app

package
v0.0.0-...-5c79d48 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 15, 2024 License: AGPL-3.0 Imports: 40 Imported by: 0

Documentation

Overview

Package app connections to applications over a reverse tunnel and forwards HTTP requests to them.

Index

Constants

View Source 
const (
	// CookieName is the name of the application session cookie.
	CookieName = "__Host-grv_app_session"

	// SubjectCookieName is the name of the application session subject cookie.
	SubjectCookieName = "__Host-grv_app_session_subject"

	// AuthStateCookieName is the name of the state cookie used during the
	// initial authentication flow.
	AuthStateCookieName = "__Host-grv_app_auth_state"
)

Variables

This section is empty.

Functions

func HasClientCert 

func HasClientCert(r *http.Request) bool

HasClientCert checks if the request has a client certificate.

func HasFragment 

func HasFragment(r *http.Request) bool

HasFragment checks if the request is coming to the fragment authentication endpoint.

func HasName 

func HasName(r *http.Request, proxyPublicAddrs []utils.NetAddr) (string, bool)

HasName checks if the client is attempting to connect to a host that is different than the public address of the proxy. If it is, it redirects back to the application launcher in the Web UI.

func HasSessionCookie 

func HasSessionCookie(r *http.Request) bool

HasSessionCookie checks if an application specific cookie exists.

func Match 

func Match(ctx context.Context, authClient Getter, fn Matcher) ([]types.AppServer, error)

Match will match a list of applications with the passed in matcher function. Matcher functions that can match on public address and name are available. The resulting list is shuffled before it is returned.

func MatchOne 

func MatchOne(ctx context.Context, authClient Getter, fn Matcher) (types.AppServer, error)

MatchOne will match a single AppServer with the provided matcher function. If no AppServer are matched, it will return an error.

func MetaRedirect 

func MetaRedirect(w http.ResponseWriter, redirectURL string) error

MetaRedirect issues a "meta refresh" redirect.

func ResolveFQDN 

func ResolveFQDN(ctx context.Context, clt Getter, tunnel reversetunnelclient.Tunnel, proxyDNSNames []string, fqdn string) (types.AppServer, string, error)

ResolveFQDN makes a best effort attempt to resolve FQDN to an application running a root or leaf cluster.

Note: This function can incorrectly resolve application names. For example, if you have an application named "acme" within both the root and leaf cluster, this method will always return "acme" running within the root cluster. Always supply public address and cluster name to deterministically resolve an application.

func SetRedirectPageHeaders 

func SetRedirectPageHeaders(h http.Header, nonce string)

Types

type Getter 

type Getter interface {
	// GetApplicationServers returns registered application servers.
	GetApplicationServers(context.Context, string) ([]types.AppServer, error)

	// GetClusterName returns cluster name
	GetClusterName(opts ...services.MarshalOption) (types.ClusterName, error)
}

Getter returns a list of registered apps and the local cluster name.

type Handler 

type Handler struct {
	// contains filtered or unexported fields
}

Handler is an application handler.

func NewHandler 

func NewHandler(ctx context.Context, c *HandlerConfig) (*Handler, error)

NewHandler returns a new application handler.

func (*Handler) HandleConnection 

func (h *Handler) HandleConnection(ctx context.Context, clientConn net.Conn) error

HandleConnection handles connections from plain TCP applications.

func (*Handler) HealthCheckAppServer 

func (h *Handler) HealthCheckAppServer(ctx context.Context, publicAddr string, clusterName string) error

HealthCheckAppServer establishes a connection to a AppServer that can handle application requests. Can be used to ensure the proxy can handle application requests before they arrive.

func (*Handler) ServeHTTP 

func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP hands the request to the request router.

type HandlerConfig 

type HandlerConfig struct {
	// Clock is used to control time in tests.
	Clock clockwork.Clock
	// AuthClient is a direct client to auth.
	AuthClient auth.ClientI
	// AccessPoint is caching client to auth.
	AccessPoint auth.ProxyAccessPoint
	// ProxyClient holds connections to leaf clusters.
	ProxyClient reversetunnelclient.Tunnel
	// ProxyPublicAddrs contains web proxy public addresses.
	ProxyPublicAddrs []utils.NetAddr
	// CipherSuites is the list of TLS cipher suites that have been configured
	// for this process.
	CipherSuites []uint16
	// WebPublicAddr
	WebPublicAddr string
}

HandlerConfig is the configuration for an application handler.

func (*HandlerConfig) CheckAndSetDefaults 

func (c *HandlerConfig) CheckAndSetDefaults() error

CheckAndSetDefaults validates configuration.

type Matcher 

type Matcher func(context.Context, types.AppServer) bool

Matcher allows matching on different properties of an application.

func MatchAll 

func MatchAll(matchers ...Matcher) Matcher

MatchAll matches if all the Matcher functions return true.

func MatchHealthy 

func MatchHealthy(proxyClient reversetunnelclient.Tunnel, clusterName string) Matcher

MatchHealthy tries to establish a connection with the server using the `dialAppServer` function. The app server is matched if the function call doesn't return any error.

func MatchName 

func MatchName(name string) Matcher

MatchName matches on the name of an application.

func MatchPublicAddr 

func MatchPublicAddr(publicAddr string) Matcher

MatchPublicAddr matches on the public address of an application.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.