Documentation
¶
Overview ¶
Package identity resolves canonical request identity values.
Resolver extracts client IP, scheme, host, and request ID from an HTTP request. Forwarded headers are honored only when the direct peer matches configured trusted proxies, which keeps proxy-derived identity explicit and safe by default.
Index ¶
- func ParseTrustedProxies(values []string) ([]netip.Prefix, error)
- func RequestID(req *http.Request) string
- type ClientInfo
- type HeaderPolicy
- type Resolver
- func (r Resolver) ClientIP(req *http.Request) (netip.Addr, bool)
- func (r Resolver) ClientIPString(req *http.Request) string
- func (r Resolver) Host(req *http.Request) string
- func (r Resolver) Resolve(req *http.Request) ClientInfo
- func (r Resolver) Scheme(req *http.Request) string
- func (r Resolver) TrustsRemoteAddr(remote string) bool
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ParseTrustedProxies ¶
ParseTrustedProxies parses CIDR strings into prefixes.
Types ¶
type ClientInfo ¶
ClientInfo captures canonical client identity attributes.
type HeaderPolicy ¶
type HeaderPolicy uint8
HeaderPolicy controls which forwarded headers may be honored.
const ( // HeaderPolicyNone ignores forwarded headers. HeaderPolicyNone HeaderPolicy = 0 // HeaderPolicyXForwarded trusts X-Forwarded-* headers from trusted proxies. HeaderPolicyXForwarded HeaderPolicy = 1 << iota // HeaderPolicyForwarded trusts RFC 7239 Forwarded headers from trusted proxies. HeaderPolicyForwarded // HeaderPolicyBoth trusts both Forwarded and X-Forwarded-* headers. HeaderPolicyBoth = HeaderPolicyXForwarded | HeaderPolicyForwarded )
type Resolver ¶
type Resolver struct {
TrustedProxies []netip.Prefix
HeaderPolicy HeaderPolicy
}
Resolver derives canonical client identity values from an http.Request. Forwarded headers are honored only when the direct peer is trusted.
func (Resolver) ClientIPString ¶
ClientIPString returns the best-effort client IP string.
func (Resolver) Host ¶
Host returns the request host, honoring forwarded headers only for trusted proxies.
func (Resolver) Resolve ¶
func (r Resolver) Resolve(req *http.Request) ClientInfo
Resolve extracts the canonical client identity from the request.
func (Resolver) Scheme ¶
Scheme returns the request scheme, honoring forwarded headers only for trusted proxies.
func (Resolver) TrustsRemoteAddr ¶
TrustsRemoteAddr reports whether the remote address is within trusted proxies.
Source Files