v1.35.3 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Apr 12, 2024 License: MPL-2.0 Imports: 24 Imported by: 0



pgproxy is a flexible proxy for the Postgres wire protocol that allows for customizing authentication and backend selection by breaking apart the startup message flow between frontend and backend.

Once authenticated, it falls back to being a dumb proxy that simple shuffles bytes back and forth.




This section is empty.


This section is empty.


func AuthenticateClient added in v0.18.0

func AuthenticateClient(be *pgproto3.Backend) error

AuthenticateClient tells the client they've successfully authenticated.

func CopySteadyState added in v0.18.0

func CopySteadyState(client *pgproto3.Backend, server *pgproto3.Frontend) error

CopySteadyState copies messages back and forth after the initial handshake.

func FinalizeInitialHandshake added in v0.18.0

func FinalizeInitialHandshake(client *pgproto3.Backend, server *pgproto3.Frontend) (*pgproto3.BackendKeyData, error)

FinalizeInitialHandshake completes the handshake between client and server, snooping the BackendKeyData from the server if sent. It is nil if the server did not send any backend key data.

func SendCancelRequest added in v0.18.0

func SendCancelRequest(conn io.ReadWriter, req *pgproto3.CancelRequest) error

func SetupServer added in v0.18.0

func SetupServer(server net.Conn, cfg *ServerConfig) (*pgproto3.Frontend, error)

SetupServer sets up a frontend connected to the given server.


type AuthData

type AuthData struct {
	Username string
	Password string

type CancelData added in v0.18.0

type CancelData struct {
	Raw *pgproto3.CancelRequest

type Client added in v0.18.0

type Client struct {
	Backend *pgproto3.Backend
	Hello   HelloData

func SetupClient added in v0.18.0

func SetupClient(client net.Conn, cfg *ClientConfig) (*Client, error)

SetupClient sets up a backend connected to the given client. If tlsConfig is non-nil it negotiates TLS if requested by the client.

On successful startup the returned message is either *pgproto3.StartupMessage or *pgproto3.CancelRequest.

It is up to the caller to authenticate the client using AuthenticateClient.

type ClientConfig added in v0.18.0

type ClientConfig struct {
	// TLS, if non-nil, indicates we support TLS connections.
	TLS *tls.Config

	// WantPassword, if true, indicates we want to capture
	// the password sent by the frontend.
	WantPassword bool

type DatabaseNotFoundError added in v1.3.0

type DatabaseNotFoundError struct {
	Database string

func (DatabaseNotFoundError) Error added in v1.3.0

func (e DatabaseNotFoundError) Error() string

type HelloData added in v0.18.0

type HelloData interface {
	// contains filtered or unexported methods

type LogicalConn added in v0.18.0

type LogicalConn interface {
	Cancel(*CancelData) error

type ServerConfig added in v0.18.0

type ServerConfig struct {
	TLS     *tls.Config // nil indicates no TLS
	Startup *StartupData

type SingleBackendProxy added in v0.18.0

type SingleBackendProxy struct {
	Log             zerolog.Logger
	RequirePassword bool
	FrontendTLS     *tls.Config
	DialBackend     func(context.Context, *StartupData) (LogicalConn, error)
	// contains filtered or unexported fields

func (*SingleBackendProxy) ProxyConn added in v0.18.0

func (p *SingleBackendProxy) ProxyConn(ctx context.Context, client net.Conn)

func (*SingleBackendProxy) Serve added in v0.18.0

func (p *SingleBackendProxy) Serve(ctx context.Context, ln net.Listener) error

type StartupData added in v0.18.0

type StartupData struct {
	Raw      *pgproto3.StartupMessage
	Database string
	Username string
	Password string // may be empty if RequirePassword is false

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL