identity

package
v4.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 11, 2026 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Package identity resolves canonical request identity values.

Resolver extracts client IP, scheme, host, and request ID from an HTTP request. Forwarded headers are honored only when the direct peer matches configured trusted proxies, which keeps proxy-derived identity explicit and safe by default.

Purpose: See the package summary above. Import: `github.com/aatuh/api-toolkit/v4/httpx/identity`. Example: See docs/api-reference.md for package example links and docs/cookbook.md for task recipes. Errors: Constructors, parsers, and handlers return or write documented errors according to their signatures; packages with plain data types do not add hidden error channels. Concurrency: Treat configured middleware and helpers as immutable after construction; request and response values remain request-scoped unless a type documents stronger guarantees. Stability: Stable core API under VERSIONING.md and scripts/apicheck.sh. When not to use: Prefer net/http, application-owned types, or narrower helpers when this package contract is not needed.

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func ParseTrustedProxies

func ParseTrustedProxies(values []string) ([]netip.Prefix, error)

ParseTrustedProxies parses CIDR strings into prefixes.

func RequestID

func RequestID(req *http.Request) string

RequestID extracts a request ID from standard headers.

Types

type ClientInfo

type ClientInfo struct {
	IP        netip.Addr
	IPString  string
	Scheme    string
	Host      string
	RequestID string
}

ClientInfo captures canonical client identity attributes.

type HeaderPolicy

type HeaderPolicy uint8

HeaderPolicy controls which forwarded headers may be honored.

const (
	// HeaderPolicyNone ignores forwarded headers.
	HeaderPolicyNone HeaderPolicy = 0
	// HeaderPolicyXForwarded trusts X-Forwarded-* headers from trusted proxies.
	HeaderPolicyXForwarded HeaderPolicy = 1 << iota
	// HeaderPolicyForwarded trusts RFC 7239 Forwarded headers from trusted proxies.
	HeaderPolicyForwarded
	// HeaderPolicyBoth trusts both Forwarded and X-Forwarded-* headers.
	HeaderPolicyBoth = HeaderPolicyXForwarded | HeaderPolicyForwarded
)

type Resolver

type Resolver struct {
	TrustedProxies []netip.Prefix
	HeaderPolicy   HeaderPolicy
}

Resolver derives canonical client identity values from an http.Request. Forwarded headers are honored only when the direct peer is trusted.

func (Resolver) ClientIP

func (r Resolver) ClientIP(req *http.Request) (netip.Addr, bool)

ClientIP returns the best-effort client IP address.

func (Resolver) ClientIPString

func (r Resolver) ClientIPString(req *http.Request) string

ClientIPString returns the best-effort client IP string.

Example
package main

import (
	"context"
	"fmt"
	"net/http"
	"net/http/httptest"

	"github.com/aatuh/api-toolkit/v4/httpx/identity"
)

func main() {
	proxies, err := identity.ParseTrustedProxies([]string{"10.0.0.1"})
	if err != nil {
		panic(err)
	}
	resolver := identity.Resolver{
		TrustedProxies: proxies,
		HeaderPolicy:   identity.HeaderPolicyXForwarded,
	}
	req := httptest.NewRequestWithContext(context.Background(), http.MethodGet, "/", nil)
	req.RemoteAddr = "10.0.0.1:1234"
	req.Header.Set("X-Forwarded-For", "203.0.113.7")

	fmt.Println(resolver.ClientIPString(req))

}
Output:
203.0.113.7

func (Resolver) Host

func (r Resolver) Host(req *http.Request) string

Host returns the request host, honoring forwarded headers only for trusted proxies.

func (Resolver) Resolve

func (r Resolver) Resolve(req *http.Request) ClientInfo

Resolve extracts the canonical client identity from the request.

func (Resolver) Scheme

func (r Resolver) Scheme(req *http.Request) string

Scheme returns the request scheme, honoring forwarded headers only for trusted proxies.

func (Resolver) TrustsRemoteAddr

func (r Resolver) TrustsRemoteAddr(remote string) bool

TrustsRemoteAddr reports whether the remote address is within trusted proxies.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL