credentialproxy

package
v0.38.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 14, 2026 License: MIT Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func LogProxied 

func LogProxied(logger *slog.Logger, workspaceID, sandboxID, kind, bindingID, method, path string, status int, latencyMs int64)

LogProxied logs a completed proxy request.

func LogUpgradeClosed 

func LogUpgradeClosed(logger *slog.Logger, workspaceID, sandboxID, kind, bindingID, path string, durationMs, bytesIn, bytesOut int64)

LogUpgradeClosed logs the end of an upgrade connection.

func LogUpgradeOpen 

func LogUpgradeOpen(logger *slog.Logger, workspaceID, sandboxID, kind, bindingID, path string)

LogUpgradeOpen logs the start of an upgrade (SPDY/WebSocket) connection.

func NewLogger 

func NewLogger(level slog.Level) *slog.Logger

NewLogger creates a structured logger for the credential proxy.

Types

type BindingRow 

type BindingRow struct {
	ID          string
	WorkspaceID string
	Kind        string
	DisplayName string
	ServerURL   string
	PublicMeta  json.RawMessage
	AuthType    string
	AuthBlob    []byte
	IsDefault   bool
}

BindingRow represents a credential binding row from the database.

type Config 

type Config struct {
	Port                  string
	DatabaseURL           string
	AgentserverURL        string
	EncryptionKey         []byte
	LogLevel              slog.Level
	UpstreamTimeout       time.Duration
	AllowPrivateUpstreams bool
}

Config holds all configuration for the credential proxy.

func LoadConfigFromEnv 

func LoadConfigFromEnv() (Config, error)

LoadConfigFromEnv reads configuration from environment variables.

type SandboxInfo 

type SandboxInfo struct {
	SandboxID   string `json:"sandbox_id"`
	WorkspaceID string `json:"workspace_id"`
}

SandboxInfo holds the identity returned by proxy token validation.

type Server 

type Server struct {
	// contains filtered or unexported fields
}

Server is the credential proxy HTTP server.

func NewServer 

func NewServer(cfg Config, store *Store, logger *slog.Logger) *Server

NewServer creates a new credential proxy server.

func (*Server) Routes 

func (s *Server) Routes() http.Handler

Routes returns the HTTP handler for the credential proxy.

func (*Server) ValidateProxyToken 

func (s *Server) ValidateProxyToken(ctx context.Context, proxyToken string) (*SandboxInfo, error)

ValidateProxyToken calls the agentserver internal API to validate a sandbox proxy token. Returns nil (not error) if the token is invalid.

type Store 

type Store struct {
	// contains filtered or unexported fields
}

Store provides read-only access to credential_bindings.

func NewStore 

func NewStore(databaseURL string) (*Store, error)

NewStore connects to PostgreSQL. No migrations are run (agentserver owns the schema).

func (*Store) Close 

func (s *Store) Close() error

Close closes the database connection.

func (*Store) GetBinding 

func (s *Store) GetBinding(workspaceID, kind, bindingID string) (*BindingRow, error)

GetBinding fetches a single binding by (workspace_id, kind, id).

func (*Store) ListBindings 

func (s *Store) ListBindings(workspaceID, kind string) ([]*BindingRow, error)

ListBindings returns all bindings for a (workspace, kind) pair.

func (*Store) Ping 

func (s *Store) Ping() error

Ping checks the database connection.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.