app

package
v11.3.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 13, 2022 License: Apache-2.0 Imports: 33 Imported by: 0

Documentation

Overview

Package app connections to applications over a reverse tunnel and forwards HTTP requests to them.

Index

Constants

View Source
const (
	// CookieName is the name of the application session cookie.
	CookieName = "__Host-grv_app_session"

	// AuthStateCookieName is the name of the state cookie used during the
	// initial authentication flow.
	AuthStateCookieName = "__Host-grv_app_auth_state"
)

Variables

This section is empty.

Functions

func HasClientCert

func HasClientCert(r *http.Request) bool

HasClientCert checks if the request has a client certificate.

func HasFragment

func HasFragment(r *http.Request) bool

HasFragment checks if the request is coming to the fragment authentication endpoint.

func HasName

func HasName(r *http.Request, proxyPublicAddrs []utils.NetAddr) (string, bool)

HasName checks if the client is attempting to connect to a host that is different than the public address of the proxy. If it is, it redirects back to the application launcher in the Web UI.

func HasSession

func HasSession(r *http.Request) bool

HasSession checks if an application specific cookie exists.

func Match

func Match(ctx context.Context, authClient Getter, fn Matcher) ([]types.AppServer, error)

Match will match a list of applications with the passed in matcher function. Matcher functions that can match on public address and name are available. The resulting list is shuffled before it is returned.

func ResolveFQDN

func ResolveFQDN(ctx context.Context, clt Getter, tunnel reversetunnel.Tunnel, proxyDNSNames []string, fqdn string) (types.AppServer, string, error)

ResolveFQDN makes a best effort attempt to resolve FQDN to an application running a root or leaf cluster.

Note: This function can incorrectly resolve application names. For example, if you have an application named "acme" within both the root and leaf cluster, this method will always return "acme" running within the root cluster. Always supply public address and cluster name to deterministically resolve an application.

func SetRedirectPageHeaders

func SetRedirectPageHeaders(h http.Header, nonce string)

Types

type Getter

type Getter interface {
	// GetApplicationServers returns registered application servers.
	GetApplicationServers(context.Context, string) ([]types.AppServer, error)

	// GetClusterName returns cluster name
	GetClusterName(opts ...services.MarshalOption) (types.ClusterName, error)
}

Getter returns a list of registered apps and the local cluster name.

type Handler

type Handler struct {
	// contains filtered or unexported fields
}

Handler is an application handler.

func NewHandler

func NewHandler(ctx context.Context, c *HandlerConfig) (*Handler, error)

NewHandler returns a new application handler.

func (*Handler) HandleConnection

func (h *Handler) HandleConnection(ctx context.Context, clientConn net.Conn) error

HandleConnection handles connections from plain TCP applications.

func (*Handler) ServeHTTP

func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP hands the request to the request router.

type HandlerConfig

type HandlerConfig struct {
	// Clock is used to control time in tests.
	Clock clockwork.Clock
	// AuthClient is a direct client to auth.
	AuthClient auth.ClientI
	// AccessPoint is caching client to auth.
	AccessPoint auth.ProxyAccessPoint
	// ProxyClient holds connections to leaf clusters.
	ProxyClient reversetunnel.Tunnel
	// CipherSuites is the list of TLS cipher suites that have been configured
	// for this process.
	CipherSuites []uint16
	// WebPublicAddr
	WebPublicAddr string
}

HandlerConfig is the configuration for an application handler.

func (*HandlerConfig) CheckAndSetDefaults

func (c *HandlerConfig) CheckAndSetDefaults() error

CheckAndSetDefaults validates configuration.

type Matcher

type Matcher func(types.AppServer) bool

Matcher allows matching on different properties of an application.

func MatchAll

func MatchAll(matchers ...Matcher) Matcher

MatchAll matches if all the Matcher functions return true.

func MatchHealthy

func MatchHealthy(proxyClient reversetunnel.Tunnel, identity *tlsca.Identity) Matcher

MatchHealthy tries to establish a connection with the server using the `dialAppServer` function. The app server is matched if the function call doesn't return any error.

func MatchName

func MatchName(name string) Matcher

MatchName matches on the name of an application.

func MatchPublicAddr

func MatchPublicAddr(publicAddr string) Matcher

MatchPublicAddr matches on the public address of an application.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL