Verify allows a PeerVerifiers to itself be used as a PeerVerifier
func (PeerVerifiers) VerifyPeerCertificate ¶ added in v0.2.0
func (pvs PeerVerifiers) VerifyPeerCertificate(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) (err error)
VerifyPeerCertificate may be used as the closure for crypto/tls.Config.VerifyPeerCertificate
If any of the rawCerts passes verification, this method returns nil to indicate that the client has supplied a valid certificate. If all rawCerts fail verification or if any certificates fail to parse, this method returns an error.
type PeerVerifyError ¶ added in v0.2.0
type PeerVerifyError struct { Certificate *x509.Certificate Reason string }
PeerVerifyError represents a verification error for a particular certificate
func (PeerVerifyError) Error ¶ added in v0.2.0
func (pve PeerVerifyError) Error() string
type PeerVerifyOptions ¶ added in v0.2.0
type PeerVerifyOptions struct { // DNSSuffixes enumerates any DNS suffixes that are checked. A DNSName field of at least (1) peer cert // must have one of these suffixes. If this field is not supplied, no DNS suffix checking is performed. // Matching is case insensitive. // // If any DNS suffix matches, that is sufficient for the peer cert to be valid. No further checking is done in that case. DNSSuffixes []string // CommonNames lists the subject common names that at least (1) peer cert must have. If not supplied, // no checking is done on the common name. Matching common names is case sensitive. // // If any common name matches, that is sufficient for the peer cert to be valid. No further checking is done in that case. CommonNames []string }
PeerVerifyOptions allows common checks against a client-side certificate to be configured externally. Any constraint that matches will result in a valid peer cert.
type Releasable ¶ added in v0.3.1
type Releasable interface {
Release()
}
Releasable is implemented by connections returned by Listener that can be marked as freed without closing the connection. Primarily, this is for hijacked connections that calling code no longer wants to count toward the Listener's max connections limit.
type ResponseHeaders ¶
func (ResponseHeaders) ThenFunc ¶
func (rh ResponseHeaders) ThenFunc(next http.HandlerFunc) http.Handler
type ServerIn ¶
type ServerIn struct { fx.In Logger *zap.Logger Unmarshaller config.Unmarshaller Shutdowner fx.Shutdowner Lifecycle fx.Lifecycle // ChainFactory is an optional component which is used to build an alice.Chain for each particular // server based on configuration. Both this field and Chain may be used simultaneously. ChainFactory ChainFactory `optional:"true"` // FieldBuilders is an optional component which is used to create contextual request loggers // for use by http.Handler code. FieldBuilders []sallusthttp.FieldBuilder `optional:"true"` // Tracing will be used to set up tracing instrumentation code. Tracing candlelight.Tracing `optional:"true"` }
ServerIn holds the set of dependencies required to create an HTTP server in the context of a uber/fx application.
type ServerNotConfiguredError ¶ added in v0.0.3
type ServerNotConfiguredError struct {
Key string
}
ServerNotConfiguredError is returned when a required server has no configuration key
func (ServerNotConfiguredError) Error ¶ added in v0.0.3
func (e ServerNotConfiguredError) Error() string
type Tls ¶
type Tls struct { CertificateFile string KeyFile string ClientCACertificateFile string ServerName string NextProtos []string MinVersion uint16 MaxVersion uint16 PeerVerify PeerVerifyOptions }
Tls represents the set of configurable options for a serverside tls.Config associated with a server.
type TlsConn ¶ added in v0.3.1
type TlsConn interface { CloseWrite() error ConnectionState() tls.ConnectionState Handshake() error OCSPResponse() []byte VerifyHostname(string) error }
TlsConn is the behavior of a TLS-specific net.Conn. This interface is implemented by connections returned by Listener if a tls.Config is supplied in the options.
type TrackingWriter ¶
type TrackingWriter interface { http.ResponseWriter http.Hijacker http.Pusher http.Flusher kithttp.StatusCoder // Hijacked returns true if the underlying network connection has been hijacked Hijacked() bool // BytesWritten returns the total bytes written to the response body via Write. BytesWritten() int }
TrackingWriter is a decorated http.ResponseWriter that allows visibility into various items written to the response.
Implementations always implement the optional interfaces. In cases where the underlying http.ResponseWriter does not implement that interface, e.g. http.Pusher, either an error is returned or the method is a no-op.
This interface implements go-kit's StatusCoder to allow client code to narrowly cast to the desired type.
func NewTrackingWriter ¶
func NewTrackingWriter(next http.ResponseWriter) TrackingWriter
NewTrackingWriter decorates an existing response writer and allows visibility into certain items written to the response.
type Unmarshal ¶
type Unmarshal struct { // Key is the viper configuration key containing the server Options Key string // Name is the string that identifies this server from others within the same application. If unset, // the Key is used. Name string // Optional indicates whether the configuration is required. If this field is false (the default), // and there is no such configuration Key, an error is returned. Optional bool // Chain is an optional set of constructors that will decorate the *mux.Router. This field is useful for static // decorators, such as inserting known headers into every response. // // This chain cannot depend on components. In order to leverage dependency injection, create a ChainFactory instead. Chain alice.Chain }
Unmarshal describes how to unmarshal an HTTP server. This type contains all the non-component information related to server instantiation.
func (Unmarshal) Annotated ¶ added in v0.0.3
Annotated is like Unmarshal, save that it emits a named *mux.Router. This method is appropriate for applications with multiple servers. The name of the returned *mux.Router is either the Name field (if set) or the Key field (if Name is empty).
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0 Package pprof exposes simple integrations between net/http/pprof, gorilla/mux, and uber/fx.
|
SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC SPDX-License-Identifier: Apache-2.0 Package pprof exposes simple integrations between net/http/pprof, gorilla/mux, and uber/fx. |