Documentation
¶
Overview ¶
Package identity provides identity utilities.
Index ¶
- func ParseTrustedProxies(values []string) ([]netip.Prefix, error)
- func RequestID(req *http.Request) string
- type ClientInfo
- type HeaderPolicy
- type Resolver
- func (r Resolver) ClientIP(req *http.Request) (netip.Addr, bool)
- func (r Resolver) ClientIPString(req *http.Request) string
- func (r Resolver) Host(req *http.Request) string
- func (r Resolver) Resolve(req *http.Request) ClientInfo
- func (r Resolver) Scheme(req *http.Request) string
- func (r Resolver) TrustsRemoteAddr(remote string) bool
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ParseTrustedProxies ¶
ParseTrustedProxies parses CIDR strings into prefixes.
Types ¶
type ClientInfo ¶
ClientInfo captures canonical client identity attributes.
type HeaderPolicy ¶
type HeaderPolicy uint8
HeaderPolicy controls which forwarded headers may be honored.
const ( // HeaderPolicyNone ignores forwarded headers. HeaderPolicyNone HeaderPolicy = 0 // HeaderPolicyXForwarded trusts X-Forwarded-* headers from trusted proxies. HeaderPolicyXForwarded HeaderPolicy = 1 << iota // HeaderPolicyForwarded trusts RFC 7239 Forwarded headers from trusted proxies. HeaderPolicyForwarded // HeaderPolicyBoth trusts both Forwarded and X-Forwarded-* headers. HeaderPolicyBoth = HeaderPolicyXForwarded | HeaderPolicyForwarded )
type Resolver ¶
type Resolver struct {
TrustedProxies []netip.Prefix
HeaderPolicy HeaderPolicy
}
Resolver derives canonical client identity values from an http.Request. Forwarded headers are honored only when the direct peer is trusted.
func (Resolver) ClientIPString ¶
ClientIPString returns the best-effort client IP string.
func (Resolver) Host ¶
Host returns the request host, honoring forwarded headers only for trusted proxies.
func (Resolver) Resolve ¶
func (r Resolver) Resolve(req *http.Request) ClientInfo
Resolve extracts the canonical client identity from the request.
func (Resolver) Scheme ¶
Scheme returns the request scheme, honoring forwarded headers only for trusted proxies.
func (Resolver) TrustsRemoteAddr ¶
TrustsRemoteAddr reports whether the remote address is within trusted proxies.
Source Files