handlers

package
v0.0.0-...-49dd823 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 30, 2026 License: MIT Imports: 30 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var AzureDevOpsAPIHosts = []string{
	"dpdbot.dev.azure.com",
	"dpdbot.visualstudio.com",
	"dpdbot.codedev.ms",
	"dpdbot.vsts.me",
}

Functions

This section is empty.

Types

type AzureDevOpsAPIHandler 

type AzureDevOpsAPIHandler struct {
	// contains filtered or unexported fields
}

AzureDevOpsAPIHandler handles requests destined for the Azure DevOps API, adding auth

func NewAzureDevOpsAPIHandler 

func NewAzureDevOpsAPIHandler(creds config.Credentials) *AzureDevOpsAPIHandler

NewAzureDevOpsAPIHandler returns a new AzureDevOpsAPIHandler, extracting the app access token from the array of credentials

func (*AzureDevOpsAPIHandler) HandleRequest 

func (h *AzureDevOpsAPIHandler) HandleRequest(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response)

HandleRequest adds auth to an Azure DevOps API request

type CargoRegistryHandler 

type CargoRegistryHandler struct {
	// contains filtered or unexported fields
}

CargoRegistryHandler handles requests to cargo registries using the sparse protocol. When using cargo registries with the git protocol, the GitServerHandler should be used instead.

Authentication is implemented as described in: https://rust-lang.github.io/rfcs/3139-cargo-alternative-registry-auth.html#reference-level-explanation

This seems to be considered stable now: https://github.com/rust-lang/cargo/issues/10474

A difference from other token based handlers is that this implementation directly sets the "Authorization" header to the value of token. This means the value of token may need to be prepended with additional metadata as required by the registry provider. For example, jfrog expects the "Authorization" header to contain: ``` Authorization: Bearer <token> ```

In that case, the supplied token value should be `Bearer <token>`. This would match how cargo stores the credentials locally in this example: https://jfrog.com/help/r/artifactory-how-to-integrate-artifactory-with-cargo-using-sparse-indexing/client-configuration

func NewCargoRegistryHandler 

func NewCargoRegistryHandler(credentials config.Credentials) *CargoRegistryHandler

func (*CargoRegistryHandler) HandleRequest 

func (h *CargoRegistryHandler) HandleRequest(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response)

type ComposerHandler 

type ComposerHandler struct {
	// contains filtered or unexported fields
}

ComposerHandler handles requests to PHP registries, adding auth.

func NewComposerHandler 

func NewComposerHandler(creds config.Credentials) *ComposerHandler

NewComposerHandler returns a new ComposerHandler.

func (*ComposerHandler) HandleRequest 

func (h *ComposerHandler) HandleRequest(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response)

HandleRequest adds auth to a composer registry request

type DependabotAPIHandler 

type DependabotAPIHandler struct {
	// contains filtered or unexported fields
}

DependabotAPIHandler injects the job token into requests to the Dependabot API

func NewDependabotAPIHandler 

func NewDependabotAPIHandler(envSettings config.ProxyEnvSettings) *DependabotAPIHandler

NewDependabotAPIHandler constructs a new DependabotAPIHandler

func (*DependabotAPIHandler) HandleRequest 

func (h *DependabotAPIHandler) HandleRequest(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response)

HandleRequest adds auth if the request is to the API endpoint

type DockerRegistryHandler 

type DockerRegistryHandler struct {
	// contains filtered or unexported fields
}

DockerRegistryHandler handles requests to Docker registries, adding auth.

func NewDockerRegistryHandler 

func NewDockerRegistryHandler(creds config.Credentials, transport http.RoundTripper, getECRClient getECRClient) *DockerRegistryHandler

NewDockerRegistryHandler returns a new DockerRegistryHandler.

func (*DockerRegistryHandler) HandleRequest 

func (h *DockerRegistryHandler) HandleRequest(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response)

HandleRequest adds auth to Docker registry requests. It's slightly more complicated than most other handlers, as the auth flow for Docker registries is:

  1. Make a request with basic authentication to the registry. If the registry supports basic auth, get 200 response we're done.
  2. If we get a 401 response to the above with a WWW-Authenticate header which points to a token server.
  3. Make a request to the token server using HTTP basic authentication. This returns a JSON payload including a bearer token.
  4. Use the bearer token to make an authenticated request to the registry.

Fortunately, the github.com/stackrox/docker-registry-client/registry library's TokenTransport implements the bulk of this flow for us, so we just need to set the request context's RoundTripper accordingly.

type GitHubAPIHandler 

type GitHubAPIHandler struct {
	// contains filtered or unexported fields
}

GitHubAPIHandler handles requests destined for the GitHub API, adding auth This allows git credentials for "github.com" to apply to "api.github.com" and will allow git credentials for "<tenant>.ghe.com" to apply to "api.<tenant>.ghe.com" in Proxima.

func NewGitHubAPIHandler 

func NewGitHubAPIHandler(creds config.Credentials) *GitHubAPIHandler

NewGitHubAPIHandler returns a new GitHubAPIHandler, extracting the app access token from the array of credentials

func (*GitHubAPIHandler) HandleRequest 

func (h *GitHubAPIHandler) HandleRequest(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response)

HandleRequest adds auth to a GitHub API request

func (*GitHubAPIHandler) HandleResponse 

func (h *GitHubAPIHandler) HandleResponse(rsp *http.Response, ctx *goproxy.ProxyCtx) *http.Response

HandleResponse handles retrying failed auth responses with alternate credentials when there are multiple tokens configured for the github api.

type GitServerHandler 

type GitServerHandler struct {
	// contains filtered or unexported fields
}

GitServerHandler handles requests destined remote git servers such as github.com or private git servers

func NewGitServerHandler 

func NewGitServerHandler(creds config.Credentials, client ScopeRequester) *GitServerHandler

NewGitServerHandler returns a new GitServerHandler, adding basic auth to requests to hosts for which we have credentials

func (*GitServerHandler) HandleRequest 

func (h *GitServerHandler) HandleRequest(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response)

HandleRequest adds auth to a git server request

func (*GitServerHandler) HandleResponse 

func (h *GitServerHandler) HandleResponse(rsp *http.Response, ctx *goproxy.ProxyCtx) *http.Response

HandleResponse handles retrying failed auth responses with alternate credentials when there are multiple tokens configured for the git server.

Additionally, HandleResponse handles 404 responses that should've returned 401s.

If a git repo with credentials embedded in the URL is fetched, the first request doesn't contain the credentials, so we'll add auth if we can. Without auth, the request would return a 401 if auth was required and git would retry the request with the credentials provided. However, adding incorrect credentials might cause the response to 404 rather than 401, meaning git wouldn't retry the request with the valid credentials.

Here, we try to detect those responses, and retry the request without the injected auth. If we get a 401 back, we use that response rather than the original.

type GoProxyServerHandler 

type GoProxyServerHandler struct {
	// contains filtered or unexported fields
}

func NewGoProxyServerHandler 

func NewGoProxyServerHandler(creds config.Credentials) *GoProxyServerHandler

NewGoProxyServerHandler returns a new GoProxyServerHandler.

func (*GoProxyServerHandler) HandleRequest 

func (h *GoProxyServerHandler) HandleRequest(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response)

HandleRequest adds auth to a goproxy request

type HelmRegistryHandler 

type HelmRegistryHandler struct {
	// contains filtered or unexported fields
}

HelmRegistryHandler handles requests to helm registries, adding auth.

func NewHelmRegistryHandler 

func NewHelmRegistryHandler(creds config.Credentials) *HelmRegistryHandler

NewHelmRegistryHandler returns a new HelmRegistryHandler.

func (*HelmRegistryHandler) HandleRequest 

func (h *HelmRegistryHandler) HandleRequest(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response)

HandleRequest adds auth to a helm registry request

type HexOrganizationHandler 

type HexOrganizationHandler struct {
	// contains filtered or unexported fields
}

HexOrganizationHandler handles requests to repo.hex.pm, adding auth.

func NewHexOrganizationHandler 

func NewHexOrganizationHandler(creds config.Credentials) *HexOrganizationHandler

NewHexOrganizationHandler returns a new HexOrganizationHandler.

func (*HexOrganizationHandler) HandleRequest 

func (h *HexOrganizationHandler) HandleRequest(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response)

HandleRequest adds auth to an npm registry request

type HexRepositoryHandler 

type HexRepositoryHandler struct {
	// contains filtered or unexported fields
}

HexRepositoryHandler handles requests to private hex repositories, adding auth

func NewHexRepositoryHandler 

func NewHexRepositoryHandler(creds config.Credentials) *HexRepositoryHandler

func (*HexRepositoryHandler) HandleRequest 

func (h *HexRepositoryHandler) HandleRequest(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response)

HandleRequest adds auth to a registry request

type MavenRepositoryHandler 

type MavenRepositoryHandler struct {
	// contains filtered or unexported fields
}

MavenRepositoryHandler handles requests to maven repositories, adding auth.

func NewMavenRepositoryHandler 

func NewMavenRepositoryHandler(creds config.Credentials) *MavenRepositoryHandler

NewMavenRepositoryHandler returns a new MavenRepositoryHandler.

func (*MavenRepositoryHandler) HandleRequest 

func (h *MavenRepositoryHandler) HandleRequest(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response)

HandleRequest adds auth to a maven repository request

type NPMRegistryHandler 

type NPMRegistryHandler struct {
	// contains filtered or unexported fields
}

NPMRegistryHandler handles requests to NPM registries, adding auth to requests to registries for which we have credentials.

func NewNPMRegistryHandler 

func NewNPMRegistryHandler(creds config.Credentials) *NPMRegistryHandler

NewNPMRegistryHandler returns a new NPMRegistryHandler,

func (*NPMRegistryHandler) HandleRequest 

func (h *NPMRegistryHandler) HandleRequest(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response)

HandleRequest adds auth to an npm registry request

type NugetFeedHandler 

type NugetFeedHandler struct {
	// contains filtered or unexported fields
}

NugetFeedHandler handles requests to nuget feeds, adding auth.

func NewNugetFeedHandler 

func NewNugetFeedHandler(creds config.Credentials) *NugetFeedHandler

NewNugetFeedHandler returns a new NugetFeedHandler.

func (*NugetFeedHandler) HandleRequest 

func (h *NugetFeedHandler) HandleRequest(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response)

HandleRequest adds auth to an nuget feed request

type PubRepositoryHandler 

type PubRepositoryHandler struct {
	// contains filtered or unexported fields
}

PubRepositoryHandler handles requests to pub repositories, adding auth according to the v2 spec. https://github.com/dart-lang/pub/blob/db003f2ec3a0751337a1c8d4ff22d4863a28afe6/doc/repository-spec-v2.md

func NewPubRepositoryHandler 

func NewPubRepositoryHandler(credentials config.Credentials) *PubRepositoryHandler

func (*PubRepositoryHandler) HandleRequest 

func (h *PubRepositoryHandler) HandleRequest(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response)

type PythonIndexHandler 

type PythonIndexHandler struct {
	// contains filtered or unexported fields
}

PythonIndexHandler handles requests to Python indexes, adding auth.

func NewPythonIndexHandler 

func NewPythonIndexHandler(creds config.Credentials) *PythonIndexHandler

NewPythonIndexHandler returns a new PythonIndexHandler.

func (*PythonIndexHandler) HandleRequest 

func (h *PythonIndexHandler) HandleRequest(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response)

HandleRequest adds auth to a python index request

type RubyGemsServerHandler 

type RubyGemsServerHandler struct {
	// contains filtered or unexported fields
}

RubyGemsServerHandler handles requests to rubygems servers, adding auth.

func NewRubyGemsServerHandler 

func NewRubyGemsServerHandler(creds config.Credentials) *RubyGemsServerHandler

NewRubyGemsServerHandler returns a new RubyGemsServerHandler.

func (*RubyGemsServerHandler) HandleRequest 

func (h *RubyGemsServerHandler) HandleRequest(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response)

HandleRequest adds auth to a rubygems server request

type ScopeRequester 

type ScopeRequester interface {
	RequestJITAccess(ctx *goproxy.ProxyCtx, endpoint string, username string, password string, account string, repo string) (*config.Credential, error)
}

type TerraformRegistryHandler 

type TerraformRegistryHandler struct {
	// contains filtered or unexported fields
}

func NewTerraformRegistryHandler 

func NewTerraformRegistryHandler(credentials config.Credentials) *TerraformRegistryHandler

func (*TerraformRegistryHandler) HandleRequest 

func (h *TerraformRegistryHandler) HandleRequest(request *http.Request, context *goproxy.ProxyCtx) (*http.Request, *http.Response)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.