httpclient

package

v1.1.17 Latest Latest Go to latest Published: Feb 21, 2026 License: AGPL-3.0 Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/equaltoai/lesser

Links

Open Source Insights

Documentation ¶

Overview ¶

Package httpclient provides HTTP client utilities with DNS caching and security features for federation requests.

Package httpclient provides HTTP clients for federation with SSRF protection

Index ¶

Variables
func NewSecureHTTPClient(opts ...Option) *http.Client
type FederationClient
- func NewFederationClient(config *FederationClientConfig, logger *zap.Logger) *FederationClient
type FederationClientConfig
- func DefaultFederationClientConfig() *FederationClientConfig
type Option
type SecureClient
- func DefaultClient() *SecureClient
- func NewSecureClient(opts ...Option) *SecureClient

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrBlockedRequest indicates the request was blocked for security reasons
	ErrBlockedRequest = errors.New("request blocked for security reasons")

	// ErrPrivateIPAddress indicates the target resolves to a private IP
	ErrPrivateIPAddress = errors.New("private IP address not allowed")

	// ErrInvalidScheme indicates an unsupported URL scheme
	ErrInvalidScheme = errors.New("invalid URL scheme")

	// ErrRedirectBlocked indicates a redirect was blocked
	ErrRedirectBlocked = errors.New("redirect blocked")

	// ErrDNSRebindingDetected indicates a DNS rebinding attack was detected
	ErrDNSRebindingDetected = errors.New("DNS rebinding attack detected")
)

Functions ¶

func NewSecureHTTPClient ¶

func NewSecureHTTPClient(opts ...Option) *http.Client

NewSecureHTTPClient returns an *http.Client configured with the same SSRF protections as NewSecureClient. Prefer NewSecureClient when you don't specifically need an *http.Client.

Types ¶

type FederationClient ¶

type FederationClient struct {
	// contains filtered or unexported fields
}

FederationClient provides a secure HTTP client for ActivityPub federation

func NewFederationClient ¶

func NewFederationClient(config *FederationClientConfig, logger *zap.Logger) *FederationClient

NewFederationClient creates a new secure HTTP client for ActivityPub federation

func (*FederationClient) Close ¶

func (fc *FederationClient) Close()

Close closes any idle connections

func (*FederationClient) Get ¶

func (fc *FederationClient) Get(ctx context.Context, url string) (*http.Response, error)

Get performs a GET request with ActivityPub headers

func (*FederationClient) GetClient ¶

func (fc *FederationClient) GetClient() *http.Client

GetClient returns the underlying HTTP client (use carefully)

func (*FederationClient) GetWithUserAgent ¶

func (fc *FederationClient) GetWithUserAgent(ctx context.Context, url, userAgent string) (*http.Response, error)

GetWithUserAgent performs a GET request with custom user agent

func (*FederationClient) Post ¶

func (fc *FederationClient) Post(ctx context.Context, url string, contentType string, body []byte) (*http.Response, error)

Post performs a POST request with ActivityPub headers

func (*FederationClient) SetTimeout ¶

func (fc *FederationClient) SetTimeout(timeout time.Duration)

SetTimeout updates the client timeout

type FederationClientConfig ¶

type FederationClientConfig struct {
	Timeout              time.Duration
	MaxRedirects         int
	UserAgent            string
	AllowInsecureTLS     bool
	AllowPrivateNetworks bool
	MaxResponseSize      int64
	DNSTimeout           time.Duration
}

FederationClientConfig defines configuration for the federation client

func DefaultFederationClientConfig ¶

func DefaultFederationClientConfig() *FederationClientConfig

DefaultFederationClientConfig returns default configuration

type Option ¶

type Option func(*SecureClient)

Option is a functional option for configuring SecureClient

func WithLogger ¶

func WithLogger(logger *zap.Logger) Option

WithLogger sets a custom logger

func WithMaxRedirects ¶

func WithMaxRedirects(maxVal int) Option

WithMaxRedirects sets the maximum number of redirects to follow

func WithStorage ¶

func WithStorage(store core.RepositoryStorage) Option

WithStorage sets the storage backend for DNS caching

func WithTimeout ¶

func WithTimeout(timeout time.Duration) Option

WithTimeout sets a custom timeout

type SecureClient ¶

type SecureClient struct {
	// contains filtered or unexported fields
}

SecureClient is an HTTP client with SSRF protections

func DefaultClient ¶

func DefaultClient() *SecureClient

DefaultClient returns a pre-configured secure client with sensible defaults

func NewSecureClient ¶

func NewSecureClient(opts ...Option) *SecureClient

NewSecureClient creates a new secure HTTP client with SSRF protections

func (*SecureClient) Do ¶

func (c *SecureClient) Do(req *http.Request) (*http.Response, error)

Do performs an HTTP request with security checks

func (*SecureClient) Get ¶

func (c *SecureClient) Get(url string) (*http.Response, error)

Get performs a GET request with security checks

func (*SecureClient) GetWithContext ¶

func (c *SecureClient) GetWithContext(ctx context.Context, url string) (*http.Response, error)

GetWithContext performs a GET request with context

func (*SecureClient) Head ¶

func (c *SecureClient) Head(url string) (*http.Response, error)

Head performs a HEAD request with security checks

func (*SecureClient) Post ¶

func (c *SecureClient) Post(url string, contentType string, body io.Reader) (*http.Response, error)

Post performs a POST request with security checks

func (*SecureClient) PostWithContext ¶

func (c *SecureClient) PostWithContext(ctx context.Context, url string, contentType string, body io.Reader) (*http.Response, error)

PostWithContext performs a POST request with context

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL