Documentation
¶
Index ¶
- Constants
- Variables
- func FetchUrl(urlObj *url.URL, srcReq *http.Request, queryParams url.Values, ...) (*http.Response, error)
- func Generate(targetUrl, eid, key, publicurl, prefix string, cipher cipher.AEAD) (canonicalurl string, sign, encryptedurl, entryurl, encryptedEntryurl string)
- func NewReadCloserReplacer(src io.Reader, subs [][2]string, subrs [][2]string, subbs [][2][]byte) (io.ReadCloser, error)
- func Parse(prefix, fromurl, publicurl string) (plainurl, encryptedEntryurl, entryurl, eid string, err error)
- func ProxyFunc(w http.ResponseWriter, r *http.Request, prefix, key string, ...)
- func Realkey(key, keytype string) string
- type ReadCloserReplacer
Constants ¶
View Source
const ( ENCMODE_BINARY_OUTPUT = 1 << iota // bit 0, output binary instead of base64 ENCMODE_BODY_ONLY // bit 1, only encrypt response body (do not protect header) ENCMODE_WHOLE_MODE // bit 2, whole meta + body in encrypted body ENCMODE_ORIGINAL_BODY_TEXT // bit 3, Force treat original body as string ENCMODE_ORIGINAL_BODY_BINARY // bit 4, Force treat original body as binary (base64) ENCMODE_LOCALSIGN // bit 5, enable localsign ENCMODE_LOCALSIGN_ONLY // bit 6, no encryption, only localsign. )
View Source
const ( TPLMODE_TEXT = 1 << iota // bit 0 (1): text template TPLMODE_RESBODY // bit 1 (2): use response body as template TPLMODE_NOBODY // bit 2 (4): do not read original response body as context var TPLMODE_FORCE // bit 3 (8): always do response body template no matter of url path of original response body type TPLMODE_KEEP_CONTENT_TYPE // bit 4 (16): rendered output keep original response content-type unchanged )
View Source
const ( HEADER_PREFIX = "header_" RESPONSE_HEADER_PREFIX = "resheader_" SUB_PREFIX = "sub_" SUBR_PREFIX = "subr_" SUBB_PREFIX = "subb_" SUBTYPE_STRING = "subtype" SUBPATH_STRING = "subpath" CORS_STRING = "cors" NOCACHE_STRING = "nocache" NORF_STRING = "norf" PROXY_STRING = "proxy" IMPERSONATE_STRING = "impersonate" TRIMRESHEADER_STRING = "trimresheader" FORCESUB_STRING = "forcesub" NOCSP_STRING = "nocsp" TIMEOUT_STRING = "timeout" INSECURE_STRING = "insecure" COOKIE_STRING = "cookie" USER_STRING = "user" AUTH_STRING = "auth" // entrypoint url http authorization, username:password FDHEADERS_STRING = "fdheaders" MUTESTATUS_STRING = "mutestatus" MUTETYPE_STRING = "mutetype" MUTEPATH_STRING = "mutepath" BODY_STRING = "body" RESBODY_STRING = "resbody" RESBODYTYPE_STRING = "resbodytype" TYPE_STRING = "type" RESTYPE_STRING = "restype" METHOD_STRING = "method" REFERER_STRING = "referer" ORIGIN_STRING = "origin" SCOPE_STRING = "scope" SIGN_STRING = "sign" LOCALSIGN_STRING = "localsign" KEYTYPE_STRING = "keytype" VALIDBEFORE_STRING = "validbefore" VALIDAFTER_STRING = "validafter" RESPASS_STRING = "respass" // response body encryption password EID_STRING = "eid" // encrypt url id STATUS_STRING = "status" ENCMODE_STRING = "encmode" AUTHMODE_STRING = "authmode" TPLMODE_STRING = "tplmode" TPLPATH_STRING = "tplpath" TPLTYPE_STRING = "tpltype" JSTPLPATH_STRING = "jstplpath" INDEXFILE_STRING = "indexfile" DEFAULTEXT_STRING = "defaultext" MD2HTML_STRING = "md2html" MDPATH_STRING = "mdpath" DEBUG_STRING = "debug" EPATH_STRING = "epath" // allow subpath in encrypted url SALT_STRING = "salt" NONCE_STRING = "nonce" PUBLICKEY_STRING = "publickey" PASSITER_STRING = "passiter" FLAG_STRING = "flag" ARG_SRING = "arg" ARGS_SRING = "args" )
View Source
const (
AUTHMODE_DIGEST = 1 << iota // bit 0 (1): Use digest auth (instead of basic auth)
)
Variables ¶
View Source
var EphemeralQueryParameters = []string{SALT_STRING, PUBLICKEY_STRING, NONCE_STRING, LOCALSIGN_STRING}
These params are allowed in query string of an alias or enrypt url: salt, publickey, nonce.
View Source
var NoSignParameters = []string{SIGN_STRING, KEYTYPE_STRING, SALT_STRING, PUBLICKEY_STRING, NONCE_STRING, LOCALSIGN_STRING}
These params do not participate in url signing: sign, keytype, salt.
Functions ¶
func FetchUrl ¶
func FetchUrl(urlObj *url.URL, srcReq *http.Request, queryParams url.Values, prefix, signkey string, keytypeBlacklist, openScopes []string, openNormal bool, rcloneBinary, rcloneConfig, encryltedUrlPath string, authenticator *auth.Auth, inalias bool, rpath string, nonceTree *btree.BTreeG[constants.Nonce], doLog bool) (*http.Response, error)
func NewReadCloserReplacer ¶ added in v0.12.0
func NewReadCloserReplacer(src io.Reader, subs [][2]string, subrs [][2]string, subbs [][2][]byte) (io.ReadCloser, error)
Return a ReadCloser stream that do find-and-replacements to src on the fly. The Close func of returned value is no-op if src ifself is not a Closer.
func ProxyFunc ¶
func ProxyFunc(w http.ResponseWriter, r *http.Request, prefix, key string, keytypeBlacklist, openScopes []string, openNormal, supressError, doLog bool, enableUnix, enableFile, enableRclone, enableCurl, enableExec bool, rcloneBinary, rcloneConfig, curlBinary string, cipher cipher.AEAD, authenticator *auth.Auth, nonceTree *btree.BTreeG[constants.Nonce])
func Realkey ¶
key and keytype are guaranteed to do not contain \n. Put keytype (plaintext) first, to increase security against length extension attack. See https://en.wikipedia.org/wiki/Length_extension_attack . We use HMAC to derive signing key from Realkey() output, so it's only a double security.
Types ¶
type ReadCloserReplacer ¶ added in v0.12.0
func (*ReadCloserReplacer) Close ¶ added in v0.12.0
func (r *ReadCloserReplacer) Close() error
Source Files
Click to show internal directories.
Click to hide internal directories.