Documentation
¶
Overview ¶
Package urlutil provides utility functions for working with go urls.
Index ¶
- Constants
- Variables
- func DeepCopy(u *url.URL) (*url.URL, error)
- func GetAbsoluteURL(r *http.Request) *url.URL
- func GetCallbackURL(r *http.Request, encodedSessionJWT string) (*url.URL, error)
- func GetCallbackURLForRedirectURI(r *http.Request, encodedSessionJWT, rawRedirectURI string) (*url.URL, error)
- func GetDomainsForURL(u url.URL) []string
- func GetExternalRequest(internalURL, externalURL *url.URL, r *http.Request) *http.Request
- func IsLoopback(u *url.URL) bool
- func IsRedirectAllowed(redirectURL *url.URL, whitelistDomains []string) bool
- func IsTCP(u *url.URL) bool
- func Join(elements ...string) string
- func MustParseAndValidateURL(rawURL string) url.URL
- func ParseAndValidateURL(rawurl string) (*url.URL, error)
- func RedirectURL(r *http.Request) (string, bool)
- func SignOutURL(r *http.Request, authenticateURL *url.URL, key []byte) string
- func StripPort(hostport string) string
- func ValidateURL(u *url.URL) error
- func WebAuthnURL(r *http.Request, authenticateURL *url.URL, key []byte, values url.Values) string
- type SignedURL
Constants ¶
const ( QueryCallbackURI = "pomerium_callback_uri" QueryDeviceCredentialID = "pomerium_device_credential_id" QueryDeviceType = "pomerium_device_type" QueryEnrollmentToken = "pomerium_enrollment_token" //nolint QueryIdentityProviderID = "pomerium_idp_id" QueryIsProgrammatic = "pomerium_programmatic" QueryForwardAuth = "pomerium_forward_auth" QueryPomeriumJWT = "pomerium_jwt" QuerySession = "pomerium_session" QuerySessionEncrypted = "pomerium_session_encrypted" QueryRedirectURI = "pomerium_redirect_uri" QueryForwardAuthURI = "uri" )
Common query parameters used to set and send data between Pomerium services over HTTP calls and redirects. They are typically used in conjunction with a HMAC to ensure authenticity.
const ( QueryHmacExpiry = "pomerium_expiry" QueryHmacIssued = "pomerium_issued" QueryHmacSignature = "pomerium_signature" )
URL signature based query params used for verifying the authenticity of a URL.
const DefaultDeviceType = "any"
DefaultDeviceType is the default device type when none is specified.
const ( // DefaultLeeway defines the default leeway for matching NotBefore/Expiry claims. DefaultLeeway = 1.0 * time.Minute )
Variables ¶
var ( // ErrExpired indicates that token is used after expiry time indicated in exp claim. ErrExpired = errors.New("internal/urlutil: validation failed, url hmac is expired") // ErrIssuedInTheFuture indicates that the issued field is in the future. ErrIssuedInTheFuture = errors.New("internal/urlutil: validation field, url hmac issued in the future") // ErrNumericDateMalformed indicates a malformed unix timestamp was found while parsing. ErrNumericDateMalformed = errors.New("internal/urlutil: malformed unix timestamp field") )
var ErrMissingRedirectURI = errors.New("missing " + QueryRedirectURI)
ErrMissingRedirectURI indicates the pomerium_redirect_uri was missing from the query string.
Functions ¶
func GetAbsoluteURL ¶ added in v0.4.0
GetAbsoluteURL returns the current handler's absolute url. https://stackoverflow.com/a/23152483
func GetCallbackURL ¶ added in v0.15.6
GetCallbackURL gets the proxy's callback URL from a request and a base64url encoded + encrypted session state JWT.
func GetCallbackURLForRedirectURI ¶ added in v0.17.0
func GetCallbackURLForRedirectURI(r *http.Request, encodedSessionJWT, rawRedirectURI string) (*url.URL, error)
GetCallbackURLForRedirectURI gets the proxy's callback URL from a request and a base64url encoded + encrypted session state JWT.
func GetDomainsForURL ¶ added in v0.10.0
GetDomainsForURL returns the available domains for given url.
For standard HTTP (80)/HTTPS (443) ports, it returns `example.com` and `example.com:<port>`. Otherwise, return the URL.Host value.
func GetExternalRequest ¶ added in v0.17.1
GetExternalRequest modifies a request so that it appears to be for an external URL instead of an internal URL.
func IsLoopback ¶ added in v0.13.4
IsLoopback returns true if the given URL corresponds with a loopback address.
func IsRedirectAllowed ¶ added in v0.13.4
IsRedirectAllowed returns true if the redirect URL is whitelisted.
func IsTCP ¶ added in v0.12.0
IsTCP returns whether or not the given URL is for TCP via HTTP Connect.
func MustParseAndValidateURL ¶ added in v0.16.2
MustParseAndValidateURL parses the URL via ParseAndValidateURL but panics if there is an error. (useful for testing)
func ParseAndValidateURL ¶ added in v0.1.0
ParseAndValidateURL wraps standard library's default url.Parse because it's much more lenient about what type of urls it accepts than pomerium.
func RedirectURL ¶ added in v0.17.0
RedirectURL returns the redirect URL from the query string or a cookie.
func SignOutURL ¶ added in v0.17.0
SignOutURL returns the /.pomerium/sign_out URL.
func StripPort ¶
StripPort returns a host, without any port number.
If Host is an IPv6 literal with a port number, Hostname returns the IPv6 literal without the square brackets. IPv6 literals may include a zone identifier.
func ValidateURL ¶ added in v0.4.0
ValidateURL wraps standard library's default url.Parse because it's much more lenient about what type of urls it accepts than pomerium.
Types ¶
type SignedURL ¶ added in v0.5.1
type SignedURL struct {
// contains filtered or unexported fields
}
SignedURL is a shared-key HMAC wrapped URL.
func NewSignedURL ¶ added in v0.5.1
NewSignedURL creates a new copy of a URL that can be signed with a shared key.
N.B. It is the user's responsibility to make sure the key is 256 bits and
the url is not nil.
Source Files