proxy

package

v0.5.0 Latest Latest Go to latest Published: Nov 15, 2019 License: Apache-2.0 Imports: 24 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/pomerium/pomerium

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func SetResponseHeaders(headers map[string]string) func(next http.Handler) http.Handler
func ValidateOptions(o config.Options) error
type Proxy
- func New(opts config.Options) (*Proxy, error)

Constants ¶

View Source

const (
	// HeaderJWT is the header key containing JWT signed user details.
	HeaderJWT = "x-pomerium-jwt-assertion"
	// HeaderUserID is the header key containing the user's id.
	HeaderUserID = "x-pomerium-authenticated-user-id"
	// HeaderEmail is the header key containing the user's email.
	HeaderEmail = "x-pomerium-authenticated-user-email"
	// HeaderGroups is the header key containing the user's groups.
	HeaderGroups = "x-pomerium-authenticated-user-groups"
)

Variables ¶

This section is empty.

Functions ¶

func SetResponseHeaders ¶ added in v0.4.0

func SetResponseHeaders(headers map[string]string) func(next http.Handler) http.Handler

SetResponseHeaders sets a map of response headers.

func ValidateOptions ¶ added in v0.0.5

func ValidateOptions(o config.Options) error

ValidateOptions checks that proper configuration settings are set to create a proper Proxy instance

Types ¶

type Proxy ¶

type Proxy struct {
	// SharedKey used to mutually authenticate service communication
	SharedKey string

	AuthorizeClient clients.Authorizer

	Handler http.Handler
	// contains filtered or unexported fields
}

Proxy stores all the information associated with proxying a request.

func New ¶ added in v0.0.2

func New(opts config.Options) (*Proxy, error)

New takes a Proxy service from options and a validation function. Function returns an error if options fail to validate.

func (*Proxy) AuthenticateSession ¶ added in v0.4.0

func (p *Proxy) AuthenticateSession(next http.Handler) http.Handler

AuthenticateSession is middleware to enforce a valid authentication session state is retrieved from the users's request context.

func (*Proxy) AuthorizeSession ¶ added in v0.4.0

func (p *Proxy) AuthorizeSession(next http.Handler) http.Handler

AuthorizeSession is middleware to enforce a user is authorized for a request session state is retrieved from the users's request context.

func (*Proxy) Callback ¶ added in v0.5.0

func (p *Proxy) Callback(w http.ResponseWriter, r *http.Request)

Callback takes a `redirect_uri` query param that has been hmac'd by the authenticate service. Embedded in the `redirect_uri` are query-params that tell this handler how to set the per-route user session. Callback is responsible for redirecting the user back to the intended destination URL and path, as well as to clean up any additional query params added by the authenticate service.

func (*Proxy) Impersonate ¶ added in v0.0.5

func (p *Proxy) Impersonate(w http.ResponseWriter, r *http.Request)

Impersonate takes the result of a form and adds user impersonation details to the user's current user sessions state if the user is currently an administrative user. Requests are redirected back to the user dashboard.

func (*Proxy) ProgrammaticLogin ¶ added in v0.5.0

func (p *Proxy) ProgrammaticLogin(w http.ResponseWriter, r *http.Request)

ProgrammaticLogin returns a signed url that can be used to login using the authenticate service.

func (*Proxy) RobotsTxt ¶

func (p *Proxy) RobotsTxt(w http.ResponseWriter, _ *http.Request)

RobotsTxt sets the User-Agent header in the response to be "Disallow"

func (*Proxy) SignOut ¶

func (p *Proxy) SignOut(w http.ResponseWriter, r *http.Request)

SignOut redirects the request to the sign out url. It's the responsibility of the authenticate service to revoke the remote session and clear the local session state.

func (*Proxy) SignRequest ¶ added in v0.4.0

func (p *Proxy) SignRequest(signer encoding.Marshaler) func(next http.Handler) http.Handler

SignRequest is middleware that signs a JWT that contains a user's id, email, and group. Session state is retrieved from the users's request context

func (*Proxy) UpdateOptions ¶ added in v0.0.5

func (p *Proxy) UpdateOptions(o config.Options) error

UpdateOptions updates internal structures based on config.Options

func (*Proxy) UpdatePolicies ¶ added in v0.0.5

func (p *Proxy) UpdatePolicies(opts *config.Options) error

UpdatePolicies updates the H basedon the configured policies

func (*Proxy) UserDashboard ¶ added in v0.0.5

func (p *Proxy) UserDashboard(w http.ResponseWriter, r *http.Request)

UserDashboard lets users investigate, and refresh their current session. It also contains certain administrative actions like user impersonation. Nota bene: This endpoint does authentication, not authorization.

func (*Proxy) Verify ¶ added in v0.4.0

func (p *Proxy) Verify(verifyOnly bool) http.Handler

Verify checks a user's credentials for an arbitrary host. If the user is properly authenticated and is authorized to access the supplied host, a `200` http status code is returned. If the user is not authenticated, they will be redirected to the authenticate service to sign in with their identity provider. If the user is unauthorized, a `401` error is returned.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
clients

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL