proxy

package

v0.66.2 Latest Latest Go to latest Published: Mar 4, 2026 License: BSD-3-Clause, AGPL-3.0 Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/netbirdio/netbird

Links

Open Source Insights

Documentation ¶

Index ¶

func AccountIdFromContext(ctx context.Context) types.AccountID
func IsTrustedProxy(ipStr string, trusted []netip.Prefix) bool
func ResolveClientIP(remoteAddr, xff string, trusted []netip.Prefix) string
func ServiceIdFromContext(ctx context.Context) string
func WithCapturedData(ctx context.Context, data *CapturedData) context.Context
type CapturedData
- func CapturedDataFromContext(ctx context.Context) *CapturedData
type Mapping
type ResponseOrigin
- func (o ResponseOrigin) String() string
type ReverseProxy
- func NewReverseProxy(transport http.RoundTripper, forwardedProto string, ...) *ReverseProxy

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AccountIdFromContext ¶

func AccountIdFromContext(ctx context.Context) types.AccountID

func IsTrustedProxy ¶

func IsTrustedProxy(ipStr string, trusted []netip.Prefix) bool

IsTrustedProxy checks if the given IP string falls within any of the trusted prefixes.

func ResolveClientIP ¶

func ResolveClientIP(remoteAddr, xff string, trusted []netip.Prefix) string

ResolveClientIP extracts the real client IP from X-Forwarded-For using the trusted proxy list. It walks the XFF chain right-to-left, skipping IPs that match trusted prefixes. The first untrusted IP is the real client.

If the trusted list is empty or remoteAddr is not trusted, it returns the remoteAddr IP directly (ignoring any forwarding headers).

func ServiceIdFromContext ¶

func ServiceIdFromContext(ctx context.Context) string

func WithCapturedData ¶

func WithCapturedData(ctx context.Context, data *CapturedData) context.Context

WithCapturedData adds a CapturedData struct to the context

Types ¶

type CapturedData ¶

type CapturedData struct {
	RequestID  string
	ServiceId  string
	AccountId  types.AccountID
	Origin     ResponseOrigin
	ClientIP   string
	UserID     string
	AuthMethod string
	// contains filtered or unexported fields
}

CapturedData is a mutable struct that allows downstream handlers to pass data back up the middleware chain.

func CapturedDataFromContext ¶

func CapturedDataFromContext(ctx context.Context) *CapturedData

CapturedDataFromContext retrieves the CapturedData from context

func (*CapturedData) GetAccountId ¶

func (c *CapturedData) GetAccountId() types.AccountID

GetAccountId safely gets the account ID

func (*CapturedData) GetAuthMethod ¶

func (c *CapturedData) GetAuthMethod() string

GetAuthMethod safely gets the authentication method used.

func (*CapturedData) GetClientIP ¶

func (c *CapturedData) GetClientIP() string

GetClientIP safely gets the resolved client IP.

func (*CapturedData) GetOrigin ¶

func (c *CapturedData) GetOrigin() ResponseOrigin

GetOrigin safely gets the response origin

func (*CapturedData) GetRequestID ¶

func (c *CapturedData) GetRequestID() string

GetRequestID safely gets the request ID

func (*CapturedData) GetServiceId ¶

func (c *CapturedData) GetServiceId() string

GetServiceId safely gets the service ID

func (*CapturedData) GetUserID ¶

func (c *CapturedData) GetUserID() string

GetUserID safely gets the authenticated user ID.

func (*CapturedData) SetAccountId ¶

func (c *CapturedData) SetAccountId(accountId types.AccountID)

SetAccountId safely sets the account ID

func (*CapturedData) SetAuthMethod ¶

func (c *CapturedData) SetAuthMethod(method string)

SetAuthMethod safely sets the authentication method used.

func (*CapturedData) SetClientIP ¶

func (c *CapturedData) SetClientIP(ip string)

SetClientIP safely sets the resolved client IP.

func (*CapturedData) SetOrigin ¶

func (c *CapturedData) SetOrigin(origin ResponseOrigin)

SetOrigin safely sets the response origin

func (*CapturedData) SetServiceId ¶

func (c *CapturedData) SetServiceId(serviceId string)

SetServiceId safely sets the service ID

func (*CapturedData) SetUserID ¶

func (c *CapturedData) SetUserID(userID string)

SetUserID safely sets the authenticated user ID.

type Mapping ¶

type Mapping struct {
	ID               string
	AccountID        types.AccountID
	Host             string
	Paths            map[string]*url.URL
	PassHostHeader   bool
	RewriteRedirects bool
}

type ResponseOrigin ¶

type ResponseOrigin int

ResponseOrigin indicates where a response was generated.

const (
	// OriginBackend means the response came from the backend service.
	OriginBackend ResponseOrigin = iota
	// OriginNoRoute means the proxy had no matching host or path.
	OriginNoRoute
	// OriginProxyError means the proxy failed to reach the backend.
	OriginProxyError
	// OriginAuth means the proxy intercepted the request for authentication.
	OriginAuth
)

func (ResponseOrigin) String ¶

func (o ResponseOrigin) String() string

type ReverseProxy ¶

type ReverseProxy struct {
	// contains filtered or unexported fields
}

func NewReverseProxy ¶

func NewReverseProxy(transport http.RoundTripper, forwardedProto string, trustedProxies []netip.Prefix, logger *log.Logger) *ReverseProxy

NewReverseProxy configures a new NetBird ReverseProxy. This is a wrapper around an httputil.ReverseProxy set to dynamically route requests based on internal mapping between requested URLs and targets. The internal mappings can be modified using the AddMapping and RemoveMapping functions.

func (*ReverseProxy) AddMapping ¶

func (p *ReverseProxy) AddMapping(m Mapping)

func (*ReverseProxy) RemoveMapping ¶

func (p *ReverseProxy) RemoveMapping(m Mapping)

func (*ReverseProxy) ServeHTTP ¶

func (p *ReverseProxy) ServeHTTP(w http.ResponseWriter, r *http.Request)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL