Documentation
¶
Index ¶
- Constants
- Variables
- type AccessLogMiddleware
- type AdminAuthMiddleware
- type AuthMiddleware
- type CORSMiddleware
- type Identity
- type IdentityResolver
- type MCPAuthMiddleware
- type MCPMetricsMiddleware
- type MetricsMiddleware
- type Middleware
- type OAuthChallengeMiddleware
- type PanicRecoverMiddleware
- type RequestIDMiddleware
- type SecurityHeadersMiddleware
- type SessionMiddleware
- type Transport
Constants ¶
View Source
const HeaderTraceID = "X-AG-Trace-Id"
HeaderTraceID is the response header the proxy sets with the request trace id. A gateway-specific name avoids the upstream X-Request-Id some providers emit.
Variables ¶
View Source
var StrippedProxyResponseHeaders = map[string]struct{}{
"X-Request-Id": {},
}
StrippedProxyResponseHeaders lists upstream headers that must not be forwarded to clients.
Functions ¶
This section is empty.
Types ¶
type AccessLogMiddleware ¶
type AccessLogMiddleware struct {
// contains filtered or unexported fields
}
func NewAccessLogMiddleware ¶
func NewAccessLogMiddleware(logger *slog.Logger) *AccessLogMiddleware
func (*AccessLogMiddleware) Middleware ¶
func (m *AccessLogMiddleware) Middleware() fiber.Handler
type AdminAuthMiddleware ¶
type AdminAuthMiddleware struct {
// contains filtered or unexported fields
}
func NewAdminAuthMiddleware ¶
func NewAdminAuthMiddleware(logger *slog.Logger, jwtManager jwt.Manager) *AdminAuthMiddleware
func (*AdminAuthMiddleware) Middleware ¶
func (m *AdminAuthMiddleware) Middleware() fiber.Handler
type AuthMiddleware ¶
type AuthMiddleware struct {
// contains filtered or unexported fields
}
func NewAuthMiddleware ¶
func NewAuthMiddleware( identityResolver resolver.IdentityResolver, dataFinder appconsumer.DataFinder, gatewayResolver resolver.GatewayResolver, roleResolver approle.OIDCResolver, logger *slog.Logger, ) *AuthMiddleware
func (*AuthMiddleware) Middleware ¶
func (m *AuthMiddleware) Middleware() fiber.Handler
type CORSMiddleware ¶
type CORSMiddleware struct {
// contains filtered or unexported fields
}
func NewCORSMiddleware ¶
func NewCORSMiddleware(cfg *config.Config) *CORSMiddleware
func (*CORSMiddleware) Middleware ¶
func (m *CORSMiddleware) Middleware() fiber.Handler
type Identity ¶
type Identity struct {
GatewayID ids.GatewayID
AuthID ids.AuthID
Principal *identitydomain.Principal
}
Identity is the MCP-plane authentication result: the auth record that matched plus the verified principal (carrying the raw token for passthrough/exchange flows).
type IdentityResolver ¶
func NewChainIdentityResolver ¶
func NewChainIdentityResolver( apiKeys appauth.APIKeyFinder, credentials appauth.CredentialFinder, paths appconsumer.PathResolver, jwtValidator appauth.JWTValidator, introValidator appauth.IntrospectionValidator, mtlsValidator appauth.MTLSValidator, certExtractor appauth.ClientCertificateExtractor, sessionVerifier appauth.SessionTokenVerifier, trustXFCCFrom []string, ) IdentityResolver
type MCPAuthMiddleware ¶
type MCPAuthMiddleware struct {
// contains filtered or unexported fields
}
MCPAuthMiddleware guards the MCP server plane. Unlike the proxy-plane AuthMiddleware (slug-routed, role-aware), it authenticates via the chain resolver (mTLS > bearer > API key) and scopes the request to the gateway the matched auth record belongs to.
func NewMCPAuthMiddleware ¶
func NewMCPAuthMiddleware( identityResolver IdentityResolver, dataFinder appconsumer.DataFinder, gateways appgateway.Finder, ) *MCPAuthMiddleware
func (*MCPAuthMiddleware) Middleware ¶
func (m *MCPAuthMiddleware) Middleware() fiber.Handler
type MCPMetricsMiddleware ¶
type MCPMetricsMiddleware struct {
// contains filtered or unexported fields
}
func NewMCPMetricsMiddleware ¶
func NewMCPMetricsMiddleware(worker appmetrics.Worker, cfg *config.Config) *MCPMetricsMiddleware
func (*MCPMetricsMiddleware) Middleware ¶
func (m *MCPMetricsMiddleware) Middleware() fiber.Handler
type MetricsMiddleware ¶
type MetricsMiddleware struct {
// contains filtered or unexported fields
}
func NewMetricsMiddleware ¶
func NewMetricsMiddleware(worker appmetrics.Worker, cfg *config.Config) *MetricsMiddleware
func (*MetricsMiddleware) Middleware ¶
func (m *MetricsMiddleware) Middleware() fiber.Handler
type Middleware ¶
type OAuthChallengeMiddleware ¶
type OAuthChallengeMiddleware struct{}
func NewOAuthChallengeMiddleware ¶
func NewOAuthChallengeMiddleware() *OAuthChallengeMiddleware
func (*OAuthChallengeMiddleware) Middleware ¶
func (m *OAuthChallengeMiddleware) Middleware() fiber.Handler
type PanicRecoverMiddleware ¶
type PanicRecoverMiddleware struct {
// contains filtered or unexported fields
}
func NewPanicRecoverMiddleware ¶
func NewPanicRecoverMiddleware(logger *slog.Logger) *PanicRecoverMiddleware
func (*PanicRecoverMiddleware) Middleware ¶
func (m *PanicRecoverMiddleware) Middleware() fiber.Handler
type RequestIDMiddleware ¶
type RequestIDMiddleware struct{}
func NewRequestIDMiddleware ¶
func NewRequestIDMiddleware() *RequestIDMiddleware
func (*RequestIDMiddleware) Middleware ¶
func (m *RequestIDMiddleware) Middleware() fiber.Handler
type SecurityHeadersMiddleware ¶
type SecurityHeadersMiddleware struct{}
func NewSecurityHeadersMiddleware ¶
func NewSecurityHeadersMiddleware() *SecurityHeadersMiddleware
func (*SecurityHeadersMiddleware) Middleware ¶
func (m *SecurityHeadersMiddleware) Middleware() fiber.Handler
type SessionMiddleware ¶
type SessionMiddleware struct {
// contains filtered or unexported fields
}
func NewSessionMiddleware ¶
func NewSessionMiddleware(logger *slog.Logger, finder appgateway.Finder) *SessionMiddleware
func (*SessionMiddleware) Middleware ¶
func (m *SessionMiddleware) Middleware() fiber.Handler
type Transport ¶
type Transport struct {
Middlewares []Middleware
}
func NewTransport ¶
func NewTransport(middlewares ...Middleware) *Transport
func (*Transport) GetMiddlewares ¶
func (*Transport) RegisterMiddleware ¶
func (t *Transport) RegisterMiddleware(m Middleware)
Click to show internal directories.
Click to hide internal directories.