Documentation
¶
Index ¶
Constants ¶
const Subsystem = "PRXY"
Variables ¶
This section is empty.
Functions ¶
Types ¶
type PrefixLog ¶
type PrefixLog struct {
// contains filtered or unexported fields
}
PrefixLog logs with a given static string prefix.
func NewRemoteIPPrefixLog ¶
NewRemoteIPPrefixLog returns a new prefix logger that logs the remote IP address.
func (*PrefixLog) Debugf ¶
Debugf formats message according to format specifier and writes to log with LevelDebug.
func (*PrefixLog) Errorf ¶
Errorf formats message according to format specifier and writes to to log with LevelError.
type Proxy ¶
type Proxy struct {
// contains filtered or unexported fields
}
Proxy is a HTTP, HTTP/2 and gRPC handler that takes an incoming request, uses its authenticator to validate the request's headers, and either returns a challenge to the client or forwards the request to another server and proxies the response back to the client.
func New ¶
func New(auth auth.Authenticator, services []*Service, serveStatic bool, staticRoot string) (*Proxy, error)
New returns a new Proxy instance that proxies between the services specified, using the auth to validate each request's headers and get new challenge headers if necessary.
func (*Proxy) ServeHTTP ¶
func (p *Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP checks a client's headers for appropriate authorization and either returns a challenge or forwards their request to the target backend service.
func (*Proxy) UpdateServices ¶
UpdateServices re-configures the proxy to use a new set of backend services.
type Service ¶
type Service struct {
// Name is the name of the LSAT-enabled service.
Name string `long:"name" description:"Name of the LSAT-enabled service"`
// TLSCertPath is the optional path to the service's TLS certificate.
TLSCertPath string `long:"tlscertpath" description:"Path to the service's TLS certificate"`
// Address is the service's IP address and port.
Address string `long:"address" description:"service instance rpc address"`
// Protocol is the protocol that should be used to connect to the
// service. Currently supported is http and https.
Protocol string `long:"protocol" description:"service instance protocol"`
// Auth is the authentication level required for this service to be
// accessed. Valid values are "on" for full authentication, "freebie X"
// for X free requests per IP address before authentication is required
// or "off" for no authentication.
Auth auth.Level `long:"auth" description:"required authentication"`
// HostRegexp is a regular expression that is tested against the 'Host'
// HTTP header field to find out if this service should be used.
HostRegexp string `long:"hostregexp" description:"Regular expression to match the host against"`
// PathRegexp is a regular expression that is tested against the path
// of the URL of a request to find out if this service should be used.
PathRegexp string `long:"pathregexp" description:"Regular expression to match the path of the URL against"`
// Headers is a map of strings that defines header name and values that
// should always be passed to the backend service, overwriting any
// headers with the same name that might have been set by the client
// request.
// If the value of a header field starts with the prefix "!file+hex:",
// the rest of the value is treated as a path to a file and the content
// of that file is sent to the backend with each call (hex encoded).
// If the value starts with the prefix "!file+base64:", the content of
// the file is sent encoded as base64.
Headers map[string]string `long:"headers" description:"Header fields to always pass to the service"`
// Capabilities is the list of capabilities authorized for the service
// at the base tier.
Capabilities string `long:"capabilities" description:"A comma-separated list of the service capabilities authorized for the base tier"`
// Constraints is the set of constraints that will take form of caveats.
// They'll be enforced for a service at the base tier. The key should
// correspond to the caveat's condition.
Constraints map[string]string `long:"constraints" description:"The service constraints to enforce at the base tier"`
// Price is the custom LSAT value in satoshis to be used for the
// service's endpoint.
Price int64 `long:"price" description:"Static LSAT value in satoshis to be used for this service"`
// AuthWhitelistPaths is an optional list of regular expressions that
// are matched against the path of the URL of a request. If the request
// URL matches any of those regular expressions, the call is treated as
// if Auth was set to "off". This allows certain RPC methods to not
// require an LSAT token. E.g. the path for a gRPC call looks like this:
// /package_name.ServiceName/MethodName
AuthWhitelistPaths []string `long:"authwhitelistpaths" description:"List of regular expressions for paths that don't require authentication'"`
// contains filtered or unexported fields
}
Service generically specifies configuration data for backend services to the Aperture proxy.
Source Files