Documentation
¶
Overview ¶
Package urlutil provides utility functions for working with go urls.
Index ¶
- Constants
- Variables
- func DeepCopy(u *url.URL) (*url.URL, error)
- func GetAbsoluteURL(r *http.Request) *url.URL
- func GetDomainsForURL(u url.URL) []string
- func IsLoopback(u *url.URL) bool
- func IsRedirectAllowed(redirectURL *url.URL, whitelistDomains []string) bool
- func IsTCP(u *url.URL) bool
- func ParseAndValidateURL(rawurl string) (*url.URL, error)
- func StripPort(hostport string) string
- func ValidateURL(u *url.URL) error
- type SignedURL
Constants ¶
const ( QueryCallbackURI = "pomerium_callback_uri" QueryIsProgrammatic = "pomerium_programmatic" QueryForwardAuth = "pomerium_forward_auth" QueryPomeriumJWT = "pomerium_jwt" QuerySession = "pomerium_session" QuerySessionEncrypted = "pomerium_session_encrypted" QueryRedirectURI = "pomerium_redirect_uri" QueryForwardAuthURI = "uri" )
Common query parameters used to set and send data between Pomerium services over HTTP calls and redirects. They are typically used in conjunction with a HMAC to ensure authenticity.
const ( QueryHmacExpiry = "pomerium_expiry" QueryHmacIssued = "pomerium_issued" QueryHmacSignature = "pomerium_signature" )
URL signature based query params used for verifying the authenticity of a URL.
const ( // DefaultLeeway defines the default leeway for matching NotBefore/Expiry claims. DefaultLeeway = 1.0 * time.Minute )
Variables ¶
var ( // ErrExpired indicates that token is used after expiry time indicated in exp claim. ErrExpired = errors.New("internal/urlutil: validation failed, url hmac is expired") // ErrIssuedInTheFuture indicates that the issued field is in the future. ErrIssuedInTheFuture = errors.New("internal/urlutil: validation field, url hmac issued in the future") // ErrNumericDateMalformed indicates a malformed unix timestamp was found while parsing. ErrNumericDateMalformed = errors.New("internal/urlutil: malformed unix timestamp field") )
Functions ¶
func GetAbsoluteURL ¶ added in v0.4.0
GetAbsoluteURL returns the current handler's absolute url. https://stackoverflow.com/a/23152483
func GetDomainsForURL ¶ added in v0.10.0
GetDomainsForURL returns the available domains for given url.
For standard HTTP (80)/HTTPS (443) ports, it returns `example.com` and `example.com:<port>`. Otherwise, return the URL.Host value.
func IsLoopback ¶ added in v0.13.4
IsLoopback returns true if the given URL corresponds with a loopback address.
func IsRedirectAllowed ¶ added in v0.13.4
IsRedirectAllowed returns true if the redirect URL is whitelisted.
func IsTCP ¶ added in v0.12.0
IsTCP returns whether or not the given URL is for TCP via HTTP Connect.
func ParseAndValidateURL ¶ added in v0.1.0
ParseAndValidateURL wraps standard library's default url.Parse because it's much more lenient about what type of urls it accepts than pomerium.
func StripPort ¶
StripPort returns a host, without any port number.
If Host is an IPv6 literal with a port number, Hostname returns the IPv6 literal without the square brackets. IPv6 literals may include a zone identifier.
func ValidateURL ¶ added in v0.4.0
ValidateURL wraps standard library's default url.Parse because it's much more lenient about what type of urls it accepts than pomerium.
Types ¶
type SignedURL ¶ added in v0.5.1
type SignedURL struct {
// contains filtered or unexported fields
}
SignedURL is a shared-key HMAC wrapped URL.
func NewSignedURL ¶ added in v0.5.1
NewSignedURL creates a new copy of a URL that can be signed with a shared key.
N.B. It is the user's responsibility to make sure the key is 256 bits and
the url is not nil.
Source Files